Privacy Policy

Effective Date: 2024/9/12

AROUNDDEAL HOLDINGS LIMITED and its affiliates ("Riskify" or "we") are aware of the importance of personal information to all subjects (including but not limited to individuals, teams, companies, etc.) who use Riskify services ("users" or "you"), we will explain to you through this Privacy Policy (this "Privacy Policy") how we protect your information.

1. Our commitment on privacy

Riskify respects and protects the personal privacy of all users of Riskify website services. If we ask you to provide certain information in order to identify you when using our site, Riskify will use it in accordance with this Privacy Policy.

This Privacy Policy is designed to help you understand what data we collect, why we collect such data, how we use them, and how we protect them. By using Riskify services, you indicate agreement to what we express in this Privacy Policy. We will ask for your prior consent before using your information for purposes not covered by this Privacy Policy.

This Privacy Policy applies to all Riskify services, including upgrades and updates to the various services and systems you use during the service term your purchased.

Please ensure that the personal information you provide to us, and the personal information which you authorize us to collect, process, use, store, share, transfer or publicly disclose within the scope of this Privacy Policy, do not infringe the legitimate rights and interests of others.

2. What information we collect

In the course of your use of Riskify services, we will collect and process data related to Riskify contacts, registered users and visitors in accordance with the principles of legitimacy, justice, and necessity.

2.1 Information in the Riskify B2B database ("Contact Data")

The data we provide to paying subscribers include contact attributes and company information. We limit the information we provide to information that can be found in your business card or business email signature, or to information needed to contact individuals with business social network profiles or to verify the authenticity of such profiles.

Our B2B database relies on data retrieved or derived from the following sources:

  • Our Affiliates: We obtain contact information from our affiliates (i.e., subsidiaries, parent companies, joint ventures and other corporate entities that are jointly owned or related).
  • Third Parties: We rely on business partners to collect company information and maintain verified lists of existing companies. We use such information to ensure that only business-related information but no personal information from the data we obtain from above source will be added to the B2B database.
  • Public Resources: Our proprietary algorithm scans public resources and uses advanced tools to retrieve public information. For example, we use it to understand standard corporate email patterns (e.g. firstname.lastname@ company.com) and we use such public information only after verification is complete.

All data we collect from publicly available data sources will be added to Riskify's database. Riskify's proprietary algorithm scans the data and merges the data with the same attribute into a unique identifiable "Business Contact ID" that resides in a highly secure database ("B2B Database").

To avoid irrelevant contact data in the B2B database, we have set up an excluding contact list ("Opt-out List") outside the B2B database. Riskify is also unable to send messages to contacts in this list.

For more information on how long we retain data in the Opt-out List, please read the section about data retention below.

2.2 Information about Riskify registered users

When you register to our website, Riskify will collect information that you provide to Riskify, for example, while a user creates an account, uses our services, contacts us through our website or third-party channels, etc. The information provided or derived includes:

1) Registered users or visitors

When you sign up for Riskify services, for example, when you create an account, use our services, contact us through our website or third-party channels, etc.

The information provided or derived includes:

  • Name
  • Email address
  • Phone number
  • Mailing address
  • Location
  • Users' activities
  • The professional email address and name of the friend to which you recommend us (only if you use our referral service)
  • Any other information you voluntarily provide to us when communicating with us

If you are a paying subscriber, Riskify does not collect or process your payment information directly; payments are processed by a trusted third-party service provider.

If you are not logged into your account, Riskify will not be able to recognize such information and will not be able to collect the identity of such information.

If you are a visitor, we automatically collect information sent to us from your computer, cell phone or other access devices. Such information includes:

  • Your device information (e.g., the type of browser and operating system your device uses, your language preference, your domain name, and the time you visit our site)
  • Information of your mobile network
  • Your IP address
  • Error and Troubleshooting alerts

2) Verified information

When you use the functions which require identity verification of Riskify service, you may be required to provide your real identity information (real name, ID card number, photo of ID card in hand, phone number, driver's license, driving license, etc.) to complete identity verification in accordance with the relevant laws and regulations of the People's Republic of China. Such information belongs to personal sensitive information, and we will use the prevailing methods in the industry with our best commercial efforts to protect the security of your personal sensitive information.

3) When we provide business functions or specific services to you, we will collect, use, store, provide and protect your information in accordance with this Privacy Policy and the corresponding service agreements; if we collect information from you beyond what is agreed in this Privacy Policy and the corresponding service agreements of products, we will separately explain to you the scope and purpose of information collection and obtain your consent before collecting the personal information necessary to provide the corresponding services.

4) Please note that we do not require your authorized consent to collect and use your personal information in accordance with laws, regulations and relevant national standards in the following cases:

  • Directly related to national security, national defense security, public safety, public health, and significant public interest;
  • For the purpose of safeguarding the life, property and other significant legitimate rights and interests of personal data subjects and other individuals;
  • Directly related to crime investigation, prosecution, trial and enforcement of judgment;
  • Collecting your personal information from what you disclose to the public on your own, or from other legitimate publicly disclosed information, such as legitimate news reports, government information disclosure channel, etc.;
  • Necessary for maintaining the safe and stable operation of Riskify-related services, such as the detection and disposal of failures of Riskify-related services;
  • Necessary for an academic research institution to conduct statistical or academic research based on public interest and to provide the results of academic research or descriptions to the public with de-identified personal information contained in such results;
  • Other circumstances specified in laws and regulations.

We do not sell any information that any registered user or visitor shares with us.

You shall be solely responsible for maintaining the confidentiality of your account and password. In any case, please take care to keep them secure.

3. Why do we need to collect relevant information?

We need such information to understand your needs and provide you with better services, especially for the following reasons:

3.1 Riskify Registered Users

Processing contentProcessing purpose
Related to providing services- To enable our registered users, paying subscribers and business partners to access and use our B2B Database, as well as to interact meaningfully and effectively with other companies online and offline in accordance with relevant agreements
- To enable that you can compose and process emails if you use our email composing function
Related to your using our services, creating and managing your account- To enable that you can register, maintain and manage your account of our Site or membership with us
- To verify your registration for our services and approve your email address
- To communicate with paying subscribers regarding purchases, inquiries, support requests, feedback or questions
- To process your orders, including sending any necessary emails related to the purchase of any paid services by a paying subscriber
- To send you important announcements related to security, privacy or the administration of our services
- To personalize our services to ensure that the content is presented in the most effective manner to you and your device
- To comply with our legal obligations, including those applicable to our cooperation partners as our payment service providers, such as anti- money-laundering, anti-corruption and credit card fraud
Related to analysis and service improvement- To perform troubleshooting, data analysis, testing, research, statistics and survey analysis
- To ensure our legitimate interests in the security and proper operation of our services
Related to promotional services- To sign you up to receive alerts from time to time
- To share our latest upgrades and services with you if you choose to purchase our products and services
- To build and maintain our community for registered users and paying subscribers
Related to regulatory compliance and forbidding fraud- To detect and prevent fraudulent and unlawful activities, or any other type of activity that could compromise or adversely affect the integrity of our services, to ensure our legitimate interests in the security and proper operation of our services, and to ensure that our Terms of Use and other policies are under compliance
- To respond to requests about your personal data - To investigate violations and enforce our policies as required by laws, regulations or other governmental authorities, or to comply with legal process, respond to requests of governmental authorities, and comply with our legal obligations

3.2 Riskify visitors

Processing contentProcessing purpose
Related to providing services- To ensure our legitimate interests in the security and proper operation of our services
- To ensure that our services are operated normally
Related to analysis and service improvement- To analyze and improve our services, as well as to respond to your questions, support your requests or feedback
Related to regulatory compliance and forbidding fraud- To detect and prevent fraudulent and unlawful activities, or any other type of activity that could compromise or adversely affect the integrity of our services, to ensure our legitimate interests in the security and proper operation of our services, and to ensure that our Terms of Use and other policies are under compliance
- To investigate violations and enforce our policies as required by laws, regulations or other governmental authorities, or to comply with legal process, respond to requests of governmental authorities, and comply with our legal obligations

We will inform you again and obtain your express consent before using your information beyond the purpose announced for collecting it or beyond the scope directly or reasonably related.

4. How we process your information?

1) Sharing

In principle, we will not share your personal information with any company, organization or individual outside of our company, except in the following cases:

  • Sharing under agreement: with your express consent or where it is consistent with the purpose of using Riskify services;
  • Sharing under legal circumstances: We may share your information with external parties as required by laws and regulations, for litigation or arbitration settlement, or as requested by administrative or judicial authorities in accordance with the law;
  • Sharing with authorized partners: We may entrust reliable partners to provide services, therefore we may share certain information of you with our partners to provide better customer services and optimize your experience. We will only share your information for lawful, legitimate, necessary, specific, and explicit purposes, and share only as much information as is necessary for providing services. Our partners do not have the right to use the information for any other purpose.

In addition to this, concerning the different ways you cooperate with or use Riskify services and products, we may share information with third parties in the following ways and for the following purposes:

  • Registered users and paying subscribers (business contacts only): We share business contacts stored in our B2B Database with our registered users and paying subscribers to provide our services and to allow access to true, accurate and up-to-date Contact Data.
  • Internal sharing: We may share your information within Riskify. To the extent permitted by law, and taking into account the protection of your rights and freedoms in relation to the processing of data, and the consent you have given (if any), your data will only be accessible to a limited and defined number of people within Riskify (e.g. employees) or our payment-service partners.
    Please be assured that such access to your data will be on a strict "need-to-know" basis and will be subject to our internal privacy policy and confidentiality obligations.
  • Service Providers: Your data is generally not disclosed to recipients outside Riskify and our payment-service partners. However, in some cases Riskify may appoint an external service provider to act on behalf of Riskify according to contracts. Under such circumstance, we will provide your data to the external service provider or supplier as part of our normal business operations and we will require the external service provider to comply with strict data protection obligations.
    Such service providers include: (i) custodial service providers, (ii) data analysis providers, (iii) payment processors, and (iv) security service providers.
  • In connection with an asset sale, merger, bankruptcy or other business transactions: We may share your personal information in negotiations or in connection with a change in control of our company (e.g. reorganization, merger or sale of our assets).
  • Other third parties and public authorities: We may also share and disclose such information in certain circumstances if we believe in good faith that such disclosure is necessary or required (i) to comply with laws, regulations, governments’ or stock exchanges’ requests, court orders, judicial proceedings or legal procedures, such as subpoenas or search warrants; (ii) to address breach of law; (iii) to investigate fraudulent behaviors or criminal activities and to protect the rights of us, our affiliates, suppliers and users, or as part of legal procedures that affect or may affect us or our affiliates, suppliers or users; and (iv) to exercise our legal rights or respond to legitimate claims.

Companies, organizations and individuals with whom we share your information will be subject to strict confidentiality agreements and information protection covenants, we will require them to handle your information in accordance with our instructions, this Privacy Policy and any other relevant confidentiality and security measure.

2)Transfer

We will not transfer your personal information to any company, organization or individual, except in the following circumstances:

  • Transfer with explicit consent: we will transfer your personal information to other parties after obtaining your explicit consent;
  • In the event of a merger, acquisition or liquidation, if the transfer of personal information is involved, we will require the new company or organization holding your personal information to continue to be bound by this Privacy Policy, or we will request that company or organization to seek your authorized consent again;
  • Transfer in legal circumstances: to satisfy the requirements of laws and regulations, legal procedures, mandatory governmental requirements or judicial decisions.

3) Disclosure

We will only disclose your personal information to public in the following circumstances:

  • Disclosure with your express consent.
  • Law-based disclosure: Disclosure that are compulsorily required by laws, legal procedures, litigations or government authorities.

In addition, your prior authorized consent is not required for the sharing, transfer, or public disclosure of your information in the following circumstances:

  • Directly related to national security, national defense security, public safety, public health, and significant public interest;
  • Directly related to crime investigation, prosecution, trial and enforcement of judgment;
  • For the purpose of safeguarding the life, property and other significant legitimate rights and interests of personal data subjects and other individuals;
  • Collecting your personal information from what you disclose to the public on your own, or from other legitimate publicly disclosed information, such as legitimate news reports, government information disclosure channel, etc;
  • Necessary for maintaining the safe and stable operation of Riskify-related services, such as the detection and disposal of failures of Riskify-related services;
  • Necessary for an academic research institution to conduct statistical or academic research based on public interest and to provide the results of academic research or descriptions to the public with de-identified personal information contained in such results;
  • Other circumstances specified in laws and regulations.

5. How we store and protect your information

1) We treat the security of your information very seriously. We have used security measures that meet industry standards to protect the personal information you provide against unauthorized access, public disclosure, use, modification, damage, or loss. We will take all reasonably practicable measures to protect your personal information against unauthorized access, public disclosure, use, modification, damage or loss.

2) We will take all reasonably practicable steps to ensure that no unrelated personal information is collected. We will only retain your personal information within the period necessary to achieve the purposes described in this Privacy Policy, unless an extended retention period is required or permitted by law.

3) The Internet is not an absolutely secure environment, since e-mail, instant message, and your communication with other users are not encrypted, we strongly recommend that you do not send personal information through such ways. Please use complex passwords to help us keep your account secure.

4) We will take necessary measures to protect the security of the personal information you provide to us or that we collect, but if our physical, technical or administrative safeguard facilities are breached, which leads to unauthorized access, public disclosure, tampering or destruction of the information, and your rights and interests are damaged as a result that is not due to our gross negligence, we will not be liable for the corresponding losses.

5) After the unfortunate occurrence of personal information security events, we will, in accordance with the requirements of laws and regulations, promptly inform you of: the basic situation of the security event and the possible impacts, the disposal measures we have taken or will take, the suggestions you can adopt to independently prevent and reduce the risks, and the remedies for you, etc. We will promptly inform you of the event-related situations by email, letter, telephone, push notification, etc. When it is difficult to inform the subjects of personal information one by one, we will take a reasonable and effective way to issue an announcement. At the same time, we will also report proactively the disposal and status of the personal information security event in accordance with the requirements of regulatory authorities.

6) We will take reasonable and practicable steps to avoid collecting information that is not relevant to you. We will only retain your information within the period necessary to achieve the purposes described in this Privacy Policy, and we will delete or anonymize your personal information after the Information Retention Period expires, except in the following circumstances:

  • In the case of mandatory requirements by laws, legal proceedings, litigations or government authorities;
  • If we believe that the personal information in question may be relevant to any ongoing or future legal proceedings;
  • To exercise our legal rights.

6. How long will we keep your data?

Riskify has implemented a retention policy where retention period ("Information Retention Period") is set considering the types of information collected and the purposes for collection, the requirements applicable to respective circumstances, and the obligation to destroy obsolete, unused information within a reasonable period of time as soon as possible.

We will only retain your data within Information Retention Period needed for the purposes mentioned above.

Riskify registered users: We will retain your data during the validity of your active account on Riskify. We may keep your data on file for up to 3 years after we delete your account to comply with our legal and contractual obligations or to protect ourselves from any potential disputes (as required by the laws applicable to record keeping and to providing evidence about our relationship if any legal issues arise after your account terminates), all in accordance with our information retention policy.

- Riskify Paying Subscribers: Paying subscribers' relevant data will only be retained during the validity of the paid service subscription period on Riskify, unless itis necessary to comply with our legal obligations. In such cases, the relevant data will be kept in an intermediate file for 3 years and will only be accessed as needed (e.g. in the event of a dispute).

In addition, we retain Contact Data in our unstructured database for 3 years, the duration required to verify and collate relevant information to create business contacts in B2B Database.

Finally, we retain data on our Opt-out List within the period required to provide the services, which includes ensuring that any public figures or contacts who have exercised their opt-out rights remain excluded from B2B Database.

7. How we use cookies and similar technologies

1) To ensure that the website works properly, we store small data files called cookies on your computer or mobile devices. Cookies are files that websites and online services create and access on your computer or other Internet-connected devices to uniquely identify your browser or to store information or settings on your devices. Our services may use HTTP cookies, HTML5 cookies, Flash cookies, and other types of local storage (such as browser-based or plugin-based local storage). Cookies generally do not contain any personal information that can be uses to identify you, but the personal information stored by Riskify about you may be associated with information stored in and obtained from cookies. While collecting information through cookies and other automatic means, the web server may record some information such as the type of your device, operating system, browser, domain name and other system settings, as well as the language used in your system and the country and time zone in which your device is located. Web server logs may also record information such as the address of the web page that brings you to our services and the IP address of the device you use to connect to the Internet. They may also record information about your interactions with our services, such as the pages you visit. In order to control the information that web servers collect automatically, we may place tags on our web pages called "web beacons", which are files that associate a web page with a specific web server and its cookies. We may also include web beacons in email messages. We or third parties may also use JavaScript or other computer languages to send commands to your devices to store or collect the various types of information described above and other details of your interactions with our services.

2) We do not use cookies for any purpose other than those described in this Privacy Policy. You may manage or delete cookies according to your preferences, but please note that if cookies are deactivated, you may not be able to enjoy the best service experience, e.g. not be able to use all features of our website or other websites.

3) Many web browsers have a Do Not Track feature that can issue Do Not Track requests to websites. Currently, the major Internet standard organizations have not established policies that regulate how websites shall respond to such requests. However, if your browser starts Do Not Track function, then our website will respect your choice.

8. Your rights

In accordance with the relevant Chinese laws, regulations and standards, as well as the prevailing practices in other countries and regions, we protect your right to exercise the following rights with respect to your personal information:

1) You have the right to access your personal data, subject to the exceptions provided by laws and regulations. You may obtain confirmation as to whether your data is processed by Riskify. If applicable, you may be provided with more information about the data we hold and how we process your data, as well as a copy of your data.

2) When you discover that the personal information we process about you is inaccurate, incorrect or out of date, you have the right to request us to make corrections. You may request corrections through the means provided by Riskify.

3) You may request that your data be restricted, for example, in the case of a question or audit, we will mark your data to restrict its processing in the future.

4) You may request us to delete personal information in the following cases:

  • We process personal information in violation of laws and regulations;
  • We collect and use your personal information without your consent;
  • Our processing of personal information is in violation of our agreement with you.

If we decide to respond to your request for deletion, we will also simultaneously notify the entities which have obtained your personal information from us to request for prompt deletion, unless otherwise required by laws or regulations, or unless those entities have got your independent authorization. When you delete information from our Services, we may not immediately delete the corresponding information from our backup systems, but we will delete such information when the backup is updated. Notwithstanding the foregoing, we may still have legal or proper reasons to retain your data, depending on specific circumstances.

5) If you need to cancel your account, please contact us. After you cancel your account, we will stop providing products or services to you and delete your personal information according to your request, unless otherwise provided by laws and regulations.

6) You may receive the data you provide to Riskify in a structured, commonly used and machine-readable format, and you have the right to transfer such data to another data controller without our hindrance. This right applies only in cases where your data processing is based on your consent or where you provide data to us for the purpose of enforcing Riskify's terms and conditions.

7) Stop receiving marketing communications from us: You can ask us to stop any direct marketing to you at any time. You will find an unsubscribe link or instruction in any such communication from us.

In responding to your request as described above, you may be required to provide a written request or to prove your identity otherwise for a security purpose. We may ask you to verify your identity before processing your request.

In principle, we do not charge fees for your reasonable requests, but we will charge a cost fee for repeated requests that exceed reasonable limits depending on the situation. We may refuse requests that are unreasonably repetitive, require excessive technical means (for example, development of new systems or fundamental changes to current practices), bring a risk to the legal rights of others, or are highly impractical. in the following circumstances, we will not be able to respond to your requests as required by laws and regulations:

  • Directly related to national security and national defense security;
  • Directly related to public safety, public health, and significant public interest;
  • Directly related to crime investigation, prosecution, trial and sentence enforcement;
  • Where there is sufficient evidence proving your subjective malice or abuse of rights;
  • Where responding to your requests will result in serious damages to the legitimate rights and interests of you or other individuals or organizations;
  • Where business secrets are involved.

Riskify allows you to access your personal information, edit or obtain the data collected about you by contacting our team.

Please note that we maintain Opt-out Lists that may contain personal data for the sole purpose of ensuring that opt-out requests are honored and that your contact information will not appear in the Riskify B2B Database in the future if you choose to opt-out.

If you have given us your consent to process your data in accordance with the respective agreement, you may also withdraw this consent for future processing at any time. This will not affect the legitimacy of our processing of the relevant information or data until you have withdrawn your consent.

Minors

Riskify's products and services are not designed for or suitable to for minors under the age of 18. If we become aware that a contact or end user is under the age of 18, we will discard such information. If you have any reason to believe that a minor has shared any information with us, please contact us at support@riskify.net .

9. Changes to this Privacy Policy

1) We reserve the right to update and announce this Privacy Policy at any time.

2) We will not reduce your rights under this Privacy Policy without your express consent. We will post any changes to this Privacy Policy on this page. We ask you to visit this page regularly to ensure that you always stay informed of the latest version of this Privacy Policy.

3) Material changes of this Privacy Policy include but not limited to:

  • When there is a change in the primary recipients of personal information in sharing, transfer or public disclosure;
  • When there is a significant change in your rights to participate in the processing of personal information and how such rights are exercised;
  • When there is a change in our department responsible for handling the security of personal information, the contact information and the complaint channels;
  • When the assessment report of personal information security impact indicates a high risk.

10. Contact us

If you have questions about privacy protection, policy implementation or website operation, please send comments or suggestions to us at: support@riskify.net.