Data Privacy Framework Statement

Scope

Forter provides fraud and trust products and services to businesses globally. Forter’s Data Privacy Framework certification applies to the personal data that these businesses transfer to us from the European Union, the United Kingdom and/or Switzerland for the provision of our services, except where data is transferred to us pursuant to a different adequacy mechanism recognized by the EU Commission and/or the UK Information Commissioner’s Office (e.g. standard contractual clauses). Forter will comply with the Data Privacy Framework Principles agreed to by the U.S. Department of Commerce and the European Commission in respect of such personal data. To learn more about the Data Privacy Framework Program, view a list of participating organizations, or view our certification, please visit https://www.dataprivacyframework.gov/s/.

Third Party Sub-processors

Forter uses third party sub-processors to help us provide our services and those sub-processors may process personal data on our behalf. Forter conducts due diligence on all of its sub-processors to ensure adequate protection of the data shared with such sub-processors, and remains responsible and liable under the Data Privacy Framework Principles for our third party sub-processors as set forth in the Data Privacy Framework Principles.  For more information about the third parties we share personal data with, please refer to the ‘Who we share your information with’ section of our Services Privacy Policy.

Your Rights

Individuals located in certain countries, including in the EEA, UK and Switzerland, have certain statutory rights with respect to their personal data, including:

• The right to access the personal data we hold about you;
• The right to correct any personal data we hold about you that may be inaccurate;
• The right to request that we delete your personal data (subject to certain limitations);
• In certain circumstances, the right to restrict or object to us processing your personal data;
• The right to transfer your personal data to another organization (subject to certain conditions); and
• The right to withdraw your consent to us processing your personal data, where consent was previously provided and was the legal basis on which we relied for our processing of your personal data.

Additionally, individuals whose personal data is covered by this Statement have the right to choose (opt-out) whether their personal data is:

• disclosed to a third party (not acting as our agent); or
• used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.

In the unlikely scenario we collect sensitive personal data from you (e.g., data related to your health, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership), we will ask for your consent to processing such data, and will obtain your affirmative express consent (opt-in) before such data is disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized by the individual.

If you wish to exercise any of the aforementioned rights, or limit the use and disclosure of your personal data, please contact us at [email protected]. We will respond within the timeframes required under applicable law. When handling your request, we may need to request additional information from you (which may include personal data) to help us confirm your identity. This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Please note that if you do not provide us with this additional information, we may be unable to process your request.

Inquiries and Complaints

If you have any questions about this Data Privacy Framework Statement or wish to make a complaint, we encourage you to contact us at [email protected]. For any complaints that cannot be resolved with Forter directly, Forter has chosen to cooperate, for the purposes of the EU-US, UK-US and Swiss-US Data Privacy Frameworks, with the JAMS Data Privacy Framework Program. Information on how to contact JAMS is available at https://www.jamsadr.com/DPF-Dispute-Resolution.

Under certain conditions, as further explained in the Data Privacy Framework Principles, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted, but prior to initiating such arbitration, you must: (1) contact Forter and afford us the opportunity to resolve the issue; (2) seek assistance from Forter’s designated independent recourse mechanism above; and (3) contact the U.S. Department of Commerce and afford the Department of Commerce time to attempt to resolve the issue.

Forter is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).

Law Enforcement and National Security

Under certain circumstances, Forter may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Where we receive such a request, we will disclose only the data that is required to be disclosed, and only after using means available to us to object to or limit such request.