Decisionly Privacy Policy
Effective date: October 1, 2024
This Privacy Policy is designed to help website visitors or users of our services understand how Decisionly, Inc. (“Decisionly”) collects, uses, and shares your information in order to operate, improve, develop, and protect our services. We encourage you to read this policy thoroughly and reach out to us if you have any questions per the “Contacting Decisionly” section below.
About Decisionly
Decisionly is a company that provides a SaaS-hosted solution that automates the dispute process for card issuers (hereinafter the “services”).
About this Policy
This policy aims to provide a clear explanation of personal information Decisionly collects from and about you as a website visitor and/or user of our services and how we use and share it. Please note that this policy only applies to personal information that we collect, use and share, noting that Decisionly is the controller or “business” for such data under relevant privacy law. This policy does not apply to any websites, products, or services provided by others, or personal information processed by Decisionly as a service provider or data processor for another party. For example, Decisionly may receive an individual’s personal information from the card issuers and their payment processors in connection with providing our services. In that case, Decisionly acts a service provider or data processor, and uses and discloses that individual’s personal information according to the card issuer’s instructions rather than this policy. If you would like to know more about a card issuer’s or any other entity’s privacy practices, we suggest reviewing their privacy policies or notices. This policy does not apply to personal data about current and former Decisionly employees, job candidates, contractors and agents acting in similar roles.
Data We Collect
Identifiers
We collect personal information that you voluntarily provide to us when you reach out to us to obtain information about us or our services or participate in activities on our website. The personal information that we collect depends on the context of your interactions with us but may include names, emails, phone numbers, addresses, job titles and similar information.
Login Data
To use Decisionly’s services you may be required to create an account including a username and password as login credentials (we will refer to these collectively as “login data”).
Device Data
When you use a device, like your smartphone, tablet, or computer, to interact with our services we may collect the following data about that device:
- internet protocol (IP) address;
- timezone setting and location, device location;
- hardware model and operating system;
- features within Decisionly’s services you access;
- browser data;
- network data; and
- other technical data about the device (such as settings and preferences).
Authentication Data
Decisionly uses third party authentication services like Auth0 or reCAPTCHA to help detect fraud and abuse. Such services help ensure that entries made in online forms, for example, are actually made by real persons and are not automated by software (or bots). Such services analyze the behavior of users of our products and services using different characteristics, processing personal data such as your IP address, your length of stay on our website and further information about your use of our services.
Information we derive from the data we collect
We may derive additional information about you from the other categories of data we collect. For example, we may infer your geolocation.
Cookies
We may collect and share cookie data from and with third parties when you visit our website, or we may allow third parties to collect this cookie data from our sites. Please see “Cookies and Similar Technologies” under “How We Share Your Data” below for more details.
How We Use Your Data
We do not sell or rent personal information that we collect. We use your information for the following business purposes:
- Provide Decisionly’s services
- Communicate with you for matters related to our services
- Provide support
- To compile statistics and analysis about your and other customers’ use of our website and our services.
- To personalize your experience
- Help prevent fraud, verify identity, or protect privacy
- Develop understanding and insights into your user experience
- Improve existing services, for example, by adding features and functionality
- Develop new services
- Investigate potential misuse and misconduct of our services
- For legal purposes such as establishing and defending claims, to manage or transfer assets or liabilities such as an event of acquisition or merger; and
- As directed by you or with your advance consent for other notified purposes.
- We may also use Personal Information you provide to contact you regarding products, services, and offers that we believe you may find of interest. We allow you to opt-out from receiving marketing communications from us.
How We Share Your Data
We do not share your data with non-affiliated third parties except as permitted by law (as authorized by 12 C.F.R. § 1016.14 and 1016.15).
Decisionly shares your personal data with third parties for the following reasons:
- As necessary to provide the Services. Like most companies, Decisionly uses third-party services (e.g. cloud services) to process and host your data.
- To Prevent Fraud, Abuse, Security Threats. Decisionly reserves the right in all cases to share your data with law enforcement, regulatory authorities and other third parties as necessary to prevent fraud, abuse, or security threats.
- Cookies and Similar Technologies. We may collect and share cookie data from and with third parties when you visit our website, or we may allow third parties to collect this cookie data from our sites. Cookies and similar technologies to measure web activity to provide you with a better user experience on our website and during the course of providing our Services. A "cookie" is a unique numeric code that we transfer to your device so that we can keep track of your interests and preferences and recognize you as a returning visitor to the website and Service. If you choose not to accept cookies from us, you will still be able to access many of the features on our website and Service, but with certain limitations to access and functionality.
- To Improve and Create. We share your data with third parties to help us to gain insights from your data to improve our services and develop new services.
- Aggregated or Anonymized Data. We collect, use, and share data that has been aggregated or anonymized in a manner that does not identify you personally for any purpose permitted under applicable law. For example, creating or using aggregated or anonymized data helps Decisionly to develop new services, to facilitate research, and for analytics purposes to help assess the speed, accuracy, and/or security of our services.
Data Protection
Decisionly’s security policies and practices are designed to protect the confidentiality and integrity of your data. Decisionly implements security controls designed to limit access to this data to personnel who have a business reason to know it and prohibits its personnel from unlawfully accessing, using or disclosing this data. We also take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of personal information protection is implemented by the third parties who assist us in providing products and services to you.
Notes for EEA and UK End Users
For individuals in the European Economic Area (“EEA”) or the United Kingdom (“UK”), Decisionly only processes your personal data when we have a valid legal basis to do so. Our legal basis for processing the data we collect will depend on what data we collected and the purpose for processing it. Generally, we will only collect and process your data where:
- we are bound by any contract or agreement with you (for example, to comply with our end user services agreements).
- we require your data to comply with our legal obligations under applicable law, to safeguard Decisionly's legal rights, and prevent and identify criminal activities such as fraud. For these purposes, Decisionly may find it necessary to share your personal data with entities such as courts, law enforcement agencies, and providers of anti-money laundering services;
- processing is necessary for our legitimate interests to effectively maintain the integrity of our services. This includes engaging in communication with you, and ensuring that Decisionly upholds the expected standards, or you have given your consent to do so.
To the extent we rely on consent to collect and process your data, you have the right to withdraw your consent at any time per the instructions provided in this policy.
Information Retention and Deletion
We retain your data only as long as it is needed. To determine whether the data is needed, we consider the reason your data was collected and used and any legal requirements to hold onto your data. We review your data periodically to ensure it is still needed to fulfill the purpose for which it was collected or any other legal requirements.
The exceptions to this may be if: (a) Decisionly needs your data to continue providing you with a Decisionly service you requested; (b) Decisionly is required by law or regulation such as Card Brand Rules to keep your data; (c) Decisionly needs your data to help prevent fraud or protect privacy, provide support, or investigate misuse and misconduct; (d) where Decisionly has anonymized your data such that it can not reidentified or (e) we request - and you specifically agree - to allow us to retain your data longer.
Your data will only be processed as required by law or in accordance with this policy.
Please refer to the “How to Exercise Rights in Your Data” section of this policy for options that may be available to you, including how to request deletion of your data. You can also contact us about our data retention practices using the contact information in the “Contacting Decisionly” section below.
Transfers of Data
Decisionly operates internationally, and so we transfer the data we collect about you across international borders for processing and storage. For example, we may transfer your personal information outside of the United States, including to third parties outside of the United States who may perform services for us which involve some of the personal information we collect about you. When we transfer data to a different country or territory, we follow applicable data protection laws in doing so. In particular, when we transfer data from the EEA or UK across other international borders, we rely on adequacy decisions, data transfer agreements, or other EU Commission- or UK Secretary of State-approved (as applicable) mechanisms for such transfers, including standard contractual clauses. You can ask for a copy of these standard contractual clauses by contacting us as set out below. Prior to transferring data from the EEA or UK, we carry out transfer impact assessments and implement any supplementary measures to ensure any data transferred will be maintained in accordance with EEA and UK requirements. When we transfer personal information to third parties, we ensure by contractual means that the transferred personal information is protected to the same degree as if it were in our possession.
How to Exercise Rights in Your Data
You may exercise the following rights related to your personal data, subject to some limitations and exceptions provided by law, and you will not be discriminated against for exercising them:
- Access data collected about you;
- Request access to more details about the categories and specific pieces of personal information we may have collected about you in the last 12 months (including personal information disclosed for business purposes);
- Request, under certain circumstances, that we rectify or update your data that is inaccurate or incomplete;
- Request, under certain circumstances, that we erase or restrict the processing of your data;
- Object to our processing of your data under certain conditions provided by law;
- Where processing of your data is based on consent, withdraw that consent;
- Request that we provide data collected about you in a structured, commonly used and machine-readable format so that you can transfer it to another company, where technically feasible.
- Please note that for an official record of your financial activities and history, you should make that request directly to your bank or other financial provider.
You can contact us as described in the “Contacting Decisionly” section below to exercise any of your data protection rights. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. We will consider requests and provide our response within a reasonable period of time (and within any time period required by applicable law). Please note, however, that certain data may be exempt from such requests, for example if we need to keep the data to comply with our own legal obligations or to establish, exercise, or defend legal claims.
Additionally, depending on where you live, you may have the right to make a complaint at any time to your (data protection) supervisory authority. For example, if you are in Canada, you may contact the Office of the Privacy Commissioner of Canada which you can find here. For end users in the EEA, you can find contact information for the European Data Protection Board (EDPB) on the EDPB’s website here. For end users in the UK, you can find contact information for the Information Commissioner’s Office (ICO) on the ICO’s website here. For end users in Switzerland this is the Federal Data Protection and Information Commissioner which you can find here.
Children
Our services are not targeted or directed at children under the age of 13, and we do not intend to or knowingly collect or solicit personal information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided personal information to us, we encourage the child’s parent or guardian to contact us in accordance with the section Contacting Decisionly to request that we remove the information from our systems. If we learn that any personal information we collected has been provided by a child under the age of 13, we will promptly delete that personal information.
Contacting Decisionly
You may contact Decisionly to exercise rights in your data, to ask questions about our privacy policies and practices, and to file a complaint.
Contact Decisionly
Decisionly, Inc.
169 Madison Ave STE 2994 New York, NY 10016
privacy@decisionly.com
If you believe the privacy laws relating to the protection of your personal information or this policy have not been respected, you may file a complaint with us. We will acknowledge your complaint, investigate it and provide you with a response within a reasonable period of time (and within any time period required by applicable law). If, after an investigation, your complaint is deemed justified, we will take appropriate steps to correct the situation, including, if necessary, amending our policies and practices. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. Please note, however, that certain data may be exempt from such requests, for example if we need to keep the data to comply with our own legal obligations or to establish, exercise, or defend legal claims.
Policy Changes
We may update or change this policy from time to time. If we make any updates or changes, we will post the new policy on this URL and update the effective date at the top of this policy. We will also notify service provider of any material changes in accordance with our service provider agreements, as they are generally best positioned to notify their end users about such changes to this policy, as appropriate.