This Privacy Notice was last revised on December 7, 2020.
Sontiq, Inc. values your privacy. This Privacy Notice describes how we collect, use, share, and protect the Personal Information you may provide to us and we collect about you. It applies to Personal Information you may supply when you use our websites, mobile apps, and other online services we provide that link to this Privacy Notice (“Site”).
When we process your Personal Information, we will always apply the core principles we have adopted from the European Union’s General Data Protection Regulation, GDPR, to ensure the information is:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate as updated by you from time to time.
- Kept only as long as necessary.
- Kept securely.
We collect Personal Information from you and about you from third parties. This Privacy Notice does not apply to data we receive from third parties unless it is combined with Personal Information you have provided to us.
This notice will answer many of the questions you have about the use of your information. These include:
- What information does the Site collect?
- How do we use the information collected?
- Where does processing of the information occur?
- How is the information protected?
- How Do I Change My Information and Communications Preferences?
- How and When Do We Share Information with Third Parties?
- How is your information used for advertising?
- Does Third-Party Content, Links to Sites, and/or Apps Appear on the Site?
- How is children’s information processed?
- About Changes to the Privacy Notice?
- Who do I contact with questions and concerns?
- Is there any jurisdictional specific information?
1 What information does the Site collect?
1.1 Information You Provide Us
In general, you can use the Site without revealing Personal Information about yourself. However, we may ask you to provide to us certain categories of information, such as:
Personal Information, such as your first and last name, phone number, username and password, credit card number, social security number and email address (“Personal Information”); and
Demographic Information, such as information about your gender and employment information (“Demographic Information”). If we combine Demographic Information with your Personal Information, we will treat the combined data as Personal Information.
We may collect this information through various forms and in various places in the Site. If you register for an account, subscribe to our newsletter, through “contact us” forms, or when interacting with the Site, we may collect Personal Information.
1.2 Location-based information
We may use location-based services to determine your location. We do this to verify your location, deliver you relevant content based on your location, and to enable the location-based services we offer. You may be able to change the settings on your Device to prevent it from providing your location.
1.3 Information Third Parties Provide About You
We may supplement the Personal Information we collect directly from you with information from third parties. This allows us to
- enhance our ability to provide the services you have requested,
- tailor our content to you, and
- offer you opportunities that may be of interest to you.
The Site may allow access to third-party websites, online services, or applications. In return the third-party may provide personal and other information to us. For example, if you select a social media icon (such as for Facebook, Twitter, or Instagram), we may have access to the information from them.
We may also receive information about you from your friends and others that use the Site. This will happen when they submit content to us or post on the Site.
When we receive information from those sources and combine it with Personal Information, the new information will be treated as Personal Information under this Notice.
1.4 Information we collect automatically
In addition to any Personal Information you provide to us, we may use a variety of technologies that automatically collect certain information whenever you visit or interact with the Site. When we associate Usage Information with your Personal Information, we will treat it as Personal Information.
This Usage Information may include:
- Your IP address, UUID – universally unique identifier, or another unique identifier (“Device Identifier”). This is automatically assigned to your device.
- Your device functionality (including browser, operating system, hardware, mobile network information, etc.).
- The areas within our Site that you visit and your activities there, including remembering you and your preferences.
- Your device location.
- Other device data, such as the time of day.
We use various methods and technologies to store or collect Usage Information (“Tracking Technologies”). The Tracking Technologies used on the Site include:
Cookies – A cookie is a small data file placed on a device when it is used to visit the Site. Cookies may be disabled or removed by tools that are available as part of most commercial browsers. Each browser you use must be set separately. Please be aware that if you disable or remove cookies on your device, some parts of our Site may not function properly.
Web Beacons – Web beacons are small images that may be included in our Site and in our messages. Web Beacons may be used for a number of purposes such as
- counting visitors to the Site,
- monitoring how users navigate the Site,
- counting how many sent emails were actually opened, or
- counting how many particular links were actually viewed.
Embedded Scripts – An embedded script collects information about how you use the Site. The code is temporarily downloaded onto your Device while you are connected to the Site and is deactivated or deleted when you leave.
Browser Fingerprinting – Browser fingerprinting is based on the analysis of information from your Device. Items such as your operating system, plug-ins, system fonts and other data are used to create a unique ID to identify your device.
Entity tags – An entity tag, or ETag, is an opaque identifier assigned by a web server to a specific version of a resource found at a web server. If the resource content ever changes, a new and different ETag is assigned. Used in this manner ETags are a form of Device Identifier. ETag tracking may generate unique tracking values even where the consumer blocks cookies.
Recognition Technologies – Recognition technologies make assumptions about users and devices such as that a user of multiple devices is the same user.
1.5 If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to provide part of our service to you (such as monitoring your credit card for unlawful activity), or we may be prevented from complying with our legal obligations.
2 How do we use the information collected?
We may use your Personal Information, Demographic Information or Usage Information that is subject to this Privacy Notice:
- to provide you with services such as to protect your identity,
- to process transactions or provide you with information such as to send you electronic newsletters,
- to provide you with special offers or promotional and marketing materials (including sweepstakes and contests) on behalf of us or third parties, including to let you know about new products, services, or upcoming events,
- to improve the Site including the user experience, marketing endeavors, and our Site offerings,
- to customize your experience on the Site,
- to serve you specific content or ads that are relevant to you,
- to provide customer support,
- to authenticate a credit card number and verify that the person requesting your credit report really is you,
- to contact you with regard to your use of the Site and, in our discretion, changes to the Site and/or Site’s policies,
- for internal business purposes, and
- for purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Notice.
We will only use your Personal Information for the purposes for which we collected it and related purposes. You will be notified if we need to use your personal information for an unrelated purpose. We may also process your Personal Information where the processing is required or permitted by law.
2.1 Use of Information for Recruitment Purposes.
You may provide information to us as part of an application to become part of the Sontiq team. This may include Personal, Demographic, or other information. We use this information to make an informed decision about proceeding with your application as a legitimate interest of our business. If you provide any information that is considered to be sensitive, you may be asked to expressly consent to our processing.
2.2 Automated Decision Making
Sontiq does not make decisions using automated means that have legal or similar impacts to you. “Automated decision making” is when choices are made by computers without the involvement of a person.
We are allowed to use automated decision-making in the following circumstances:
- Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
- With your explicit written consent and where appropriate measures are in place to safeguard your rights.
- Where we have notified you of a decision and given you 21 days to request a reconsideration.
3 Where does processing of the information occur?
Our Site operates in the United States. Information we collect, including Personal Information, will be transferred, processed, stored, and used in the United States.
The data protection laws in the United States may differ from those of the country in which you are located. Your information may be subject to access requests from governments, courts, or law enforcement according to the laws of the United States.
3.1 How long is personal information retained?
We only retain your personal information for as long as necessary to fulfill the purposes for which it was collected. This includes satisfying any legal, accounting, or reporting requirements.
When you give up your membership, your Personal Information is retained for a short period of time in the event you decide to rejoin. After this period, your Personal Information will be securely destroyed or obfuscated.
4 HOW YOUR INFORMATION IS PROTECTED
The security of your personal information is of critical importance to us. Sontiq’s security controls are independently audited, annually to:
- the Payment Card Industry Data Security Standards (PCI DSS) Level 1 controls, including a Report on Compliance (RoC) issued by a Qualified Security Assessor (QSA)
- the American Institute of Certified Public Accountants (AICPA) SOC 2, Type 2, (Report on Controls at a Service Organization) based on the Trust Services Criteria relevant to Security, Availability, Processing Integrity, Confidentiality, and Privacy, and
- the US National Institute of Standards and Technology (NIST) 800-53 Risk Management Framework
Sontiq utilizes technologies, policies, and procedures to provide comprehensive protection for all Sontiq systems and applications. Integrity and confidentiality of data is of the highest importance.
We use industry-standard safeguards to protect your information. While we make reasonable efforts to safeguard personal information once we receive it, the protection of your information cannot be guaranteed.
You are responsible for maintaining the confidentiality of any Password(s) and all activities that occur using your Password(s). You should notify us immediately of any unauthorized use of your Password or accounts. Please contact us (see below) if you believe your Personal Information has been exposed.
4.1 SOCIAL SECURITY, SOCIAL INSURANCE, AND NATIONAL IDENTITY NUMBERS
Sontiq utilizes a formal privacy framework to address all aspects of privacy. The privacy framework is maintained and reviewed by our Chief Privacy Officer (CPO). Sontiq is constantly monitoring new legislation around privacy and data security on the state, federal and international level to continue to ensure that Sontiq and our client institutions are following industry and regulatory best practices.
Sontiq maintains and enforces policies and physical and electronic safeguards to protect all unique identifiers (e.g. SSNs or SINs) against misuse and improper disclosure. Access to personal identifiers is limited to personnel who need access to such information in order to perform their job functions.
5 How Do I Change My Information and Communications Preferences?
You are responsible for the accuracy of the information you share with us. This information may be reviewed and updated through the
- Site’s registration forms or
- “Manage Account” tab on your account dashboard.
You also may write to us directly to update or delete your contact information or to request that we stop sending you any form of communication. These requests should be sent to us by regular mail to:
Attn: Chief Privacy Officer
9920 Franklin Square Drive
Nottingham, MD, 21236
We may ask you to provide additional information before making these changes. This may be done to verify your identity.
When you update your information, we will make good faith efforts to make the requested changes in our systems as soon as reasonably possible. We may need to retain prior information as business records in some situations.
5.1 Personal Information Requests
With some restrictions, you may make requests of us with regard to your personal information. Please contact our Privacy Office, firstname.lastname@example.org, with these requests.
Access – You may request a copy of the personal information we hold about you. To see the information we hold, log in to your account and review the information from the Sontiq member dashboard. You will not have to pay a fee to access your personal information in Sontiq-owned member dashboard(s) while your account is current (or to exercise any of the other rights). Please note that, for security, we cannot provide your full Social Security Number or your full credit card numbers.
Transfer – You may request we provide an electronic copy of the information you have provided to us to be shared in a format that may be sent to a third party.
Correction – You may request that we modify any incomplete or inaccurate information we hold about you. To modify information we hold about you, log in to your account and update the information in the Sontiq member dashboard.
Erasure – You may request that we delete elements of your information. Please note that it is not always possible to completely remove all of your information from our systems. This is often due to legal or regulatory requirements. Also, some data may remain on our backup media for a limited period of time.
Restrict processing – You may request that we suspend the processing of your personal information. You may want to do this, for example, if you want us to verify the accuracy of the information. Another example may be to ask us to confirm the reason the processing is occurring. You may do this by logging in to your account and removing your personal information from the Sontiq member dashboard. The information may be restored at a later time.
You may change or cancel the marketing emails you currently receive from us by following the instructions found in our promotional emails. Please note that we will continue to send you communications about your account or use of our Site. This includes administrative and Site announcements.
5.2 Withdrawing consent
In some very limited cases we process your Personal Information based upon your consent. You have the right to withdraw your consent for processing in these situations at any time.
To withdraw your consent, please log in to your account and delete the information from the Sontiq member dashboard.
6 How and When Do We Share Information with Third Parties?
We may share Personal Information and other information with third-parties. This is done
- based on your requests,
- to provide service to you,
- to protect the interests of Sontiq and others, and
- in the event of a transfer of the business.
We may also share your information with related companies. These include our parent company, our subsidiaries, and affiliates.
There are times when we share information in an anonymized or aggregate form with our partners. In these cases, the identity of the individual(s) whose information is shared cannot be directly discerned from the information we provide.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. We do not allow our third-parties to use your personal data for their own purposes.
6.1 Sharing based on your requests
You may have an opportunity to receive information or marketing offers from third parties while on our Site. When this occurs, your Personal and other information may be shared to the third parties.
The following activities may be carried out by third-party service providers:
- Name, address, date of birth, telephone number, email address monitoring
- Social security number monitoring
- Credit and credit score monitoring
- Driver’s license number monitoring
- Passport number monitoring
- Medical account number monitoring
- Credit card monitoring
- Bank account monitoring
- Monitoring bank and credit card transactions
- Social media account monitoring
- Court records monitoring
- Payday loan monitoring
- IT services
Third parties may also store, collect, or have access to your information when you interact with them. This includes when you use third-party tools such as Facebook, Twitter, Pinterest or other posting or content sharing tools.
In addition, we may provide interfaces or links to third party sites to help you send a message from the Site. For example, we may use third parties to send emails, tweets, or make Facebook postings. These third parties may retain any information used or provided in any such communications.
When you send someone else a message from the Site, the information you provide, such as recipient names and email addresses, are used by Sontiq to send the communication and is not used by us for any other marketing purpose unless we obtain consent from that recipient or we explicitly say otherwise.
By using these tools, you are subject to the third party’s privacy practices. We are not responsible for the privacy policies and practices of third parties. You should review each third-party’s privacy policies and practices prior to using their services.
6.2 Sharing to provide service to you
We may use third-party vendors to perform certain services on our behalf. These services:
- assist in the operation, design, and hosting of the site,
- tracking activity on the site by collecting analytic information,
- manage a database of customer information,
- send you special offers,
- perform administrative services,
- provide credit report information, and
- provide other services designed to assist us in maximizing our business potential.
These vendors may have access to user information to carry out the services they are performing. This may include Device Identifiers and Personal Information which we provide to the vendors.
Third party analytics and other service providers use their own Tracking Technologies on your Device. These third parties may collect or have access to information about you. This may include Personal Information which we do not provide. We are not responsible for the technologies or activities of these third parties. Some may offer you certain choices regarding their practices, and information of which we have been informed regarding such choices is available here.
6.3 Sharing to protect the interests of Sontiq and others
We may use and share your information including Device Identifiers and Personal Information to third parties to:
- satisfy any applicable law, regulation, subpoena, governmental request, or legal process if, in our good faith opinion, such is required or permitted by law,
- protect the safety, rights, property, or security of the Site or any third party,
- to detect, prevent or otherwise address fraud, security, or technical issues, or
- identify users to third parties to protect their interests subject to applicable law. By extension, this may include disclosure to law enforcement agencies.
The previous disclosures may be made without our providing notice to you.
6.4 Sharing in the event of a transfer of the business
Sontiq may disclose and transfer your Personal and other information
- to a subsequent owner, co-owner or operator of the Site or applicable database, or
- in connection with a merger, consolidation, or restructuring, of our business,
- in connection with the sale of substantially all our interests or assets, or
- in connection with other corporate change.
The above sharing may occur during the course of any due diligence process.
6.5 Sharing for a sweepstakes, contest, or promotion
We may offer sweepstakes, contests, and other promotions (any, a “Promotion”) through the Site that may require registration. When you participate in a Promotion you are agreeing to its official rules. The rules may include requiring you to allow the Promotion’s sponsor to use your name, voice, or likeness in marketing efforts.
Personal Information may be shared with third parties and the public to manage a Promotion. This may occur during winner selection or prize fulfillment. Personal Information may also be made known as required by law or as permitted by the Promotion’s official rules.
7 How is your information used for advertising?
Many companies serve advertisements across Internet sites. These companies include Sontiq as well as third parties such as network advertisers and ad exchanges. Third party analytics service providers may be used to gauge the use of these ads on third party sites, the viewing of ads, and the viewing of our content. The advertisements presented may be based on your activities across the Internet and mobile media. These are called “Behavioral Ads”.
Our third party network advertisers and ad exchanges may set and access their own technologies on your Device. This may include use of an identifier on your Device which may be a unique cookie or another form of unique identifier. These third party technologies, combined with Personal Information we may provide, may
- help deliver advertisements to you that might interest you,
- prevent you from seeing the same advertisements repetitively,
- recognize you across the Devices you use, and
- understand the usefulness of the advertisements that have been delivered to you.
This Privacy Notice does not apply to the collection or use of the information by these third parties. We have provided information about these third parties in the chart at the end of this Privacy Notice. You should review their information processing practice policies.
7.1 Advertising choices
Some third parties may offer you certain choices regarding their Behavioral Ad practices. You may wish to visit a site provided by the Network Advertising Initiative (NAI). https://optout.networkadvertising.org/?c=1 shares information on the choices provided by NAI members. This includes how to “opt-out” of members’ advertising.
You may wish to visit a site provided by the Digital Advertising Alliance (DAA). https://optout.aboutads.info/?c=2&lang=EN shares information on the choices provided by DAA participants. This includes how to “opt-out” of their advertising.
We are not responsible for effectiveness of or compliance with any third parties’ opt-out options or programs.
8 Does Third-Party Content, Links to Sites, and/or Apps Appear on the Site?
The Site may contain content, links, or applications that are supplied by a third party. These third parties may collect Usage Information and your Device Identifier for their own commercial purposes. In some cases, you may be directed to other sites and applications that are operated by third parties that we do not control. These third parties may have their own terms of service, privacy policies, or other policies. We are not responsible for the practices employed by these third parties.
For example, if you “click” on a link you may be taken off the Site onto a different Internet location. These other online services may track your activities, collect information about you, and may or may not have their own published privacy policies. We are not responsible for practices of these third parties.
We encourage you to review any available policies before using third party applications. Exercise caution in connection with these applications
9 How is children’s information processed?
We understand the importance of protecting the privacy of children. The Site is not intended for use by children under the age of thirteen (13). Sontiq does not knowingly collect Personal Information from children.
If you believe your child has provided personal information without your consent, we will dispose of it as per applicable law. Simply contact us at email@example.com to let us know of the situation.
10 About Changes to the Privacy Notice?
This Privacy Notice may change at any time. A new revision of this Privacy Notice will be reflected by a change in the Effective Date. Any changes will be effective as of that Effective Date.
We will not use your previously collected Personal Information in a way that is significantly different than stated in the Privacy Notice which was effective on the date the information was collected. However, we may request your consent for any new uses.
11 Who do I contact with questions and concerns?
If you have any questions about this Privacy Notice or our practices, please contact us.
Attn: Privacy Officer
9920 Franklin Square Drive
Nottingham, MD, 21236
From within the U.S: 888-6-SONTIQ or (888) 676-6847
We may need to request specific information from you to help us confirm your identity. We do this to ensure that your Personal Information is not disclosed inappropriately.
12 Is there any jurisdictional specific information?
12.1 European Union
Our privacy practices as required under the European Union General Data Protection Regulation (“GDPR”) have been incorporated into this notice.
12.1.1 Legal Basis for Processing
A legal basis for processing Personal Information is required under GDPR.
- We are fulfilling a contract when
- Sontiq monitors your personal information and sends alerts, or
- we process payments, or
- preventing fraudulent access to your accounts.
- We are meeting the legitimate interests of our business when
- we contact you regarding new products and services, or
- we capture analytic information to improve or personalize our products, services, and website, or
- preventing fraudulent use of our services.
- We are addressing our legal obligations when reporting income and related information to tax authorities.
12.1.2 Objection to processing
You may object to the processing of your Personal Information. This may be done if you feel it is inappropriate for Sontiq to rely on legitimate interest as a legal basis for processing. When you object, we will limit the processing of your information. Once the objection is resolved, we will either resume processing or delete the personal information as appropriate. Please email firstname.lastname@example.org to object to processing.
12.1.3 Transfer of Personal Information Outside of the EU
Sontiq utilizes Standard Contractual Clauses for the transfer of information outside of the EU. This participation applies to all personal data that is received from EU residents. This personal data is also subject to this Privacy Notice.
12.1.4 Registering a Complaint
There may be times when you have a concern about the processing of your Personal Information. We ask that you please contact the Sontiq Privacy Officer at these times as detailed above.
If you remain dissatisfied, then you have the right to apply directly to the UK Data Protection Authority:
Information Commissioner’s Office
+440303 123 1113
12.2.1 California Consumer Protection Act
For information on the California Consumer Protection Act (“CCPA”), please see our CCPA Addendum.
12.2.2 Information Sharing
Your information may be shared with third parties for their direct marketing purposes. California residents may receive information about our sharing of personal information for these purposes. This information includes
- the categories of personal information shared by us, and
- the names and addresses of all third parties that received personal information for their direct marketing purposes from us.
The information provided is for the immediately prior calendar year.
To make such a request (limit one request per year), please
send an email to email@example.com with “California Privacy Rights” as the subject line or
send postal mail to
9920 Franklin Square Drive
Nottingham, MD, 21236
You must include your full name, email address, and your current California postal address in your request.
The following third parties that collect information from you on the Site have given us notice that you may obtain information on their policies and practices, and in some instances opt-out of certain of their activities, as follows:
|Party||Service||For More Information||Use of Tracking Technologies||Privacy Choices|
|Google Adwords||Advertising||View here.||Yes||View here.|
|Google Analytics||Analytics||View here.||Yes||View here.|
|Doubleclick||Advertising||View here.||Yes||View here.|
|Kissmetrics||Analytics||View here.||Yes||View here.|
|Lucky Orange||Analytics||View here.||Yes||View here.|
|Optimizely||Analytics||View here.||Yes||View here.|
|Bing Ads||Advertising||View here.||Yes||View here.|
|ScoreCard||Analytics||View here.||Yes||View here.|
|Marketo (Adobe)||Inbound Marketing||View here.||Yes||View here.|
|Hubspot||Inbound Marketing||View here.||No||View here.|
|AdRoll||Advertising||View here.||No||View here.|
|Rubicon||Advertising||View here.||No||View here.|
|OpenX||Advertising||View here.||No||View here.|
|Pubmatic||Advertising||View here.||No||View here.|
|Quantcast||Advertising||View here.||No||View here.|
|Verizon Media | Yahoo Ad Exchange||Advertising||View here.||No||View here.|
PLEASE NOTE: We are not responsible for third-party policies or practices. We try to keep this information current, and will add to and subtract from the chart above as appropriate, but it is provided as a courtesy and may not be current or accurate. Please contact the relevant third parties regarding their privacy and data security policies and practices.