This Privacy Notice was last revised on and has an effective date of September 25, 2023.
We have recently updated our Privacy Notice. Be sure to review the notice carefully to understand our privacy practices.
Sontiq, Inc., is now a TransUnion company. Please note that this Sontiq Privacy Notice does not cover any products offered by another TransUnion company.
This Privacy Notice provides information about how we handle Personal Information about you and describes the rights you may have regarding your Personal Information. It applies to our online and offline collection, use, sale, sharing, disclosure, and protection of the Personal Information you may provide to us and we collect or maintain about you (our “Services”), to include Personal Information you may supply when you use our websites, mobile apps, and other online services we provide that link to this Privacy Notice (“Site”).
When we process your Personal Information, we will always apply the core principles we have adopted from the European Union’s General Data Protection Regulation, GDPR, to ensure the information is:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate as updated by you from time to time.
- Kept only as long as necessary.
- Kept securely.
Visit our Consumer Privacy Rights page to exercise your privacy choices and rights.
Notice at Collection: We collect Personal Information from you and about you from third parties, as detailed in this Privacy Notice. The categories of Personal Information that we collect are listed below under “What information is collected?” and the purposes for which we collect and use Personal Information are listed below under “How do we use the information collected?” To learn more about your privacy rights, including your right to opt out of the sale or sharing of your Personal Information, please navigate to the Consumer Privacy Rights page and the “Personal Information Requests” section below. Our retention practices are outlined below under “How long is personal information retained?” This Privacy Notice does not apply to data we receive from third parties unless it is combined with Personal Information you have provided to us.
This Privacy Notice will answer many of the questions you have about the use of your information. These include:
- What information is collected?
- How do we use the information collected?
- Where does processing of the information occur?
- How is the information protected?
- How do I change my information and communications preferences?
- How and when do we sell/share or disclose information with third parties?
- How is your information used for advertising?
- Does third-party content, links to sites, and/or apps appear on the Site?
- How is children’s information processed?
- How do we make changes to the Privacy Notice?
- Who do I contact with questions and concerns?
- Is there any jurisdictional specific information?
1.1 INFORMATION YOU PROVIDE US
In general, you can use our Services and the Site without revealing Personal Information about yourself. However, we may ask you to provide to us certain categories of information, such as:
Personal Information, such as your identifiers: first and last name, phone number, email address, and categories of sensitive personal information, such as username and password, credit card number, and Social Security number (“Personal Information”); and
Demographic Information, such as information about your gender (characteristics of protected classifications) and professional or employment-related information (“Demographic Information”). If we combine Demographic Information with your Personal Information, we will treat the combined data as Personal Information.
We may collect this information through various forms and in various places in our Services and the Site. If you register for an account, subscribe to our newsletter, through “contact us” forms, or when interacting with the Site, we may collect Personal Information.
1.2 LOCATION-BASED INFORMATION
We may use location-based services to determine your location (geolocation data). We do this to verify your location, deliver you relevant content based on your location, and to enable the location-based services we offer. You may be able to change the settings on your device to prevent it from providing your location.
1.3 INFORMATION THIRD PARTIES PROVIDE ABOUT YOU
We may supplement the Personal Information we collect directly from you with information from third parties. This allows us to:
- enhance our ability to provide the services you have requested,
- tailor our content to you, and
- offer you opportunities that may be of interest to you.
The Site may allow access to third-party websites, online services, or applications. In return, the third party may provide personal and other information to us. For example, if you select a social media icon (such as for Facebook, Twitter, or Instagram), we may have access to the information from them.
We may also receive information about you from your friends and others that use the Site. This will happen when they submit content to us or post on the Site.
When we receive information from those sources and combine it with Personal Information, the new information will be treated as Personal Information under this Privacy Notice.
1.4 INFORMATION WE COLLECT AUTOMATICALLY
In addition to any Personal Information you provide to us, we may use a variety of technologies that automatically collect certain information whenever you visit or interact with the Site (collectively, “Usage Information”). When we associate Usage Information with your Personal Information, we will treat it as Personal Information.
This Usage Information (internet or other electronic network activity) may include:
- Your IP address, UUID – universally unique identifier, or another unique identifier (“Device Identifier”). This is automatically assigned to your device.
- Your device functionality (including browser, operating system, hardware, mobile network information, etc.).
- The areas within our Site that you visit and your activities there, including remembering you and your preferences.
- Your device location (geolocation data).
- Other device data, such as the time of day.
We use various methods and technologies to store or collect Usage Information (“Tracking Technologies”). The Tracking Technologies used on the Site include:
Cookies – A cookie is a small data file placed on a device when it is used to visit the Site. We do not respond to browser Do Not Track requests. Most types of cookies may be disabled or removed by tools that are available as part of most commercial browsers. Each browser you use must be set separately. Please be aware that if you disable or remove cookies on your device, some parts of our Site may not function properly.
Web Beacons – Web beacons are small images that may be included in our Site and in our messages. Web Beacons may be used for a number of purposes such as:
- counting visitors to the Site,
- monitoring how users navigate the Site,
- counting how many sent emails were actually opened, or
- counting how many particular links were actually viewed.
Embedded Scripts – An embedded script collects information about how you use the Site. The code is temporarily downloaded onto your device while you are connected to the Site and is deactivated or deleted when you leave.
Browser Fingerprinting – Browser fingerprinting is based on the analysis of information from your device. Items such as your operating system, plug-ins, system fonts and other data are used to create a unique ID to identify your device.
Entity tags – An entity tag, or ETag, is an opaque identifier assigned by a web server to a specific version of a resource found at a web server. If the resource content ever changes, a new and different ETag is assigned. Used in this manner ETags are a form of Device Identifier. ETag tracking may generate unique tracking values even where you may block cookies.
Recognition Technologies – Recognition technologies make assumptions about users and devices such as that a user of multiple devices is the same user.
Analytics Technologies – We use Google Analytics 360, including Google Tag Manager and Google Ads. If you would like to learn more about Google Analytics, or opt out of this data collection and sharing activity, please use this link: https://www.google.com/policies/privacy/partners/.
1.5 IF YOU FAIL TO PROVIDE PERSONAL INFORMATION
If you fail to provide certain information when requested, we may not be able to provide part of our Services to you (such as monitoring your credit card for unlawful activity), or we may be prevented from complying with our legal obligations.
We may use your Personal Information, Demographic Information or Usage Information that is subject to this Privacy Notice:
- to provide you with and to improve our Services such as to protect your identity,
- to process transactions or provide you with information such as to send you electronic newsletters,
- to provide you with special offers or promotional and marketing materials (including sweepstakes and contests) on behalf of us or third parties, including to let you know about new products, services, or upcoming events,
- to improve the Site including the user experience, marketing endeavors, and our Site offerings,
- to customize your experience on the Site,
- to serve you specific content or ads that are relevant to you,
- to provide customer support,
- to authenticate a credit card number and verify that the person requesting your credit report really is you,
- to contact you with regard to your use of the Site and, in our discretion, changes to the Site and/or Site’s policies,
- for internal business purposes, and
- for purposes provided at the time you provide your information or as otherwise set forth in this Privacy Notice.
We will only use your Personal Information for the purposes for which we collected it and related purposes. You will be notified if we need to use your Personal Information for an unrelated purpose. We may also process your Personal Information where the processing is required or permitted by law.
2.1 USE OF INFORMATION FOR RECRUITMENT PURPOSES
You may provide information to us as part of an application to become part of the Sontiq team. This may include Personal, Demographic, or other information. We use this information to make an informed decision about proceeding with your application as a legitimate interest of our business. If you provide any information that is considered to be sensitive, you may be asked to expressly consent to our processing.
2.2 AUTOMATED DECISION MAKING
“Automated decision making” is when choices are made by computers without the involvement of a person. Sontiq does not make decisions using automated means.
Our Services and Site operate in the United States. Information we collect, including Personal Information, will be transferred, processed, stored, and used in the United States.
The data protection laws in the United States may differ from those of the country in which you are located. Your information may be subject to access requests from governments, courts, or law enforcement according to the laws of the United States.
3.1 HOW LONG IS PERSONAL INFORMATION RETAINED?
We retain your Personal Information for as long as reasonably necessary to fulfill the purposes for which it was collected or processed, as described in this Privacy Notice. When determining retention periods, we consider our relationship with you and your information, the nature and sensitivity of the information, and what is reasonably necessary and proportionate to provide and improve our services. We also adjust retention periods to comply with our legal, reporting, or accounting obligations, to resolve disputes, and to enforce our agreements. We regularly review our retention periods and assess our data minimization practices, retaining the least amount of information for the shortest retention period, while still upholding all our obligations.
For example, we retain your personal information, collected through our services and websites, for as long as your membership is active or as needed to provide services to you and our customers. When you give up your membership, your Personal Information is retained for a short period of time in the event you decide to rejoin.
The security of your Personal Information is of critical importance to us. Sontiq’s security controls are independently audited, annually to help ensure compliance with the following standards:
- the Payment Card Industry Data Security Standards (PCI DSS) Level 1 controls, including a Report on Compliance (RoC) issued by a Qualified Security Assessor (QSA),
- the American Institute of Certified Public Accountants (AICPA) SOC 2, Type 2, (Report on Controls at a Service Organization) based on the Trust Services Criteria relevant to Security, Availability, Processing Integrity, Confidentiality, and Privacy, and
- the US National Institute of Standards and Technology (NIST) 800-53 Risk Management Framework.
Sontiq maintains a comprehensive Information Security Program that utilizes administrative (policies, standards, and processes), physical, and technical controls designed to provide comprehensive protection for all Sontiq systems and applications. Security, integrity, and confidentiality of data is of the highest importance.
We use industry-standard safeguards to protect your information. While we make reasonable efforts to safeguard Personal Information once we receive it, the protection of your information cannot be guaranteed.
You are responsible for maintaining the confidentiality of any password(s) and all activities that occur using your password(s). You should notify us immediately of any unauthorized use of your password(s) or accounts. Please contact us (see below) if you believe your Personal Information has been exposed.
You are responsible for the accuracy of the information you share with us. This information may be reviewed and updated through the:
- Site’s registration forms or
- “Manage Account” tab on your account dashboard.
You also may write to us directly to update or delete your contact information or to request that we stop sending you any form of communication. These requests should be sent to us by postal mail to:
Attn: Privacy Team
9920 Franklin Square Drive
Nottingham, MD, 21236
We may ask you to provide additional information before making these changes. This may be done to verify your identity.
When you update your information, we will make good faith efforts to make the requested changes in our systems as soon as reasonably possible. We may need to retain prior information as business records in some situations.
For information regarding U.S. consumer privacy rights, as applicable by law for residents of California, Colorado, Connecticut, Utah, and Virginia, please visit our U.S. Consumer Privacy page for your specific disclosures and rights.
Please note that Sontiq is now a TransUnion company. To learn how TransUnion handles Personal Information that TransUnion maintains about you and the rights you may have regarding your Personal Information, please visit the TransUnion Privacy Center at www.transunion.com/privacy/transunion.
5.1 PERSONAL INFORMATION REQUESTS
With some restrictions, you may make requests of us with regard to your Personal Information. Please use our self-service options or contact our Privacy Office in the following ways:
- Visit your Sontiq Member Dashboard
- Call us:
- Within the U.S. (toll-free) at 888-6-SONTIQ or (888) 676-6847
- Outside the U.S. at 01 (508) 644-8726
- Email us at [email protected]
- Complete our Consumer Privacy Rights request forms available as follows:
For more information, visit our Sontiq Trust Center.
For information regarding U.S. consumer privacy rights, as applicable by law for residents of California, Colorado, Connecticut, Utah, and Virginia, please visit our U.S. Consumer Privacy page for your specific disclosures and rights.
Access – You may request a copy of the Personal Information we hold about you. To see the information we hold, log in to your account and review the information from the Sontiq Member Dashboard. You will not have to pay a fee to access your Personal Information in Sontiq-owned Member Dashboard(s) while your account is current (or to exercise any of the other rights). Please note that, for security, we cannot provide your full Social Security number or your full credit card numbers.
Transfer – You may request we provide an electronic copy of the information you have provided to us to be shared in a format that may be sent to another entity.
Correction – You may request that we modify any incomplete or inaccurate information we hold about you.
Erasure/Deletion – You may request that we delete elements of your information that we collect or maintain. Please note that it is not always possible to completely remove all of your information from our systems. This is often due to legal or regulatory requirements.
Restrict Processing – You may request that we suspend the processing of your Personal Information. You may want to do this, for example, if you want us to verify the accuracy of the information. Another example may be to ask us to confirm the reason the processing is occurring. You may do this by logging in to your account and removing your Personal Information from the Sontiq Member Dashboard.
You may change or cancel the marketing emails you currently receive from us by following the instructions found in our promotional emails. Please note that we will continue to send you communications about your account or use of our Services and Site. This includes administrative and Site announcements.
5.2 WITHDRAWING CONSENT
In some very limited cases we process your Personal Information based upon your consent. You have the right to withdraw your consent for processing in these situations at any time.
To withdraw your consent, please log in to your account and delete the information from the Sontiq Member Dashboard, or call us within the U.S. (toll-free) at 888-6-SONTIQ or (888) 676-6847, or outside the U.S. at 01 (508) 644-8726.
We may disclose Personal Information and other information with third parties for business purposes. This is done:
- based on your requests,
- to provide our Services to you,
- to protect the interests of Sontiq and others, and
- in the event of a transfer of the business.
We may also disclose your information with related companies. These include our parent company, our subsidiaries, and affiliates.
There are times when we disclose information in an anonymized or aggregated form with our partners. In these cases, the identity of the individual(s) whose information is shared cannot be directly discerned from the information we provide.
All of our third-party service providers and other entities in the group are required to take appropriate security measures to protect your Personal Information. We do not allow our third parties to use your Personal Information for their own purposes.
We may transfer Personal Information (identifiers) to credit reporting agencies in a manner that may be considered a sale or sharing of Personal Information under state privacy laws and regulations.
6.1 Disclosure BASED ON YOUR REQUESTS
You may have an opportunity to receive information or marketing offers from third parties while on our Site. When this occurs, your Personal Information and other information may be disclosed to the third parties.
The following data may be processed by third-party service providers:
- Name, address, date of birth, telephone number, email address monitoring
- Social security number monitoring
- Credit and credit score monitoring
- Driver’s license number monitoring
- Passport number monitoring
- Medical account number monitoring
- Credit card monitoring
- Bank account monitoring
- Monitoring bank and credit card transactions
- Social media account monitoring
- Court records monitoring
- Payday loan monitoring
- IT services
Third parties may also store, collect, or have access to your information when you interact with them. This includes when you use third-party tools such as Facebook, Twitter, Pinterest, or other posting or content sharing tools.
In addition, we may provide interfaces or links to third-party sites to help you send a message from the Site. For example, we may use third parties to send emails, tweets, or make Facebook postings. These third parties may retain any information used or provided in any such communications.
When you send someone else a message from the Site, the information you provide, such as recipient names and email addresses, is used by Sontiq to send the communication and is not used by us for any other marketing purpose unless we obtain consent from that recipient or we explicitly say otherwise.
By using these tools, you are subject to the third-party’s privacy practices. We are not responsible for the privacy policies and practices of third parties. You should review each third-party’s privacy policies and practices prior to using their services.
6.2 Disclosure TO PROVIDE our SERVICEs TO YOU
We may use third-party vendors to perform certain services on our behalf. These services include:
- assisting in the operation, design, and hosting of the Site,
- tracking activity on the Site by collecting analytic information,
- managing a database of customer information,
- sending you special offers,
- performing administrative services,
- providing credit report information, and
- providing other services designed to assist us in maximizing our business potential.
These vendors may have access to user information to carry out the services they are performing. This may include Device Identifiers and Personal Information which we provide to the vendors.
Third-party analytics and other service providers use their own Tracking Technologies on your Device. These third parties may collect or have access to information about you. This may include Personal Information which we do not provide. We are not responsible for the technologies or activities of these third parties. Some may offer you certain choices regarding their practices, and information of which we have been informed regarding such choices is available here.
6.3 Disclosure TO PROTECT THE INTERESTS OF SONTIQ AND OTHERS
We may disclose your information including Device Identifiers and Personal Information to third parties to:
- satisfy any applicable law, regulation, subpoena, governmental request, or legal process if, in our good faith opinion, such is required or permitted by law,
- protect the safety, rights, property, or security of the Site or any third party,
- to detect, prevent or otherwise address fraud, security, or technical issues, or
- identify users to third parties to protect their interests subject to applicable law. By extension, this may include disclosure to law enforcement agencies.
The previous disclosures may be made without our providing notice to you.
6.4 Disclosure for TRANSFER OF THE BUSINESS
Sontiq may disclose and transfer your Personal Information and other information:
- to a subsequent owner, co-owner, or operator of the Site or applicable database, or
- in connection with a merger, consolidation, or restructuring of our business,
- in connection with the sale of substantially all our interests or assets, or
- in connection with other corporate change.
The above disclosure may occur during the course of any due diligence process.
6.5 Disclosure FOR A SWEEPSTAKES, CONTEST, OR PROMOTION
We may offer sweepstakes, contests, and other promotions (any, a “Promotion”) through the Site that may require registration. When you participate in a Promotion you are agreeing to its official rules. The rules may include requiring you to allow the Promotion’s sponsor to use your name, voice, or likeness in marketing efforts.
Personal Information may be disclosed with third parties and the public to manage a Promotion. This may occur during winner selection or prize fulfillment. Personal Information may also be made known as required by law or as permitted by the Promotion’s official rules.
Many companies serve advertisements across Internet sites. These companies include Sontiq as well as third parties such as network advertisers and ad exchanges. Third-party analytics service providers may be used to gauge the use of these ads on third-party sites, the viewing of ads, and the viewing of our content. The advertisements presented may be based on your activities across the Internet and mobile media. These are called “Behavioral Ads.”
Our third-party network advertisers and ad exchanges may set and access their own technologies on your device. This may include use of an identifier on your device, which may be a unique cookie or another form of unique identifier. These third-party technologies, combined with Personal Information we may provide, may:
- help deliver advertisements to you that might interest you,
- prevent you from seeing the same advertisements repetitively,
- recognize you across the devices you use, and
- understand the usefulness of the advertisements that have been delivered to you.
This Privacy Notice does not apply to the collection or use of the information by these third parties. We have provided information about these third parties in the chart at the end of this Privacy Notice. You should review their information processing practice policies.
7.1 ADVERTISING CHOICES
Some third parties may offer you certain choices regarding their Behavioral Ad practices.
You may wish to visit a site provided by the Network Advertising Initiative (NAI) https://optout.networkadvertising.org/?c=1, which shares information on the choices provided by NAI members. This includes how to “opt-out” of members’ advertising.
You may wish to visit a site provided by the Digital Advertising Alliance (DAA) https://optout.aboutads.info/?c=2&lang=EN, which shares information on the choices provided by DAA participants. This includes how to “opt-out” of their advertising.
By clicking on the “Opt-Out” links above, you will be directed to the respective third-party website where your computer will be scanned to determine who maintains cookies on you. At that time, you can either choose to opt out of the cookie-based targeted advertising or you can choose to opt out of cookie-based targeted advertising by selecting individual companies who maintain a cookie on your machine.
We are not responsible for effectiveness of or compliance with any third parties’ opt-out options or programs. Please note that if you delete your cookies or you visit this site using a different device or browser, you will need to repeat the opt-out processes outlined above.
The Site may contain content, links, or applications that are supplied by a third party. These third parties may collect Usage Information and your Device Identifier for their own commercial purposes. In some cases, you may be directed to other sites and applications that are operated by third parties that we do not control. These third parties may have their own terms of service, privacy policies, or other policies. We are not responsible for the practices employed by these third parties.
For example, if you “click” on a link you may be taken off the Site onto a different Internet location. These other online services may track your activities, collect information about you, and may or may not have their own published privacy policies. We are not responsible for practices of these third parties.
We encourage you to review any available policies before using third party applications. Exercise caution in connection with these applications
We understand the importance of protecting the privacy of children. The Site and our services are not intended for use by children under the age of eighteen (18). We do not enroll children in our services although they can be a part of the services we provide to families and for which their parent/guardian must enroll them directly. We do not knowingly sell personal information of children under the age of eighteen (18) years.
Parent or Guardian Privacy Request (child under 18 years)
Sontiq does not knowingly collect Personal Information from children. If you believe we have collected Personal Information from individuals under the age of eighteen (18), a parent or guardian may make a data privacy opt-out request (subject to the limitations and exceptions under applicable law) by visiting our Opt-Out Form.
This Privacy Notice may change at any time. A new revision of this Privacy Notice will be posted on this page and reflected by a change in the effective date. Any changes will be effective as of that effective date.
We will not use your previously collected Personal Information in a way that is significantly different than stated in the Privacy Notice which was effective on the date the information was collected. However, we may request your consent for any new uses.
If you have any questions about this Privacy Notice or our practices, please contact us.
Attn: Privacy Team
9920 Franklin Square Drive
Nottingham, MD, 21236
Email: [email protected]
From within the U.S. (toll-free): 888-6-SONTIQ or (888) 676-6847
From outside the U.S.: 01 (508) 644-8726
We may need to request specific information from you to help us confirm your identity. We do this to ensure that your Personal Information is not disclosed inappropriately.
Sontiq is now a TransUnion company. To learn how TransUnion handles Personal Information about you and the rights you may have regarding your Personal Information, please visit the TransUnion Privacy Center at www.transunion.com/privacy/transunion.
If you want to submit a request to know, delete, correct, or opt-out for data held by TransUnion, you can do so on TransUnion’s website at: www.transunion.com/consumer-privacy, or by calling toll-free at: 866-310-8783 between 8 am and 9 pm eastern time Monday through Friday or between 8 am and 5 pm eastern time Saturday or Sunday.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
12.1 EUROPEAN UNION
Our privacy practices as required under the European Union General Data Protection Regulation (“GDPR”) have been incorporated into this Privacy Notice.
12.1.1 LEGAL BASIS FOR PROCESSING
A legal basis for processing Personal Information is required under GDPR.
- We are fulfilling a contract when
- Sontiq monitors your Personal Information and sends alerts, or
- we process payments, or
- preventing fraudulent access to your accounts.
- We are meeting the legitimate interests of our business when
- we contact you regarding new products and services, or
- we capture analytic information to improve or personalize our products, services, and website, or
- preventing fraudulent use of our services.
- We are addressing our legal obligations when reporting income and related information to tax authorities.
12.1.2 OBJECTION TO PROCESSING
You may object to the processing of your Personal Information. This may be done if you feel it is inappropriate for Sontiq to rely on legitimate interest as a legal basis for processing. When you object, we will limit the processing of your information. Once the objection is resolved, we will either resume processing or delete the Personal Information as appropriate. Please email [email protected] to object to processing.
12.1.3 TRANSFER OF PERSONAL INFORMATION OUTSIDE OF THE EU
Sontiq utilizes Standard Contractual Clauses for the transfer of information outside of the EU. This participation applies to all personal data that is received from EU residents. This personal data is also subject to this Privacy Notice.
12.1.4 REGISTERING A COMPLAINT
There may be times when you have a concern about the processing of your Personal Information. We ask that you please contact the Sontiq Privacy Officer at these times as detailed above.
If you remain dissatisfied, then you have the right to apply directly to the UK Data Protection Authority:
Information Commissioner’s Office
Telephone: +440303 123 1113
12.2 U.S. State Privacy
12.2.1 comprehensive state privacy laws
For information on the comprehensive state privacy laws, please see our U.S. Consumer Privacy page.
Please also note that Sontiq is now a TransUnion company. To exercise your consumer privacy rights for data processed by TransUnion, please click here.
In calendar year 2022, we received and responded to consumer requests as set forth in the table below.
|Request Type||Requests Received||Requests Completed||Requests Unverified/Denied*||Mean Days to Resolution|
|Opt-Out (Do Not Sell…)||789||789||0||22|
|Data Privacy Access Request/Right to Know||74||22||52||28|
* Requests may have been denied if the consumer’s information was not in, or could not be matched to a unique identity in our systems, we were unable to verify the consumer’s identity, or if an exception to compliance was applicable.
This data reflects requests received in 2022 from all individuals.