Privacy Policy

Privacy Policy

This Privacy Policy was last updated: 11 March 2024


This Privacy Policy details certain policies implemented throughout Evidencity, Inc. (“Evidencity”) governing Evidencity’s collection and use of personal data about users of our Evidencity data marketplace service that allows you to purchase access to offline documents, records and reports from various countries at the URL www.evidencity.com (“Site”).

Collectively, the Site and the services provided through the Site are referred to as the “Services”.


Evidencity complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Evidencity has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Evidencity has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.


Evidencity is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Information Collection

You may browse our Site without providing us with any personal data.


In order to register for an account on our Site and to use our Services, we require you to submit your personal data to us. When you register for an account on our Site and to use our Services, you are required to provide us with personal data such as your first name, last name, password, email address, phone number, business address, username, and password.

If you use our Services, you may place online orders. In conjunction with your use of the Services, we will collect information about your online orders and related public documents and information that you order. We store a record of the public documents you ordered in our databases but with no identification as to which individual requested such documents (e.g. they are identified by a numerical order number only). Thus, we collect the personal data in any record that you have ordered.


When you make a purchase through the Services, you will be required to submit a credit card or ACH information for billing purposes. Our third party payment processor will process your payment.


Providers, clients and the Evidencity case manager for an order may correspond with each other through the Services regarding the order. The Evidencity case manager monitors and approves such messages prior to any messages are viewed by the provider and/or client, as applicable. These messages are not publicly viewable through the Services. We will collect any personal data that you include in these messages. If you are a provider, the client receiving the message will view any personal data that you include in an approved message. If you are a client, the provider receiving the message will view any personal data that you include in an approved message.


If you contact us, we will collect any personal data that you include in your communications to us.

Information Use

We use your personal data for the following purposes and rely on the following lawful bases to process your personal data:

  • Where we need to perform the contract we are about to enter into or have entered into with you. For example, when you make a purchase through our Services, that’s a contract.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, when we send you notices about updates to our Services, when we collect public documents containing personal data for our customers and to carry out fraud screening.
  • Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
  • Where we have your consent such as for certain cookies. Where our legal basis is consent, you have the right to withdraw consent any time.


Specifically, we use your personal data to:

  • deliver you our Services and information, records, documents and reports you have requested
  • provide you with support
  • detect fraud, illegal activities or security breaches
  • provide notices regarding items or services you have purchase or that you may wish to purchase and for targeted marketing
  • verify your authority to enter certain password protected areas of the Services
  • improve the content and general administration of our Services


If you are a user of our Services, we store a record of the public documents you ordered in our databases but with no identification as to which individual requested such documents (e.g. they are identified by a numerical order number only) and you may contact us in relation to a particular order by referring to the order number.

Cookies and Online Tracking

We use small text files called cookies to improve overall experience on the Site. A cookie is a piece of data stored on the user's hard drive containing information about the user. Cookies generally do not permit us to personally identify you. We generally use session cookies to authorize each request to use the Site and such cookies expire when you exit the Site.

Evidencity does not track users over time or over multiple websites. Evidencity does respond to browser do not track signals.


Children's Privacy

Evidencity recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children's online activities and interests. The Site and Services are not directed to children under the age of 16. Evidencity does not target its Services to children under 16. Evidencity does not knowingly collect personal data from children under the age of 16. If we learn that a child under the age of 16 provided us with personal data, we will delete that information. If your child has provided personal data, please contact us so we can delete it. If you are under the age of 16, please do not provide us with any personal data.


Disclosure

We provide your personal data and the data generated by cookies and the aggregate information as follows.


We provide your personal data to the vendors and service agencies that we engage to assist us in providing our services to you. For example, we may use a third party payment processor, to process payments for our Services. Such third party entities are obligated to use your personal data solely to provide the services to us.


We will disclose your personal data if we reasonably believe we are required to do so by law, regulation or other government authority or to assist in any governmental or law enforcement investigation, to protect our or our users' rights or to enforce our terms of use.


We will not sell your personal data to any company or organization except we may transfer your personal data in conjunction with a transaction such as a financing or to a successor entity upon a merger, consolidation or other corporate reorganization in which Evidencity participates or to a purchaser of all or substantially all of Evidencity’ assets to which the Services relate or in the event of a bankruptcy or related or similar proceedings.


Evidencity’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Evidencity remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Evidencity proves that it is not responsible for the event giving rise to the damage.


Security

We employ procedural and technological measures that are reasonably designed to help protect your personal data from loss, unauthorized access, disclosure, alteration or destruction. Evidencity uses secure socket layer, firewalls, password protection and other security measures and policies to help prevent unauthorized access to your personal data.


Data Retention

We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.


To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.


By law we have to keep basic information about our customers, such as payment data, generally for seven years after they stop being customers for tax purposes. Please note that we may retain information that is otherwise deleted in anonymized and aggregated form, in archived or backup copies as required pursuant to records retention obligations, or otherwise as required by law.


In some circumstances you can ask us to delete your data; see Updating and Deleting Personal Data and Your Rights below for further information.


Privacy Policy Updates

Evidencity may need to update this Privacy Policy from time to time. If so, Evidencity will post its updated Privacy Policy on our Site and Services along with a change notice. Evidencity may also send registered users of our Services a notice that this Privacy Policy has been changed. Evidencity encourages you to review this Privacy Policy regularly for any changes. Your continued use of the Site and/or Services and/or continued provision of personal data to us after the posting of such notice will be subject to the terms of the then-current Privacy Policy.


Updating and Deleting Personal Data

Evidencity provides you with the ability to review, update and/or delete certain contact information that you provide to us by accessing your account. Your right to access your personal data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or when the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have. If you are located in the European Union, you have other rights as set forth in the Your Rights Section below.


Notice to Users Outside of the United States

While Evidencity is an international business, we operate primarily in the United States, and as a result regardless of where you use our Services or otherwise provide information to us, the information we collect may be transferred to and maintained on servers located in the United States. The laws, regulations and standards of the country in which this information is stored may be different from your own country. The European Union's General Data Protection Regulation (“GDPR”) allows for transfer of personal data from the European Union to a third country in certain situations. By consenting and agreeing to the terms of use and this Privacy Policy, you agree to the transfer of all such information to the United States of America which may not offer an equivalent level of protection to that required in other countries, particularly the European Union, and to the processing of that information by Evidencity on servers located in the United States of America as described in this Privacy Policy. We also comply with the EU-US and Swiss-US Data Privacy Frameworks. In our discretion, we may adopt other means, such as entering into data processing agreements that include the EU Standard Contractual Clauses or enter into different certification programs under applicable law for ensuring adequate safeguards. If you wish to execute a data processing agreement with us, please contact us.


Your Rights

If the General Data Protection Regulation applies to you because you are in the European Union, you have rights under data protection laws in relation to your personal data:

  • The right to be informed – that’s an obligation on us to inform you how we use your personal data (and that’s what we’re doing that in this Privacy Policy);
  • The right of access – that’s a right to make what’s known as a ‘data subject access request’ for copy of the personal data we hold about you;
  • The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate;
  • The right to erasure – that’s also known as the ‘right to be forgotten’ where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
  • The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
  • The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
  • The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
  • Rights in relation to automated decision making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision making.


These rights are subject to certain rules around when you can exercise them.


If you wish to exercise any of the rights set out above, please contact us at privacy@evidencity.com.


You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.


Access Statement

Pursuant to the Data Privacy Frameworks, EU, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to privacy@evidencity.com. If requested to remove data, we will respond within a reasonable timeframe. 


Choice Statement

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@evidencity.com


Complaints

In compliance with the Data Privacy Framework Principles, Evidencity commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European Union and Swiss individuals with DPF inquiries or complaints should first contact Evidencity by email at privacy@evidencity.com

 

Evidencity has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you. 


If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.

See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf


Questions

If you have any questions regarding this Privacy Policy including any requests to exercise your legal rights, please contact us via email at privacy@evidencity.com.

Share by: