1Risk, LLC

Privacy Policy

Effective Date: March 11, 2020

Last Modified: March 11, 2020

1Risk, LLC (“we,” “us,” “our”) respects your privacy and takes the responsibility of protecting the personal information that you provide to us via our website (the “Services”) very seriously.

This Privacy Policy is intended to outline our practices regarding the collection, use, disclosure, and protection of information received from users of the Services, including users in the European Economic Area (“EEA”), users in Canada, and residents of the State of California (collectively, “you” or “user”). We adopt this Privacy Policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”), the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”), and the EU General Data Protection Regulation (“GDPR”). For the purposes of compliance with the GDPR, we are the “processor” of Personal Data (i.e., Personal Information) we receive from you.

We encourage you to carefully review this Privacy Policy to have a clearer understanding of our privacy practices. By accessing, downloading, or using the Services, you agree to this Privacy Policy. If you do not agree with our policies and practices, do not access, continue to access, or use our website.

For the purposes of this Privacy Policy, an identified or identifiable natural person in the EEA as set forth in the GDPR, and accessing the Services, will be referred to as a Data Subject.

Scope

The Privacy Policy applies to the Services provided via our website https://www.1risk.com, its subdomains, and all of the websites owned or operated by us, regardless of the medium in which the Services are accessed by a user (e.g., via a web or mobile browser).

Information We Collect

We collect several types of information from and about users of the Services.

Personal Information: We may collect Personal Information from you in order to provide you with the information or services you may request. “Personal Information” refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, household, or device. Personal Information is similarly defined within the GDPR and the CCPA. When you use and/or complete forms on the Services, we may collect Personal Information about you. The categories and types of Personal Information we may collect along with the purposes for which we use your Personal Information and what third parties we may share your Personal Information with include:

 

CategoryType(s)PurposesPotential Disclosures
A. IdentifiersSuch as your name, postal address, email address, date of birth, or other similar identifiers.– Delivery of Services
– Customer Services/User Communications
– Newsletters		– Business Partners
– Legal Obligations
– Sale or Acquisition
B. Other Statutorily
Defined Personal
Information		Such as your name, telephone number, or other similar identifiers– Delivery of Services
– Customer Services/User
– Communications		– Business Partners
– Legal Obligations
– Sale or Acquisition

Personal Information does not include: publicly available information from government records; deidentified or aggregate information; or certain personal information protected by other sector-specific federal or state statutes.

Children Under the Age of 16: The Services are not intended for children under 16 years of age. We do not market to and do not knowingly collect, disclose, or sell any Personal Information from, or about a child under the age of 16 without the consent of the child’s parent or legal guardian. If we discover that we have inadvertently collected information from a child under 16 years of age, we will promptly take all reasonable measures to delete such information from our systems.

How We Collect Information

We collect Personal Information (collectively, “Your Information”) from the following categories of sources:

Directly From You: We may collect Personal Information from you when you voluntarily provide Personal Information to us by, for example, completing forms or services and products you purchase.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you an updated Privacy Policy.

How We Use Your Information

We use Your Information for various business purposes to help enhance your experience. These purposes include, but are not limited to:

Delivery of Services: We may use Your Information to deliver our services, products, and features to you.

Customer Service and User Communications: We may use your Personal Information to help us respond to your inquiries, questions, requests and support needs more efficiently.

Newsletters: We may use your Personal Information to send you news and updates related to our services via our newsletter if you opt-in to receive the newsletter. You have the option to opt-out of receiving our newsletter.

How We Disclose Information

We may share and disclose Your Information for a business purpose or to fulfill legal obligations. When we disclose Personal Information for a business purpose, we enter a contract that describes the business purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. We may share and disclose Your Information in the following circumstances:

To Business Partners: Your Information may be shared with business partners that assist us in providing Services and communicating with individuals.

Law Enforcement, Safety, and Legal Processes: Your Information may be shared with law enforcement or other government officials if it relates to a criminal investigation or alleged criminal activity. We may also share Your Information if required or permitted to do so by law, for fraud protection and credit risk reduction purposes, or in the good-faith belief that such action is necessary to protect and defend our property rights or the rights of the users of the Services. We may further share Your Information to act under urgent circumstances to protect the safety of our employees or a member of the public, or to comply with a judicial proceeding, court order, or legal process.

In a Sale or Acquisition of Assets: If we become involved in a transaction involving the sale of our assets, such as a merger or acquisition, or if we are transferred to another company, we may disclose and/or transfer Your Information as part of the transaction. If the surviving entity in that transaction is not us, the surviving company may use Your Information pursuant to their own privacy policies, and those policies may be different from this Privacy Policy.

We may disclose the following categories of Personal Information for a business purpose: Identifiers and Other Statutorily Defined Personal Information categories.

Sale of Personal Information

We do not sell Personal Information to any third parties. We have not sold your Personal Information in the preceding twelve (12) months, and we will not sell your Personal Information in the future without providing you with notice and the opportunity to opt-out of such sale(s).

EEA Data Subject Rights and Choices

Under certain circumstances, Data Subjects from the EEA may have the following rights under the GDPR:

  • Right to access the Personal Information we maintain about you;
  • Right to be provided with information about how we process your Personal Information;
  • Right to correct your Personal Information;
  • Right to have your Personal Information erased;
  • Right to object to or restrict how we process your Personal Information; and
  • Right to request your Personal Information to be transferred to a third-party.

To exercise the above rights, please contact us at the information provided below. We will consider and process your request within a reasonable period of time. Please be aware that under certain circumstances, the GDPR may limit your exercise of these rights.

How to Withdraw Consent: At any time, Data Subjects from the EEA may withdraw consent you have provided to us for using, disclosing, or otherwise processing your Personal Information. You may withdraw your consent by communicating your request at the information provided below.

Please note that your withdrawal of consent to process certain Personal Information about you (1) may limit our ability to deliver services to you and (2) does not affect the lawfulness of our processing activities based on your consent before its withdrawal. Note that even after withdrawing consent, we may use, disclose, or otherwise process your Personal Information if required by law to do so.

How to File a Complaint: Additionally, Data Subjects from the EEA may file a complaint with EU data protection authorities (“DPAs”). A list of DPAs from the European Commission may be found here: http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061.

Canada Resident Rights and Choices

Under certain circumstances, Canadian residents may have specific rights regarding their Personal Information under the PIPEDA.

You have choices about how we use your Personal Information to communicate with you, and whether you want to update or remove your Personal Information. Please be aware that although you may have statutory rights to request access to, modification of, or erasure of your Personal Information, under certain circumstances, the PIPEDA may limit your exercise of these rights.

To the extent permitted by applicable law, we will honor any statutory right you may have to access, modify, or erase your Personal Information. Please contact us at the contact information provided below. We will attempt to address your request within thirty (30) days.

California Resident Rights and Choices

Under certain circumstances, California residents may have specific rights regarding their Personal Information. California residents have the following rights under the CCPA:

  • Right to Access Specific Information. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see “Exercising Your Rights” section), we will disclose to you:
    • The categories of personal information we collected about you;
    • The categories of sources for the personal information we collected about you;
    • Our business or commercial purpose for collecting that personal information;
    • The categories of third parties with whom we share that personal information;
    • The specific pieces of personal information we collected about you (also called a data portability request);
    • If we disclosed your personal information for a business purpose, a separate list disclosing disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • Right to Data Portability. You have the right to receive information you request in a portable and readily usable format that allows you to transmit the information to another entity without hindrance.
  • Right to Deletion. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see “Exercising Your Rights” section), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) pursuant to enumerated exceptions detailed in the CCPA and GDPR.
  • Right to be Free from Discrimination. You have the right to be free from discrimination for exercising your rights under the CCPA.

Exercising Your Rights Under the CCPA and GDPR

Verifiable Consumer Requests: To exercise your rights of access, data portability, and deletion described above, please submit a verifiable consumer request to us by either:

  • Visiting: https://www.1risk.com/contact/
  • Emailing us at: info@1risk.com
  • Contacting us at the mailing address provided below

Only you, or someone legally authorized to act on your behalf (an “Authorized Agent”), may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

You, or an Authorized Agent, may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: (1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and (2) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request if we cannot verify your identity or authority to make the request. Making a request does not require you to create an account with us.

Response Timing and Format: We endeavor to respond to verifiable consumer requests within forty-five (45) days of receipt. If we require more time, we may take up to an additional forty-five (45) days to respond. We will inform you of the reason for the extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at our option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with your request, if applicable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

International Data Transfers

For Data Subjects from the EEA, we may transfer your Personal Information outside the EEA for processing pursuant to the purposes outlined above. When you provide us Personal Information, you understand and agree that it may be transferred across national boundaries and processed outside the EEA, including by trusted third parties.

Additional California Privacy Rights

California’s “Shine the Light” law permits users of the Services that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us at the contact information provided below.

Data Security

The Services use commercially reasonable security measures to protect Your Information. However, no data transmitted over or accessible through the internet can be guaranteed to be 100% secure. As a result, while we attempt to protect Your Information, we cannot ensure or warrant that Your Information will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network.

Modifications

We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

External Links

The Services may contain links to other websites. We do not endorse or make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available on external websites, even if one or more pages of the external websites are framed within a page of the Services. Please be aware that we are not responsible for the privacy practices or policies of such other websites.

Accessing and Updating Information

If you ever wish to access Your Information or have Your Information deleted, updated, changed, or modified, you may do so by contacting us at the contact information provided below. Further, if you would like to opt-out of receiving direct marketing communications from us, you may do so by following any instructions included in the communication or by contacting us at the contact information provided below. To cancel your account and have your information returned to you, please contact us at the contact information provided below. We will make commercially reasonable efforts to handle requests to update or modify Your Information within thirty (30) days.

Contact Information

If you would like to contact us with questions or comments concerning the accuracy and/or privacy of Your Information, or if you believe that we have not adhered to this Privacy Policy, please notify us by contacting the following:

Attn: Data Compliance Department
1RISK, LLC
Address: PO Box 264
Fairfield, PA 17320
https://www.1risk.com/contact/
info@1risk.com
(717) 296-1646

We welcome your questions and comments.