Date last updated: 2022-01-01
RIV DATA CORP. d/b/a Carpe Data (“Carpe Data”).
- Scope and Applicability
- What is personal information?
- What personal information does Carpe Data collect and from what sources?
- How do we use the personal information we collect?
- What personal information does Carpe Data disclose or sell to others?
- Exercising your rights
- If you are a California resident
- Children’s Privacy
- Transferring Personal Data from the EEA, the UK and Switzerland to the US
- Data Retention and Security
- Third Party Services, Applications and Websites
Scope and Applicability
What is Personal Information?
When we speak of “personal information”, we are referring to the type of information that can be used to identify a person or a household or that can be reasonably associated with a person or household. Data protection laws sometimes refer to personal information as “personally identifiable information” or “personal data”.
What Personal Information Does Carpe Data Collect and From What Sources?
When you browse our corporate website
When individuals browse the Site, they may choose to provide us with personal information in order to request information about our products and services, to submit questions about the company, to request inclusion on our mailing list, or to inquire about employment opportunities. During the prior twelve months, the categories of personal information that we collected from individuals when they browsed our website and that we continue to collect from visitors today, include the following:
|Data Category||Data Elements Collected|
First and last name|
Business email address|
Business phone number
Name of the organization with which you are associated
|Employment Information||Information included on your resume information and employment application information|
|Other personal information that the individual may voluntarily provide to us in an online form||We recommend that you be cautious about the type of information you include in web forms. Avoid including non-public personal information.|
When you interact with us at an Event
Carpe Data hosts and attends Events throughout the year (both in person and virtual). These include conferences for our customers and prospects as well as industry events such as trade shows. During the prior twelve months, the categories of personal information that we collected from individuals at Events included the following:
|Data Categories||Data Elements Collected|
First and last name|
Business email address|
Business phone number
Name of the organization with which you are associated
|Biometric Information||Voice or video recording|
We use the information collected in this context to manage our relationship with you for purposes such as: (a) communicating about an Event you attended or one that is upcoming; (b) following up with you regarding your interest in the company and our products; (c) recording your attendance at Events; and (d) informing you of company news. We may capture video and sound recordings of an Event for purpose of playbacks and marketing future Events.
Personal information collected via automated tools
Personal information collected from third parties
Carpe Data collects personal information from third party data sources for purposes of fulfilling our client’s requests. Third party data sources may include consumer data resellers, social networks, social media websites. During the prior twelve months, the categories of personal information that we collected from third party data sources and that we continue to collect from such sources today include the following:
|Data Category||Data Elements Collected|
|Personal Identifiers||first and last name, address, business e-mail address, telephone number, date of birth|
|Professional Information||professional information (e.g., the name of the organization with which the individual is associated and their job title; professional skills|
|Other information||Publicly available web data, publicly available social media data, email activity, interests, cell phone details|
Personal information collected from clients
About others: When Carpe Data’s clients use our Products, they provide Carpe Data with personal information about the client’s insureds and about third party insurance claimants. During the prior twelve months, the categories of personal information that we collected from our clients about others when they used our Products and that we continue to collect from clients today include the following:
|Data Category||Data Elements Collected|
|Personal Identifiers||first and last name, address, e-mail address, telephone number,|
|Professional Information||professional information (e.g., the name of the organization with which the individual is associated and their job title; evaluations of presenter performance|
|Other Sensitive Information||Information about injuries sustained by an insurance claimant.|
Dates of birth
|Commercial Information||Internet links that indicate websites visited, including retail outlets and other vendors|
About themselves: Our clients can access our Products in various methods: (a) via our client portal and (b) via API. Carpe Data collects personal information from clients when they use our Products. A client’s use of our solutions and our obligations with respect to such solutions is governed by a written agreement between RIV DATA CORP and the client. During the prior twelve months, the categories of personal information that we collected from our clients and their authorized users about such authorized users and that we continue to collect today include the following:
|Data Category||Data Elements Collected|
|Personal Identifiers||first and last name, address, business e-mail address, telephone number, login code and password|
|Professional Information||professional information (e.g., the name of the organization with which the individual is associated and their job title)|
|Protected Class Characteristics||Information about injury sustained by an insurance claimant.|
Dates of birth
|Commercial information||Internet links that indicate websites visited, including retail outlets and other vendors|
How Do We Use the Personal Information We Collect?
Personal Information collected through our Site
Carpe Data uses the personal information collected from individuals when they browse our Site for the following purposes: (a) to contact prospective clients and others who request that we contact them; (b) to respond to questions, concerns, and comments submitted to us by individuals; (c) to send our newsletter and other information to individuals who indicate an interest; (d) to better understand the needs, concerns, and interests of users of the website so that we can operate optimally as a business; (e) to comply with applicable laws or regulations; (f) to identify usage trends and develop data analysis, including for purposes of audit, reporting and other business operations, and; (g) to protect our legitimate business interests and legal rights.
Use of personal information collected when clients use our Products
Carpe Data uses the personal information collected from clients via our Products for the following purposes: (a) to establish and manage the client’s account; (b) to fulfill client requests for services; (c) to provide technical, product and other support and to help keep the Products operational and secure; (d) to enhance and improve the Products; (e) to respond to client requests, questions and concerns; (f) to inform clients of modification and updates to the Products and to communicate other announcements about Carpe Data and our Products; (g) to invite clients to participate in user testing and surveys; (h) to identify usage trends and develop data analysis, including for purposes of audit, reporting and other business operations, and; (i) to comply with legal obligations, resolve disputes and enforce our agreements.
Use of personal information collected from other third parties
Carpe Data uses the personal information collected from third party data sources (other than our clients) for the following purposes: (a) to fulfill client requests for information via our Products; (b) to create attributes designed to inform insurance decisions ; (c) to develop profiles of businesses and consumers for use by our clients in the context of commercial insurance underwriting and insurance claims processing; (d) to validate other personal information that we collect about consumers;
What Personal Information Does Carpe Data Disclose or Sell to Others?
Sale of Personal Information
Carpe Data’s services involve the sale of information, including personal information, to its clients in response to a client request. Carpe Data’s clients are insurance companies who request information from Carpe Data in order to underwrite commercial insurance policies and to investigate insurance claims. Upon receipt of a client request, Carpe Data uses the information provided to us by our client in order to search for relevant information about the business or individual inquired upon. Carpe Data will search for such information on Internet websites (including social media sites). Carpe Data will also request relevant information from its third party data sources. The searches that Carpe Data conducts may involve the disclosure of personal information to the entities with whom we conduct the search.
Once Carpe Data collects and compiles the information responsive to a client’s request, Carpe Data returns the information to the requesting client and the client pays for the information returned. In addition, Carpe Data may generate scores (or inferences) about individual consumers. These scores are derived from publicly available website data and other third party data and are indicative of a claimant’s eligibility for fast-tracked claims processing.
Carpe Data does not otherwise sell personal information.
Disclosure of Personal Information
Carpe Data may also disclose personal information as necessary or appropriate in connection with any of the purposes for which we use personal information as described above in “How Do We Use the Personal Information We Collect”. For instance, Carpe Data discloses personal information to third party service providers that help host or support our Site, to house our databases, analyze website traffic or otherwise provide technical assistance, to court researchers, third party data sources and other service vendors. Carpe Data transfers to these service providers only the personal information they need to fulfill the service requested by Carpe Data. Carpe Data prohibits its service providers from using that information for any other purpose. Carpe Data requires that these parties maintain commercially reasonable measures to protect the confidentiality of personal information.
Carpe Data may also disclose personal information for any of the following purposes: (i) to investigate, prevent or take action regarding actual or suspected illegal activities or fraud, situations involving potential threats to the physical safety of any person, or violations of Carpe Data’s online “Terms”; (ii) to respond to or defend against subpoenas, court orders, or other legal process; (iii) to establish or exercise Carpe Data’s legal rights; or (iv) to otherwise comply with applicable law.
Exercising Your Rights
You may have certain rights in connection with the personal information that Carpe Data obtains about you including the right to:
- Request access to your personal information along with information about how we use your personal information and with whom we share it;
- Request that we update, correct or amend personal information where it is inaccurate or incomplete;
- Request that we erase, restrict use of, or otherwise object to the processing of personal information in cases including, but not limited to, where you believe it is no longer necessary for us to retain information, where you wish to withdraw your consent to our processing your information, where you believe information is being unlawfully processed, or where you object to us processing based on legitimate interests; and
- Exercise your right to data portability to request a copy of your data in a structured, machine readable format and to ask us to transfer this information to another entity.
To help protect your privacy and maintain security, we must verify your identity before granting you access to your personal information. We may decline your access request, but if we do, we will provide an explanation for our decision. We will consider all such requests and provide our response within a reasonable period (and in any event within the time period required by applicable law). Please note, however, that certain personal information may be exempt from such requests (for example, if we need to retain the information to comply with our own legal obligations or to establish, exercise or defend legal claims.) If an exception applies, we will inform you when responding to your request.
Right to review and update your personal information: Carpe Data strives to protect the quality and integrity of your personal information. If you have provided your personal information to Carpe Data while browsing Carpe Data’s Site at an Event, or otherwise and wish to update such personal information, please e-mail us at firstname.lastname@example.org.
If you are a Carpe Data client with a registered account, you may review (and update) your account information by logging into your account.
Right to unsubscribe: If you wish to unsubscribe from any of our newsletters or other communications for which you have registered, you may e-mail us at email@example.com.
If you are a California resident
California law grants California residents the following rights:
- Right to Know About Personal Information Collected, Used, Disclosed or Sold: California law grants its residents a right to request, twice in each 12-month period, that Carpe Data disclose the personal information we collect, use, disclose and sell.
- Right to Request Deletion: California law grants its residents a right to request the deletion of their personal information that Carpe Data has collected. The right to request deletion is not absolute; the law allows businesses to keep personal information for certain purposes. Carpe Data collects personal information directly from consumers as described in the Section titled “What Information Does Carpe Data Collect and From What Sources.”
- Right to Opt-out of the Sale of Personal Information: California law grants its residents the right to direct a business that sells personal information (or that might sell such information in the future) to third parties to stop selling such information (and to refrain from doing so in the future).
- Right Non-Discrimination: California law prohibits Carpe Data from discriminating against you based on your exercise of the privacy rights conferred upon you by California law and described herein.
- Right to Authorized Agent: California law allows you to designate an agent to make a “request to know”, “request to delete”, and “request to opt-out” on your behalf. To have an authorized agent submit a request to know or to delete on your behalf, you must provide Carpe Data with written permission allowing the authorized agent to make the request unless the authorized agent is acting with a Power of Attorney under the Probate Code. Please note, the authorized agent will be required to verify his/her/its identity.
If you wish to submit a request to invoke one of the above rights, please provide your name, address, phone number and any other identifiers that you think will help us to verify your identity via email or phone to:
- Email: RightToKnow@carpe.io
- Phone: 877-342-2773
Practices During the Last Twelve Months
During the prior twelve months, Carpe Data collected the categories of personal information about consumers from the various sources listed above in the Section “What Personal Information Does Carpe Data Collect and From What Sources.” Each of these categories of personal information was collected for the purposes described in “How We Use the Personal Information We Collect” and, during the prior twelve months, may have been disclosed and/or sold in accordance with, and to the categories of entities set forth in, “What Information Does Carpe Data Disclose and Sell to Others.”
Private Right of Action in the Event of a Security Incident
In addition to the above, the California law affords all California residents a private right of action if his/her/its nonencrypted and nonredacted personal information (as defined below) is accessed and exfiltrated, stolen or disclosed as the result of a business’ failure to implement and maintain reasonable security procedures and practices appropriate to the nature of the personal information.
- Personal Information subject to this private right of action: An individual’s first name or first initial and the individual’s last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted:
- (i) Social security number
- (ii) Driver’s license number, California ID card number, tax ID number, passport number, military ID number, or other unique ID number issued on a government document commonly used to verify the identity of a specific individual
- (iii) Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account
- (iv) Medical information
- (v) Health insurance information
- (vi) Unique biometric data generated from measurements or technical analysis of human body characteristics, such as a fingerprint, retina, or iris image, used to authenticate a specific individual. Unique biometric data does not include a physical or digital photograph, unless used or stored for facial recognition purpose.
This Site and our Products are not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Site. Carpe Data does not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Site or provide any information about yourself to us, including your name, address, telephone number, email address, any screen name or user name you may use. If Carpe Data learns we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe Carpe Data might have any information from or about a child under 16, please contact us via the contact methods outlined below.
What Are Cookies?
- Duration. Cookies can be “persistent” or “session” based. Persistent cookies remain on your computer after your browser is closed. Session cookies are deleted automatically once your browser is closed.
- Category. First party cookies are served directly by Carpe Data to your computer or device.
Third-party cookies are served by a third party on our behalf.
Other Tracking Technologies
We also use technologies that are similar to cookies, such as tags. Tags are small portions of code that we use on our Site to learn whether you have clicked on certain web content. We also use web beacons, which are clear gifs in our HTML-based emails to let us know which emails have been opened by the recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.
Our Site may use locally stored objects (“LSOs”) to provide certain content, such as video on demand, video clips, or animation, and a better user experience. Adobe’s Flash player and similar applications use this technology to remember settings, preferences, and usage similar to browser cookies. Flash cookies are not managed through your web browser, but you can access your Flash management tools by visiting Adobe’s web site. Your browser may also offer other tools to delete or reject other LSOs; please check your browser’s settings or help menu for more information.
- Strictly necessary cookies — These cookies are essential for a visitor to browse our Site and use its features. These cookies are generally first-party cookies and are session-based.
- Preference cookies — These cookies are also known as “functionality cookies.” Carpe Data may use preference cookies at times to allow our Site to remember choices you have made in the past.
- Statistics cookies — These cookies are also known as “performance cookies.” They collect information about how you use our Site, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. The sole purpose of these cookies is to improve Site functions.
- Marketing cookies — These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always third-party cookies. Examples of third parties that place marketing cookies on our Site include: Hubspot and LinkedIn. You can review the privacy practices of each of those entities on their own Web sites.
|Google Analytics||Gathers intelligence and provides analysis of Site traffic||https://support.google.com/analytics/answer/4597324|
|Hubspot||Monitors Site traffic||https://legal.hubspot.com/product-privacy-policy|
Our Sites uses Google Analytics to analyze traffic. You can find out more information about Google Analytics cookies by visiting the Google Analytics Affiliate’s Cookie Usage site: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage. To opt out of Google Analytics relating to your use of our Sites, you can download and install the Browser Plugin available by going to the Google Analytics Opt-out Browser add-on page: https://tools.google.com/dlpage/gaoptout?hl=en.
Using Your Browser: Many of the cookies used on our Site can be enabled or disabled through your browser. To disable cookies through your browser, follow the instructions usually located within the “Help,” “Tools” or “Edit” menus in your browser. Please note that disabling a cookie or category of cookies does not delete the cookie from your browser unless manually completed through your browser function. Please note that blocking cookies or similar technology might prevent you from accessing some of our Site features.
Cookies that Have Been Set in the Past
Data that we have collected from our analytics cookies can be deleted. If cookies are deleted, the information collected prior to the preference change may still be used, however, we will stop using the disabled cookie to collect any further information from your user experience.
To learn more about the choices that advertisers generally provide individuals to influence how information is collected and used about their online activities over time and across third-party websites or online services, visit the Network Advertising Initiative at https://www.networkadvertising.org/managing/opt_out.asp, the Digital Advertising Alliance at https://www.aboutads.info/ (for the United States program), the Digital Advertising Alliance of Canada at www.youradchoices.ca (for the Canadian program) and/or or the European Digital Advertising Alliance at https://youronlinechoices.eu.
We do not currently take actions to respond to Do Not Track signals because a uniform technological standard has not yet been developed.
To find out more about cookies, including how to see what cookies have been set and how to block and delete cookies, please visit https://www.aboutcookies.org.
Data Retention and Security
Carpe Data retains personal information submitted to us by our clients for the duration of a client’s business relationship with us and for a period of time thereafter to allow clients to recover accounts if they decide to renew, to analyze the data for Carpe Data’s own operations, and for historical and archiving purposes.
For more information on where and how long your personal information is stored, and for more information on your rights of erasure and portability, please contact Carpe Data’s data protection officer at firstname.lastname@example.org.
Carpe Data is committed to protecting the personal information that Carpe Data receives about consumers. While we cannot guarantee the security of that information, we utilize a combination of online and offline security technologies, physical and administrative controls to help safeguard consumer information against loss, misuse, and unauthorized access, disclosure, alteration and destruction.
We employ Secure Socket Layer (SSL) data encryption when data is transmitted over the Internet to our website. We have installed layered firewalls and other security technologies to help prevent unauthorized access to our systems. Strong password protection protocols are used on our computers, and employees are kept up-to-date on our security and privacy policies. The servers used to store consumer information are maintained in a secure environment with appropriate security measures.
Transferring personal data from the EEA, the UK and Switzerland to the US
Carpe Data has its headquarters in the United States and an office in Lisbon, Portugal. Information we collect via our Site will be processed in the United States. Information we collect from our clients in the EEA, the UK and Switzerland (the “Restrictive Countries”) is processed and stored in a Restricted Country.
The United States has not received a finding of “adequacy” from the Restricted Countries under Article 45 of the GDPR or their state law. If you use or visit our Site from outside the United States or, if you provide personal information to us at an Event and you are a citizen of other than the United States, you consent to the collection and/or processing in the United States of Information we collect from you. We may also rely on standard contractual clauses approved by the European Commission or other relevant governmental authority when we transfer personal information from territories in a Restricted Country to the United States,. EEA and UK residents and other eligible individuals may request a copy of the standard contractual clauses relevant to their personal information, if any, using the contact information below.
Lawful Bases For Processing
European data protection law requires organizations like ours to indicate a lawful basis to process personal information derived from a Restrictive Country. Carpe Data generally relies on the “legitimate interest” basis for processing personal information that we collect on this Site and at Events from Restrictive Countries. We have an interest in ensuring that we fulfill requests submitted to us by interested individuals and in optimizing an individual’s experience when visiting our Site. We also have a commercial interest in gathering information about prospective clients and providing them with commercial information. When we rely on legitimate interest, we consider our interests and yours in light of the type of information processed and the necessity thereof. There may be times when you provide us with explicit consent to process your personal information. We may also process data when required to comply with an obligation imposed by the law of a Restrictive Country.
Persons Providing Personal Information In or From Restrictive Countries
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
- Right of Access: You have the right to ask us for copies of your personal information. This right always applies. The law provides for some exemptions, which means you may not always receive all the information we process.
- Right to Rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
- Right to Erasure: You have the right to ask us to erase your personal information in certain circumstances.
- Right to Restrict Processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
- Right to Object to Processing: You generally have the right to object to our processing of your personal information;
- Right to Data Portability: This only applies to information you have given us and that is held electronically. You have the right to ask that we transfer this information from Carpe Data to another organization, or give it to you.
Please contact us at email@example.com if you wish to make a request. You are not required to pay any charge for exercising your rights. We have one month to respond to you.
Individuals may also contact the relevant supervisory authority with a complaint related to our handling of their personal information. However, we invite you to give us a chance to resolve the situation directly with you. Your privacy is important to us, and we will do our best to address any concerns.
Third Party Services, Applications and Web Sites
Attention: Mike Nichols
735 State Street
Santa Barbara, California 93101
For citizens of Restrictive Countries, feel free to contact our Data Protection Officer, Mike Nichols, at DataProtectionOfficer@carpe.io