Commitment to Data Protection

The General Data Protection Regulation (GDPR) is a European Union legislation to strengthen and unify data protection laws for all individuals within the European Union. The regulation became valid and enforceable on May 25, 2018.

We are also subject to the California Consumer Privacy Act of 2018 (CCPA).

We are a US-based and owned business, and we are fully committed to being compliant with data privacy laws.

This page outlines our commitment to complying with GDPR and CCPA and upholding our users’ privacy and the privacy of the data they transmit to us. As best practices for implementing GDPR and CCPA evolve, we will make changes to this statement and our product accordingly.

GDPR makes a distinction between “data controllers” and “data processors.” RecordMatch is considered a “data controller” concerning your account details and behavior on our website (such as your email address). We are a “data processor” with regards to the data you upload to our service (such as an API request or a file upload). Under CCPA, we are a Data Recipient, and you are a Data Provider. It is essential to understand these distinctions so you can be better informed of your rights and the rights of the people whose data you transmit.

GDPR-Compliant Products

As a data controller, when it comes to your account details, our service is GDPR-compliant by default, even for non-EU users.

Note this only applies to your account details, such as your email address, physical address, and consent to receive product updates. It does not cover data you upload to RecordMatch, such as data about your customers. That is included below under “RecordMatch as a data processor.”

If you want to upload data for EU persons, GDPR requires that we have a signed Data Processing Agreement with each other. Users who need a signed Data Processing Agreement (available as needed). All users transmitting data about EU persons are required to have this agreement. That is, if you’d like to upload a file or use our API with data about EU persons, you must have a Data Processing Agreement with us.  You can end this agreement at any time.

RecordMatch as a data controller: Your account details

Your website activity

We use several third-party vendors to help us improve our customer experience. We have signed Data Processing Agreements with all of our vendors. These vendors are: Google Analytics (anonymized visit and traffic tracking).

We have authorized these vendor collect several different kinds of data about our users, including:

• Website visits and behavior

The frequency at which this data is deleted:

• Google Analytics: All collected user data is automatically deleted after 14 months (the minimum duration), and data is anonymized

We use cookies on our website to signal your logged-in status and track behavior on our website.

We do not engage in psychographic profiling.

In compliance with the CCPA, we do not (i) retain, use or disclose any Personal Information for any purpose other than for the specific purpose of providing services to our customers; and (ii) sell (as such term is defined under the CCPA) any Personal Information.

We may use your usage history to send you relevant messages and improve our application.

You can delete your account at any time by contacting us or using the control center. You can delete any spreadsheet upload at any time by contacting us or using the control center.

When you sign up, we ask for your email address, your country, whether you are an EU citizen, whether you are transmitting any data about EU persons, whether you are over the age of 16, and whether all personal data is for persons over the age of 16. We store this data to ensure GDPR compliance.

When you register, we store your IP address so we can prevent abuse from people attempting to register multiple accounts.

Our user database is encrypted and regularly backed up to Amazon Web Services. Our website is hosted on Amazon Web Services.

We have no known breaches in our past.

Your financial information

We do not retain financial information.

RecordMatch as a data processor

We take data protection seriously and safeguard the data you transmit to us.

In compliance with the CCPA, we do not sell, share, or otherwise distribute data uploaded by customers.

Our API and spreadsheet upload tool are hosted on leased servers from (TBD) and are physically located in (TBD). API requests are logged, and we occasionally analyze the logs as part of ongoing improvements or for billing purposes. Contact us to have a completely unlogged account.

For the privacy of those whose data you are transmitting, we encourage you to only transmit location data through our services and to remove any information that is not related to location.

Under no circumstances can sensitive data for EU persons be transmitted to RecordMatch. This includes the following categories under Articles 9 and 10 of GDPR:

• racial or ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• genetic data
• biometric data to uniquely identify a natural person,
• data concerning health or
• data concerning a natural person’s sex life
• sexual orientation
• criminal convictions and offenses or related security measures

You can delete your account at any time through the control center, which will delete all account-related data except for that which we need to retain for accounting and tax compliance purposes.

Contact

If you have any questions, please email us at [email protected].