Log InRequest a Demo

Privacy Notice

Effective Date: March 18, 2022

Who is Demyst Data?

Demyst Data Limited and its affiliated companies (together “Demyst Data,” “we,” and “us”) provide the Demyst Data platform and data libraries (collectively referred to herein as the “Platform”), a Software as a Service solution that enables organizations to solve business problems through the use of better data and a best in class infrastructure.

Demyst Data takes the private nature of the Personal Information (defined below) we collect seriously, and we are committed to protecting it. Therefore, we have in place controls and procedures designed to ensure that such information is managed responsibly and in accordance with applicable data protection and privacy laws (collectively, “Privacy Laws”).

This Privacy Notice applies to Demyst Data’s practices where we function as a data controller (or equivalent role as described under the various Privacy Laws in our regions of operations). It describes the categories of Personal Information that we collect and the sources of such information, how we use that Personal Information, to whom Personal Information is disclosed and sold and for what purposes, and the rights you have with respect to your Personal Information.

This Privacy Notice does not apply where Demyst Data processes Personal Information as a service provider (or in an equivalent role under the various Privacy Laws, such as data processor) on behalf of a customer (e.g., information submitted to us by our customers via API when using the Platform.). When we function as a service provider, the privacy statement of the relevant customer and our agreements with such customers will govern our processing of such Personal Information.

Scope of Privacy Notice

This Privacy Notice addresses our Personal Information processing practices as it relates to: (a) our corporate website; (b) operation of the Platform; (c) other direct interactions with individuals/corporate entities, and (d) data that we collect from third parties and provide to our customers through the Platform.

Personal Information

For purposes of this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Information includes information referred to as “personal data,” “personal information,” “personally identifiable information” and such similar references as codified in applicable Privacy Laws.

The Platform

Demyst Data’s Platform is a technology that, through a single connection, enables our customers to leverage, integrate, analyze and act upon large data sets acquired from disparate sources. Demyst Data enters into contracts with third party data sources and provides access to the data obtained from these sources (both publicly available data and non-publicly available) for use by our customers. Other times, we function as a service provider for customers who contract directly with third party data sources and use the Platform for hosting and processing. Most of the information we collect from third party data sources pertains to businesses and persons associated with such businesses (e.g., an officer, employee, contractor.) Our customers utilize the data processed through our Platform to make decisions regarding businesses, not individual consumers.

Under most U.S. Privacy Laws, the information described in the foregoing paragraph is not considered “Personal Information.” However, certain jurisdictions (e.g., California) and jurisdictions outside the U.S. (e.g., the European Union), do consider such information to be “Personal Information,” with certain exceptions. As a result, we consider information about an individual, in their professional capacity, to be Personal Information for purposes of this Privacy Notice. Note, however, that your rights with respect to Personal Information are determined by the Privacy Law of the jurisdiction in which you reside.

How We Collect and Use Personal Information

We collect Personal Information in a number of ways: (1) from customers in connection with the establishment of an account with Demyst Data and our interactions with such customers; (2) from visitors to our corporate website; (3) from vendors, customers and other individuals with whom we interact in person, over the telephone, via email and other means of communication, and; (4) from third party data sources. The table below sets forth the categories of Personal Information we collect, the sources of such information and the purpose for collection.

Category of Personal Information Collected Source of Personal Information Purpose for Collection
Personal Identifiers: Examples include, name, postal address, IP address, and email address Customers who execute contracts with Demyst Data and their authorized Platform users:

  1. Auditing interactions and transactions;

  2. Detecting security incidents, protecting against malicious, deceptive fraudulent or illegal activity;

  3. Short-term, transient internal use;

  4. Performing services for customers, maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments;

  5. Internal research for technological development;

  6. to respond to or defend against subpoenas, court orders, or other legal process;

  7. to establish or exercise our legal rights;

  8. to otherwise comply with applicable law.

  9. To respond to inquiries and requests you have;

  10. To send you our newsletter and to inform you about our products and services;

  11. To communicate with you regarding events we host;

  12. To request feedback regarding your experience with the business.

  13. For bug and performance tracking and to optimize website and Platform performance.
Website visitors

  1. Auditing interactions and transactions;

  2. Detecting security incidents, protecting against malicious, deceptive fraudulent or illegal activity;

  3. Short-term, transient internal use;

  4. Performing services for customers, maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments;

  5. Internal research for technological development;

  6. to respond to or defend against subpoenas, court orders, or other legal process;

  7. to establish or exercise our legal rights;

  8. to otherwise comply with applicable law.

  9. To respond to inquiries and requests you have;

  10. To fulfill a data subject access request or other right afforded by Privacy Law;

  11. To send you our newsletter and to inform you about our products and services;

  12. To communicate with you regarding events we host;

  13. To request feedback regarding your experience with the business.

  14. For bug and performance tracking and to optimize website performance.

  15. For advertising and analytics. Demyst Data uses advertising networks and other providers to display or to manage our advertising on other websites. Our advertising partners may place cookies on unaffiliated websites in order to serve advertisements that may be relevant to you based on your browsing activities and interests and determine the effectiveness of such advertisements. Please see our Cookie Policy for additional information.
Individuals with whom we interact in person, on the phone or through some other medium, including without limitation, vendors and customers.

  1. Short-term, transient internal use;

  2. Performing services for customers, maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments;

  3. to respond to or defend against subpoenas, court orders, or other legal process;

  4. to establish or exercise our legal rights;

  5. to otherwise comply with applicable law.

  6. To respond to inquiries and requests you have;

  7. To fulfill a data subject access request or other right afforded by Privacy Law;

  8. To send you our newsletter and to inform you about our products and services;

  9. To communicate with you regarding events we host;

  10. To request feedback regarding your experience with the business.
Data brokers:

  1. To enhance our offerings and fulfill customer requests;

  2. To conduct due diligence on our customers;

  3. To satisfy our legal, regulatory, compliance or auditing policies, obligations and requirements;

  4. To detect, prevent, and investigate activities that may violate our policies, pose safety issues or be fraudulent or illegal.
Electronic Network Activity: Examples include, unique device identification numbers, operating system and version, performance data and browsing history, time spent per visit for both the Platform users and website visitors, cumulative time spent across all usage, frequency of usage, features used, buttons clicked, actions taken and frequency of each and ad tracking codes. Authorized Platform users and website visitors:

  1. Auditing interactions and transactions;

  2. Detecting security incidents, protecting against malicious, deceptive fraudulent or illegal activity;

  3. Short-term, transient internal use;

  4. Performing services for customers, maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments;

  5. Internal research for technological development;

  6. to respond to or defend against subpoenas, court orders, or other legal process;

  7. to establish or exercise our legal rights;

  8. to otherwise comply with applicable law.

  9. To identify the performance of ads that place on third party sites to drive traffic to our website;

  10. For bug and performance tracking and to optimize website and Platform performance.

  11. For advertising and analytics. Demyst Data uses advertising networks and other providers to display or to manage our advertising on other websites. Our advertising partners may place cookies on unaffiliated websites in order to serve advertisements that may be relevant to you based on your browsing activities and interests and determine the effectiveness of such advertisements. Please see our Cookie Policy for additional information.
Commercial Information: an example includes records of services purchased Customers

  1. Auditing interactions and transactions;

  2. Detecting security incidents, protecting against malicious, deceptive fraudulent or illegal activity;

  3. Short-term, transient internal use;

  4. Performing services for customers, maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments;

  5. to respond to or defend against subpoenas, court orders, or other legal process;

  6. to establish or exercise our legal rights;

  7. to otherwise comply with applicable law.

  8. To respond to inquiries and requests you have;

  9. To send you our newsletter and to inform you about our products and services;

  10. To communicate with you regarding events we host;

  11. To request feedback regarding your experience with the business.
Professional or employment-related information: With respect to authorized Platform users, we have knowledge of the company (our customer) with which you are employed. In addition, if you disclose to us via our website or through other media that you are an employee of a given company, we will collect that information.

  1. Performing services for customers, maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments;

  2. to respond to or defend against subpoenas, court orders, or other legal process;

  3. to establish or exercise our legal rights;

  4. to otherwise comply with applicable law.

  5. To respond to inquiries and requests you have;

  6. To send you our newsletter and to inform you about our products and services;

  7. To communicate with you regarding events we host;

  8. To request feedback regarding your experience with the business.

We use processors and/or sub-processors to process the data collected and you can access our page listing the processors/sub-processors we use by clicking here.

Data Collection Through Cookies

When you visit our website, including when using our Platform, our goal is to make the experience simple and effective. To that end, we use text files, known as cookies, to track information about your use of our website and/or Platform. A cookie is a text file that a website stores on a visitor’s computer to enable recognition of that visitor’s computer each time he/she/they return. As you navigate through and interact with our website and Platform, we will automatically collect certain information about your equipment, browsing actions and patterns using these cookies. This may include information about your connectivity, your IP address and browser information, location data, logs and other communication data, and the resources that you access and use on the website. The information we collect helps us to improve our website and deliver better and more personalized content and services, enables us to estimate our audience size and usage patterns and recognize when you return to our website.

Most web browsers automatically accept cookies, but if you prefer, you can change your browser settings to prevent that or to notify you each time a cookie is set. Please note however that by blocking or deleting cookies, you may not be able to take full advantage of our website or Platform. Please refer to our Cookie Policy for more information on the specific cookies we use, the purpose for such cookies and how you can indicate your choices regarding placement of cookies.

Demyst Data’s Disclosure and Sale of Personal Information

As discussed above, Demyst Data makes various data sets available to its customers. That data is sometimes sold or licensed directly by Demyst Data to the customer. Other times, our customer licenses or purchases data directly from the third party source and Demyst Data merely processes the data on the customer’s behalf.

Demyst Data does not “sell” Personal Information collected from our customers or, with the exception of the data that we license/purchase directly from data sources, our vendors. However, we may disclose Personal Information as necessary or appropriate in connection with any of the purposes for which we use Personal Information including as follows. Our practices are described in the charts below.

Personal Information Disclosed to Third Parties

Category of Personal Information Is the Personal Information Disclosed to Third Parties for a Business Operations Purpose Category of Third Parties to Whom Disclosed For what Purpose
Customer identifiers Y To service providers:

  1. Auditing interactions and transactions;

  2. Detecting security incidents, protecting against malicious, deceptive fraudulent or illegal activity;

  3. to respond to or defend against subpoenas, court orders, or other legal process;

  4. to establish or exercise our legal rights;

  5. to otherwise comply with applicable law;

  6. For advertising and analytics. 
Website visitor identifiers Y To service providers:

  1. Auditing interactions and transactions;

  2. Detecting security incidents, protecting against malicious, deceptive fraudulent or illegal activity;

  3. to respond to or defend against subpoenas, court orders, or other legal process;

  4. to establish or exercise our legal rights;

  5. to otherwise comply with applicable law;

  6. For advertising and analytics. 
Identifiers of other individuals with whom we interact Y To service providers:

  1. to respond to or defend against subpoenas, court orders, or other legal process;

  2. to establish or exercise our legal rights;

  3. to otherwise comply with applicable law.
Identifiers collected from data brokers Y To customers and their third party service providers:

  1. To enhance our offerings and fulfill customer requests;

  2. To satisfy our legal, regulatory, compliance or auditing policies and requirements;
Electronic Network Activity Information Y To service providers:

  1. Auditing interactions and transactions;

  2. Internal research for technological development;

  3. to respond to or defend against subpoenas, court orders, or other legal process;

  4. to establish or exercise our legal rights;

  5. to otherwise comply with applicable law;

  6. For advertising and analytics.
Commercial Information N
Professional or Employment-related Information N

Personal Information Sold to Third Parties

       
Category of Personal Information Is Personal Information Sold to Third Parties Category of Third Parties to Whom Sold For what Purpose
Customer identifiers N    
Website visitor identifiers N    
Identifiers of other individuals with whom we interact N    
Information collected from data brokers Y To customers To enhance our offerings and fulfill customer requests;
Commercial Information N    
Electronic Network Activity Information N    
Professional or Employment-related Information N    

Demyst Data does not share Personal Information with third parties for use by the third parties in their own marketing.

Demyst Data requires third party service providers with whom we share Personal Information to process Personal Information only as allowed in our contract with such third party service providers. We ensure that any third party service provider with whom we share Personal Information is subject to privacy and security obligations consistent with this Privacy Notice and applicable laws.

How We Protect Personal Information

The security of your Personal Information is important to us. We maintain industry standard physical, technical and administrative safeguards designed to protect your Personal Information from unauthorized access, use, disclosure, and destruction. We update and assess our security controls on a regular basis including through audits conducted by third party auditors. We train our personnel about the importance of confidentiality, security and consumer privacy our personnel’s access to Personal Information to those who need such in order to perform their job.

Electronic Personal Information, including the Personal Information about visitors to our company website and Personal Information submitted by our Platform users regarding their account and log-in information, is stored on restricted database servers housed with a third party cloud provider in the United States.

With respect to the data that our Platform users upload to the Platform for processing, Demyst Data offers cloud instances in the United States, Singapore, Frankfurt, Dublin, Sydney and Hong Kong. Our Platform customers have the option to store the data that they upload to the Platform for processing in any of these instances.

How Long Do We Retain Personal Information?

Information about our customers, vendors and web site visitors:

Customer Information: Demyst Data retains Personal Information collected from our Platform users (meaning those who sign up for Platform access and have the ability to access the various data offerings) until such time as the authorized user and/or customer expressly requests the deletion of his/her/their profile via the functionality provided in the Solution. When a customer requests to “delete” his/her/their profile, to the extent Demyst Data acts as a data controller, Demyst Data will delete such an individual’s Personal Information from our system. A customer may also contact us and request that his/her/their Personal Information be deleted. Customer information associated with a contract is retained for approximately two (2) years after a contract is complete.

Website Visitor Information: We retain personal information about those who visit our website for a period of approximately one year from the date of collection or as long as we may otherwise need it to fulfill our legal obligations.

Vendor Information: We retain personal information obtained from our vendors for as long as our company retains a relationship with such vendors and for a period of time afterwards in order to satisfy legal, accounting and policy obligations.

Information from third party data sources: Demyst Data retains Personal Information contained in the information we obtain directly from third party data sources (other than our Customers) for as long as our contract with that third party source allows or until the Information is no longer desired by the company, whichever occurs later.

A Note About Children’s Personal Information

Neither the Platform nor the website is marketed to, and neither is intended for use by, children. Therefore, Demyst Data does not knowingly collect any Personal Information from children under the age of 17. If you know or believe that such information has been provided to us, please contact us at privacy@demystdata.com. If we become aware that we have collected Personal Information about a child under the age of 17, we will delete it.

Your Rights to Access

We will comply with all reasonable requests from you to correct, amend, or delete the Personal Information we have about you, and will provide you access to your Personal Information. There may be limits to the amount of information we can practically provide. For example, we may limit an individual’s access to Personal Information where the burden or expense of providing access would be disproportionate to the risks to your privacy or where doing so would violate other’s rights. You may contact us at privacy@demystdata.com to request such.

If You are a California Resident

In addition to the rights discussed above, California law grants California residents the following rights:

  • Right to Know About Personal Information Collected, Disclosed or Sold:

    • California law grants each of its residents a right to request, twice in each 12-month period, that Demyst Data disclose the categories and specific pieces of Personal Information that we have collected about them; the categories of sources from which that Personal Information is collected; the business or commercial purpose for collecting or selling that Personal Information, and; the categories of third parties to whom Demyst Data discloses and sells that Personal Information. California law also grants each of its residents the right to know about each of the aforementioned practices as it relates to California consumers generally.

    • California residents also have a right to know the categories of Personal Information that Demyst Data has sold and the categories of Personal Information that we have disclosed for a business purpose.

  • Right to Request Deletion: California law grants each of its residents a right to request that Demyst Data delete any of their Personal that we have collected directly from them. The obligation to delete Personal information upon request is not absolute; the law allows businesses to retain Personal Information for certain purposes. Demyst Data collects Personal Information directly from consumers as described in the Section titled “How We Collect and Use Personal Information” above.

  • Right to Opt-out of the Sale of Personal Information: California law grants its residents the right to direct a business that sells Personal Information (or that might sell such information in the future), or that discloses Personal Information for a business purpose, to stop doing so (and to refrain from doing so in the future). You may submit a request to opt-out by emailing us at privacy@demystdata.com or by clicking here.

  • Right Non-Discrimination: California law prohibits Demyst Data from discriminating against you based on your exercise of the privacy rights described herein. For example, we cannot deny you goods or services or provide a different level or quality of goods or services to you as a result of your exercising your rights.

Method to Submit Requests

If you wish to submit a request to invoke one of the above rights, please provide your name, address, phone number and any other identifiers that you think will help us to verify you using one of the methods reflected below. Upon receipt of your request, Demyst Data will use the information you provided in the request to verify you identity per regulatory requirements. Demyst Data may occasionally request additional information in certain circumstances to assist in facilitating verification. Any information received by Demyst Data in response to a request for additional information will be held strictly in confidence, used only for the purposes of processing your request and in accordance with applicable data privacy laws and regulations.

California law allows you to designate an agent to submit a request to exercise any of the above rights on your behalf. To have an authorized agent submit a request on your behalf, the authorized agent must provide Demyst Data with proof that you gave the agent signed permission to submit the request. We may also require you to verify your identity or confirm that you provided the authorized agent with power of attorney under the Probate Code.

Practices During the Last Twelve Months

During the prior twelve months:

  • Collection, Purpose, Disclosure and Sale: Demyst Data collected the categories of Personal Information about consumers from the various sources listed above in the Section “How We Collect and Use Personal Information.” Each of these categories of Personal Information was collected for the purposes described in “How We Collect and Use Personal Information.”

  • Disclosure: Demyst Data disclosed those categories of Personal Information set forth in the section, “Personal Information Disclosed to Third Parties.” The Personal Information was disclosed to the categories of third parties set forth therein.

  • Sale: Demyst Data sold those categories of Personal Information set forth in the section, “Personal Information Sold to Third Parties.” The Personal Information was sold to the categories of third parties set forth therein.

If You Live in the European Economic Area, The United Kingdom or Switzerland (collectively, “Europe”)

Though we operate internationally, many of our computer systems are based in the United States, which means Personal Information we collect will be processed by us in the U.S. where data protection and privacy regulations may not offer the same level of protection as in other parts of the world, such as the European Union. If you use or visit our website and/or use our Platform from outside the United States, you consent to the collection and/or processing in the United States of Personal Information we collect from you. The same is true with respect to Personal Information that we collect via email, snail mail and other communication methods.

Customers who use the Platform to process Personal Information derived from outside the United States may elect to utilize an instance of the Platform that is housed in Frankfurt, Singapore, Dublin, Australia, or Hong Kong. In such instances, the data that the Customer uploads to the Platform for processing will remain in the country where the cloud instance is located.

Demyst Data complies with the EU General Data Protection Regulation 2016/679, the UK Data Protection Act of 2018 and the Swiss Data Protection Act of 2020 (collectively, “GDPR”) with respect to the protection of individuals with regard to the processing of Personal Information and the free movement of such Personal Information.

Under the GDPR, you have the following rights:

  • Right of Access: You have the right to ask us for copies of your Personal Information. The law provides for some exemptions, which means you may not always receive all the Personal Information we process.

  • Right to Rectification: You have the right to ask us to rectify Personal Information you think is inaccurate. You also have the right to ask us to complete Personal Information you think is incomplete.

  • Right to Restrict Processing: You have the right to ask us to restrict the processing of your Personal Information in certain circumstances.

  • Right to Withdraw Consent: You have the right to revoke your consent to our processing of your Personal Information at any time by contacting us at privacy@demystdata.com. Withdrawing consent will not affect the lawfulness of the process performed based on your consent before its withdrawal.

  • Right to Erasure: You have the right to ask us to erase your Personal Information in certain circumstances.

  • Right to Data Portability: This only applies to Personal Information you have given to us and that is held electronically. You have the right to ask that we transfer this information from Demyst Data to another organization or give it to you.

Changes to This Privacy Notice

As we evolve, we may update this Privacy Notice to align with changes in the Platform, our business and/or Privacy Laws. The Effective Date at the beginning of this Privacy Notice will reflect the last date on which the Privacy Notice was updated. We recommend that you periodically review the Privacy Notice to stay informed of changes. We will ask for your consent to such changes if required by Privacy Law. In other cases, please note that your continued use of the Platform and your continued use of the website, after any change, means that you agree to the terms of the updated Privacy Notice. The same is true with respect to Personal Information that we collect via email, snail mail and other communication methods. If you disagree with the Privacy Notice, please email us at privacy@demystdata.com and stop using the Platform and website.

How to Contact Us

If you have any questions about this Privacy Notice or wish to exercise your rights hereunder, please contact us at privacy@demystdata.com.

Written inquiries can be sent to:

Demyst Data, Ltd.
The Privacy Team
℅ Legal Department
149 E. 23rd Street, Suite 2035
New York, NY 10010
USA