Effective Date: March 18, 2022
Who is Demyst Data?
Demyst Data Limited and its affiliated companies (together “Demyst Data,” “we,” and “us”) provide the Demyst Data platform and data libraries (collectively referred to herein as the “Platform”), a Software as a Service solution that enables organizations to solve business problems through the use of better data and a best in class infrastructure.
Demyst Data takes the private nature of the Personal Information (defined below) we collect seriously, and we are committed to protecting it. Therefore, we have in place controls and procedures designed to ensure that such information is managed responsibly and in accordance with applicable data protection and privacy laws (collectively, “Privacy Laws”).
This Privacy Notice applies to Demyst Data’s practices where we function as a data controller (or equivalent role as described under the various Privacy Laws in our regions of operations). It describes the categories of Personal Information that we collect and the sources of such information, how we use that Personal Information, to whom Personal Information is disclosed and sold and for what purposes, and the rights you have with respect to your Personal Information.
This Privacy Notice does not apply where Demyst Data processes Personal Information as a service provider (or in an equivalent role under the various Privacy Laws, such as data processor) on behalf of a customer (e.g., information submitted to us by our customers via API when using the Platform.). When we function as a service provider, the privacy statement of the relevant customer and our agreements with such customers will govern our processing of such Personal Information.
Scope of Privacy Notice
This Privacy Notice addresses our Personal Information processing practices as it relates to: (a) our corporate website; (b) operation of the Platform; (c) other direct interactions with individuals/corporate entities, and (d) data that we collect from third parties and provide to our customers through the Platform.
For purposes of this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Information includes information referred to as “personal data,” “personal information,” “personally identifiable information” and such similar references as codified in applicable Privacy Laws.
Demyst Data’s Platform is a technology that, through a single connection, enables our customers to leverage, integrate, analyze and act upon large data sets acquired from disparate sources. Demyst Data enters into contracts with third party data sources and provides access to the data obtained from these sources (both publicly available data and non-publicly available) for use by our customers. Other times, we function as a service provider for customers who contract directly with third party data sources and use the Platform for hosting and processing. Most of the information we collect from third party data sources pertains to businesses and persons associated with such businesses (e.g., an officer, employee, contractor.) Our customers utilize the data processed through our Platform to make decisions regarding businesses, not individual consumers.
Under most U.S. Privacy Laws, the information described in the foregoing paragraph is not considered “Personal Information.” However, certain jurisdictions (e.g., California) and jurisdictions outside the U.S. (e.g., the European Union), do consider such information to be “Personal Information,” with certain exceptions. As a result, we consider information about an individual, in their professional capacity, to be Personal Information for purposes of this Privacy Notice. Note, however, that your rights with respect to Personal Information are determined by the Privacy Law of the jurisdiction in which you reside.
How We Collect and Use Personal Information
We collect Personal Information in a number of ways: (1) from customers in connection with the establishment of an account with Demyst Data and our interactions with such customers; (2) from visitors to our corporate website; (3) from vendors, customers and other individuals with whom we interact in person, over the telephone, via email and other means of communication, and; (4) from third party data sources. The table below sets forth the categories of Personal Information we collect, the sources of such information and the purpose for collection.
|Category of Personal Information Collected||Source of Personal Information||Purpose for Collection|
|Personal Identifiers: Examples include, name, postal address, IP address, and email address||Customers who execute contracts with Demyst Data and their authorized Platform users:||
|Individuals with whom we interact in person, on the phone or through some other medium, including without limitation, vendors and customers.||
|Electronic Network Activity: Examples include, unique device identification numbers, operating system and version, performance data and browsing history, time spent per visit for both the Platform users and website visitors, cumulative time spent across all usage, frequency of usage, features used, buttons clicked, actions taken and frequency of each and ad tracking codes.||Authorized Platform users and website visitors:||
|Commercial Information: an example includes records of services purchased||Customers||
|Professional or employment-related information:||With respect to authorized Platform users, we have knowledge of the company (our customer) with which you are employed. In addition, if you disclose to us via our website or through other media that you are an employee of a given company, we will collect that information.||
We use processors and/or sub-processors to process the data collected and you can access our page listing the processors/sub-processors we use by clicking here.
Data Collection Through Cookies
When you visit our website, including when using our Platform, our goal is to make the experience simple and effective. To that end, we use text files, known as cookies, to track information about your use of our website and/or Platform. A cookie is a text file that a website stores on a visitor’s computer to enable recognition of that visitor’s computer each time he/she/they return. As you navigate through and interact with our website and Platform, we will automatically collect certain information about your equipment, browsing actions and patterns using these cookies. This may include information about your connectivity, your IP address and browser information, location data, logs and other communication data, and the resources that you access and use on the website. The information we collect helps us to improve our website and deliver better and more personalized content and services, enables us to estimate our audience size and usage patterns and recognize when you return to our website.
Demyst Data’s Disclosure and Sale of Personal Information
As discussed above, Demyst Data makes various data sets available to its customers. That data is sometimes sold or licensed directly by Demyst Data to the customer. Other times, our customer licenses or purchases data directly from the third party source and Demyst Data merely processes the data on the customer’s behalf.
Demyst Data does not “sell” Personal Information collected from our customers or, with the exception of the data that we license/purchase directly from data sources, our vendors. However, we may disclose Personal Information as necessary or appropriate in connection with any of the purposes for which we use Personal Information including as follows. Our practices are described in the charts below.
Personal Information Disclosed to Third Parties
|Category of Personal Information||Is the Personal Information Disclosed to Third Parties for a Business Operations Purpose||Category of Third Parties to Whom Disclosed||For what Purpose|
|Customer identifiers||Y||To service providers:||
|Website visitor identifiers||Y||To service providers:||
|Identifiers of other individuals with whom we interact||Y||To service providers:||
|Identifiers collected from data brokers||Y||To customers and their third party service providers:||
|Electronic Network Activity Information||Y||To service providers:||
|Professional or Employment-related Information||N|
Personal Information Sold to Third Parties
|Category of Personal Information||Is Personal Information Sold to Third Parties||Category of Third Parties to Whom Sold||For what Purpose|
|Website visitor identifiers||N|
|Identifiers of other individuals with whom we interact||N|
|Information collected from data brokers||Y||To customers||To enhance our offerings and fulfill customer requests;|
|Electronic Network Activity Information||N|
|Professional or Employment-related Information||N|
Demyst Data does not share Personal Information with third parties for use by the third parties in their own marketing.
Demyst Data requires third party service providers with whom we share Personal Information to process Personal Information only as allowed in our contract with such third party service providers. We ensure that any third party service provider with whom we share Personal Information is subject to privacy and security obligations consistent with this Privacy Notice and applicable laws.
How We Protect Personal Information
The security of your Personal Information is important to us. We maintain industry standard physical, technical and administrative safeguards designed to protect your Personal Information from unauthorized access, use, disclosure, and destruction. We update and assess our security controls on a regular basis including through audits conducted by third party auditors. We train our personnel about the importance of confidentiality, security and consumer privacy our personnel’s access to Personal Information to those who need such in order to perform their job.
Electronic Personal Information, including the Personal Information about visitors to our company website and Personal Information submitted by our Platform users regarding their account and log-in information, is stored on restricted database servers housed with a third party cloud provider in the United States.
With respect to the data that our Platform users upload to the Platform for processing, Demyst Data offers cloud instances in the United States, Singapore, Frankfurt, Dublin, Sydney and Hong Kong. Our Platform customers have the option to store the data that they upload to the Platform for processing in any of these instances.
How Long Do We Retain Personal Information?
Information about our customers, vendors and web site visitors:
Customer Information: Demyst Data retains Personal Information collected from our Platform users (meaning those who sign up for Platform access and have the ability to access the various data offerings) until such time as the authorized user and/or customer expressly requests the deletion of his/her/their profile via the functionality provided in the Solution. When a customer requests to “delete” his/her/their profile, to the extent Demyst Data acts as a data controller, Demyst Data will delete such an individual’s Personal Information from our system. A customer may also contact us and request that his/her/their Personal Information be deleted. Customer information associated with a contract is retained for approximately two (2) years after a contract is complete.
Website Visitor Information: We retain personal information about those who visit our website for a period of approximately one year from the date of collection or as long as we may otherwise need it to fulfill our legal obligations.
Vendor Information: We retain personal information obtained from our vendors for as long as our company retains a relationship with such vendors and for a period of time afterwards in order to satisfy legal, accounting and policy obligations.
Information from third party data sources: Demyst Data retains Personal Information contained in the information we obtain directly from third party data sources (other than our Customers) for as long as our contract with that third party source allows or until the Information is no longer desired by the company, whichever occurs later.
A Note About Children’s Personal Information
Neither the Platform nor the website is marketed to, and neither is intended for use by, children. Therefore, Demyst Data does not knowingly collect any Personal Information from children under the age of 17. If you know or believe that such information has been provided to us, please contact us at firstname.lastname@example.org. If we become aware that we have collected Personal Information about a child under the age of 17, we will delete it.
Your Rights to Access
We will comply with all reasonable requests from you to correct, amend, or delete the Personal Information we have about you, and will provide you access to your Personal Information. There may be limits to the amount of information we can practically provide. For example, we may limit an individual’s access to Personal Information where the burden or expense of providing access would be disproportionate to the risks to your privacy or where doing so would violate other’s rights. You may contact us at email@example.com to request such.
If You are a California Resident
In addition to the rights discussed above, California law grants California residents the following rights:
Right to Know About Personal Information Collected, Disclosed or Sold:
California law grants each of its residents a right to request, twice in each 12-month period, that Demyst Data disclose the categories and specific pieces of Personal Information that we have collected about them; the categories of sources from which that Personal Information is collected; the business or commercial purpose for collecting or selling that Personal Information, and; the categories of third parties to whom Demyst Data discloses and sells that Personal Information. California law also grants each of its residents the right to know about each of the aforementioned practices as it relates to California consumers generally.
California residents also have a right to know the categories of Personal Information that Demyst Data has sold and the categories of Personal Information that we have disclosed for a business purpose.
Right to Request Deletion: California law grants each of its residents a right to request that Demyst Data delete any of their Personal that we have collected directly from them. The obligation to delete Personal information upon request is not absolute; the law allows businesses to retain Personal Information for certain purposes. Demyst Data collects Personal Information directly from consumers as described in the Section titled “How We Collect and Use Personal Information” above.
Right to Opt-out of the Sale of Personal Information: California law grants its residents the right to direct a business that sells Personal Information (or that might sell such information in the future), or that discloses Personal Information for a business purpose, to stop doing so (and to refrain from doing so in the future). You may submit a request to opt-out by emailing us at firstname.lastname@example.org or by clicking here.
Right Non-Discrimination: California law prohibits Demyst Data from discriminating against you based on your exercise of the privacy rights described herein. For example, we cannot deny you goods or services or provide a different level or quality of goods or services to you as a result of your exercising your rights.
Method to Submit Requests
If you wish to submit a request to invoke one of the above rights, please provide your name, address, phone number and any other identifiers that you think will help us to verify you using one of the methods reflected below. Upon receipt of your request, Demyst Data will use the information you provided in the request to verify you identity per regulatory requirements. Demyst Data may occasionally request additional information in certain circumstances to assist in facilitating verification. Any information received by Demyst Data in response to a request for additional information will be held strictly in confidence, used only for the purposes of processing your request and in accordance with applicable data privacy laws and regulations.
You may also submit such information to us via this online request form.
California law allows you to designate an agent to submit a request to exercise any of the above rights on your behalf. To have an authorized agent submit a request on your behalf, the authorized agent must provide Demyst Data with proof that you gave the agent signed permission to submit the request. We may also require you to verify your identity or confirm that you provided the authorized agent with power of attorney under the Probate Code.
Practices During the Last Twelve Months
During the prior twelve months:
Collection, Purpose, Disclosure and Sale: Demyst Data collected the categories of Personal Information about consumers from the various sources listed above in the Section “How We Collect and Use Personal Information.” Each of these categories of Personal Information was collected for the purposes described in “How We Collect and Use Personal Information.”
Disclosure: Demyst Data disclosed those categories of Personal Information set forth in the section, “Personal Information Disclosed to Third Parties.” The Personal Information was disclosed to the categories of third parties set forth therein.
Sale: Demyst Data sold those categories of Personal Information set forth in the section, “Personal Information Sold to Third Parties.” The Personal Information was sold to the categories of third parties set forth therein.
If You Live in the European Economic Area, The United Kingdom or Switzerland (collectively, “Europe”)
Though we operate internationally, many of our computer systems are based in the United States, which means Personal Information we collect will be processed by us in the U.S. where data protection and privacy regulations may not offer the same level of protection as in other parts of the world, such as the European Union. If you use or visit our website and/or use our Platform from outside the United States, you consent to the collection and/or processing in the United States of Personal Information we collect from you. The same is true with respect to Personal Information that we collect via email, snail mail and other communication methods.
Customers who use the Platform to process Personal Information derived from outside the United States may elect to utilize an instance of the Platform that is housed in Frankfurt, Singapore, Dublin, Australia, or Hong Kong. In such instances, the data that the Customer uploads to the Platform for processing will remain in the country where the cloud instance is located.
Demyst Data complies with the EU General Data Protection Regulation 2016/679, the UK Data Protection Act of 2018 and the Swiss Data Protection Act of 2020 (collectively, “GDPR”) with respect to the protection of individuals with regard to the processing of Personal Information and the free movement of such Personal Information.
Under the GDPR, you have the following rights:
Right of Access: You have the right to ask us for copies of your Personal Information. The law provides for some exemptions, which means you may not always receive all the Personal Information we process.
Right to Rectification: You have the right to ask us to rectify Personal Information you think is inaccurate. You also have the right to ask us to complete Personal Information you think is incomplete.
Right to Restrict Processing: You have the right to ask us to restrict the processing of your Personal Information in certain circumstances.
Right to Withdraw Consent: You have the right to revoke your consent to our processing of your Personal Information at any time by contacting us at email@example.com. Withdrawing consent will not affect the lawfulness of the process performed based on your consent before its withdrawal.
Right to Erasure: You have the right to ask us to erase your Personal Information in certain circumstances.
Right to Data Portability: This only applies to Personal Information you have given to us and that is held electronically. You have the right to ask that we transfer this information from Demyst Data to another organization or give it to you.
Changes to This Privacy Notice
As we evolve, we may update this Privacy Notice to align with changes in the Platform, our business and/or Privacy Laws. The Effective Date at the beginning of this Privacy Notice will reflect the last date on which the Privacy Notice was updated. We recommend that you periodically review the Privacy Notice to stay informed of changes. We will ask for your consent to such changes if required by Privacy Law. In other cases, please note that your continued use of the Platform and your continued use of the website, after any change, means that you agree to the terms of the updated Privacy Notice. The same is true with respect to Personal Information that we collect via email, snail mail and other communication methods. If you disagree with the Privacy Notice, please email us at firstname.lastname@example.org and stop using the Platform and website.
How to Contact Us
If you have any questions about this Privacy Notice or wish to exercise your rights hereunder, please contact us at email@example.com.
Written inquiries can be sent to:
Demyst Data, Ltd. The Privacy Team ℅ Legal Department 149 E. 23rd Street, Suite 2035 New York, NY 10010 USA