Effective Date: 4th October 2023
It is important to note that we act as representatives for and adhere to the directives of financialinstitutions, merchants and other partners who function as data controllers. For comprehensive information about how your Personal data is processed in these circumstances, we recommend referring to their respective privacy policies. Our approach to privacy may differ across the various countries in which we operate, aligning with local norms and legal obligations. Specific privacy notices may be applicable to certain products and services we offer. To gain a deeper understanding of our privacy and information practices pertaining to a particular product or service, we encourage you to visit the dedicated webpage or digital asset associated with it.
1. Information of a Personal Nature That We Might Gather
Any data associated with an individual, whether identified or identifiable, is referred as “Personal Data”. We could potentially gather the following categories of Personal Data:
- Product and Service Data: This covers registration information, along with program-specific data when you directly request our products or services or participate in marketing programs or any affiliated service programs.
- Data from Partners: We may receive data from our trusted partners and service providers. This information may include, but not limited to, your name, contact details and demographic data.
- Online Activity Data: Information about your website, device and mobile app usage, collected through automated means like cookies and similar technologies.
- Employment Application Data: If you apply for a job with us, we may collect information related to your job application and relevant details.
- Business Contact Data: In the case where you represent one of our business partners, we may gather your business contact information.
Additionally, when you interact with third-party websites, apps or services that are integrated with ours or feature our content, your personal data may be shared with us by those third parties. This shared information could include details about your interactions, preferences and actions within their platforms. We treat this information with the same care and respect as any data we collect directly. It enables us to offer you a seamless and consistent experience across different digital environments while maintaining a high level of privacy protection. We encourage you to review the privacy policies of these third-party platforms to understand how your data may be used beyond our services.
When you apply for a job with our organization, we may collect a range of personal data as part of the application and recruitment process. This information typically includes your name, contact details, resume or curriculum vitae, cover letter, employment history, educational background and any other information you provide as part of your application. We may also collect information such as references, background checks and assessment results during the recruitment process to evaluate your suitability for the position applied for. This data is collected and processed solely for the purpose of assessing your qualifications, contacting you about the job application and facilitating the recruitment process.
Additionally, as part of our commitment to equal opportunity and diversity, we may request demographic information, such as gender, race, or ethnicity, on a voluntary basis. Providing this information is optional and it will not impact your job application. We use this data for internal reporting and to help us ensure that our recruitment practices are fair and inclusive. Your personal data collected during the application process is treated with the utmost confidentiality and is accessible only to those involved in the recruitment and hiring process. If your application is not successful, we may retain your information for a limited period for potential future opportunities, unless you request its deletion. We comply with all applicable data protection laws and regulations in handling your personal data throughout the application and hiring process.
2. How We May Use Your Personal data
- Providing and Improving Services: We may use your personal data to deliver, maintain and enhance our products and services. This includes processing transactions, offering customer support and troubleshooting issues.
- Personalization: Your data helps us personalize your experience by tailoring content, recommendations and offers to your preferences and interests.
- Communication: We may use your contact information to communicate with you about updates, promotions, news and important information related to our products and services. You can opt out of these communications at any time.
- Analytics and Research: We analyse your personal data to understand user behaviour, trends and preferences. This data helps us improve our services, develop new features and make informed business decisions.
- Security: Your personal data is crucial for the security and integrity of our systems. We use it to detect and prevent fraud, unauthorized access and other security breaches.
- Customer Support: Your data assists us in providing you with effective customer support, resolving issues and answering your inquiries.
- Recruitment: If you apply for a job with us, your personal data will be used for the recruitment and hiring process.
- Marketing: With your consent, we may use your personal email information for marketing purposes, such as sending promotional emails or showing you targeted advertisements.
- Aggregated and Anonymous Data: We may aggregate and anonymize your personal data to create statistical or research data that cannot be used to identify you. This data may be used for various purposes, including industry analysis and reporting.
- Data Licensing: We may license specific categories of your personal data to our customers for the sole purpose of enhancing their services, which may include fraud prevention and identity verification services. These customers include, but not limited to, global entities engaged in payment transaction processing, other related payment services, and multinational Fintech and AdTech companies. Your data will be used responsibly and in strict accordance with applicable laws and regulations.
The type of personal data that may be subject to licensing include, but not limited to:
(1) Demographic information such as occupation, location, age, gender, etc.
(2) Contact Details such as address, phone and/or email.
Rest assured, this licensing is conducted with a clear focus on safeguarding your information and maintaining the highest standards of data security.
In accordance with relevant legal requirements regarding legal basis for the processing of your personal data, we will utilize your personal data: (i) with your explicit consent; (ii) when processing is necessary for the performance of a contract to which you (the individual) are a party or in order to take steps at your request (the individual) prior to entering into a contract (iii) when a legitimate and paramount interest necessitates the utilization of such information.
We utilize the information we collect for the following purposes. The specific legal basis for processing your information may vary depending on your location and under applicable law, as detailed below.
Fresco and its affiliates may use your data to implement various measures, including identity verification, to safeguard against fraud, cyber threats, unauthorized transactions, claims and other potential liabilities. In alignment with this commitment, we may engage in data licensing, allowing your personal data such as demographic details and contact details, to be licensed to our customers. Our customer includes, but not limited to, global customers providing payment transaction processing and other related-payment services and multinational FinTech and AdTech companies. This licensing is aimed at enhancing their services offered to you, managing risk exposure and upholding the integrity and security particularly in the areas of fraud prevention and identify verification, thereby ensuring the quality of the franchise.
Legal Basis for Processing: We will act as a “data controller” (or such similar term under applicable law) and determine the purpose of the processing activities of your personal data. Such purposes include, activities as fraud prevention, identity verification services and risk management, all while upholding the standards of privacy. Furthermore, our customer may utilize your information for services like fraud prevention and identity verification, enhancing their offerings with a commitment to quality service.
We rely on our legitimate interests to collect and process personal data relating to this purpose as our legal basis when licensing the personal data to our customers. Acting as a data controller involves the lawful use of personal data to meet customer needs while adhering fully to relevant laws. We conduct assessments to meticulously balance the necessity of data processing with individual rights, minimizing potential impacts on privacy.
In the absence of a legitimate interest, we may alternatively justify processing as necessary for the performance of a contract to which you are a party as a legal basis for this purpose. Your explicit consent serves as our legal basis for marketing purposes outlined in the section above.
When we provide our services to our customers, such as by verifying an individual’s identity, we are acting on behalf of our customers as a “data processor” (or such similar term under applicable law). In our role as a data processor, we meticulously follow explicit instructions outlined in contractual agreements with our customers that act as data controllers when processing personal data, ensuring compliance with legal requirements and contractual obligations.
We or our affiliates engage in providing, administering and communicating with you about various products, services, offers, loyalty programs and promotions, including contests, sweepstakes and other marketing activities offered by merchants and partners.
Legal Basis for Processing: For this processing activity, we rely on one or more of the following legal bases: your explicit consent for the use of your Personal data, the necessity of processing for entering into or fulfilling a contract to which you are a party, or the presence of a legitimate interest, either from us or a third party, in using your Personal data for the purpose of providing you with products and services.
Our activities encompass the management of relationships with our customers, suppliers and vendors, including the creation and publication of business directories that may contain business contact information.
Legal Basis for Processing: For the management of our customer, supplier and vendor relationships, we rely on one or more of the following legal bases: your explicit consent for the use of your Personal data, the necessity of processing for entering into or fulfilling a contract to which you are a party, or the presence of a legitimate interest, either from us or a third party, in using your Personal data for the purpose of managing these relationships.
We engage in various activities to operate, evaluate and enhance our business. These activities include developing new products and services, assessing the effectiveness of our advertising, analyzing our products, services, websites, mobile apps and other digital assets to ensure their optimal functionality.
Legal Basis for Processing: For these business operations and improvement activities, we rely on one or more of the following legal bases: your explicit consent for the use of your Personal data, the necessity of processing for entering into or fulfilling a contract to which you are a party, or the presence of a legitimate interest, either from us or a third party, in using your Personal data to enhance our products and services.
We strive to offer you personalized services and recommendations to enhance your experience. For instance, we may utilize your Personal data, including your email address and your interactions with our website, to analyze your preferences, interests and behaviour. This analysis allows us to provide tailored content and the most relevant offers, recommendations and email communications related to specific products offered by merchants and partners.
Legal Basis for Processing: For the provision of personalized services and recommendations, we rely on one or more of the following legal bases: your explicit consent for the use of your Personal data, the necessity of processing for entering into or fulfilling a contract to which you are a party, or the presence of a legitimate interest, either from us or a third party, in using your Personal data to provide you with personalized services and recommendations.
We engage in the anonymization of Personal data and the creation of aggregated data reports to provide valuable insights to merchants and other customers and partners. These insights encompass past and potential fraud detection, risk assessment and other valuable information derived from this anonymized data.
Legal Basis for Processing: For the purpose of anonymizing Personal data and generating aggregated data reports, we rely on one or more legal bases, which may include a legitimate interest, either held by us or a third party, in utilizing your Personal data for these specific purposes. Additionally, in jurisdictions where applicable, we may conduct this processing for statistical and research purposes or for the training of our systems. It’s important to note that any deidentified or anonymized information we maintain will be used exclusively in such form and we will not attempt to reidentify this information unless permitted by applicable law.
We engage in the assessment of individuals’ interest in potential employment opportunities with us. As part of this process, we may contact you regarding such employment opportunities.
Legal Basis for Processing: The processing of your Personal data for the purpose of evaluating your interest in employment and contacting you regarding possible employment is grounded in one or more legal bases. These include the necessity of processing for entering into or performing a contract to which you are a party. Additionally, we may rely on our legitimate interest or that of a third party in using your Personal data for this specific purpose. Furthermore, compliance with legal or regulatory obligations may also necessitate such processing.
In cases where applicable law mandates, we have conducted assessments to balance the interests underlying data processing, whether they are ours or those of a third party. This ensures that such interests do not override your own interests, fundamental rights or freedoms.
We will not make decisions that significantly impact you, such as those with legal consequences or substantial effects, solely through automated processing unless:
o You have explicitly consented to such processing where required by applicable law.
o The processing is necessary for entering into or performing a contract.
o We are legally obliged to use your Personal data in this manner such as to prevent fraud.
3. How We Disclose Your Personal Data
- We will share your personal data when you have provided clear and voluntary consent for specific purposes. This might include sharing data with trusted third parties for marketing promotions or partner offers. You have the right to withdraw your consent at any time.
- To provide you with our services, we collaborate with trusted service providers who process your data on our behalf. These partners may include payment processors, delivery companies or IT service providers. Rest assured that we select service providers who adhere to rigorous data protection standards.
- We may disclose your personal data when required by applicable laws, regulations or legal processes. This includes sharing data with law enforcement agencies, government authorities or regulatory bodies when necessary.
- We may share your data with our trusted business partners for joint marketing initiatives, collaborations or co-branded services. These partnerships are designed to enhance your experience and provide you with valuable offers and opportunities.
- We may share your data with our trusted customers through licensing agreements, enabling them to use your data to enhance their services. These agreements strictly adhere to stringent data protection regulations.
- If there is a merger, acquisition or any other type of corporate transaction involving Fresco, your personal data may be transferred as part of the business assets. Rest assured that your data will continue to be protected following any such transaction.
- We may share your personal data when it is necessary to protect our legal rights, property or safety, as well as the rights, property and safety of our customers, partners, and employees. This includes sharing information to prevent fraud or address security issues.
- We may share anonymized and aggregated data that cannot be used to identify individuals. This information is often used for research, analytics and industry insights, benefiting both our company and the broader community.
If you are located outside the country where Fresco is based, please note we may act as data agent that participates in transferring your personal data internationally. We take appropriate measures to ensure that your data remains secure and protected in accordance with applicable data protection laws.
We want you to have control over your personal data. If you have questions or concerns about how we share your data, please get in touch with our privacy team using our “Contact Us” section.
4. Data Subject Rights
Fresco is dedicated to respecting your privacy and providing you with choices and control over your personal data. Please take a moment to familiarize yourself with your rights and options:
- Data Access: You have the right to request access to the personal data we hold about you. This allows you to verify what data we have collected and how we use it.
- Data Correction: If you believe that any of the personal data we hold about you is inaccurate or incomplete, you can request corrections or updates. We encourage you to keep your information accurate and up-to-date.
- Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used and machine-readable format. This allows you to transfer your data to another organization if you wish.
- Data Restriction: Under certain circumstances, you can request the restriction of processing your personal data. This means we will temporarily suspend the use of your data while we investigate your request.
- Data Objection: You can object to the processing of your personal data for specific purpose, such as direct marketing. We will respect your request unless we have a legitimate reason to continue processing your data.
- Consent Withdrawal: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
- Data Erasure: You have the right to request the deletion of your personal data. This includes instances where your data is no longer necessary for the purposes for which it was collected.
- Marketing Control: You can manage your marketing preferences and opt-out of receiving promotional communications from us at any time. Instructions for unsubscribing are typically provided in marketing emails.
- Do Not Track: Your web browser may offer a “Do Not Track” option. While our website respects these signals, please note that we may still collect and use information for essential purposes.
- Privacy Concerns: If you believe your privacy rights have been violated or you have concerns about how your data is handled, please contact us using our “Contact Us” section. We take privacy complaints seriously and will investigate and address them accordingly.
- Right to Complaint: In accordance with your country or local regulations, you are entitled to file a complaint regarding the utilization of your personal data with the appropriate supervisory authority or regulatory body.
|Right to/Lawful Basis||Access||Rectification||Erasure||Restriction||Portability||Object|
Depending on your country and the applicable law you or a party authorized to act on your behalf, can exercise your rights or choices to control your personal data by submitting a request in our “Contact Us” or by writing to us at the following address:
5838 Edison Pl Suite 210
Carlsbad CA 92008, USA
We will not refuse or impose varying charges if you decide to exercise these rights.
Time Limits for Responding to Data Protection Rights Requests: We are committed to respecting and protecting your data privacy rights. If you choose to exercise your data protection rights, including but not limited to the right to access, rectify, erase or object to the processing of your personal data, please note that we will make every effort to respond to your request promptly. In accordance with applicable data protection laws, our standard response time for addressing data protection rights requests is one calendar month from the date of receiving a valid request. However, in certain circumstances, this period may be extended in accordance with the law. If an extension is necessary, we will notify you within one month of receiving your request, explaining the reasons for the delay. Rest assured that we will handle all requests with the utmost diligence and in compliance with relevant data protection regulations.
5. Transferring Data
- International Data Transfers: Your personal data may be transferred, processed or stored in countries outside the European Economic Area (EEA), United States or your home jurisdiction, where different data protection laws may apply. We take every measure to ensure your personal data remains secure and protected, regardless of the destination.
- Legal Bases for Data Transfers: We commit to transferring your personal data only when there’s a valid legal basis and legitimate purpose. These may include:
- Consent: Your explicit consent for the data transfer.
- Contractual Necessity: When the transfer is essential for fulfilling a contract.
- Legal Compliance: Transfers required to meet legal obligations or respond to lawful government requests.
- Legitimate Interests: Transfers that serve our legitimate interests, provided they do not infringe on your rights and freedoms.
- Safeguarding Your Data During Transfers: To protect your personal data during international transfers, we employ robust security measures such as:
- Data Security: Implementing technical and organizational safeguards to prevent unauthorized access, disclosure, alteration or destruction of your data.
- Data Transfer Mechanisms: Utilizing GDPR-approved mechanisms, like Standard Contractual Clauses or other authorized methods to safeguard data transfers.
- Data Minimization: Only transferring the minimum amount of data required for the intended purpose.
- Data Transfer Mechanism: To facilitate the lawful and secure transfer of your personal data to recipients in countries outside the European Economic Area (EEA) or other regions with data protection regulations, we may utilize specific data transfer mechanisms recognized by data protection authorities. These mechanisms include Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs) or other legal mechanisms as required by the applicable data protection laws. These mechanisms serve to safeguard your data and maintain the high standards of data protection to which we are committed.
- Sharing Data with Third Parties: We may share your personal data with trusted third-party service providers, partners or affiliates who are bound by contractual agreements to adhere to data protection standards in compliance with GDPR, CCPA or relevant regulations.
- Data Subject Rights: If your data is transferred internationally, you may have specific rights related to the protection of your personal data. To understand and exercise these rights, please contact us using the “Contact Us” page.
- Data Protection Impact Assessment (DPIA): If required by the applicable data protection laws, we may ask Data Processor to conduct a Data Protection Impact Assessment to evaluate and mitigate the potential risks associated with the transfer of your personal data.
At Fresco, we take data transfers seriously and are committed to upholding the privacy and security of your personal data in compliance with GDPR, CCPA and applicable laws. If you have questions or concerns about our data transfer practices, please reach out to us from “Contact Us” section. Your privacy is our priority and we are dedicated to ensuring your data is handled with care and in line with data protection regulations.
6. Safeguarding of Your Personal Data
- We utilize advanced encryption technologies to secure your personal data during transmission. This means that any data exchanged between your device and our servers remains encrypted and unreadable to unauthorized parties. You can recognize secure connections by looking for “https” in the website address and a padlock icon in your browser.
- Your personal data in our possession is maintained under strict controls. Our data storage systems are designed to protect against unauthorized access, data breaches and other security threats. We regularly review and update our security protocols to stay ahead of emerging risks.
- Access to your personal data is restricted to authorized personnel who require this information to perform their job duties. We implement role-based access controls and conduct regular training to ensure that our employees understand the importance of data security and privacy.
- We conduct security audits and assessments of our systems and infrastructure to identify and rectify vulnerabilities promptly. This ongoing process helps us maintain a high level of security and protect your personal data from potential threats.
- We are committed to complying with all relevant data protection laws and regulations. This includes adherence to the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), if applicable. We maintain a thorough understanding of these laws and continuously update our practices to align with changing requirements.
- When we engage third-party service providers, partners or vendors, we ensure that they meet our stringent security and privacy standards. All such parties are contractually bound to uphold data protection requirements.
- Despite our best efforts, no system is entirely immune to potential security incidents. In the unlikely event of a data breach or security compromise, we have a well-defined incident response plan in place. We will promptly investigate and take appropriate action to mitigate any impact on your personal data.
- We encourage you to use strong, unique passwords for your accounts regularly update your login credentials, and be cautious of phishing attempts and suspicious emails. If you ever suspect any unauthorized activity related to your account, please report it to us immediately.
7. For how long your personal data is retained
Fresco or its affiliates (“we”) may retain the personal data we collect or supply where we have an ongoing legitimate business need to do so. In certain circumstances, we may need to keep your information for legal reasons after our contractual relationship has ended for example, situations where we are made subject to a legal obligation, where we require access to your information to effectively resolve requests or complaints, as evidence to compliance laws, in connection to litigation or regulatory matters or conclusion of your recruitment process. Once there is no valid business necessity or legal requirement for retaining your personal data, we will either delete or anonymize it. In cases where deletion or anonymization is not immediately feasible, the data is securely archived and is isolated from any further processing until deletion becomes viable. Archived data will have a maximum retention period of 8 years. A detailed retention schedules are provided in below table for reference.
|Data Category||Retention Period||Storage Type|
|Payroll & Salary Records||7 years||Electronic|
|Tax Records||8 years||Electronic|
|Employee Performance Evaluation||Length of Employment + 6 yearsi||Electronic|
|Other HR Data||7 years||Electronic|
|CCTV Recordings||3 years||Video|
|Subject Access Requests||5 years||Electronic|
|Electronic Marketing Records||5 years|
|Job Application – Recruited Candidates||Length of Employment + 6 years||Electronic|
|Job Application – Unsuccessful Candidates||6 months||Electronic|
|Employee Requests||Length of Employment + 6 years||Electronic|
|Training Records||Length of Employment + 6 years||Electronic|
|Attendance Register||7 years||Electronic|
|Employee Medical Records||Minimum 3 years or 5 years||Electronic|
|Contracts and Procurement|
|Contracts and Procurement Records||End of contract + 7 years||Electronic|
|PII Data||Minimum 1 year or as required by law||Electronic|
|Customer Contact Information||5 years||Electronic|
|Sales Records||7 years||Electronic|
|IT and Technology|
|System and Application Log||1 year||Electronic|
|Backup Data||1 year||Electronic|
|Security and Incidents|
|Incident Reports||5 years||Electronic|
|Research and Development|
|Research Data||5 years||Electronic|
|Intellectual Property Records||IP Duration + 5 years||Electronic|
This policy will undergo an annual review to ensure that it reflects any changes in our privacy practices. Additionally, periodic revisions may occur as needed to incorporate any alterations.
9. How to Contact Us
You may submit a request to exercise your rights to your Personal data on our “Contact Us” page or by emailing us at firstname.lastname@example.org.
If you have any questions, comments or complaints about our privacy practises, please email us at email@example.com or write to us at:
5838 Edison Pl Suite 210
Carlsbad CA 92008, USA