Privacy Policy

Updated 3/31/2022

The privacy of your data is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights to your data.

General Information

  • We collect the email addresses of those who proactively initiate communicate with us via email, signing up for our mailing list, submitting a request form, completing an online survey, or signing up for the free trial. The information we collect is used to improve the content of our web site or to improve the quality of VendorRisk (the "Service").
  • Information we collect is not shared with or sold to other organizations unless we have your permission, or if necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of service, or as otherwise required by law

Information Usage

  • When you sign up, we ask for information related to your usage of the Service, such as name, email address, your company, job title, and work phone number. Payment information is only requested if you decide to become a paying customer at the end of the trial.
  • We only use information you provide for the purposes of contacting you, identification and authentication, and to improve the quality of the Service.
  • To investigate, prevent, or take action regarding restricted uses (eg. Child exploitation, sexualization or abuse, doxing, infringing on intellectual property, malware or spyware, phishing or attempted fraud, spamming, violence or threats thereof).
  • Accessing a customer’s account when investigating potential abuse is a measure of last resort. We have an obligation to protect the privacy and safety of both our customers and the people reporting issues to us. We do our best to balance those responsibilities throughout the process. If we do discover you are using our products for a restricted purpose, we will report the incident to the appropriate authorities.
  • When required under applicable law. If the appropriate law enforcement authorities have the necessary warrant, criminal subpoena, or court order requiring we share data, we have to comply. Otherwise, we flat-out reject requests from local and federal law enforcement when they seek data. And unless we’re legally prevented from it, we’ll always inform you when such requests are made. We have never received a National Security Letter or Foreign Intelligence Surveillance Act (FISA) order.

Your Rights With Respect to Your Information

At VendorRisk, we apply the same data rights to all customers, regardless of their location. Currently some of the most privacy-forward regulations in place are the European Union’s General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act (“CCPA”) in the US. VendorRisk recognizes all of the rights granted in these regulations, except as limited by applicable law. These rights include:

  • Right to Know. You have the right to know what personal information is collected, used, shared or sold. We outline both the categories and specific bits of data we collect, as well as how they are used, in this privacy policy.
  • Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
  • Right to Correction. This is your right to request correction of your personal information.
  • Right to Erasure. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession (also known as the “Right to be forgotten”). However, if applicable law requires us to comply with your request to delete your information, fulfillment of your request may prevent you from using VendorRisk services and may result in closing your account.
  • Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.
  • Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed.
  • Right to Object. This is your right, in certain situations, to object to how or why your personal information is processed.
  • Right to Portability. This is your right to receive the personal information we have about you and the right to transmit it to another party.
  • Right to not be subject to Automated Decision-Making. This is your right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable European law, or is based on your explicit consent.
  • Right to invoke binding arbitration. Under certain conditions the individual has the right to invoke binding arbitration.

Many of these rights can be exercised by signing in and directly updating your account information. If you have questions about exercising these rights or need assistance, please contact us at support@vendorrisk.com.

Processors We Use

As part of the services we provide, and only to the extent necessary, we may use certain third-party processors to process some or all of your personal information. For identification of these processors, and where they are located, see the list below. Our subprocessors are located in the United States:

  • Amazon Web Services. Data storage provider.
  • RailsMachine. Application hosting provider.

The Service uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, and require the same of them. Both subprocessors listed are contractually obligated to transfer data only for limited and specific purposes and must adhere to the same level of privacy protections as is required.

Cookies

  • Cookies are required to use the Service.
  • We use cookies to record current session information.

Data Storage

  • We use third party vendors and hosting partners (subprocessors) to provide the infrastructure necessary to run the Service.
  • Although Skeey Interactive LLC owns the source code, database and all rights to the Service, you retain all rights to your data, and in the event you cancel the Service, you have the option of receiving the data and files you have input and/or uploaded into the Service.

Disclosure

  • Skeey Interactive LLC may disclose personally identifiable information under special circumstances, such as to comply with subpoenas including to meet national security or law enforcement requirements or when your actions violate the terms of service.
  • Skeey Interactive LLC is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Security & Encryption

  • All data is encrypted via SSL/TLS when transmitted from our servers to your browser. Data isn’t encrypted while it’s live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest.

Changes

  • If any significant changes are made to this policy, we will notify customers by sending an email to the account owner, including the changes in the email newsletter, and/or by placing a notice inside the Service upon login. Your continued use of the Service after receiving any change in this policy will constitute your acceptance of such change.
  • If Skeey Interactive LLC is acquired by or merged with another company we’ll notify you well before any info about you is transferred and becomes subject to a different privacy policy.

Privacy Shield

  • Skeey Interactive LLC complies with the EU-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Skeey Interactive LLC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, Skeey Inteactive LLC commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Skeey Interactive LLC at:

Email: support@vendorrisk.com

Phone: 800-897-5810

Mail
5 Bedford Street
PO Box 291
Burlington, MA 01803
USA

Skeey Interactive LLC has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.

Location of Site and Data

  • This Site is operated in the United States. If you are located in the European Union or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.

Have a question?

Not sure exactly what we’re looking for or just want clarification? We’d be happy to chat with you and clear things up for you. Anytime!

Call

(800) 897-5810

Email us

support@vendorrisk.com



Get VendorRisk. Get organized.

Stop wasting time with spreadsheets. Get your vendor management program up and running today.

Schedule demo