General Data Protection Regulation (GDPR)
Kount Inc. performs real-time e-commerce internet order evaluations for merchants based on personal data provided to Kount by customers around the world. Some of the data Kount processes originate from people located in the European Union, making such processing subject to the EU’s new General Data Protection Regulation (GDPR), which became effective on May 25, 2018.
In-depth information about the 2018 reform of data protection rules is available at the official European Commission website.
Kount Compliance with GDPR
Kount acknowledges its obligations under the GDPR and is committed to providing best in class fraud prevention services in compliance with the GDPR. Data protection and security are, and always have been, a top priority at Kount. In addition to its proprietary security technologies, Kount is a PCI Level 1 service provider and undergoes extensive auditing every year to ensure Kount’s technologies and processes are safe and secure. Kount, as a data processor under the GDPR, is fully committed to safeguarding the personal data of all people whose data Kount processes, including those located in the EU.
As of the GDPR effective date, Kount is fully compliant with GDPR requirements.
Exercising the Right to be Forgotten
Under the GDPR, Data Subjects, as defined in the GDPR, have the right to obtain from data controllers the erasure of their personal data. Kount is committed to erasing such personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data, when Kount’s data controller clients make such a request. When a Data Subject requests that their personal data be erased, where applicable, Kount merchants must fulfill that request on Kount’s behalf by submitting the electronic GDPR Right to be Forgotten form, available here.
By completing and submitting the form, a merchant formally initiates Kount’s process of removing the customer’s personal information associated with any transactions listed on the form from Kount’s databases.
Requesting Data Removal via Right to be Forgotten
To request that a Data Subject’s personal data be removed from the Kount database, merchants should complete the Right to be Forgotten form, available here, ensuring that all transaction ID numbers associated with that customer are included on the form.
The following data fields will be stripped of individual customer data and content overwritten with generic, unidentifiable data:
- Billing Name
- Shipping Name
- Billing Address (Line 1 and Line 2 only)
- Shipping Address (Line 1 and Line 2 only)
- Billing Phone
- ANID
- Shipping Phone
- Billing Email
- Shipping Email
- IP Address
Frequently Asked Questions
How do I locate transactions?
Customers can search their order management system for Kount Transaction ID numbers. Alternatively, performing an advanced search for Transaction ID in Kount using any data elements supported in advanced search will help merchants locate all of the customer’s transactions.
Does GDPR apply to me?
Yes. All Kount’s merchants, regardless of their location, offering goods or services to Data Subjects in the EU are subject to the GDPR.
What happens after I submit a request?
After receiving the GDPR Right to be Forgotten form, Kount permanently overwrites the data in the following fields with the data in the Replacement Data column.
Data Field in Scope |
Replacement Data |
Billing Name |
GDPR Forgotten |
Shipping Name |
GDPR Forgotten |
Billing Address (Line 1 and Line 2 only) |
GDPR Forgotten |
Shipping Address (Line 1 and Line 2 only) |
GDPR Forgotten |
Billing Phone |
012-345-6789 |
ANID |
012-345-6789 |
Shipping Phone |
012-345-6789 |
Billing Email |
noemail@kount.com |
Shipping Email |
noemail@kount.com |
IP Address |
10.0.0.1 |
The process of forgetting is permanent and irreversible. A request to forget data must be submitted to Kount every time a request to forget data is made by an end customer.
Comments
0 comments
Article is closed for comments.