Privacy Notice for Call Recording Activities

Date Last Updated: August 31, 2022

1. General. This Privacy Notice applies to the processing of personal data by Dataminr, Inc. and its corporate subsidiaries and affiliates world-wide (collectively “Dataminr” or “we” or “us” or “our” or “ourselves”) in connection with Dataminr’s use of video and telephone call recordings for the purposes described in this Privacy Notice. This Privacy Notice applies to all individuals who participate in calls (e.g., video and non-video) and meetings during which Dataminr is recording the calls for the Purposes, which includes Dataminr personnel (e.g., employees, contractors, etc.) and employees or other personnel of third parties with whom Dataminr may have, or may wish to establish, a business relationship (e.g., current or prospective customers) (individually each such data subject shall be referred to hereinafter as “you” or “your”). This Privacy Notice is specific to the data processing activities covered under this Privacy Notice. To the extent that there are additional or other privacy policies, privacy statements, or privacy notices applicable to you, this Privacy Notice shall not impact, affect, cancel or replace such other policies, notices or statements.
   
2. Controller. Dataminr, Inc. is a company based in the United States that has affiliates and subsidiaries in several countries around the globe. Dataminr helps its customers to discover and identify potential risks to persons, property, assets and interests around the globe in real time, which enables our customers to respond to and address such potential risks. For additional information, please contact us using the information set forth in the Contact Us section of this Privacy Notice.
   
   Dataminr is acting in the data processing role of a controller for all personal data processed in connection with the activities set forth in this Privacy Notice. For more information, please contact us via the information set forth in the Contact Us section of this Privacy Notice.
   
3. Purposes of the Processing. The personal data processed under or in connection with this Privacy Notice will be processed for the following purposes:
   1. Conducting training for Dataminr’s personnel;
   2. Performing assessments and appraisals of, and administering our relationship with, Dataminr personnel;
   3. Improving the quality of the service that Dataminr provides to its customers;
   4. For persons other than Dataminr personnel, administering our relationship with you and your employer, company or organization with whom you are employed by or otherwise associated with;
   5. Complying with legal and regulatory obligations;
   6. Complying with requests from courts, law enforcement agencies, regulatory agencies and other public and governmental authorities;
   7. Handling enquiries, requests and complaints (including, without limitation, customer support requests);
   8. Protecting the rights, property and/or safety of you, Dataminr, Dataminr’s personnel, and of any other person or party; and
   9. Exercising Dataminr’s rights and to defend Dataminr from claims.

For the processing of personal data under or in connection with this Privacy Notice, Dataminr does not sell (as defined under the California Consumer Privacy Act of 2018, as supplemented by the California Privacy Rights Act of 2020 (collectively “California Privacy Law”)) personal information (as defined under California Privacy Law) and does not share (as defined under California Privacy Law) personal information for cross-context behavioral advertising (as defined under California Privacy Law).

4. Categories of Personal Data Processed. The categories of personal data to be processed under or in connection with this Privacy Notice includes, without limitation, the following:
   1. Contact information, such as first and last names, email address, phone number, business contact information and other similar contact data;
   2. Business and professional information, such as the name of your current employer (or company or other organization with whom you are associated with), job title/position and other similar data.
   3. Content of calls, including audio recordings, video recordings and call transcripts; and
   4. Any other personal data that a call participant discloses or provides during a call that is being recorded by or on behalf of Dataminr.

In regard to the personal data that may fall under (iv) above, Dataminr does not require or need any such personal data and you are encouraged to limit or restrict the disclosure of any such personal data during a recorded call.

Dataminr does not need, does not require, and does not intend to process special categories of personal data or sensitive personal data and expressly requests that call participants do not disclose or provide any such type(s) of personal data during any call that is being recorded by or on behalf of Dataminr. If a call participant voluntarily provided special categories of personal data or sensitive personal data, such data would remain in the raw conversation or call data and be deleted in accordance with Dataminr’s retention policy.

For clarification, all call participants may choose to join a call without it being recorded and may turn off the video functionality on a call.

5. Sources of Personal Data. For the personal data collected during a recorded call, the sources of personal data are the call participants. For non-Dataminr personnel, the personal data collected prior to the call, which enables Dataminr to set-up and arrange for the call, the sources of the personal data may be either the call participants or the employer, company or organization with whom the call participant is employed with or is otherwise associated with.

During the recorded call, the call participants shall ensure that there is no unnecessary or irrelevant personal data disclosed, provided or otherwise made available during the call and that the only individual(s) visible during the call recording is the intended participant(s) of the call. If the invited call participant is bringing another individual to attend the call with the invited call participant, they are fully responsible for ensuring that the other individual is aware that this is a recorded call and for making the individual aware of this Privacy Notice.

If you would like to stop the recording of the call at any time during the call, please instruct the other call participants and the call will be closed.

6. Legal Basis for Processing Personal Data. For those laws that require a legal or lawful basis for the processing of personal data, please see the following:
   1. Processing of Personal Data Related to Dataminr Personnel.
      1. Dataminr’s processing of personal data related to Dataminr personnel is based upon Dataminr’s legitimate interest (or other similar lawful or legal basis under applicable data protection laws) to ensure that (a) its personnel are performing effectively and successfully and up to the expectations and standards of both Dataminr and the third parties with whom Dataminr is engaging with; (b) its personnel are properly and effectively trained and coached; (c) that its approach to conducting business (e.g., generate and drive sales with customers) is successful; and (d) to manage its relationship and engagement with Dataminr personnel.
   2. Processing of Personal Data Related to Persons Other than Dataminr Personnel.
      1. Dataminr’s processing of personal data related to third party call participants (i.e., non-Dataminr personnel) is based upon the consent of the third-party call participants, where applicable; and
      2. Dataminr’s legitimate interest (or other similar lawful or legal basis under applicable data protection laws) to ensure that (a) its approach to conducting business (e.g., generate and drive sales with customers) is successful; (b) to manage its relationship with you and the employer, company, or organization with whom you work or are otherwise associated with; and (c) to ensure that when engaging with you and the employer, company, or organization with whom you work or are otherwise associated with, the engagement is in accordance with our expectations, standards and practices; and (d) to provide appropriate levels of performance and support to you and the employer, company or organization with whom you work or are otherwise associated with.
         
7. Recipients of the Personal Data. We share personal data with various parties and persons for the purposes set forth in this Privacy Notice and in accordance with applicable laws. Our third-party service providers are restricted or limited in their ability to share or use any personal data covered under this Privacy Notice for any purpose than as set forth in the written contract between Dataminr and such third parties. We share your information for the purposes set out in this Privacy Notice, with the following categories of recipients:
   1. The Dataminr group of companies;
   2. Third-party service providers who are enabling or assisting with the processing of personal data as described in this Privacy Notice;
   3. Third parties where we have a duty to or are permitted to disclose your personal data by law (e.g., government agencies, law enforcement, courts and other public authorities);
   4. Third parties in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) or other similar transaction(s), in which case we may disclose your personal data to prospective buyers, sellers, advisers or partners and your data may be a transferred asset in a business sale;
   5. Third parties where reasonably required to protect the rights, property, and/or safety of you, Dataminr, Dataminr’s personnel and of any other person or party; and
   6. Government entities, including, without limitation, regulators, agencies etc.
      
8. Retention of the Personal Data. We retain your personal data in accordance with the applicable records retention schedules/policies. These schedules/policies may be company and/or Service specific. You can find more information on the criteria used to calculate the retention periods set out below.
   
   We calculate retention periods for your personal data in accordance with the following criteria:
   1. The length of time necessary to fulfill the purposes we collected it for;
   2. When the relationship between you (or in the case of non-Dataminr personnel, your employer, company or organization with whom you are employed or otherwise associated with) and Dataminr ceases or otherwise terminates;
   3. The length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations;
   4. Any limitation periods within which claims might be made;
   5. Any retention periods prescribed by law or recommended by regulators, professional bodies or associations; and
   6. The existence of any relevant proceedings.
      
9. Data Subject Rights. Subject to applicable data protection laws, you may have certain rights pertaining to your personal data and Dataminr’s processing of such personal data. These rights are not absolute, meaning that the rights may not apply in all situations, and we may not be required to fulfill or comply with all rights requests. Dataminr will evaluate its obligations and the ability of data subjects to exercise rights on a case-by-case basis. As examples of situations where rights requests do not need to be complied with, we may deny or restrict fulfillment of a request if granting the request would impose a burden on us to provide access or correction that is disproportionate to the risk to your privacy, where access to your data places another individual’s privacy rights at risk, or where the continued processing of your personal data is necessary to comply with a legal obligation or for the exercise or defense of a legal claim(s).
   
   If you are protected under data protection laws in the United Kingdom or European laws, you have the following rights under United Kingdom and European laws and may have different or similar rights under the laws of other countries. To the extent required under applicable data protection laws, we will honor your rights.
   
   1. Right of subject access: The right to make a written request for details of your personal data and a copy of that personal data.
   2. Right to rectification: The right to have inaccurate information about you corrected or removed.
   3. Right to erasure (‘right to be forgotten’): The right to have certain personal data about you erased.
   4. Right to restriction of processing: The right to request that your personal data is only used for restricted purposes where:
      1. the accuracy of personal data is contested;
      2. the processing is unlawful, but you object to the erasure of the personal data; or
      3. we no longer require the personal data, but it is still required for the establishment, exercise or defense of a legal claim.
   5. Right to object: The right to object to processing of your personal data in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third-party’s legitimate interests.
   6. Right to data portability: The right to ask for the personal data you have made available to us to be transferred to you or a third-party in machine-readable format.
   7. Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal data. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data prior to the withdrawal of your consent.

In order to exercise your rights please visit here.

Filing a Complaint. If you are not content with how Dataminr manages your personal data or how we respond to a complaint, request or enquiry, you can lodge a complaint with a privacy supervisory authority. In the European Economic Area, the relevant supervisory authority is the one in the country or territory where:

1. you are resident;
2. you work; or
3. the alleged infringement took place.

A list of National Data Protection Authorities in the European Economic Area can be found here. For the Information Commissioner’s Office in the United Kingdom, please visit https://ico.org.uk/.

10. International Transfers of Personal Data. Dataminr is a global organization and has networks, databases, servers, systems, support and help desks around the world. We collaborate with third parties like cloud hosting services, suppliers and technology support located around the world to serve the needs of our business, workforce and customers. Your personal data may be stored and processed outside of the country in which you reside, including in countries that may not offer the same level of protection for your personal data as your home country. The areas in which these recipients are located will vary from time to time, but include the United States, Europe and Australia, and all other countries where Dataminr has a business presence. We have measures in place to ensure that when your personal data is transferred internationally, it is subject to appropriate safeguards in accordance with applicable data protection laws. Often, these include contractual safeguards. More information about these safeguards (including copies, where relevant) can be obtained by contacting us via the information set forth in the Contact Us Section of this Privacy Notice.
    
11. How We secure Personal Data. Dataminr takes the security of personal data seriously and we use appropriate technologies, security controls and procedures to protect personal data (including administrative, technical and physical safeguards) according to the risk level and the service provided.
    
    Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet the sensitivity of the personal data we handle, our business needs, changes in technology and regulatory requirements. While we use reasonable means to protect your security as described above, data transmission over the internet cannot always be guaranteed to be one hundred percent (100%) secure. We cannot and do not warrant the security of any personal data you transmit, and all such transmissions are done at your own risk. 
    
12. Contact Us. If you have any questions, comments, complaints or other enquiries in relation to data protection or this Privacy Notice, or any other concerns about the way in which we process personal data about you, please contact us as set forth immediately below.
    
    Dataminr Privacy
    Dataminr, Inc.
    6 E 32nd St 6th floor
    New York, NY, 10016
    United States
    [email protected]
    
    If you are not satisfied with the response, you may escalate your questions, comments, complaints, or enquiries to our Data Protection Officer using the information provided immediately below.
    
    Dataminr Data Protection Officer
    FieldFisher Dublin
    The Capel Building
    Mary’s Abbey
    Dublin 7
    Ireland
    D07 N4C6
    [email protected]
    
13. Updates to this Privacy Notice. We may change this Privacy Notice from time to time. When we update this Privacy Notice, we will take appropriate steps to update or inform you, which steps will be consistent with the significance of the changes we make. Each version of this Privacy Notice is identified at the bottom of the page by its version date.