LAST UPDATED 8/8/22
Fulcrum Biometrics and Data Privacy
What Personal Information Do We Collect?
Fulcrum collects certain personal information (i.e., information that identifies an individual either alone or in combination with other data). We also collect information that has been de-identified and aggregated, meaning it does not identify an individual, and other non-personal information which does not, on its own, identify an individual person.
Fulcrum obtains information when you or someone acting on your behalf provides such information to us. We also collect information automatically when you access or use the Site or our services or when you use a device on which a Fulcrum service is installed.
The following are examples of the personal information we may collect and process:
Personal Information Collected Directly From You (Or Someone Acting On Your Behalf): This is information about you that you give to us by filling in forms on the Site (or other forms that we ask you to complete), giving us a business card (or similar), corresponding with us by telephone, post, email or otherwise, or accessing our partners’ web-based platforms from the Site, and it may include, for example:
- Your contact information, including your name, address, email address and telephone number;
- Information about your business relationship with Fulcrum and your transactions with us and your use of our services;
- Information about your professional role, background and interests;
- Information provided by you through Fulcrum-related communication channels such as forums, technical support, and customer service;
- Username, password, and other information for accounts for Fulcrum services;
- Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Site; and
- Photographs, images, biometrics, and related hash values.
You are under no obligation to provide us with personal information of any kind, however your refusal to do so may prevent you from using certain features of the Site or our services.
Personal Information Collected By The Site, Our Other Systems, Or From Interactions With Our Services: If you visit the Site, interact with us through social media services, exchange emails, telephone conversations or other electronic communications with our employees and other staff members, or physically enter some of our facilities, we may automatically collect some information about you and your visit or interaction, including, for example:
- Details about your computers, mobile devices, applications, and networks (including IP address, browser characteristics, mobile device ID, characteristics and location, operating system, system language, and preferences);
- Information about your activities on the Site, usage patterns of services and interactions with or through social media networks (including referring URLs, dates and times of website visits, and clickstream data such as information commonly recorded in web server logs);
- Details about Internet or network usage (including URLs or domain names of websites you visit, information about applications that attempt to access your network, or traffic data);
- Data about files and communications, such as potential malware or spam (which may include computer files, emails and attachments, email addresses, metadata, and traffic data, or portions or hashes of any of this information);
- Details of your conversations with our employees or other staff, including, in some instances, their content;
- Information about your visit to our facilities captured by closed circuit TV systems and other security and access management systems, including video; and
- Other information used in the operation of our services.
Other information: We may also collect information about you from other sources, including, the organization you represent, third party data providers and publicly available sources.
De-Identified and Aggregated Information: By visiting, registering to use, accessing, using, interacting with, and/or providing information through the Site or our services, you expressly agree that Fulcrum owns, without restriction, all de-identified and aggregated information and other non-personal information collected and/or created by or on behalf of Fulcrum.
Your Biometric Information will be encrypted and stored on either one of our authorized service provider’s servers, an applicable administrator’s servers, or your designated device(s). In order to better serve you and detect and prevent fraud, Fulcrum may, but is not obligated to, continue to process your Biometric Information until the earlier of (i) one year from the date that you deactivate your applicable user account or your account is otherwise closed, (ii) the time at which the purpose of the initial collection of your Biometric Information has been satisfied, or (iii) three years from your last interaction with us or Fulcrum services, whereupon your Biometric Information will be permanently destroyed. If you re-open your account or open a new account after we have permanently destroyed your Biometric Information, you will need to re-provide the requested Biometric Information and may be required to re-provide other personal information. We may continue, but are not obligated, to process all personal information other than Biometric Information for as long as we deem necessary for the provision of your account and the applicable Fulcrum services.
All Internet-enabled devices have an Internet protocol address or IP address. The Site and other Fulcrum services use IP addresses to help keep security measures current and relevant.
Fulcrum uses “cookies” to remember user preferences and to maximize the performance of the Site and our services. Cookies also help us to identify returning users so, for example, we don’t need to ask them to enter their email and password on every visit. Please note the information gathered by cookies may be necessary to provide some Fulcrum services, including certain subscriptions. We cannot provide such services to users who do not give their consent to the data processing carried out through cookies or whose browsers are set to reject all cookies. For example, when you purchase a subscription to an online technology, a cookie is set that identifies the software, version, and when it expires. We use this information to alert you that a newer version is available or if your subscription is going to expire.
Cookies may also be used to control the type and frequency of ads, promotions, or other marketing messages the customer views. These ads may be placed by Fulcrum or third-party advertising companies which are our vendors. Fulcrum also uses “web beacons” (small transparent image files) to count visitors to the Site and analyze how visitors use our Site. The information collected is generally anonymized and is not used to identify any particular user.
Fulcrum also maintains log files of the traffic on the Sites. For example, our servers may automatically record the information you or your browser send when you visit the Site. These log files may include information such as your requests, IP address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your system.
How We Use Your Personal Information
Having accurate information about you permits Fulcrum to provide you with a smooth, efficient, and customized experience. Specifically, Fulcrum and the providers and partners that help provide Fulcrum’s services may use collect and use your personal information for the following purposes:
- to operate, manage, develop and promote our business (including the Site, our products and services);
- to perform accounting, auditing, billing, reconciliation, and collection activities, and, if applicable, process payments and complete transactions through our third-party payment processor;
- to operate recruiting activities;
- to protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes, and to investigate and respond to potential or actual claims, liabilities, prohibited behavior, and criminal activity;
- to comply with and enforce our legal and regulatory obligations, agreements, and policies, and bring and defend legal claims and assert legal rights;
- to predict future security threats and vulnerabilities and investigate, respond to, and manage security related incidents and events;
- to authenticate your inputted biometrics;
- to provide security advisories, information, and updates;
- to help safeguard your devices and your data;
- to conduct research and analysis, and to communicate about, and administer participation in, special events, programs, surveys, contests, sweepstakes, and other offers and promotions;
- to establish and manage Fulcrum user accounts, provide customer support, manage subscriptions, and respond to requests, questions and comments;
- to personalize and manage our relationship with you;
- to enable posting on our blogs and other communications;
- to customize, measure, and improve the Site and our services; and
We may from time to time review your information held in our systems – including the contents of and other information related to your email and other communications with us – for compliance and business-protection purposes as described above. This may include reviews for the purposes of disclosure of information relevant to litigation and/or reviews of records relevant to internal or external regulatory or criminal investigations. To the extent permitted by applicable law, these reviews will be conducted in a reasonable and proportionate way and approved at an appropriate level of management. They may ultimately involve disclosure of your information to governmental agencies and litigation counterparties as described below. Your emails and other communications may also occasionally be accessed by persons other than the member of staff with whom they are exchanged for ordinary business management purposes (for example, where necessary when a staff member is out of the office or has left Fulcrum).
We will only process your personal information as necessary so that we can pursue the purposes described above and where we have a legal basis for such processing. Where our lawful basis for processing is that such processing is necessary to pursue our legitimate interests, we will only process your personal information where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest. In exceptional circumstances we may also be required by law to disclose or otherwise process your personal information.
Because de-identified and aggregated information and other non-personal information cannot be used to personally identify you, we may use such information for any lawful purpose.
How We Share Your Personal Information
We may share your personal information, where reasonably necessary for the various purposes set out above, with:
- your colleagues within the organization that you represent;
- authorized service providers and partners who perform services for us, including those who host our web services or other information technology systems, or otherwise hold or process your information on our behalf, under conditions of confidentiality and security required by law;
- business partners, channel partners, service partner, agents, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- your administrator, if applicable, with your consent, or
- third parties with your consent.
We may also disclose personal information: (a) if we are required to do so by law or legal process; (b) in response to requests by government agencies, such as law enforcement authorities or other authorized third parties; (c) as may be required for purposes of national security; (d) when we believe disclosure is necessary and appropriate to prevent physical, mental, financial, or other harm, injury, or loss; or (e) in connection with an investigation of suspected or actual illegal or inappropriate activity or exposure to liability.
These disclosures may involve transferring your personal information to countries other than the country in which the information originally was collected. Those countries may not have as comprehensive data protection laws as the country from which Fulcrum initially obtained the information. When we transfer the information to other countries, we use a reasonable standard of care and appropriate organizational, physical, and technical security practices and procedures
Because de-identified and aggregated information and other non-personal information cannot be used to personally identify you, we may share such information for any lawful purpose.
How You Can Manage and Control Your Personal Information
Many Fulcrum services allow users to make choices about the personal information collected. For instance:
- You may choose not to receive marketing communications from us by clicking on the unsubscribe link or other instructions in our marketing emails or contacting us as specified in the “How to Contact Us” section below.
- Many Fulcrum services contain settings that allow users or administrators to control how the service collects information. Please refer to the relevant service manual or contact us through the appropriate technical support channel for assistance.
- To remove your personal information, please contact us.
If you chose to no longer receive marketing information, Fulcrum may still communicate with you regarding such things as security updates, functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.
Storage and Data Retention
The information we collect may be stored and processed in servers in the United States and wherever Fulcrum and our service providers have facilities around the globe.
The time periods for which we retain your personal information depend on the purposes for which we use it. Generally, Fulcrum will keep your personal information for as long as it is necessary to fulfil the purposes for which we had collected it or you remain a registered subscriber or user of our services and, thereafter, for no longer than is required by law, or Fulcrum’s Records Retention Policy, reasonably necessary for internal reporting and reconciliation purposes, or to provide you with feedback or information you might request. In certain circumstances, we may be required to retain data we have about you for a longer period (such as for tax, litigation (threatened, anticipated, or actual), other business purposes, or if required by law enforcement). We will delete your personal information if we believe that your personal information that we hold is inaccurate, or when you have informed us that you no longer consent to our processing of your personal information.
We implement appropriate organizational, physical, and technical security practices and procedures for storing and transmitting the personal information we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. Periodically, we test our website, services, data centers, systems, and other assets for security vulnerabilities.
Personal Information of Children
Fulcrum respects the privacy of children and does not knowingly collect, use or disclose personal information of children under 16 years of age without verifiable consent from a parent or guardian. If Fulcrum becomes aware that the information submitted to or collected by Fulcrum is personal information of children without first receiving verifiable consent from a parent or guardian, Fulcrum will take prompt steps to delete such personal information. If a parent or guardian wishes to raise a concern regarding personal information pertaining to a child, please email our Data Protection Office at email@example.com.
Fulcrum is committed to being compliant with the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM Act”). All emails you receive from us are intended to fully comply with the CAN-SPAM Act. If at any time you would like to unsubscribe from receiving future emails, you can email us at firstname.lastname@example.org, and we will promptly remove you from ALL correspondence.
The Digital Millennium Copyright Act of 1998 (“DMCA”) provides recourse for copyright owners who believe that material appearing on the Internet infringes their rights under U.S. copyright law. If you believe in good faith that any content made available in connection with the Site or Fulcrum’s services infringes your copyright, you (or your agent) may send us a notice requesting that the content be removed, or access to it blocked. Notices and counter-notices must meet the then-current statutory requirements imposed by the DMCA (see http://www.loc.gov/copyright for details). Notices and counter-notices with respect to the Site or our services should be sent to:
Fulcrum Biometrics, Inc.
16108 University Oak
San Antonio, Texas 78249
Attn: DMCA Notice
What Are Your Rights?
You have the following rights (subject to applicable local laws) in relation to the personal information that we hold about you:
- to access your personal information, and some related information, under relevant data protection law;
- to require any inaccurate personal information to be corrected or deleted;
- to object to our use of your personal information for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances;
- to require us to delete your personal information in certain circumstances;
- to require us to restrict or block the processing of your personal information in certain circumstances (when processing is restricted, we can still store your personal information, but may not use it further);
- to obtain from us your personal information, in a structured, commonly used and machine-readable format in certain circumstances. Further, you may have the right to require us to transmit your personal information directly to another person (for instance a new provider) where it is technically feasible to do so; and
- where we are processing your personal information based on your consent to such processing, to withdraw your consent at any time.
Further information and advice about your rights can be obtained from the data protection regulator in your country. If you wish to exercise any of these rights (subject to applicable local laws), or have complaints about our processing of your personal information, please email email@example.com.
Automated Decision Making
We may use technology which tracks your use of our website and your interactions with us and which helps us to build a profile of your preferred products and information requests. If we do this, what this means for you is that you are more likely to receive offers and information that are tailored to your specific preferences, based on your previous profile activity.
If we use automated decision making in respect of any specific service or product and such automated decision making produces legal effects concerning data subjects or similarly significantly affects them, we will provide information required by applicable laws in respect of such automated decision making.
California Consumer Privacy Act
The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to know/access, delete, and limit sharing of Personal Information. The CCPA defines “Personal Information” to mean “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Certain information we collect may be exempt from the CCPA because it is considered public information (i.e., it is made available by a government entity) or covered by a specific federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.
To the extent that we collect Personal Information that is subject to the CCPA, that information, our practices, and your rights are described below.
Right to Notice at Collection Regarding the Categories of Personal Information Collected: You have the right to receive notice of the categories of Personal Information we collect, and the purposes for which those categories of Personal Information will be used. This notice should be provided at or before the time of collection. The categories we use to describe the information are those enumerated in the CCPA.
- Identifiers, such as name, contact information, IP address and other online identifiers;
- Personal information, as defined in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))customer records law, such as name, contact information, and payment card number;
- Characteristics of protected classifications under California or federal law, such as age and gender;
- Commercial information, such as transaction information and purchase history;
- Internet or network activity information, such as browsing history and interactions with our website;
- Geolocation data, such as device location;
- Audio, electronic, visual, and similar information; and
- Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences and characteristics.
We do not sell Personal Information and in the preceding twelve (12) months, we have not sold any Personal Information.
Right to Know/Access Information: If you are a California resident, you have the right to request access to Personal Information collected about you over the past 12 months and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. Below is a complete list of the Personal Information that you can include in your request.
- The categories of Personal Information that Fulcrum has collected about you.
- The categories of sources from which Fulcrum collected the Personal Information.
- The business or commercial purpose for collecting or selling Personal Information.
- The categories of third parties with whom Fulcrum shares Personal Information.
- The specific pieces of Personal Information Fulcrum has collected about you.
- The categories of Personal Information that Fulcrum disclosed about you for business purpose.
- The categories of Personal Information that Fulcrum has sold about you, as well as the categories of third parties to whom Fulcrum sold your Personal Information.
If you would like to exercise your right to request disclosure, you may submit such a request as described below. To protect our users’ Personal Information, we are required to verify your identity before we can act on your request.
Right to Request Deletion of Information: If you are a California resident, you also have the right to request in certain circumstances that we delete any Personal Information that we have collected directly from you. You may submit such a request as described below. To protect our users’ Personal Information, we are required to verify your identity before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
How to Submit a Request: You may submit a request to exercise your rights to know/access or delete your Personal Information by sending us an email at firstname.lastname@example.org, calling us at +1 (210) 257-5615, or by writing us at the address listed under “Contact Us” below. We will respond to your request consistent with applicable law.
Only you or your authorized agent may make a verifiable consumer request related to your Personal Information. If you use an authorized agent to submit a request on your behalf, we may require that you (1) provide the authorized agent written permission to do so, and (2) provide a copy of the authorization or provide a copy of a power of attorney that complies with California Probate Code sections 4000 to 4465 so that we can verify the identity of the authorized agent.
In verifying requests, we employ reasonable measures to detect fraudulent requests and prevent unauthorized access to your Personal Information. To meet our obligations, we are required to verify your identity, and the identity of your authorized agent, if the request is submitted via an agent, by associating the information provided in your request to Personal Information previously collected by us.
If we suspect fraudulent or malicious activity on or from the password-protected account, we may decline a request or request that you provide further verifying information.
You may only make a verifiable consumer request twice within a 12-month period. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify your identity or authority to make the request.
Right to Opt Out of Sale of Personal Information to Third Parties: You have the right to opt out of any sale of your Personal Information by Fulcrum to third parties. We do not sell information to third parties.
Right to Information Regarding Participation in Data Sharing for Financial Incentives: You have the right to be free from discrimination based on your exercise of your CCPA rights. We do not discriminate against anyone who chooses to exercise their CCPA rights.
Information for Users in the European Economic Area (“EEA”) or in the United Kingdom (“UK”)
Fulcrum may transfer Personal Data from the EEA or the UK to the United States, including Personal Data we receive from individuals residing in the EEA or the UK who visit the Site and/or who may use our services or otherwise interact with us. Please note that the term “Personal Data” used in this section is equivalent to the term “personal data” under applicable European and UK data protection laws for individuals located in the EEA or the UK. When Fulcrum engages in such transfers of Personal Data, it relies on (a) Adequacy Decisions as adopted by European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (“GDPR”), or (b) Standard Contractual Clauses issued by the European Commission. The European Commission has determined that the Standard Contractual Clauses provide sufficient safeguards to protect personal data transferred outside the EU or EEA. For more information, please visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. Fulcrum continually monitors the circumstances surrounding such transfers in order to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the GDPR.
If you have any questions, comments, requests or concerns regarding this privacy statement or our processing of personal information, or would like to update information we have about you or your preferences, please contact us by: please send an email to email@example.com or contact us by writing us at:
Fulcrum Biometrics, Inc.
16108 University Oak
San Antonio, Texas 78249