Privacy Policy

Thank you for choosing our SaaS, cloud-based, social media screening services. We are committed to protecting the privacy and personal data of our users. This Privacy Policy outlines how we collect, use, disclose, and store personal information in compliance with applicable laws.

Ferretly International, Inc., (“Ferretly” or “Company”) complies with the Fair Credit Reporting Act (FCRA), Data Protection Act (DPA), UK General Data Protection Regulation (UK GDPR), and the Privacy and Electronic Communications Regulations (PECR), EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce.

Ferretly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Ferretly has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the “DDPF Principles”), the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

We may collect the following types of personal information from individuals or organizations who use our services:

1.1. Account Information: When you create an account with us, we may collect your name, email address, contact information, and other registration details.

1.2. Screening Data: To provide our social media screening services, we may collect and analyze publicly available information from social media platforms, such as posts, comments, images, and other content, as authorized by applicable laws and regulations.

1.3. Consent and Authorization: Prior to conducting any social media screening, we ensure that we have obtained the necessary consents and authorizations from the individuals concerned, in compliance with the FCRA, DPA, UK GDPR, DPF and other applicable laws. Ferretly is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Ferretly customers and prospective customers may choose to include Personal Data among the data stored within the Ferretly cloud or otherwise shared with Ferretly in connection with its provision of Services.

Ferretly processes only the Personal Data that its customers or prospective customers have chosen to share with Ferretly. Ferretly has no direct or contractual relationship with the subject of such Personal Data (a "Data Subject"). As a result, when a customer or prospective customer shares Personal Data, the customer or prospective customer is solely responsible for satisfying all legal obligations owed directly to the Data Subject under applicable data protection laws.

It is the customer's or prospective customer's responsibility to ensure that Personal Data it collects can be legally collected in the country of origin. The customer or prospective customer is also responsible for providing to the Data Subject any notices required by applicable law and for responding appropriately to the Data Subject's request to exercise his or her rights with respect to Personal Data. In addition, the customer or prospective customer is responsible for ensuring that its use of Ferretly’s cloud offerings or Services is consistent with any privacy policy the customer or prospective customer has established and any notices it has provided to Data Subjects.

Ferretly is not responsible for its customers’ or prospective customers’ privacy policies or practices or for the customers’ or prospective customers’ compliance with such policies or practices. Ferretly does not review, comment upon, or monitor its customers’ or prospective customers’ privacy policies or their compliance with such policies. Ferretly also does not review instructions or authorizations provided to Ferretly to determine whether the instructions or authorizations are in compliance with, or conflict with, the terms of a customer's or prospective customer's published privacy policy or of any notice provided to Data Subjects.  Customers and prospective customers are responsible for providing instructions and authorizations that comply with their policies, notices, and applicable laws.

When Ferretly processes Personal Data, Ferretly does so only for the purpose of providing Services.  In general, we use the collected Personal Data for the following purposes:

2.1. Provision of Services: To deliver our social media screening services and provide the requested information to our clients in a secure and confidential manner.

2.2. Compliance with Laws: To fulfill our legal obligations, including those imposed by the FCRA, DPA, UK GDPR, PECR, and other such laws as applicable.  Ferretly complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Ferretly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Ferretly has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

2.3. Improving Our Services: To enhance and optimize our services, including conducting research and data analysis to improve the accuracy and effectiveness of our screening processes.

2.4. Communication: To send administrative notifications, service-related communications, updates, and other relevant information.

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by applicable laws. We maintain appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction.

Ferretly is committed to safeguarding the Personal Data that it receives. While Ferretly cannot guarantee the security of Personal Data, Ferretly takes reasonable and appropriate measures to protect Personal Data in Ferretly’s possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.

Ferretly utilizes a combination of online and offline security technologies, procedures and organizational measures to help safeguard Personal Data.  For example, facility security is designed to prevent unauthorized access to Ferretly computers. Electronic security measures — including, for example, network access controls, passwords and access logging — provide protection from hacking and other unauthorized access. Ferretly also protects Personal Data through the use of firewalls, role-based restrictions and, where appropriate, encryption technology. Ferretly limits access to Personal Data to employees, subcontractors, and third-party agents that have a specific business reason for accessing such Personal Data.  Individuals granted access to Personal Data are aware of their responsibilities to protect such information and are provided appropriate training and instruction.

Ferretly’s customers and prospective customers are responsible for limiting their collection of Personal Data to that which is necessary to accomplish the purposes disclosed to Data Subjects and compatible purposes. They also are responsible for providing Ferretly with instructions or authorization for the processing of Personal Data consistent with such purposes.

Ferretly’s customers and prospective customers also are responsible for ensuring that (a) Personal Data they collect is accurate, complete, current and reliable for its intended uses; and (b) Personal Data is retained only for as long as is necessary to accomplish the customer's or prospective customer's legitimate business purposes disclosed to the Data Subject and for compatible purposes. Ferretly will cooperate with customers' and prospective customers' reasonable requests for assistance in meeting these obligations.

In the performance of Services, Ferretly will request only the minimum amount of information required to perform the applicable Services and will retain such information only for as long as necessary to provide the Services or for compatible purposes, such as to provide additional Services, to comply with legal requirements, or to preserve or defend Ferretly’s legal rights.

Ferretly may disclose Personal Data to subcontractors and third-party agents who assist Ferretly in providing Services to its customers and prospective customers. Before disclosing Personal Data to a subcontractor or third-party agent, Ferretly will obtain assurances from the recipient that it will: (a) use the Personal Data only to assist Ferretly in providing the Services; (b) provide at least the same level of protection for Personal Data as required by the DPF Principles; and (c) notify Ferretly if the recipient is no longer able to provide the required protections. Upon notice, Ferretly will act promptly to stop and remediate unauthorized processing of Personal Date by a recipient. Ferretly will remain liable for onward transfers to its subcontractors and third-party agents unless we can prove we were not a party to the event giving rise to the damages.

Ferretly may also be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. To the extent permitted, Ferretly will inform its relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.

Ferretly will not otherwise disclose Personal Data to third parties.

In compliance with the EU-U.S. DPF Principles, including the UK Extension of the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles, Ferretly commits to resolve complaints about your privacy and Ferretly’s collection or use of Personal Data transferred to the United States pursuant to this Policy.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Ferretly commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resource data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

European Union, Swiss, and United Kingdom individuals with DPF inquiries or complaints should first contact Ferretly’s Data Protection & Privacy Department by emailing compliance@ferretly.com or by calling 833-FERRETLY.

If you are a resident of the province of Quebec, you may also file a complaint with the Commission d’access à l’information du Quebec. If you are a resident of any other jurisdiction, you may also file a complaint with the privacy oversight body responsible for the application of the law concerned by the subject of the complaint.

Ferretly has further committed to refer unresolved privacy complaints under the DFP Principles to an independent recourse mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers [bbbprograms.org] for more information and to file a complaint. This service is provided free of charge to you.

If your DFP compliant cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not otherwise resolved by other redress mechanisms. For more information about binding arbitration, visit https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2 [dataprivacyframework.gov].

The Federal Trade Commission has jurisdiction with enforcement authority over Ferretly’s compliance with the DPF.

Ferretly employees located in the United States may provide Services for customers and prospective customers located in the EEA, Switzerland, or the United Kingdom. To provide such Services, Ferretly may process Personal Data. Ferretly will apply DPF Principles to Personal Data physically or remotely transferred from the EEA, Switzerland or the United Kingdom to the United States

You have certain rights regarding your personal information, including:

8.1. Access and Rectification: You have the right to access and correct your personal information held by us.

8.2. Erasure and Restriction: You can request the erasure or restriction of your personal information in certain circumstances, subject to applicable legal requirements.

8.3. Objection and Withdrawal of Consent: You may object to the processing of your personal information or withdraw your previously provided consent at any time.

8.4.  Invocation of Binding Arbitration. Ferretly is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to your organization and following the procedures and subject to conditions set forth in Annex I of Principles.

Our Services do not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this information from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we can take necessary actions.

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. Those changes are effective immediately, after posting on this page.

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact our Data Protection Officer: