Appriss Services Processing Notice

About this Processing Notice
Collection and Use of Personal Data Content

Our Purpose

Editorial Control and Use

Types of Personal Information Processed
Information Recipients
Legal Bases For Processing EU Personal Data
Locations of Processing
Data Subject Rights

How to exercise your rights regarding Personal Data

Data Retention
Data Privacy and Security
Changes to Processing Notice
Contact Us
About this Processing Notice

This processing notice applies to the personal information relating to individuals (“Personal Data” or “Personal Data Content”) processed in Appriss Health, Appriss Retail, and Appriss Safety products and services (collectively, the “Appriss Services”). The customers of the Appriss Services that we provide are referred to in this processing statement as our “Customers”.

Appriss Services may include, but are not limited to, the following Appriss software products, services, and data analytics activities:

  • NarxCare
  • PMP Gateway
  • PMP Aware
  • NPLEx
  • MethCheck
  • Verify
  • Secure
  • Incent
  • Systems Integration / RTI
  • Incarceration Intelligence
  • Justice Intelligence
  • Risk Intelligence
  • VINE
  • MobilePatrol
  • Consulting services
  • Research and development
  • Predictive data analytics
Collection and Use of Personal Data Content

Our Purpose
The Personal Data Content processed by Appriss Services enables our Customers to comply with legal and regulatory obligations, to conduct due diligence screening, and to conduct other risk management activities for which there is a substantial public interest. Appriss Services are also designed to provide organizations with information that may impact their organization, brand, or customer base, and enable informed commercial and business risk decisions.

Personal Data Content we collect and process may be used for the following purposes:

Appriss Health

  • Healthcare Providers – Making it possible for health care providers to prescribe more responsibly and compliantly for preventing and managing substance use disorders.
  • Pharmacies – Providing pharmacies with timely, compliant, efficient prescription drug monitoring program (PDMP) solutions that enable earlier intervention and facilitate collaboration with healthcare providers and other pharmacies.
  • Government – Partnering with state and federal government agencies to provide reliable, compliant PDMP solutions for better tracking and intervening for substance use disorders, as well as blocking and monitoring sales of medications containing pseudoephedrine.

 

Appriss Retail

  • Loss Prevention – Immediately impacting total loss by reducing consumer fraud, retail shrink and procedural errors, while fostering a positive customer experience.
  • Store Operations – Lifting store performance by increasing sales, cutting costs, and reducing loss with solutions that enhance customer service and achieve full ROI in six months or less.
  • Marketing – Capitalizing on in-store foot traffic to generate new revenue by incentivizing Customers to spend more, following merchandise returns.
  • Cost Management – Reducing total loss from consumer fraud, employee dishonesty and procedural errors to immediately reduce shrink and returns.
  • Systems Integration – Rapid, cost-effective integration of complex multiple systems, streamlining workflow and enhancing processing, analysis, and information capabilities.

 

Appriss Safety

 

  • Law Enforcement – Helping law enforcement solve crimes more quickly and efficiently at a lower cost.
  • Entitlement Programs – Working with entitlement programs to reduce government benefits fraud and improve program integrity.
  • Victim Services – Empowering victims with offender notifications that can help protect them from re-victimization.
  • Government – Preventing entitlement fraud, accelerating investigations, and reducing employee / contractor risk for state and federal government agencies.
  • Corporate Security – Safeguarding organizations from insider threats with ongoing monitoring for employee criminal activity.
  • Communities – Keeping communities safer and better informed with critical information updates on criminal offenders.
  • Information Service Providers – Helping their customers mitigate insider threats by continuously monitoring employee criminal activity.

 

Editorial Control and Use
As a data aggregator, we do not exercise editorial control over the personal information that appears in the source material we collect. We use the Personal Data Content for research and analytical purposes to improve the Appriss Services we offer to our Customers as detailed above.

Our Customers make their own decisions as to how to use the personal information within our Personal Data Content. We do not make any decisions about an individual. Furthermore, our Customers are required to conduct their own checks to verify the accuracy of the data, and, are prohibited from using our data as the sole basis of any decision making that may affect individuals whose personal information is contained within the content. Our Customers’ privacy notices and policies will tell you more about how they use personal information, including information regarding the Appriss Services they have used and the information they have obtained from our Personal Data Content.

Types of Personal Information Processed

The Personal Data Content we provide to our Customers is aggregated from public records, publicly available information such as news and business information, and other third-party sources. Our third-party sources may include data providers, biographical sources, broadcast content providers, social media providers and public source information. In some cases, our source materials contain personal information and, where this is the case, that personal information will also appear in our Personal Data Content.

Such Personal Data Content may include, but is not limited to:

  • name, age, date of birth, gender, country of residence;
  • government identification numbers such as social security or national insurance numbers;
  • employment and education details, which may include details of public, religious, political or trade union roles;
  • personal and professional affiliations;
  • information from newspapers blogs, social media and other websites;
  • financial information relating to income or wealth, such as net worth, bankruptcy or insolvency filings;
  • inclusion on a sanctions list or a public list of disqualified directors or other positions of responsibility;
  • criminal background or history;
  • medical and prescription history;
  • reported allegations of theft, money laundering, bribery and corruption and similar criminal activities.
Information Recipients

Your personal information may be shared with our Customers and our processors through our provision of Appriss Services.

We also will disclose your Personal Data if we have a good faith belief that such disclosure is necessary to:

  • meet any applicable law, regulation, legal process or other legal obligation;
  • detect, investigate and help prevent security, fraud or technical issues;
  • protect the rights, property or safety of Appriss, our users, employees or others; and
  • as part of a corporate transaction, such as a transfer of assets to or an acquisition by or merger with another company.

When we collect or otherwise process any Personal Data within the scope of data privacy laws and regulations applicable to the EU, including but not limited to the General Data Protection Regulation (GDPR) (EU) 2016/679, we do so where necessary under the following legal bases:

  • To provide one or more Appriss Services, fulfill a transaction or otherwise perform a contract with you or at your request prior to entering into a contract;
  • To comply with applicable laws or other legal obligations;
  • For the performance of a task carried out in the public interest;
  • To enable our Customers to comply with their legal obligations;
  • Where applicable, with your consent; and/or
  • To operate our business, protect the security of our systems, Customers and users, detect or prevent fraud, or fulfill our other legitimate interests, except where our interests are overridden by your privacy rights.

In particular, we note that there is a substantial public interest in our processing of Personal Data in order to enable our Customers to comply with their legal obligations and to effectively manage their risks, make informed decisions, and run themselves in an ethical manner.

Where we rely on your consent to process Personal Data, you have the right to withdraw your consent at any time, and where we rely on legitimate interests, you may have the right to object to our processing.

Locations of Processing

Your Personal Data may be stored and processed in your region or another country where Appriss, its affiliates, and their service providers maintain servers and facilities, including but not limited to the U.S., Poland, and the UK.

Therefore, your Personal Data may be processed outside the European Union (“EU”), and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as in the EU. In this event, we will ensure that such recipient offers an adequate level of protection, for instance by entering into Standard Contractual Clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.

Data Subject Rights

You may have certain rights regarding your Personal Data, subject to local data protection laws.

If you are located outside the EU:

Consult the data protection laws applicable to your particular locality for more information on your possible rights regarding your Personal Data.

If you are located in the EU, you may have the following Individual Rights:

You have the right under EU and certain other privacy and data protection laws, as may be applicable, to request free of charge:

access to your personal information;
rectification or erasure of your personal information;
restriction of our processing of your personal information, or to object to our processing; and
portability of your personal information.
How to exercise your rights regarding Personal Data
To exercise your rights, please contact us in accordance with the “Contact Us” section below. We are enhancing our existing online request portal to handle these requests and will also accept emails sent to DPO@appriss.com. If you are located in the EU, we will comply with the GDPR requirement to provide information without undue delay, and in any event within one month of receipt of the request. We will contact you if we need additional information from you in order to process your request. It may take us longer than one month, taking into account the complexity of your request, and the overall number of requests we receive.

 

If your Personal Data has been submitted to us by an Appriss Customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the Appriss Customer directly. If you are an employee of an Appriss Customer, we recommend you contact your company’s system administrator for assistance in correcting or updating your information.

Data Retention

Where Appriss processes your Personal Data, the applicable retention period is determined by contract with Appriss Customers. We will only retain your Personal Data as long as it is needed to provide the Appriss Services and fulfill the transactions Appriss Customers have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.

Data Privacy and Security

Appriss implements a variety of data privacy and security measures, including organizational, technical, and physical measures, which are designed to protect the integrity, confidentiality, and availability of Personal Data. While we follow generally accepted standards to protect Personal Data, no method of storage or transmission can be totally secure. You are solely responsible for protecting your password, limiting access to your computer and mobile devices, and signing out of websites, apps, and mobile platforms after your sessions. If you have any questions about the security of our websites, apps, or mobile platforms, please contact us at DPO@appriss.com.

Changes to Processing Notice

We will update this Processing Notice from time to time to reflect changes in our practices, technology, legal requirements, and other factors. If we do, we will post the revised version here with an updated revision date. We encourage you to periodically review this Processing Notice to stay informed about our collection, processing and sharing of your Personal Data.

Contact Us

To exercise your rights regarding your Personal Data, or if you have questions regarding this Processing Notice or our privacy or processing practices, please contact Appriss’s Data Protection Officer at DPO@appriss.com, or write to us at either of the following mailing addresses:

If in the U.S., to:

Appriss Inc.

Attn: Data Protection Officer
9901 Linn Station Rd.
Louisville, Kentucky 40223, USA

Phone: 1-866-277-7477

 

If in the EU, to:

Appriss Retail

Attn: Data Protection Officer

120 Leman Street

London E1 8EU, UK

Phone: +44 (0)20 7430

 

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EU, you have the right to lodge a complaint with the competent supervisory authority.

 

Last Revised:  October 2018