Database Information Policy

Date Last Revised: July 24, 2019


The Craft Database


The Craft Service is a machine-learning powered data and analytics platform operating on data (the “Craft Database”) concerning companies ranging from early-stage to the largest companies in the world, with analytics and tools such as signal alerts, trends and benchmarking and mapping the global economy. The data available in the Craft Service includes personal information concerning the leadership, management, and personnel of the companies Craft profiles.


Craft collects information about companies, including personal information about company leadership, management, and personnel, in two primary ways: We scan the web and other public sources of information, and we license information from other companies. Craft may also receive information directly from companies or individuals. Craft then combines the information from these sources to create company profiles, including profiles of certain company personnel.


Company Data


Company profiles contain publicly available information. If information other than personal data in a company profile is incorrect or incomplete, please contact Craft at privacy@craft.co or by clicking on a “Report incorrect company information” link on the company profile page. However, information concerning companies is not as sensitive as personal data, and Craft treats the two kinds of information differently.


Personal Data


We do not knowingly collect or solicit personal data from or about anyone under the age of 16. If we learn that we have collected personal data from or about a person under age 16, we will delete that data as quickly as possible. If you believe that we have information about a child under 16, please contact us at privacy@craft.co.


We may make any personal data in the Craft Database available to our strategic partners and to our customers, for their internal business intelligence use, but under no circumstances do we provide personal data for the purposes of direct marketing or sales to natural persons.


If personal data in a company profile is incorrect or incomplete, or you believe we have placed nonpublic personal data or personal data concerning a minor in a company profile, please contact Craft at privacy@craft.co or by clicking on a “Report incorrect company information” link on the company profile page.


Information Specifically for Persons Outside the U.S.


Personal information we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities. We will ensure that transfers of personal information to a third country or an international organization are subject to appropriate safeguards. Please see “Privacy Shield Frameworks” below regarding our compliance with the EU- and Swiss-US Privacy Shields.


If you are a resident of the EEA or Switzerland, the following information applies.


Legal Basis for Processing


We process personal data (1) with individual consent; and (2) as necessary for our legitimate interests in providing the Service where those interests do not override your fundamental rights and freedom related to data privacy. Given the limited impact on an individual’s private life of Craft’s collection, processing and licensing, within the scope described in this policy, of certain publicly-available business information concerning individuals’ business roles, these activities are within Craft’s legitimate interests.


Individual Rights


If you are a resident of the EEA or Switzerland, you have the following rights: the right to access your person, rectification or erasure of, and/or restriction of processing or objection to processing of your personal data, and in certain cases, the right to data portability. If you have any questions or want to exercise any of your rights with respect to your personal data, please contact Craft at [email address]. Before we process any request, we may request personal information to verify your identity where allowed by law. Where permitted by local law, we may reject requests that are unreasonable or impractical. Finally, you also have the right to at no cost to lodge a complaint with your local data protection authorities. This right may also exist in other countries.


Privacy Shield Frameworks


Craft complies with the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Craft has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, any rights you may have to binding arbitration before a Privacy Shield Panel, and to view our certification page, please visit https://www.privacyshield.gov.


For information received under the Privacy Shield, Craft will require third parties to whom they disclose personal information to safeguard that personal information consistent with this Policy by contract, obligating those third parties to provide at least the same level of protection as is required by the Privacy Shield Principles. EU citizens may choose to opt-out of such disclosures. We remain responsible in accordance with the Privacy Shield Principles if third parties that we engage to process such personal data on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage. 


In compliance with the EU-US Privacy Shield Principles, Craft commit to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this policy should first contact Craft at privacy@craft.co.


Craft further have committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to binding arbitration through JAMS (Judicial Arbitration & Mediation Services), an independent alternative dispute resolution provider located in the United States and recognized for this purpose by the US Department of Commerce. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information, and to file a complaint.


The Federal Trade Commission has enforcement authority regarding Craft's compliance with the Privacy Shield Principles.