“Privacy is the foundation of trust and integrity. At Precisely, we approach every decision about personal data with diligence, thoughtfulness, and a commitment to transparency.”
Susan Ndongwa Fletcher
Chief Privacy Officer
Trusted Data. Privacy First.
Trustworthy data starts with privacy-first practices. Precisely safeguards personal data with integrity and ethical stewardship. Our privacy program aligns with GDPR, CCPA, and global data privacy laws, and is built on ISO/IEC 27701 and NIST frameworks, supporting trust, responsible data handling, and privacy across systems, products, and operations.
Setting the Standard in Privacy
Precisely has earned ISO/IEC 27701 certification, the international standard for Privacy Information Management. This achievement underscores our commitment to protecting personal data and maintaining compliance with global privacy regulations. By implementing a Privacy Information Management System (PIMS), we embed privacy into our products and operations, enhancing trust, transparency, and accountability across privacy-related processes.
Data Privacy Framework Certification
Precisely is excited to announce its participation in the Data Privacy Framework (DPF) program commencing January 2025. You can find details of participating organizations here.
Frequently Asked Questions
Q: What is the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF?
A: The Data Privacy Framework (DPF), administered by the U.S. Department of Commerce, allows U.S. organizations to self-certify compliance with data protection principles when handling personal data from the EU, UK, and Switzerland. It facilitates transatlantic data transfers while ensuring strong privacy protections, covering principles such as notice, choice, security, data integrity, access, and recourse.
Q: What is Precisely’s position on the DPF?
A: Precisely supports the DPF as a framework of mutual trust between the U.S., EU, UK, and Switzerland, restoring legal certainty for transatlantic data transfers and enhancing privacy safeguards. While the DPF enables data transfers without additional safeguards, Precisely may also use Standard Contractual Clauses and other mechanisms to ensure compliance where appropriate.
Q: Where can I find more information about the DPF?
A: The DPF FAQs are available here: DPF FAQs
Alignment with the NIST Privacy Framework
At Precisely, we are committed to transparent, accountable privacy practices aligned with industry standards. We have adopted the NIST Privacy Framework, a recognized standard for identifying and managing privacy risks, to guide data governance, integrate privacy into product and service design, and ensure responsible data handling in line with regulations.
This structured, risk-based approach enables proactive risk management, consistent protection of individuals’ privacy, and builds customer trust. Our alignment with the NIST Framework reflects our commitment to continuous improvement, regulatory readiness, and delivering services that respect privacy by design.
Privacy Today
Privacy requirements are increasingly complex, varying by state and country. In the U.S., new state laws expand definitions of personal data, introduce new rights (e.g., opt-out, data correction, appeal), and impose stricter penalties. Alongside GDPR, CCPA, and other laws, these changes mean organizations must clearly understand how they collect, process, and protect personal data across its lifecycle.
Privacy Rights Requests
Individuals can exercise their privacy rights—such as accessing, deleting, or opting out of the sale of personal data—through our Privacy Rights WebForm. More details are in our Global Privacy Notice.
Data Privacy Priorities
Precisely aligns with the NIST Privacy Framework and global privacy laws such as the GDPR and CCPA to manage privacy risks, integrate privacy into product design, and ensure responsible data handling. Our key priorities include:
- Comprehensive privacy framework: Includes Privacy-by-Design and Default, Training & Awareness, and Privacy Ethics.
- Global privacy office: A dedicated privacy team, led by Precisley’s Chief Privacy Officer, oversees the implementation and adherence to privacy policies and governance.
- Privacy policies and practices: Employees follow strict procedures for handling personal data.
- Transparency, notice, and choice: Clearly communicated through our Global Privacy Notice.
- Technical and organizational measures: Protect personal data in SaaS platforms and support privacy by design and default.
- Regular reviews: Audits ensure ongoing compliance with global privacy laws and ethical data practices.
Cross-Border Data Transfers and Global Privacy Commitment
Precisely participates in the EU-U.S., UK, and Swiss-U.S. Data Privacy Frameworks (DPF) and uses Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA) when needed. This layered approach ensures lawful, secure, and transparent cross-border data transfers, reflecting our commitment to protecting personal data worldwide.
Precisely Data Processing Addendum
- At Precisely, we know that upholding the privacy and security of our customers’ data is vital to earning and maintaining your trust. As part of this commitment, we strive to offer our customers the mechanisms they need to comply with regulatory requirements. If and to the extent Precisely processes any customer personal data in connection with the provision of Precisely products and services, the terms of the Precisely Data Processing Addendum (DPA) shall apply.
- The DPA is an addendum to the terms which govern the products and/or services which our customers subscribe to and memorialize our commitment to data privacy and security compliance. Our DPA includes the latest set of General Data Protection Regulation (GDPR) standard contractual clauses (SCCs) for the transfer of personal data outside of the EU/EEA.
For more information on Precisely’s DPA, please see the following resources:
Our Commitment to Sensitive Data Governance and Ethical Use of Data
- Precisely PlaceIQ has a long-standing commitment to ethical data processing and sensitive location privacy for consumers. We believe that individuals should be able to enjoy the benefits of location-based experiences, advertising, and offers which align with their preferences, without compromising data about where they seek healthcare, debt services, worship or any other place which may reveal sensitive information about them.
- As part of this commitment, we have implemented a number of internal data governance controls including the establishment of a Sensitive Data Governance Program, to ensure sensitive data is handled responsibly and sensitive locations are excluded from applicable Precisely products and services.
- We have voluntarily adopted the NAI’s Enhanced Standards and other industry and regulatory requirements which prohibit the use of, selling, or sharing of information about device or user activity correlated to a known sensitive location.
- Precisely’s and Precisely PlaceIQ’s products are not intended for children below the age of 18 and we do not knowingly collect personal data including sensitive personal data relating to such children.
For more information about Precisely PlaceIQ’s data privacy practices, please see the Precisely PlaceIQ Product Privacy Notice.
AI & Privacy
Privacy shapes the development and use of our AI systems, guiding every stage from design to deployment. Transparency, accountability, and robust data protection are embedded across the lifecycle, reflecting ethical principles, global standards and supporting responsible innovation.