Effective September 15, 2020
Types Of Information We Collect.
The following provides examples of the type of information that we collect from you and how we use that information.
Types of Data
Primary Purpose for Collection
Customer User Information
We collect the name, username, and contact information, of our customers and their employees with whom we may interact.
We have a legitimate interest in contacting our customers and communicating with them concerning normal business administration such as projects, services, and billing.
Account Information (Customer User)
We collect personal data from our customers when they create an account to access and use the Services or request certain free Services from our Sites. This information could include business contact information such as name, email address, title, company information, and password for our services.
We have a legitimate interest in providing account related functionalities to our users, monitoring account logins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to fulfill our contract to provide you with Services.
Contact Information (Vendors)
Users of our service may ask their vendors or service providers to submit company and security related information on our platform (e.g., to complete a security questionnaire). When a user invites a vendor we collect the name and email address of the vendor.
We have a legitimate interest in contacting vendors on behalf of our customers in order to invite them to communicate with companies through our platform. Among other things, the communication allows our customers to efficiently solicit, and receive, security questionnaires, and allows vendors to efficiently solicit, and transmit, security questionnaires. Additionally, we use this information to fulfill our contract to provide Services which may include soliciting, receiving, transmitting, and hosting responses to security questions.
Account Information (Vendors)
We collect personal data from vendors when they create an account to access and use the Services or request certain free Services from our Sites. This information could include business contact information such as name, email address, title, company information, and password for our services.
We have a legitimate interest in providing account related functionalities to our vendor-users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, in some cases, we use this information to fulfill our contract to provide vendor-users with Services.
Cookies and First Party tracking
We have a legitimate interest in making our website operate efficiently.
Cookies and Third Party Tracking
We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites.
Where required by law, we base the use of third party cookies upon consent.
We collect personal information, such as your location and IP address.
We have a legitimate interest in understanding our users and providing tailored services.
If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases.
We have a legitimate interest in understanding how you interact with our communications to you.
If you apply for a job posting, or become an employee, we collect information necessary to process your application or to retain you as an employee. This may include, among other things, your Social Security Number. Providing this information is required for employment.
We use information about current employees to perform our contract of employment, or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees. We also have a legitimate interest in using your information to have efficient staffing and work force operations.
We collect personal data from you contained in any inquiry you submit to us regarding our Sites or Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone, your calls may be recorded and analyzed for training, quality control and for sales and marketing purposes. During such calls we will notify you of the recording via either voice prompt or script.
We have a legitimate interest in receiving, and acting upon, your feedback, issues, or inquiries.
When you sign up for one of our mailing lists we collect your email address or postal address.
We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.
We collect your name, billing address, shipping address, e-mail address, and phone number. To the extent that you have elected to pay using a credit card we also take (directly or through our payment processor) your payment card information.
We use and share your information to perform our contract to provide you with products or services.
We have a legitimate interest in understanding your opinions, and collecting information relevant to our organization.
We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser.
We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.
We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.
We have a legitimate interest in monitoring our networks and the visitors to our websites. Among other things, it helps us understand which of our services is the most popular.
In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.
Use And Processing Of Information.
In addition to the purposes and uses described above, we use information in the following ways:
Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you sign up for Services, we may collect your information to complete that transaction, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your Services. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.
Sharing Of Information.
In addition to the specific situations discussed elsewhere in this policy, we disclose information in the following situations:
You can make the following choices regarding your personal information:
Please address written requests and questions about your rights to [email protected] or call us at 1-800-682-1707.
Note that, as required by law, we will require you to prove your identity. We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name or other account information. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete personal information about you in our files.
In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual you must attach a copy of the following information to the request:
If we do not receive both pieces of information, the request will be denied.
How We Protect Personal Information
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Some of our websites permit you to create an account. When you do you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.
Other Important Information
The following additional information relates to our privacy practices:
Contact Information. If you have any questions, comments, or complaints concerning our privacy practices please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.
Attn: Privacy Team
111 West 33rd Street, 11th Floor
New York, NY 10001
If you are not satisfied with our response, and are in the European Union, you may have a right to lodge a complaint with your local supervisory authority.
California Civil Code Sections 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicate that organizations should disclose whether the following categories of personal information are collected, transferred for “valuable consideration,” or transferred for an organization’s “business purpose” (as those terms are defined under California law). We do not “sell” your personal information. The table below indicates the categories of personal information we collect and transfer in a variety of contexts. Please note that because this list is comprehensive, it may refer to types of information that we collect and share about people other than yourself. For example, while we transfer credit card or debit card numbers for our business purpose in order to process payments for orders placed with us, we do not collect or transfer credit card or debit card numbers of individuals that submit questions through our website’s “contact us” page.
Categories of Personal Information That We Collect
To Whom We Disclose Personal Information for
Identifiers – this may include name, postal address, phone number, unique personal identifier, online identifier, internet protocol (IP) address, device ID, email address, account name, signature, or other similar identifiers.
Financial information – this may include bank account number, credit or debit card number, or other financial information.
Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Network activity data– this may include internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.
Geolocation data – this may include precise physical location.
Electronic data – this may include audio, electronic, or similar information (e.g., a recording of a customer service call).
Professional/employment information – this may include occupation and professional references.