Date of Last Revision: January 25, 2017
SUMMARY AND CONTENTS
Information We Collect: When you interact with us through the Services, we may collect personal information and other information from you, including information you give us, information we get from your use of our services, information we receive from other sources and information collected by third parties on our Sites. Learn more
Disclosure of Your Personal and Other Information: We do not sell your personal information. There are, however, certain circumstances in which we may share your personal information with certain third parties without further notice to you, including in connection with business transfers, to affiliates, service providers, agents, consultants and related third parties, partners and resellers, to other users of BitSight Connect and to comply with legal requirements. Learn more
Accessing and Updating Your Personal Information: Upon request we will provide you with information about whether we hold any of your personal information and allow you to access, correct, or request deletion of such information. In the event you close any account in connection with the Services, we will remove your name and other personal information. Learn more
Links from the Sites: Certain pages of the Services may, from time to time, contain external links. We are not responsible for the privacy practices of other websites. Learn more
Security: We take reasonable steps to protect the personal information provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Learn more
Children: Our Sites and our Services are not directed to persons under 18. If we become aware that a child under 18 has provided us with personal information, we will delete such information from our files. Learn more
International Use: We are headquartered in the United States of America. Personal information may be accessed by us or transferred to us in the United States or to our affiliates, service providers, agents, consultants and related third parties, partners and resellers, or service providers elsewhere in the world. By providing us with personal information, you consent to this transfer. Learn more
EU-U.S. Privacy Shield: We participate in and have certified our compliance with the EU-U.S. Privacy Shield Framework. Learn more
Our Contact Information: We have designated our Privacy Manager to oversee our compliance with applicable privacy laws. Questions and inquiries concerning your privacy may be directed by email to email@example.com or to the address below. Learn more
- Information you give us.
- We collect personal information from you when you complete our online forms or contact us with inquiries or create an account to access and use the Services. This information includes contact information such as name, mailing address, email, phone number and company information.
- We also collect personal information from you when you log into or post in BitSight Connect (our online forum). You are solely responsible for the personal information you choose to submit in these forums. Please note that once the account has been created for the Services, it automatically creates your access to BitSight Connect.
- Information we get from your use of our services.
- When you interact with us through the Services, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. We may store such information itself or such information may be included in databases owned and maintained by our affiliates, agents or service providers.
- As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
- Tracking Technologies:
- Information we receive from other sources. We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
- Information collected by third parties on our Sites. Our Sites include social media features and widgets such as Facebook, Twitter and LinkedIn or interactive mini-programs that run on our website. These features may collect your Internet protocol address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy statement of the company providing it.
We may accumulate and aggregate certain anonymous statistical and related data in order to improve the performance and functionality of the Services, to develop new products and/or the Services or to analyze the usage of the Services. As noted above, we may use aggregated or anonymous data for such purposes as we, in our sole discretion, deems to be appropriate.
We are the sole owner of information collected on the Sites (including any metadata), except for vendor lists and contact information that you provide to us in connection with your use of our Services.
If you provide personal information for a certain reason, we may use such personal information in connection with the reason for which it was provided. We may also use personal information to administer your account, to respond to customer service requests, to help us improve the content and functionality of the Services, to better understand our users and to improve the Services and to market our Services to you. We may combine any or all of this data with other information we collect about you.
We may also use this information to contact you in the future to tell you about services we believe will be of interest to you. Each bulk marketing communication we send you will contain instructions to "opt-out" of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or wish to have your name deleted from our mailing lists, contact us as indicated below under “Our Contact Information.”
- Business Transfers. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal information may be part of the transferred assets or otherwise shared.
- Service Providers, Agents, Consultants and Related Third Parties. Occasionally, we enter into contracts with carefully selected third parties so that they can assist us in servicing you (for example, providing or maintaining databases, processing payment, fraud detection and deterrence or access to advertising assets), to assist us in our own marketing and advertising activities or to engage in co-marketing activities with us. Our contracts with such third parties prohibit them from using any of your personal information for any purpose beyond the purpose for which it was shared.
- Partners and Resellers. We may share your personal information with our partners and resellers so that they can assist you in using our products and services and sell or resell our products and services to you.
- Data Submitted in Connection with BitSight Connect. Your name and/or username and the information you post in BitSight Connect forums and any activities you engage in will be available to other users of BitSight Connect.
- Legal Requirements. We may disclose your personal when such disclosure is necessary or advisable, in our sole discretion, to conduct an investigation, respond to a third party or law enforcement subpoena or court order, bring legal action, prevent harm to others or pursue other relief when you or a third party are or may be: violating our terms and conditions of use; causing injury or other harm to, or otherwise violating our property or other legal rights, or those of other users or third parties; or violating federal, state, local, or other applicable law. This disclosure may include transferring information to the U.S. and outside the European Economic Area.
We may also share aggregated and non-personal information with any third party, including the media and industry observers. For example, we may disclose security trends or the number of customers that have evaluated or purchased our products and services.
Upon request we will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging into your account or contacting us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe. Please be aware that even after we have processed your request for such a change, we may retain certain residual information in the backup and/or archival copies of our database.
In the event you close any account in connection with the Services, we will remove your name and other personal information. We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.
Certain pages of the Services may, from time to time, contain external links. You should verify and validate any and all privacy practices of other websites. We encourage you not to provide personal information, without first assuring yourself of the privacy policies of such other websites.
WE ARE NOT RESPONSIBLE IN ANY WAY FOR ANY USE AND/OR MISUSE OF ANY PERSONAL INFORMATION OR OTHER INFORMATION PROVIDED BY YOU AT SUCH OTHER WEBSITES.
We take reasonable steps to protect the personal information provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. For example, access to your personal information and/or your information on the Services is password-protected (it is your responsibility to protect the security of any of your login information). Notwithstanding our efforts, we cannot guarantee absolute or unqualified protection of this information given the open nature and resulting instability of the Internet and World Wide Web, and we make no representations or warranties as to the effectiveness of our security and assume no liability for security breaches or any failure in the security of your computer equipment, your internet service provider or other networks and communications providers. If you have any questions about the security of your personal information, you can contact us at email@example.com.
Our Sites and our Services are not directed to persons under 18. We do not knowingly collect personal information from children under 18. If a parent or guardian becomes aware that his or her child has provided us with personal information without such parent or guardian's consent, he or she should contact us. If we become aware that a child under 18 has provided us with personal information, we will delete such information from our files.
EU-U.S. PRIVACY SHIELD
We participate in and have certified our compliance with the EU-U.S. Privacy Shield Framework. We are committed to subjecting all personal information received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
We are responsible for the processing of personal information we receive under the Privacy Shield Framework and subsequent transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal information from the EU, including the onward transfer liability provisions.
With respect to personal information received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
We have designated our Privacy Manager to oversee our compliance with applicable privacy laws. Questions and inquiries concerning your privacy may be directed by email to firstname.lastname@example.org or write us:
BitSight Technologies, Inc.
125 Cambridge Park Drive Suite 204
Cambridge, MA 02140
Attn: Legal Department/Privacy Manager
We will use commercially reasonable efforts to respond to your inquiries, questions or comments within five (5) business days of their receipt.