Last updated on 10 June, 2018
Our Commitment to GDPROn May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) took effect. GDPR regulates the governance of personal data for EU citizens with an emphasis on data security and privacy. The GDPR does not only apply to companies that operate in the EU. This regulation will also impact companies operating outside of the EU if they have any EU customers or personal data of anyone in the EU. Threatrap has made information security and data privacy foundational principles of everything we do, and we recognize the importance of passing regulations to advance information security and data privacy for citizens of the EU. We are firmly committed to GDPR readiness.
What information do we collect?We may collect the following types of information from or about you:
· Personal InformationPersonal Information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual. We gather the following types of Personal Information:
- Registration details: When ordering or registering to our Services, we may collect certain information that can be used to identify you (as the Customer’s point of contact or as a User) such as: name, email address, postal address, phone number, user IDs and other relevant details which are relevant to the Customer.
- Customer’s payment information: In order for you to enjoy all of the functions which we offer, we collect payment information from you, including your credit card number and bank account details. Please note that your billing information, to the extent provided by you, is forwarded directly to a third party billing or clearing company engaged by us, and is not kept by us.
- Voluntary information: We also collect information which you provide us voluntarily. For example, when you respond to communications from us, ask our support, communicate with us via email or share additional information about yourself through your use of the Services.
- Device information: We also collect specific types of connection details and information with regard to your device, software or hardware that may identify you, such as: online identifiers, device’s unique identifiers (e.g. UDID, MAC address), IP address and geolocation.
- Forum Information: As part of the Services, Users may communicate with other Users through the Website and upload content to our forums (“Forum Information”). Such Forum Information may consist of, for example, Users’ comments and tips for utilizing the Services, feedbacks, etc. We and other Users will be exposed to your username and any additional information you upload to the forum, including Personal Information. We recommend that you secure your anonymity and information so that you do not allow others to identify you. By uploading Forum Information, you represent that you have all the necessary consents and permissions from each identifiable individual referenced in your content to use their Personal Information as part of our Services.
· Non-personal InformationNon-personal Information is non-identifiable information that, when taken alone, cannot be used to identify or contact you. As such, we are not aware of the identity of the user from which the Non-personal Information was collected.
- Analytics Data: We may record certain information regarding the use of our Website and the Services, such as information about a webpage that a user has visited before accessing our Services and other user statistics. We also perform statistical analysis on all the data and metadata which is collected through our Services. This information will be used for Services administration and analysis of this information will help to improve and enhance the Services by expanding their features and functionality. It can be also used for troubleshooting errors and bugs as well as for research and analytics purposes about your use of the Services. In case of combined Personal Information with Non-personal Information (e.g. analytics data), the final information will be treated as Personal Information as long as it remains combined.
- User Data
- Digital files created or transmitted through User’s platforms, such as text files;
- Contact directories (such as names and email addresses);
- Device identifiers – such as the Internet Protocol (IP) address and other types of unique device identifiers relating to Customer’s and its users’ devices.
- Non-personal Information (as defined below), including usernames, directory names, server names, share names, file names, configurations, logs related to the Company (e.g. event logs), browsing events and technical information transmitted by the Customer’s and its Users’ devices, etc.
The way we use the information we collectIn addition to the purposes listed herein, the information we collect, which may include your Personal Information, is used for the following purposes:
- To set up Customers’ accounts and process their billing information;
- To identify and authenticate Users’ access to our Services;
- To provide Services to our Customers (or Users) related to their respective User Data, including:
- providing specific tools to search and analyze User Data (e.g. system troubleshooting, infrastructure monitoring, forensics analysis, etc.)
- Identify specific end users’ activities, by tagging User Data.
- indexing User Data into dedicated data-stores and
- allowing Customer (s) to perform activities concerning such data (e.g. create Searches, Visualizations, Dashboards and Alerts).
- To support and troubleshoot our Services and to respond to requests;
- To obtain Users’ feedback with regard to the Services and to analyze and share Forum Information;
- To serve you advertisements that are relevant to you and your interests when you use our site (see more under “Advertisements“ section).
- To improve and customize our Customer’s Services according to their needs and interests;
- To empower and facilitate our learning system, which performs statistical analysis on all the data and metadata that are collected through our Services;
- To send you notifications and keep you informed of our latest updates and newsletters;
- To identify and publicize you as a Customer on the Website, our client lists, press releases or other marketing documents;
- To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with legal processes or respond to a government request.
3rd parties with whom we share the information we collectWe do not rent or sell any Personal Information. We may disclose Personal Information to other trusted 3rd party service providers or partners for the following purposes:
- Assisting us with our business operations (e.g. processing and analyzing User Data);
- Storage (e.g. cloud computing service providers);
- Research and analytics that will enable us to improve our Product and Services;
- If we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our agreements), including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.
International transferSince we operate globally, it may be necessary to transfer data, including Personal Information, to countries outside the European Union. The data protection and other laws of these countries may not be as comprehensive as those in the European Union − in these instances we will take steps to ensure that a similar level of protection is given to Personal Information, including through adequate contractual measures. For example, if you are located outside the United States and provide Personal Information to us, we may transfer such information to the United States in order to assist us with our business operations (e.g. processing and analyzing User Data). You hereby consent to the transfer of Personal Information and User Data to countries outside the European Union.
Info about your privacy rightsYou may contact us at any time and request:
- To access, delete, change or update any Personal Information relating to you (for example, if you believe that your Personal Information is incorrect, you may ask to have it corrected or deleted);
- To cease any further use of your Personal Information (e.g., you may ask us to stop using or sharing your Personal Information with 3rd parties).