Last updated on 10 June, 2018
Our Commitment to GDPR
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) took effect. GDPR regulates the governance of personal data for EU citizens with an emphasis on data security and privacy. The GDPR does not only apply to companies that operate in the EU. This regulation will also impact companies operating outside of the EU if they have any EU customers or personal data of anyone in the EU. Threatrap has made information security and data privacy foundational principles of everything we do, and we recognize the importance of passing regulations to advance information security and data privacy for citizens of the EU. We are firmly committed to GDPR readiness.
What information do we collect?
We may collect the following types of information from or about you:
· Personal Information
Personal Information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual. We gather the following types of Personal Information:
- Registration details: When ordering or registering to our Services, we may collect certain information that can be used to identify you (as the Customer’s point of contact or as a User) such as: name, email address, postal address, phone number, user IDs and other relevant details which are relevant to the Customer.
- Customer’s payment information: In order for you to enjoy all of the functions which we offer, we collect payment information from you, including your credit card number and bank account details. Please note that your billing information, to the extent provided by you, is forwarded directly to a third party billing or clearing company engaged by us, and is not kept by us.
- Voluntary information: We also collect information which you provide us voluntarily. For example, when you respond to communications from us, ask our support, communicate with us via email or share additional information about yourself through your use of the Services.
- Device information: We also collect specific types of connection details and information with regard to your device, software or hardware that may identify you, such as: online identifiers, device’s unique identifiers (e.g. UDID, MAC address), IP address and geolocation.
- Forum Information: As part of the Services, Users may communicate with other Users through the Website and upload content to our forums (“Forum Information”). Such Forum Information may consist of, for example, Users’ comments and tips for utilizing the Services, feedbacks, etc. We and other Users will be exposed to your username and any additional information you upload to the forum, including Personal Information. We recommend that you secure your anonymity and information so that you do not allow others to identify you. By uploading Forum Information, you represent that you have all the necessary consents and permissions from each identifiable individual referenced in your content to use their Personal Information as part of our Services.
· Non-personal Information
Non-personal Information is non-identifiable information that, when taken alone, cannot be used to identify or contact you. As such, we are not aware of the identity of the user from which the Non-personal Information was collected.
- Analytics Data: We may record certain information regarding the use of our Website and the Services, such as information about a webpage that a user has visited before accessing our Services and other user statistics. We also perform statistical analysis on all the data and metadata which is collected through our Services. This information will be used for Services administration and analysis of this information will help to improve and enhance the Services by expanding their features and functionality. It can be also used for troubleshooting errors and bugs as well as for research and analytics purposes about your use of the Services. In case of combined Personal Information with Non-personal Information (e.g. analytics data), the final information will be treated as Personal Information as long as it remains combined.
- User Data
By using the Product, we manage and analyze Customer’s logs and other data that are transmitted through our Customers’ platforms (e.g. “User Data“). Such User Data is transferred by the Customer (or its Users) and processed by us on our cloud computing servers. The Company provides such services as a “data processor”, acting under the sole direction of its Customers and Users. User Data may include records of operations of Customer’s applications and systems and other information relating to Customer’s employees’/ end-users’ activities. It may also include data, logs, text, audio, video or images that a Customer or any User uses in connection with Customer’s account and any computational results that a Customer or any User derives from the foregoing through their use of the Product. Please note that User Data is exclusively controlled by the Customer, meaning that the Customer (or any Users authorized by the Customer to use the Product on its behalf), maintain ownership of their related User Data and determine their own policies regarding the access permission and retention of the User Data. Here are some examples of User Data that may be recorded and processed when you use our Product (keep in mind they are only examples and there may be others):
- Digital files created or transmitted through User’s platforms, such as text files;
- Contact directories (such as names and email addresses);
- Device identifiers – such as the Internet Protocol (IP) address and other types of unique device identifiers relating to Customer’s and its users’ devices.
- Non-personal Information (as defined below), including usernames, directory names, server names, share names, file names, configurations, logs related to the Company (e.g. event logs), browsing events and technical information transmitted by the Customer’s and its Users’ devices, etc.
The way we use the information we collect
In addition to the purposes listed herein, the information we collect, which may include your Personal Information, is used for the following purposes:
- To set up Customers’ accounts and process their billing information;
- To identify and authenticate Users’ access to our Services;
- To provide Services to our Customers (or Users) related to their respective User Data, including:
- providing specific tools to search and analyze User Data (e.g. system troubleshooting, infrastructure monitoring, forensics analysis, etc.)
- Identify specific end users’ activities, by tagging User Data.
- indexing User Data into dedicated data-stores and
- allowing Customer (s) to perform activities concerning such data (e.g. create Searches, Visualizations, Dashboards and Alerts).
- To support and troubleshoot our Services and to respond to requests;
- To obtain Users’ feedback with regard to the Services and to analyze and share Forum Information;
- To serve you advertisements that are relevant to you and your interests when you use our site (see more under “Advertisements“ section).
- To improve and customize our Customer’s Services according to their needs and interests;
- To empower and facilitate our learning system, which performs statistical analysis on all the data and metadata that are collected through our Services;
- To send you notifications and keep you informed of our latest updates and newsletters;
- To identify and publicize you as a Customer on the Website, our client lists, press releases or other marketing documents;
- To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with legal processes or respond to a government request.
3rd parties with whom we share the information we collect
We do not rent or sell any Personal Information. We may disclose Personal Information to other trusted 3rd party service providers or partners for the following purposes:
- Assisting us with our business operations (e.g. processing and analyzing User Data);
- Storage (e.g. cloud computing service providers);
- Research and analytics that will enable us to improve our Product and Services;
- If we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our agreements), including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.
In addition, we may transfer or disclose Personal Information to our subsidiaries and other affiliated companies.
Since we operate globally, it may be necessary to transfer data, including Personal Information, to countries outside the European Union. The data protection and other laws of these countries may not be as comprehensive as those in the European Union − in these instances we will take steps to ensure that a similar level of protection is given to Personal Information, including through adequate contractual measures. For example, if you are located outside the United States and provide Personal Information to us, we may transfer such information to the United States in order to assist us with our business operations (e.g. processing and analyzing User Data). You hereby consent to the transfer of Personal Information and User Data to countries outside the European Union.
Info about your privacy rights
You may contact us at any time and request:
- To access, delete, change or update any Personal Information relating to you (for example, if you believe that your Personal Information is incorrect, you may ask to have it corrected or deleted);
- To cease any further use of your Personal Information (e.g., you may ask us to stop using or sharing your Personal Information with 3rd parties).
If you wish to raise a complaint on how we have handled your Personal Information, you can contact our Data Protection Officer who will investigate the case at email@example.com. If you are not satisfied with our response or believe we are collecting or processing your Personal Information not in accordance with the laws, you may complain to the applicable data protection authority. For how long we retain the information we collect? We retain the information we collect from Customers and Users for as long as needed to provide our Services and to comply with our legal obligations, resolve disputes and enforce our agreements (unless we are instructed otherwise). We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion. Please note that User Data obtained through our Services is fully controlled by the Customer. This means that the Customer (and not the Company) determines the policies and retention periods of the User Data.
Safeguarding your information?
We may use a third-party advertising technology to serve advertisements when you access the Website. This technology may use your information related to your use of the Services to send advertisements to you (e.g., by placing third-party cookies on your web browser). You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information about this practice by NAI and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: http://optout.networkadvertising.org/#!/ and http://optout.aboutads.info/#!/.
We may use your Personal Information, such as your full name, email address, etc, either inhouse or by using our third-party subcontractors for the purpose of providing you with promotional materials, concerning our Services. Out of respect to your right to privacy we provide you within such marketing materials with means to decline receiving further marketing offers from us. In addition, at any time, you may request to unsubscribe and discontinue receiving marketing offers by sending us a blank message with the word “remove” to firstname.lastname@example.org. Please note that even if you unsubscribe from our marketing mailing list, we may continue to send you service-related updates and notifications.
The Services are not designated to individuals under the age of 18. If you are under 18 you should not use the Services nor provide any Personal Information to us. We reserve the right to access and verify any Personal Information which is collected from you by us. In the event that we become aware that an individual under the age of 18 shared any information, we will discard such information. If you have any reason to believe that a minor shared any information with us, please contact us at email@example.com.
How to contact us
If you have any general questions regarding the Services or the information that we collect about you and how we use it, please contact us at firstname.lastname@example.org.
Information about us
The details of the Company are as follow: Threatrap LTD Athalassas Ave 176, Flat 401, Strovolos, Cyprus