Security Compass Website
Terms of Service

Effective as of May 25, 2018, Security Compass Ltd. and its affiliates, (collectively, the “Security Compass Group” or “we” or “us” or “our”) have updated terms that apply to the use of our website.

1. Terms By accessing the website at https://www.securitycompass.com, you are agreeing to be bound by (i) these terms of service, (ii) Security Compass’ privacy policy; (iii) Security Compass’ cookie policy; and (iv) all applicable laws and regulations which apply to your use. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.

These Terms do not apply to your access and use of Security Compass’ products and services which we market for subscription on our Websites (our “Products”). The practices and policies, including how we protect, collect, and use data stored within the Products by You (“Service Data”) are detailed in and governed by product specific privacy policies found below:

These Terms, or any part thereof, may be modified by us, including the addition or removal of terms at any time, and such modifications, additions or deletions will be effective immediately upon posting. Your use of the website after such posting shall be deemed to constitute acceptance by you of such modifications, additions or deletions.

2. Use License The following terms apply to your conduct when accessing or using the website: (a) you agree not to interfere with or disrupt the website or the servers or networks connected to the website, or disobey any requirements, procedures, policies or regulations of networks connected to the website; (b) you agree not to reproduce, duplicate, copy, sell, resell or exploit for any commercial purpose, any portion of the website, use of the website, or access to the website; (c) you agree not to engage in any activity that would constitute a criminal offense or give rise to a civil liability; (d) you agree not to impersonate any person or entity, including, but not limited to, the Security Compass Group or any Security Compass Group employee, or falsely state or otherwise misrepresent your affiliation with any person or entity; and (e) you agree not to interfere with any other user’s right to privacy, including by harvesting or collecting personally-identifiable information about users of the websites or posting private information about a third party

The website may allow you to download certain resources made available by Security Compass, including but not limited to, whitepapers, datasheets, infographics, webinars, brochures and case studies (collectively the “Materials”). Permission is granted to temporarily download one copy of the Materials for personal, non-commercial transitory viewing only. This is the grant of a limited license for the sole purpose stated, and not a transfer of title. Under this license you may not:

  • modify or copy the Materials;
  • use the Materials for any commercial purpose, or for any public display (commercial or non-commercial);
  • attempt to decompile or reverse engineer any software contained on Security Compass' website;
  • remove any copyright or other proprietary notations from the Materials; or
  • transfer the Materials to another person or "mirror" the Materials on any other server.

This license shall automatically terminate if you violate any of these restrictions and may be terminated by Security Compass at any time. Upon terminating your viewing of these Materials or upon the termination of this license, you must destroy any downloaded Materials in your possession whether in electronic or printed format.

3. Disclaimer The materials on Security Compass' website are provided on an 'as is' basis. Security Compass makes no warranties, express or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights, other than those warranties which are implied by and incapable of exclusion, restriction or modification under the laws applicable to these terms.

Further, Security Compass does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to this site.

4. Limitations In no event shall Security Compass or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on Security Compass' website, even if Security Compass or a Security Compass authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.

5. Accuracy of Materials The materials appearing on Security Compass' website could include technical, typographical, or photographic errors. Security Compass does not warrant that any of the materials on its website are accurate, complete or current. Security Compass may make changes to the materials contained on its website at any time without notice. However Security Compass does not make any commitment to update the materials.

6. Links Security Compass has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by Security Compass of the site. Use of any such linked website is at the user's own risk.

7. Modifications Security Compass may revise these terms of service for its website at any time without notice. By using this website you are agreeing to be bound by the then current version of these terms of service.

8. Intellectual Property Rights All text, graphics, photographs, trademarks, logos, icons, user interfaces, sounds, music, videos, artwork, software and computer code (collectively, “Content”), including but not limited to the “look and feel”, layout, design, structure, color scheme, selection, combination and arrangement of the Content present on the website is owned by or licensed to us. Such Content is protected by copyright, trademark, and various other intellectual property and unfair competition laws.

Except with our express written permission or as permitted by applicable laws, you may not copy, distribute, reproduce, mirror, frame, publicly display, publicly perform, translate, create derivative works of, re-publish or transmit the Content from the website (in whole or in part) in any way or through any medium for distribution, publication or any commercial purpose.

You may display, copy and download Content from the website solely for your personal and non­-commercial use provided that: (a) you do not remove any copyright or proprietary notice from the Content; (b) such Content will not be copied or posted on any networked computer or published in any medium; and (c) no modifications are made to such Content.

9. Limitation of Liability TO THE FULLEST EXTENT PERMISSIBLE BY APPLICABLE LAW, IN NO EVENT SHALL THE SECURITY COMPASS GROUP, OR ITS CURRENT OR FUTURE AFFILIATES, BE LIABLE TO YOU FOR ANY PERSONAL INJURY, PROPERTY DAMAGE, LOST PROFITS, COST OF SUBSTITUTE GOODS OR SERVICES, LOSS OF DATA, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER AND/OR DEVICE OR TECHNOLOGY FAILURE OR MALFUNCTION OR FOR ANY FORM OF DIRECT OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES BASED ON ANY CAUSES OF ACTION ARISING OUT OF USE OF THE WEBSITES OR ANY ALLEGED FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DELETION, DEFECT, OR DELAY IN SERVICE, OPERATION, OR TRANSMISSION OF THE WEBSITES, OR ANY ALLEGED COMPUTER VIRUS, COMMUNICATION LINE FAILURE, THEFT OR DESTRUCTION OF PROPERTY, AND/OR UNAUTHORIZED ACCESS TO, ALTERATION OF, OR USE OF OR POSTING OF ANY RECORD, CONTENT, OR TECHNOLOGY, PERTAINING TO OR ON THE WEBSITES. YOU AGREE THAT THIS LIMITATION OF LIABILITY APPLIES WHETHER SUCH ALLEGATIONS ARE FOR BREACH OF CONTRACT, TORTIOUS BEHAVIOR, NEGLIGENCE, OR FALL UNDER ANY OTHER CAUSE OF ACTION, REGARDLESS OF THE BASIS UPON WHICH LIABILITY IS CLAIMED AND EVEN IF THE SECURITY COMPASS GROUP OR FUTURE AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, YOU ALSO SPECIFICALLY ACKNOWLEDGE THAT THE SECURITY COMPASS GROUP OR FUTURE AFFILIATES ARE NOT LIABLE FOR ANY ACTUAL OR ALLEGED DEFAMATORY, OFFENSIVE, OR ILLEGAL CONDUCT OF OTHER USERS OF THE WEBSITES OR ANY OTHER THIRD PARTIES.

IF APPLICABLE LAW DOES NOT ALLOW ALL OR ANY PART OF THE ABOVE LIMITATION OF LIABILITY TO APPLY TO YOU, THE LIMITATIONS WILL APPLY TO YOU ONLY TO THE EXTENT PERMITTED BY APPLICABLE LAW.

10. Governing Law These terms and conditions are governed by and construed in accordance with the laws of Ontario, Canada and you irrevocably submit to the exclusive jurisdiction of the courts in that Province or location.

11. Miscellaneous. These Terms and any operating rules for the websites established by us constitute the entire agreement of the parties with respect to the subject matter hereof, and supersede all previous written or oral agreements between the parties with respect to such subject matter. The provisions of these Terms are for the benefit of the Security Compass Group, its affiliates and its third party content providers and licensors and each shall have the right to assert and enforce such provisions directly or on its own behalf. No waiver by either party of any breach or default hereunder shall be deemed to be a waiver of any preceding or subsequent breach or default. If any part of these Terms is found by a court of competent jurisdiction to be invalid or unenforceable, it will be replaced with language reflecting the original purpose in a valid and enforceable manner. The enforceable sections of these Terms will remain binding upon the parties. The section headings used herein are for convenience only and shall not be given any legal import.

Privacy Policy

Effective as of May 25th 2018, Security Compass and its affiliates (collectively, the “Security Compass Group” or “we” or “us” or “our”) have updated our Privacy Policy. Please read this document carefully before using www.securitycompass.com, or the Security Compass products and services.

Your privacy is important to us. It is Security Compass' policy to respect your privacy regarding any information we may collect from you through our website, https://www.securitycompass.com, through other sites we own and operate, and through the products and services we provide.

This policy (together with our terms of service and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed.

GDPR Compliance At Security Compass, the security of your data isn't an afterthought. We have prioritized the security of customer data long before it was legally required. Our approach has been anchored with a strong commitment to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements (through the use of our SD Elements software), including those set out in the General Data Protection Regulation (“GDPR”), which became enforceable on May 25, 2018.

Where a company collects, transmits, hosts or analyzes personal data of EU data subjects, GDPR requires the company to process such data only in a way which guarantees the technical and organizational safeguards mandated by the GDPR.

For more details on how our products comply with GDPR, click on the applicable links below:

Understanding the Key Concepts What is ‘Personal Data’? ‘Personal Data’ means any information relating to an identified or identifiable natural person. The Personal Data we collect is explicitly stated below.

What is ‘Processing’ of Personal Data? This can include a large number of actions. In simplified terms, processing your personal data means any use we make of it, whether we collect it in a database, store it somewhere or send it to someone else. You can see how we process your data below under ‘What we use your information for’.

What information we collect. We may collect and process the following data about you:

(i) Personal information We may ask for personal information, such as your:

  • Name
  • Email
  • Social media profiles
  • Date of birth
  • Phone/mobile number
  • Home/mailing address
  • Work address

This data is considered “identifying information”, as it can be used to personally identify you. We only request personal information relevant to providing you with a service, and only use it to help provide or improve this service. If you consent to receiving communications about our products and services, we may use your personal information to send you product and industry related news and updates. We only send out communications where we are legally allowed to do so.

(ii) Log data When you visit our website, our servers may automatically log the standard data provided by your web browser. This data is considered “non-identifying information”, as it does not personally identify you on its own. It may however include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other non-identifying details.

We may also collect data about the device you are using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

How we collect the information. We collect information by fair and lawful means, with your knowledge and consent. We only process your data when we have a lawful reason for doing so. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.

What we use the information for. We may use a combination of identifying and non-identifying information to understand who our visitors are, how they use our services, and how we may improve their experience of our website in future. We do not disclose the specifics of this information publicly, but may share aggregated and anonymised versions of this information, for example, in website and customer usage trend reports.

We may use your personal details to contact you with updates about our website and services, along with promotional content that we believe may be of interest to you. We may contact you via phone, email, social media, or conventional mail. If you wish to opt out of receiving promotional content, you can follow the “unsubscribe” instructions provided alongside any promotional correspondence from us.

Where we store the information. The personal information we collect is stored and processed in , or where we or our partners, affiliates and third-party providers maintain facilities. We only transfer data within jurisdictions subject to data protection laws that reflect our commitment to protecting the privacy of our users.

We only retain personal information for as long as necessary to provide a service, or to improve our services in future. In most cases, we delete personal information after a period of 2 years if we have not received any communication, opt-in notification, or other form of consent from the contact. While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure, and cannot guarantee absolute data security.

If you request your personal information be deleted, or where your personal information becomes no longer relevant to our operations, we will erase it from our system within a reasonable timeframe.

Who is the data processor? Any Personal Data processed by Security Compass in connection with this Privacy Policy is controlled by Security Compass Ltd., which is considered the “data controller” of your personal data under the European Union data protection laws.

Who are our sub-processors. Security Compass’ maintains an up-to-date list of the sub-processors used for hosting, or other processing of data in the product specific privacy policies (see above under GDPR Compliance)

How we protect your information. Security Compass employ the following safeguards to ensure the security your data:

  • Data encryption in transit and at rest
  • Network protection (including firewalls and intrusion detection systems)
  • Periodic penetration testing
  • Minimum access policies
  • Security by design (though the use of SD Elements and its approach to a secure development lifecycle)

Cookies We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified. Please refer to our Cookie Policy for more information.

Which third-parties have access to your information. We use third-party services for:

  • Analytics tracking
  • Advertising and promotion
  • Content marketing
  • Email marketing

These third-party service providers may only access your data for the sole purpose of performing specific tasks behalf of Security Compass. We do not share any personally identifying information with them without your explicit consent. We do not give them permission to disclose or use any of your data for any other purpose.

We may, from time to time, allow limited access to our data by external consultants and agencies for the purpose of analysis and service improvement. This access is only permitted for as long as necessary to perform a specific function.

We will refuse government and law enforcement requests for data if we believe a request is too broad or unrelated to its stated purpose. However, we may cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity.

We do not otherwise share or supply personal information to third parties. We do not sell or rent your personal information to marketers or third parties.

Children’s Privacy This website does not knowingly target children, or collect personal information from children. As a parent/guardian, please contact us if you believe your child is participating in an activity involving personal information on our website, where you have not consented to the collection of such data. We do not use your supplied contact details for marketing or promotional purposes.

Limits of our policy This privacy policy only covers Security Compass' own collecting and handling of data. We only work with partners, affiliates and third-party providers whose privacy policies align with ours, however we cannot accept responsibility or liability for their respective privacy practices.

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

Changes to this policy At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. If you are a registered user on https://www.securitycompass.com, we will notify you using the contact details saved in your account. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.

Your rights and responsibilities As our user, you have the right to be informed about how your data is collected and used. You are entitled to know what data we collect about you, and how it is processed. You are entitled to correct and update any personal information about you, and to request this information be deleted. You may amend or remove your account information at any time, using the tools provided in your account control panel.

You are entitled to restrict or object to our use of your data, while retaining the right to use your personal information for your own purposes. You have the right to opt out of data about you being used in decisions based solely on automated processing.

Who do I contact if I require more clarity about the Security Compass Website Privacy Policy? The GDPR provides you with an array of privacy rights, which lead to greater transparency into the use and control over your personal information. To ensure we honour your rights, you may contact us in regards to any of the following:

Where you have previously agreed to us using your personal information for direct marketing purposes, and you wish to withdraw your consent (this may also be done through the unsubscribe function in an email received from us)

You may request access to your information, or to have your information changed or removed. Requests will be handled as soon as reasonably possible, but in all cases within 30 days.
If you believe the information we hold about you is incorrect, you may contact us have this rectified
If you believe your personal data is being processed unlawfully, and you wish to limit the scope of such processing

How to contact us:

Write: Security Compass
Attn: Legal Department
257 Adelaide St W #500,
Toronto, ON
M5H 1X9
Phone:1 888-777-2211 Email:legal@securitycompass.com

Does Security Compass have a Data Protection Officer (DPO)? Security Compass does not regularly or systematically monitor or process contacts on a large scale. A Data Protection Officer is not recommended at this scale of data processing, and data protection is managed by our overall team.

SDElements
Privacy Policy

Important information about SD Elements The SD Elements Privacy Policy contains information about the privacy practices surrounding how we (Security Compass) collect and manage information relating to users who use our product, SD Elements.

What is SD Elements? SD Elements is a web application created by Security Compass which helps companies write secure software by providing guidance on best practices in secure software development and by integrating with software tools that are used to develop software.

Examples of such tools are:

  • Application Lifecycle Management Tools such as JIRA or CD Agile Central (Rally).
  • Code Analysis tools such as ThreadFix or Fortify Software Security Centre.

Who controls and manages my access to SD Elements? A license to SD Elements is purchased by your company, who then manages your access to the features and projects that are set up by your company in SD Elements.

Security Compass does not directly view your data except for the purposes of helping your company get up and running with the software, and for helping to resolve issues where they arise when we’re working in partnership with your company to optimize SD Elements for its unique environment.

Where is SD Elements hosted? Depending on your company’s security requirements, they may choose to host in one of two ways:

  • SD Elements runs on your company’s premises behind their company firewall; or
  • Your company chooses to host in the cloud, where it will be hosted using a secure hosting provider such as Amazon Web Services (AWS).

What information is collected when you use SD Elements? Information collected is restricted to:

  • your email;
  • your first and last name; and
  • the IP addresses you are using when you use SD Elements.

We also use cookies to help you manage your access to SD Elements.

Why is this information collected? Use of Email Address: We use your email address for the following reasons:

  • To help you sign into SD Elements.
  • To help you recover a lost password or change a password.
  • To inform you about changes to projects that you are involved in within SD Elements. You can manage your communication preferences within SD Elements.
  • To help you sign into SD Elements using your company assigned login and password.
  • To help identify you for audit purposes in the event there is a similarly named person in your company.

Use of Name We use your first name, last name and email address for the following reasons:

  • To help your company comply with regulations regarding audits, we maintain an activity log which records your activities in SD Elements and tools that are integrated with your SD Elements projects such as code analysis tools and application lifecycle management tools

The types of activities we record in the activity log include:

  • When you have created, changed, or deleted a project in some way
  • When you have created, modified or deleted a corporate risk policy in SD Elements
  • When you were assigned tasks in SD Elements
  • When you updated a task, commented on it, verified it, or marked it complete
  • When you created a report
  • When you added or modified content in the SD Elements content library

Use of IP Address We record the IP address you use when you sign into SD Elements so that we are able to audit and troubleshoot in the event you run into technical issues accessing specific features of SD Elements.

Contractual Obligations We capture and process this information as part of a contractual arrangement with your company to enable SD Elements to help your company write secure software.

Can my personal information be shared with any other systems? Depending on how your company chooses to configure SD Elements, they may use it in conjunction with other tools such as code analysis tools and application lifecycle management tools. In this case, information about your activities in SD elements may be shared with these tools and your activities in these tools may be shared with SD Elements.

Your company may also use the SD Elements platform to take data about your activities in SD Elements and share them with another tool in use at your company.

Does SD Elements use machine learning to track my activity and predict my behavior? SD Elements does not use automated machine learning to either track your behavior or predict your activities.

Will my information leave the country I’m located in? If your company’s version of SD Elements is hosted in the cloud, your information may be transferred across multiple locations. This is possible if the hosting provider that hosts SD Elements creates a server in another location for the purposes of improving performance or ensuring SD Elements is regularly available for your company to use.

Normally, Security Compass remains neutral about where SD Elements in the cloud is physically hosted. However, your company may contractually require that SD Elements be hosted in a specific country.

If my information is transferred to another location, will it be secure? SD Elements is a secure, encrypted web application that protects your information regardless of where SD Elements is hosted.

How long is my information retained? For the purpose of enabling your company to conform to compliance and audit regulations, we retain your information for as long as your company licenses SD Elements. Please note: Your information will not be deleted in the event that you leave the company while SD Elements is still being used by this company.

If your company stops being an SD Elements customer, the information will be securely removed from our servers and backed up in an encrypted backup file for a period of at least six months. This information is stored in case your company wishes to retrieve it for audit purposes or restart their SD Elements license at a later time.

Who are the Sub-processors used for SD Elements?

Name of Sub-processor: Amazon Web Services Address of Sub-processor: 410 Terry Avenue North
Seattle, WA
98109 Services/Sub-processing provided: Host provider for SaaS based SD Elements customers

Name of Sub-processor: Zendesk Address of Sub-processor: 989 Market Street, Suite 300
San Francisco, CA
94103
Services/Sub-processing provided: Customer support ticketing software used by the support team

Who do I contact if I require more clarity about the SD Elements Privacy Policy? For more information about the SD Elements Privacy Policy, you can contact us in the following ways:

Write: Security Compass
Attn: Legal Department
257 Adelaide St W #500,
Toronto, ON
M5H 1X9
Phone:1 888-777-2211 Email:legal@securitycompass.com

Does Security Compass have a Data Protection Officer (DPO)? SD Elements does not regularly or systematically monitor users on a large scale beyond who your company grants access to the application. A Data Protection Officer is not recommended at this scale of data processing, and data protection is managed by our overall team.

eLearning Policy

Important information about eLearning The eLearning Privacy Policy contains information about the privacy practices surrounding how we (Security Compass) collect and manage information relating to users who use our eLearning product.

What is Security Compass eLearning? eLearning is a training mechanism created by Security Compass which teaches students the fundamentals of software security through a collection of modules and suites.

Examples of such training suites are:

  • The Java Development Suite
  • The C++ Development Suite
  • The Android Development Suite.

Who controls and manages my access to eLearning? A license to eLearning may be purchased directly by your, or by your company on your behalf. When your company purchases the license, it is also the company who then manages your access to the courseware.

Security Compass does not directly view your data except for the purposes of helping your company get up and running with the software, and for helping to resolve issues where they arise when we’re working in partnership with your company to optimize eLearning for its unique environment.

Where is eLearning hosted? Depending on your company’s security requirements, they may choose to host in one of two ways:

  • eLearning runs on your company’s premises using the companies own (or a third party) learning management system, and behind the company firewall; or
  • Your company chooses to host in the cloud, where it will be hosted using a secure learning management system provider such as Docebo.

What information is collected when you use eLearning? Information collected is restricted to:

  • your email;
  • your first and last name; and
  • the IP addresses you are using when you use eLearning.

We also use cookies to help you manage your access to eLearning.

Why is this information collected? Use of Email Address: We use your email address for the following reasons:

  • To help you sign into the LMS portal.
  • To help you recover a lost password or change a password.
  • To help identify you for audit purposes in the event there is a similarly named person in your company.
  • To contact you with certificates for completed courses

Use of Name We use your first name, last name and email address for the following reasons:

  • To audit the number of users are using the software from your company (in accordance with the license granted)

Use of IP Address We record the IP address you use when you sign into eLearning so that we are able to audit and troubleshoot in the event you run into technical issues accessing specific features of the LMS.

Can my personal information be shared with any other systems? Your company may also use the eLearning platform to take data about your activities (such as test results) and share them with another tool in use at your company. Security Compass does not share your information with any third party system.

Does eLearning use machine learning to track my activity and predict my behavior? eLearning does not use automated machine learning to either track your behavior or predict your activities.

Will my information leave the country I’m located in? If your company’s version of eLearning is hosted in the cloud, your information may be transferred across multiple locations. This is possible if the hosting provider that hosts the LMS creates a server in another location for the purposes of improving performance or ensuring eLearning is regularly available for your company to use.

Normally, Security Compass remains neutral about where eLearning in the cloud is physically hosted. However, your company may contractually require that your data be hosted in a specific country.

How long is my information retained? For the purpose of enabling your company to conform to compliance and audit regulations, we retain your information for as long as your company licenses eLearning. Please note: Your information will not be deleted in the event that you leave the company while eLearning is still being used by this company, unless you or your company request its removal.

If your company stops being an eLearning customer, the information will be securely removed from our servers and backed up in an encrypted backup file for a period of at least six months. This information is stored in case your company wishes to retrieve it for audit purposes or restart their eLearning license at a later time.

Who are the sub-processors used for eLearning?

Who do I contact if I require more clarity about the eLearning Privacy Policy? For more information about the eLearning Privacy Policy, you can contact us in the following ways:

Name of Sub-processor: Docebo Address of Sub-processor: Via Parco 47, 20853 Biassono (MB)
Italy
Services/Sub-processing provided: Host provider for SaaS based SD Elements customers

Name of Sub-processor: Zendesk Address of Sub-processor: 989 Market Street, Suite 300
San Francisco, CA
94103
Services/Sub-processing provided: Customer support ticketing software used by the support team

Who do I contact if I require more clarity about the SD Elements Privacy Policy? For more information about the SD Elements Privacy Policy, you can contact us in the following ways:

Write: Security Compass
Attn: Legal Department
257 Adelaide St W #500,
Toronto, ON
M5H 1X9
Phone:1 888-777-2211 Email:legal@securitycompass.com

Does Security Compass have a Data Protection Officer (DPO)? eLearning does not regularly or systematically monitor users on a large scale beyond who your company grants access to the application. A Data Protection Officer is not recommended at this scale of data processing, and data protection is managed by our overall team.

Security Compass
Shopify Store Privacy Policy

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from https://security-compass.myshopify.com (the “Site”).

PERSONAL INFORMATION WE COLLECT When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”

We collect Device Information using the following technologies:

  • “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
  • “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.

Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number. We refer to this information as “Order Information.”

When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.

HOW DO WE USE YOUR PERSONAL INFORMATION? We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:

  • Communicate with you;
  • Screen our orders for potential risk or fraud; and
  • When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
  • Create and verify your account with our LMS (Docebo) which provides access to purchased courses.

We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).

SHARING YOUR PERSONAL INFORMATION We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

BEHAVIOURAL ADVERTISING As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at:http://optout.aboutads.info/.

DO NOT TRACK Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.

YOUR RIGHTS If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.

DATA RETENTION When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.

CHANGES We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

CONTACT US For more information about our privacy practices, if you have questions, or if you would like to make a complaint, you can contact us in the following ways:

Write: Security Compass
Attn: Legal Department
257 Adelaide St W #500,
Toronto, ON
M5H 1X9
Phone:1 888-777-2211 Email:legal@securitycompass.com