Effective as of February 19, 2024, Security Compass and its affiliates (collectively, the “Security Compass Group” or “we” or “us” or “our”) have updated our Privacy Policy. Your privacy is important to us. It is Security Compass’ policy to respect your privacy regarding any information we may collect from you through our website, https://www.securitycompass.com, through other sites we own and operate, and through the products and services we provide. This policy (together with our terms of service and any other documents referred to in it) sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed.

Compliance with Privacy Laws.  At Security Compass, the security of your data isn’t an afterthought. We have prioritized the security of customer data long before it was legally required. Our approach has been anchored with a strong commitment to privacy, security, compliance and transparency.

This approach includes supporting our customers’ compliance with various regulatory frameworks, including The Personal Information Protection and Electronic Documents Act (PIPEDA) which received Royal Assent on April 13, 2000 and the consequential amendments , The Data Protection Act, 2018 which became enforceable May 25, 2018, The EU data protection requirements set out in the General Data Protection Regulation (“GDPR”), which became enforceable on May 25, 2018, and the California Consumer Privacy Act (“CCPA”) which came into effect January 01, 2020 and other applicable relevant regulatory frameworks. Where a company collects, transmits, hosts or analyzes personal information of EU data subjects, GDPR requires the company to process such data only in a way which guarantees the technical and organizational safeguards mandated by the GDPR.

Understanding the Key Concepts

What is ‘Personal Information’? ‘Personal Information’ means any information relating to an identified or identifiable natural person. The personal information we collect is explicitly stated below.

What is ‘Processing’ of personal information? This can include a large number of actions. In simplified terms, processing your personal information means any operation performed on your personal information regardless of the method or means we use. You can see how we process your data below under ‘What we use your information for’.

What information do we collect? We may collect and process the following data about you:

(i) Personal information We may ask for personal information, such as your:

• • • • • • Name
          • Email
          • Social media profiles
          • Date of birth
          • Phone/mobile number
          • Home/mailing address
          • Work address

This data is considered “identifying information”, as it can be used to personally identify you. We only request personal information relevant to providing you with a service, and only use it to help provide or improve this service. If you consent to receiving communications about our products and services, we may use your personal information to send you product and industry related news and updates. We only send out communications where we are legally allowed to do so.

(ii) Log data When you visit our website, our servers may automatically log the standard data provided by your web browser. This data is considered “non-identifying information”, as it does not personally identify you on its own. It may however include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other non-identifying details. We may also collect data about the device you are using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us. It is important to note that this is not an exhaustive list, and the types of personal information that can be collected and processed will vary depending on the specific context.

If you provide us with the personal information of another individual, you represent and warrant that you have the authority to do so, including where applicable that you have obtained the necessary consent of the other person for us to collect, use and/or disclose their personal information.

How we collect the information. We collect information by fair and lawful means, with your knowledge and consent. We only process your data when we have a lawful reason for doing so. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.

What we use the information for. We may use a combination of identifying and non-identifying information to understand who our visitors and customers are, how they use our services, and how we may improve their experience of our services in the future. We do not disclose the specifics of this information publicly but may share aggregated and anonymized versions of this information, for example, in website and customer usage trend reports. We may use your personal details to contact you with updates about our website and services, along with promotional content that we believe may be of interest to you. We may contact you via phone, email, social media, or conventional mail. If you wish to opt out of receiving promotional content, you can follow the “unsubscribe” instructions provided alongside any promotional correspondence from us.

Other uses of Personal Information may include:

• To provide and deliver our products and services;
• To communicate with you in the course of selling you our products and services;
• To provide after sales-support to assist you with implementing our products;
• To respond to any inbound queries for support;
• For the administration of your account, including verification of information, invoicing and payment processing;
• To offer live chat assistance on our website;
• To administer contests, give aways or promotions through any of our official channels;
• To invite you to partake in events, forums, discussions, or other community building activities;

Where we store the information. The personal information we collect is stored and processed where we or our partners, affiliates and third-party providers maintain facilities. We implement data protection safeguards and we only retain personal information for as long as necessary to provide a service, or to improve our services in future. In most cases, we delete personal information after a period of 2 years and 3 months if we have not received any communication, opt-in notification, or other form of consent from the contact. While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If you request your personal information be deleted, or where your personal information becomes no longer relevant to our operations, we will erase it from our system within a reasonable timeframe.

Who is the data processor? Any personal information processed by Security Compass in connection with this Privacy Policy is controlled by Security Compass Group which is considered the “data controller” of your personal information under the relevant and applicable data protection laws.

Who are our sub-processors? Security Compass maintains an up-to-date list of the sub-processors used for hosting, or other processing of data in the product specific privacy policies. See below:

How we protect your information. Security Compass employs the following safeguards to ensure the security your data:

• Data encryption in transit and at rest
• Secure Storage and Transmission
• Anonymization
• Incident Response
• Network protection (including firewalls and intrusion detection systems)
• Periodic penetration testing
• Minimum access policies
• Security by design (through the use of SD Elements and its approach to a secure development-life-cycle)

Cookies: We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified. Please refer to our Cookie Policy for more information.

Which third parties have access to your information? We use third-party services for:

• Analytics tracking
• Advertising and promotion
• Content marketing
• Email marketing

These third-party service providers may only access your data for the sole purpose of performing specific tasks on behalf of Security Compass. We do not share any personally identifying information with them without your consent. We do not give them permission to disclose or use any of your data for any other purpose. We may, from time to time, allow limited access to our data by external consultants and agencies for the purpose of analysis and service improvement. This access is only permitted for as long as necessary to perform a specific function. We will refuse government and law enforcement requests for data if we believe a request is too broad or unrelated to its stated purpose. However, we may cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity. We do not otherwise share or supply personal information to third parties. We do not sell or rent your personal information to marketers or third parties.

Children’s Privacy: This website does not knowingly target children or collect personal information from children. As a parent/guardian, please contact us if you believe your child is participating in an activity involving personal information on our website, where you have not consented to the collection of such data. We do not use your supplied contact details for marketing or promotional purposes.

Limits of our policy: This privacy policy only covers Security Compass’ own collecting and handling of data. We cannot accept responsibility or liability for their respective privacy practices. Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices.

Your rights and responsibilities: As our user, you have the right to be informed about how your data is collected and used. You are entitled to know what data we collect about you, and how it is processed. You are entitled to correct and update any personal information about you, and to request this information be deleted. You may amend or remove your account information at any time, using the tools provided in your account control panel. You are entitled to restrict or object to our use of your data, while retaining the right to use your personal information for your own purposes. You have the right to opt out of data about you being used in decisions based solely on automated processing.

How do I exercise my privacy rights?  To ensure we honor your rights, you may contact us and submit a verifiable request in regard to the following: Where you have previously agreed to us using your personal information for direct marketing purposes, and you wish to withdraw your consent (this may also be done through the unsubscribe function in an email received from us). You may request access to your information, or to have your information changed or removed. Requests will be handled as soon as reasonably possible, but in all cases within 30 days. If you believe the information we hold about you is incorrect, or your personal information is being processed unlawfully, you may contact us to have this rectified.

Your California Privacy Rights

Security Compass does not sell or share personal information collected through our website with third parties for commercial purposes or monetary gain, and therefore do not offer an opt out of sale link on our homepage for CCPA purposes.

Consumers will not be discriminated against for exercising their privacy rights. For more information on how to exercise your California consumer privacy rights, see the section of this privacy policy ‘How do I exercise my privacy rights?’.

Changes to our Privacy Policy This privacy policy was last updated on February 19, 2024. At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. If you are a registered user on https://www.securitycompass.com, we will notify you using the contact details saved in your account. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.

Does Security Compass have a Data Protection Officer (DPO)?

Yes, Security Compass has a dedicated Data Protection Officer/Privacy Officer and you can request for the contact details by emailing [email protected].