Our sites and services are not intended for children. We do not knowingly collect personal information relating to children. If we have knowledge that our systems have collected personal information relating to people under 13 years of age, we will take the appropriate steps to remove that data and prevent any further collection.
This Policy does not apply to the extent we process Personal Data provided by our customers through the provision of services and use of our products. For detailed privacy information related to instances where a ThreatQuotient customer and/or a customer affiliate that uses ThreatQuotient products and services is the controller, please reach out to the respective customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Policy.
Personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:
|Data Category||Data Types||Purpose|
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal information but is not considered personal information in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy notice.
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity and Contact Data by filling in forms or providing other information via our website.
- Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal information by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please refer to the Cookies section in this policy for further details.
- Third parties or publicly available sources. We may receive personal information about you from various third parties [and public sources] as set out below:
- Technical Data from the following parties:
- Analytics providers [such as Google based outside the EU];
- Our social media pages:
- Twitter – https://twitter.com/ThreatQuotient
- Facebook – https://www.facebook.com/threatquotient
- LinkedIn – https://www.linkedin.com/company/threatq
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Information Use, Sharing and Disclosure
ThreatQuotient may use personal information for the following purposes:
- To personalize your website experience: We may use Identity, Contact, Technical, Usage and Profile Data to understand how our visitors use the services and resources provided on our website and deliver relevant content that is more aligned with their interest. To further personalize the experience, we may also cross the data with information collected through other channels like a visit to our booth at a conference, information requests through phone or email, products and services used by our customers, etc.
- To send periodic emails: We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what may be of interest to you and send information as a result. You will receive marketing communications from us if you have requested information from us or received services from us and, in each case, you have not opted out of receiving that marketing. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email. Where you opt out of receiving these marketing messages, this will not apply to personal information provided to us as a result of a service provided to you.
- To initiate a sales call: If a visitor has provided his/her phone number of if the phone number is publicly available, we may initiate a sales call to further understand what kind of problem the visitor is trying to solve by visiting our website and see if our product or services can solve that problem.
- To use data analytics: We may use Identity, Contact, Technical, Usage and Profile Data to improve our website, products and services, marketing, client relationships and experiences to keep our website updated and relevant, to develop our business, and to inform our marketing strategy.
We rely on the following lawful bases to process your personal information for these purposes:
- Performance of a Contract
- Compliance with a Legal Obligation
- Legitimate Interests
You may contact us at firstname.lastname@example.org for more information regarding legitimate interests.
We do not sell, trade, lease, rent or otherwise transfer your personal information to outside parties. We may share information with trusted third parties who assist us in conducting our business or providing you with products or services, and who agree to keep your information confidential under a non-disclosure agreement. These third parties may not use your personal information for other purposes, unless you agree. ThreatQuotient will remain liable for any failure by the third party that receives personal information on behalf of ThreatQuotient, unless we prove that the event giving rise to the damage was solely caused by the third party.
Cookies and Similar Technologies
Cookies are pieces of data that a website transfers to a user’s hard drive for record-keeping purposes. Web beacons are transparent pixel images that are used in collecting information about website usage, email response and tracking.
ThreatQuotient also uses a marketing automation platform that deploys a cookie or web beacon when a user interacts with a marketing communication, such as a marketing email or a marketing-based landing page on our website. This cookie may collect personal information such as your email address, which pages you visit on our website, your history arriving at our website, and the like. We use this information to evaluate the effectiveness of our marketing campaigns. You may set your browser to block these cookies.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Cross Border Transfers
ThreatQuotient has its headquarters in the United States (US). Information we collect from you may be processed and stored in the United States. Many of our external third parties are based outside the European Economic Area so their processing of your personal information will involve a transfer of data outside the EEA.
Whenever we transfer your personal information to external third parties based outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they comply with GDPR or California Consumer Privacy Act (CCPA)..
You may contact us at email@example.com to obtain a copy of the safeguards we use to transfer personal information.
Disclosure to Public Authorities
We may be required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
|Data Category||Who has access||Purpose of the access|
Appropriate technical and physical safeguard measures are in place to protect against unauthorized or unlawful access, misuse, accidental loss, destruction and alteration of any personal information which are shared with us in the course of using our website services.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We will keep the personal information we collected for the following period of time and we will safely erase the information after that:
- Past Customers: 5 years after the last contract expiration date
- Visitors without opt-in or who have revoked their opt-in: 2 years after last lead interaction
- Visitors who have asked to be removed from our database (where personal information does not affect a product or service being provided by us): 30 days after the request
Your Data Privacy Rights
You have a number of rights under relevant data privacy laws, which may include the General Data Protection Regulation (EU) 2016/679. Depending on where you are based, those rights may include the right to (i) request access or copies of your personal information we process, (ii) rectify incorrect personal information, (iii) delete your personal information, (iv) restrict the processing of your personal information, (v) determine the portability of your personal information, (vi) lodge complaints with competent authorities in your country, and/or (vii) request a list with the names and addresses of any potential recipients of your personal information.
Individuals may have the right to limit the use and disclosure of their personal information as required by the Privacy Shield’s Principles, such as whether your personal information is disclosed to a third party or used for purposes materially different from the purpose for which the personal information was originally collected or subsequently authorized by you. If you wish to limit the use and disclosure of personal information in accordance with the Privacy Shield Principles, please contact us at firstname.lastname@example.org.
Third-Party Data Processors
ThreatQuotient engages third party service providers, affiliates or partners to process information in support of our business. This is done to provide infrastructure services, help facilitate customer support, send email notifications, analyze marketing data, or overall improve the customer experience with us. ThreatQuotient performs its due diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations.
Additional information about the sub-processors we use to support delivery of our Services is available at ThreatQuotient Subprocessors.
General Data Protection Regulation (GDPR)
ThreatQuotient complies with the European Union’s General Data Protection Regulation (GDPR).
What are your data protection rights?
ThreatQuotient would like to make sure you are fully aware of all of your data protection rights assured by GDPR.
Every user is entitled to the following:
- The right to be informed
- The right of access
- You have the right to request copies of your personal data, and other supplementary information pertaining to you from ThreatQuotient. This is commonly referred to as a ‘Subject Access Request’ (SAR).
- You can contact ThreatQuotient for any GDPR related issue at: email@example.com
- The right to rectification
- You have the right to request that we correct any information you believe is inaccurate. You also have the right to request of us to complete the information you believe is incomplete.
- The right to erasure
- You have the right to request that we erase your personal data, under certain conditions.
- The right to erasure is also known as ‘the right to be forgotten’.
- The right to restrict processing
- You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to data portability
- You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The right to object
- You have the right to object to ThreatQuotient’s processing of your personal data, under certain conditions.
- Rights in relation to automated decision making and profiling.
- We will tell our customers about any profiling and automated decision-making we carry out, what information we use to create the profiles and where we get this information from.
- We don’t use special category data in our automated decision-making systems unless we have a lawful basis to do so, and we can demonstrate what that basis is. We delete any special category data accidentally created.
EU-U.S. Privacy Shield
ThreatQuotient complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit www.privacyshield.gov.
ThreatQuotient has further committed to cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and to comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints as determined by the Privacy Shield Principles. Under certain conditions, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. ThreatQuotient is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
How to Contact Us
Email us at firstname.lastname@example.org
Or write to us at:
11400 Commerce Park Drive, Suite 200
Reston, VA 20191
For Subject Access Requests or any other GDPR inquiry, please email us at:
Last updated: November 03, 2020