ThreatQuotient, Inc. Privacy Policy

We at ThreatQuotient, Inc. (“ThreatQuotient,” “we,” “us,” or “our”) respect your privacy and are committed to protecting your personal information. This Privacy Policy aims to give you details on how ThreatQuotient collects and processes your personal information through your use of our websites (threatq.com, threatquotient.com, threatq.online) including all associated subdomains, applications, social media accounts, and/or any of our other sites, products, or services which link to this policy. By using our services, you understand that we collect and use your personal information for the reasons specifically outlined in this policy.

Our sites and services are not intended for children. We do not knowingly collect personal information relating to children. If we have actual knowledge that our systems have collected personal information relating to people under 13 years of age, we will take the appropriate steps to remove that data and prevent any further collection.

This Policy does not apply to the extent we process Personal Data provided by our customers through the provision of services and use of our products. For detailed privacy information related to instances where a ThreatQuotient customer and/or a customer affiliate that uses ThreatQuotient products and services is the controller, please reach out to the respective customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Policy.

Information Collection
Personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:

Data CategoryData TypesPurpose
Identity Data
  • First and last name
  • Username or similar identifier
  • Job title
  • Customer relationship management
  • Customer contact enablement
Contact Data
  • Email address
  • Telephone numbers
  • Customer relationship management
  • Customer contact enablement
Technical Data
  • Internet protocol (IP) address
  • Browser type and version
  • Time zone setting and location
  • Browser plug-in types and versions
  • Operating system and platform
  • Other accessible technology metadata on the devices you use to access this application
  • Historical reporting and metrics
  • Troubleshooting
  • Security Incident Response
Profile Data
  • Your username and password
  • Your interests, preferences and feedback
  • Account access
  • Remote access support
  • Access to the customer portal
Usage Data
  • Information about how you use our website
  • Products and services
  • Historical reporting and metrics
  • Troubleshooting
Marketing Data
  • Your preferences in receiving marketing communications from us
  • Consensual targeted marketing

 

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal information but is not considered personal information in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy notice.

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity and Contact Data by filling in forms or providing other information via our website.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal information by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please refer to the Cookies section in this policy for further details.
  • Third parties or publicly available sources. We may receive personal information about you from various third parties [and public sources] as set out below:

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Information Use, Sharing and Disclosure
ThreatQuotient may use personal information for the following purposes:

  • To personalize your website experience: We may use Identity, Contact, Technical, Usage and Profile Data to understand how our visitors use the services and resources provided on our website and deliver relevant content that is more aligned with their interest. To further personalize the experience, we may also cross the data with information collected through other channels like a visit to our booth at a conference, information requests through phone or email, products and services used by our customers, etc.
  • To send periodic emails: We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what may be of interest to you and send information as a result. You will receive marketing communications from us if you have requested information from us or received services from us and, in each case, you have not opted out of receiving that marketing. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email. Where you opt out of receiving these marketing messages, this will not apply to personal information provided to us as a result of a service provided to you.
  • To initiate a sales call: If a visitor has provided his/her phone number of if the phone number is publicly available, we may initiate a sales call to further understand what kind of problem the visitor is trying to solve by visiting our website and see if our product or services can solve that problem.
  • To use data analytics: We may use Identity, Contact, Technical, Usage and Profile Data to improve our website, products and services, marketing, client relationships and experiences to keep our website updated and relevant, to develop our business, and to inform our marketing strategy.

We rely on the following lawful bases to process your personal information for these purposes:

  • Consent
  • Performance of a Contract
  • Compliance with a Legal Obligation
  • Legitimate Interests

You may contact us at privacy@threatq.com for more information regarding legitimate interests.

We do not sell, trade, lease, rent or otherwise transfer your personal information to outside parties. We may share information with trusted third parties who assist us in conducting our business or providing you with products or services, and who agree to keep your information confidential under a non-disclosure agreement. These third parties may not use your personal information for other purposes, unless you agree. ThreatQuotient will remain liable for any failure by the third party that receives personal information on behalf of ThreatQuotient, unless we prove that the event giving rise to the damage was solely caused by the third party.

Cookies and Similar Technologies
Cookies are pieces of data that a website transfers to a user’s hard drive for record-keeping purposes. Web beacons are transparent pixel images that are used in collecting information about website usage, email response and tracking.

This website uses cookies and web beacons to provide enhanced functionality on the site (e.g., user ID and password prompts, and content library downloads) and aggregate traffic data (e.g., what pages are the most popular). These cookies may be delivered in a first-party or third-party context. The website may also use cookies and web beacons in association with emails delivered by ThreatQuotient. Our website also captures limited information (user-agent, HTTP referrer, last URL requested by the user, client-side and server-side clickstream) about visits to our website; we may use this information to analyze general traffic patterns and to perform routine system maintenance. You have many choices with regards to the management of cookies on your computer. All major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage cookies and web beacons, please consult the privacy features in your browser.

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help analyze how users use the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

ThreatQuotient also uses a marketing automation platform that deploys a cookie or web beacon when a user interacts with a marketing communication, such as a marketing email or a marketing-based landing page on our website. This cookie may collect personal information such as your email address, which pages you visit on our website, your history arriving at our website, and the like. We use this information to evaluate the effectiveness of our marketing campaigns. You may set your browser to block these cookies.

Cookies do not contain confidential information such as your home address, telephone number or credit card details. We do not exchange cookies with any third-party websites or external data suppliers. If you choose to disable or refuse cookies, you may find that certain sections of this website may become inaccessible or not function properly.

Third-Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Cross Border Transfers
ThreatQuotient has its headquarters in the United States (US). Information we collect from you may be processed and stored in the United States. Many of our external third parties are based outside the European Economic Area so their processing of your personal information will involve a transfer of data outside the EEA.

Whenever we transfer your personal information to external third parties based outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal information shared between Europe and the US.

You may contact us at privacy@threatq.com to obtain a copy of the safeguards we use to transfer personal information.

Disclosure to Public Authorities
We may be required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Access Control

Data CategoryWho has accessPurpose of the access
Identity Data
  • Marketing
  • Sales
  • Customer relationship management
  • Service use
  • Support enablement
Contact Data
  • Marketing
  • Sales
  • Customer relationship management
  • Service use
  • Support enablement
Technical Data
  • Engineering
  • Retain audit trail
  • Site statistics
  • Investigate security events
  • Troubleshooting
Profile Data
  • Marketing
  • Sales
  • Engineering
  • Customer relationship management
  • Service use
  • Support enablement
Usage Data
  • Marketing
  • Sales Ops
  • Engineering
  • Site statistics
  • Investigate security events
  • Troubleshooting
Marketing Data
  • Marketing
  • Customer relationship management

 

Data Security
Appropriate technical and physical safeguard measures are in place to protect against unauthorized or unlawful access, misuse, accidental loss, destruction and alteration of any personal information which are shared with us in the course of using our website services.

Data Retention
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We will keep the personal information we collected for the following period of time and we will safely erase the information after that:

  • Past Customers: 5 years after the last contract expiration date
  • Visitors without opt-in or who have revoked their opt-in: 2 years after last lead interaction
  • Visitors who have asked to be removed from our database (where personal information does not affect a product or service being provided by us): 30 days after the request

Your Data Privacy Rights
You have a number of rights under relevant data privacy laws, which may include the General Data Protection Regulation (EU) 2016/679. Depending on where you are based, those rights may include the right to (i) request access or copies of your personal information we process, (ii) rectify incorrect personal information, (iii) delete your personal information, (iv) restrict the processing of your personal information, (v) determine the portability of your personal information, (vi) lodge complaints with competent authorities in your country, and/or (vii) request a list with the names and addresses of any potential recipients of your personal information.

Individuals may have the right to limit the use and disclosure of their personal information as required by the Privacy Shield’s Principles, such as whether your personal information is disclosed to a third party or used for purposes materially different from the purpose for which the personal information was originally collected or subsequently authorized by you. If you wish to limit the use and disclosure of personal information in accordance with the Privacy Shield Principles, please contact us at privacy@threatq.com.

EU-U.S. Privacy Shield
ThreatQuotient complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit www.privacyshield.gov.

In compliance with the Privacy Shield Principles, ThreatQuotient commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact us at: privacy@threatq.com. We will make all efforts to resolve your complaints in a timely and accurate manner. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S. based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim.

ThreatQuotient has further committed to cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and to comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints as determined by the Privacy Shield Principles. Under certain conditions, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. ThreatQuotient is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Changes to This Privacy Policy
ThreatQuotient has the discretion to update this Privacy Policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage visitors to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You should review this Privacy Policy periodically to become aware of modifications.

How to Contact Us
If you have questions about this Privacy Policy, please contact us in one of the following ways: Email us at privacy@threatq.com

Or write to us at: ThreatQuotient, Inc.
11400 Commerce Park Drive, Suite 200
Reston, VA 20191

Last updated: April 14, 2020