ThreatQuotient, Inc. Privacy Policy

We at ThreatQuotient, Inc. (“ThreatQuotient,” “we,” “us,” or “our”) respect your privacy and are committed to protecting your personal information. This Privacy Policy aims to give you details on how ThreatQuotient collects and processes your personal information through your use of our websites and products (threatq.com, threatquotient.com, threatq.online) including all associated subdomains, applications, social media accounts, and/or any of our other sites, products, or services which link to this policy. By using our services, you understand that we collect and use your personal information for the reasons specifically outlined in this policy. 

Our sites and services are not intended for children. We do not knowingly collect personal information relating to children. If we have knowledge that our systems have collected personal information relating to people under 13 years of age, we will take the appropriate steps to remove that data and prevent any further collection.

This Policy does not apply to the extent we process Personal Data provided by our customers through the provision of services and use of our products. For detailed privacy information related to instances where a ThreatQuotient customer and/or a customer affiliate that uses ThreatQuotient products and services is the controller, please reach out to the respective customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Policy. 

Information Collection

Personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:

Data CategoryData TypesPurpose
Identity Data
  • First and last name
  • Username or similar identifier
  • Job title.
  • Customer relationship management
  • Customer contact enablement 
Contact Data
  • Email address
  • Telephone numbers
  • Customer relationship management
  • Customer contact enablement 
Technical Data
  • Internet protocol (IP) address
  • Browser type and version
  • Time zone setting and location
  • Browser plug-in types and versions
  • Operating system and platform
  • Other accessible technology metadata on the devices you use to access this application.
  • Historical reporting and metrics
  • Troubleshooting
  • Security Incident Response
Profile Data
  • Your username and password
  • Your interests, preferences and feedback.
  • Account access
  • Remote access support
  • Access to the customer portal. 
Usage Data
  • Information about how you use our website
  • Products and services.
  • Historical reporting and metrics
  • Troubleshooting.
Marketing Data
  • Your preferences in receiving marketing communications from us
  • Consensual targeted marketing. 

 

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal information but is not considered personal information in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy notice.

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity and Contact Data by filling in forms or providing other information via our website.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal information by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please refer to the Cookies section in this policy for further details.
  • Third parties or publicly available sources. We may receive personal information about you from various third parties [and public sources] as set out below:
  • Technical Data from the following parties:
    • Analytics providers [such as Google based outside the EU];
  • Our social media pages:
    • Twitter – https://twitter.com/ThreatQuotient
    • Facebook – https://www.facebook.com/threatquotient
    • LinkedIn – https://www.linkedin.com/company/threatq

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Information Use, Sharing and Disclosure

ThreatQuotient may use personal information for the following purposes:

  • To personalize your website experience: We may use Identity, Contact, Technical, Usage and Profile Data to understand how our visitors use the services and resources provided on our website and deliver relevant content that is more aligned with their interest. To further personalize the experience, we may also cross the data with information collected through other channels like a visit to our booth at a conference, information requests through phone or email, products and services used by our customers, etc.
  • To send periodic emails: We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what may be of interest to you and send information as a result. You will receive marketing communications from us if you have requested information from us or received services from us and, in each case, you have not opted out of receiving that marketing. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email. Where you opt out of receiving these marketing messages, this will not apply to personal information provided to us as a result of a service provided to you.
  • To initiate a sales call: If a visitor has provided his/her phone number of if the phone number is publicly available, we may initiate a sales call to further understand what kind of problem the visitor is trying to solve by visiting our website and see if our product or services can solve that problem.
  • To use data analytics: We may use Identity, Contact, Technical, Usage and Profile Data to improve our website, products and services, marketing, client relationships and experiences to keep our website updated and relevant, to develop our business, and to inform our marketing strategy.

We rely on the following lawful bases to process your personal information for these purposes:

  • Consent
  • Performance of a Contract
  • Compliance with a Legal Obligation
  • Legitimate Interests

You may contact us at privacy@threatq.com for more information regarding legitimate interests.

We do not sell, trade, lease, rent or otherwise transfer your personal information to outside parties. We may share information with trusted third parties who assist us in conducting our business or providing you with products or services, and who agree to keep your information confidential under a non-disclosure agreement. These third parties may not use your personal information for other purposes, unless you agree. ThreatQuotient will remain liable for any failure by the third party that receives personal information on behalf of ThreatQuotient, unless we prove that the event giving rise to the damage was solely caused by the third party.

Cookies and Similar Technologies

Cookies are pieces of data that a website transfers to a user’s hard drive for record-keeping purposes. Web beacons are transparent pixel images that are used in collecting information about website usage, email response and tracking.

This website uses cookies and web beacons to provide enhanced functionality on the site (e.g., user ID and password prompts, and content library downloads) and aggregate traffic data (e.g., what pages are the most popular). These cookies may be delivered in a first-party or third-party context. The website may also use cookies and web beacons in association with emails delivered by ThreatQuotient. Our website also captures limited information (user-agent, HTTP referrer, last URL requested by the user, client-side and server-side clickstream) about visits to our website; we may use this information to analyze general traffic patterns and to perform routine system maintenance. You have many choices with regards to the management of cookies on your computer. All major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage cookies and web beacons, please consult the privacy features in your browser.

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help analyze how users use the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. 

ThreatQuotient also uses a marketing automation platform that deploys a cookie or web beacon when a user interacts with a marketing communication, such as a marketing email or a marketing-based landing page on our website. This cookie may collect personal information such as your email address, which pages you visit on our website, your history arriving at our website, and the like. We use this information to evaluate the effectiveness of our marketing campaigns. You may set your browser to block these cookies.

Cookies do not contain confidential information such as your home address, telephone number or credit card details. We do not exchange cookies with any third-party websites or external data suppliers. If you choose to disable or refuse cookies, you may find that certain sections of this website may become inaccessible or not function properly.

Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Cross Border Transfers

ThreatQuotient has its headquarters in the United States (US). Information we collect from you may be processed and stored in the United States. Many of our external third parties are based outside the European Economic Area so their processing of your personal information will involve a transfer of data outside the EEA.

Whenever we transfer your personal information to external third parties based outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe. 
  • Where we use providers based in the US, we may transfer data to them if they comply with GDPR or California Consumer Privacy Act (CCPA).. 

You may contact us at privacy@threatq.com to obtain a copy of the safeguards we use to transfer personal information.

Disclosure to Public Authorities

We may be required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Access Control

Data CategoryWho has accessPurpose of the access
Identity Data
  • Marketing
  • Sales
  • Customer relationship management
  • Service use
  • Support enablement
Contact Data
  • Marketing
  • Sales
  • Customer relationship management
  • Service use
  • Support enablement
Technical Data
  • Engineering
  • Marketing
  • Retain audit trail
  • Site statistics
  • Investigate security events
  • Troubleshooting
  • Product improvements
Profile Data
  • Marketing
  • Sales
  • Engineering
  • Customer relationship management
  • Service use
  • Support enablement
Usage Data
  • Marketing
  • Sales Ops
  • Engineering
  • Retain audit trail
  • Site statistics
  • Investigate security events
  • Troubleshooting
  • Product Improvements
Marketing Data
  • Marketing
  • Customer relationship management

Data Security

Appropriate technical and physical safeguard measures are in place to protect against unauthorized or unlawful access, misuse, accidental loss, destruction and alteration of any personal information which are shared with us in the course of using our website services.

Data Retention

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We will keep the personal information we collected for the following period of time and we will safely erase the information after that:

  • Past Customers: 5 years after the last contract expiration date
  • Visitors without opt-in or who have revoked their opt-in: 2 years after last lead interaction
  • Visitors who have asked to be removed from our database (where personal information does not affect a product or service being provided by us): 30 days after the request

Your Data Privacy Rights

You have a number of rights under relevant data privacy laws, which may include the General Data Protection Regulation (EU) 2016/679. Depending on where you are based, those rights may include the right to (i) request access or copies of your personal information we process, (ii) rectify incorrect personal information, (iii) delete your personal information, (iv) restrict the processing of your personal information, (v) determine the portability of your personal information, (vi) lodge complaints with competent authorities in your country, and/or (vii) request a list with the names and addresses of any potential recipients of your personal information. 

Individuals may have the right to limit the use and disclosure of their personal information as required by the Privacy Shield’s Principles, such as whether your personal information is disclosed to a third party or used for purposes materially different from the purpose for which the personal information was originally collected or subsequently authorized by you. If you wish to limit the use and disclosure of personal information in accordance with the Privacy Shield Principles, please contact us at privacy@threatq.com

Third-Party Data Processors

ThreatQuotient engages third party service providers, affiliates or partners to process information in support of our business. This is done to provide infrastructure services, help facilitate customer support, send email notifications, analyze marketing data, or overall improve the customer experience with us. ThreatQuotient performs its due diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations.

Additional information about the sub-processors we use to support delivery of our Services is available at ThreatQuotient Subprocessors.

General Data Protection Regulation (GDPR)

ThreatQuotient complies with the European Union’s General Data Protection Regulation (GDPR). 

If there is any conflict between the terms in this Privacy Policy and GDPR, the GDPR principles shall take precedence.

What are your data protection rights?

ThreatQuotient would like to make sure you are fully aware of all of your data protection rights assured by GDPR.

Every user is entitled to the following:

  • The right to be informed
    • You have the right to be informed about the collection and use of your personal data; As such, ThreatQuotient will notify you any time this occurs. This privacy policy defines the purpose for collecting various types of data along with retention periods and who we share it with.
  • The right of access
    • You have the right to request copies of your personal data, and other supplementary information pertaining to you from ThreatQuotient. This is commonly referred to as  a ‘Subject Access Request’ (SAR). 
    • You can contact ThreatQuotient for any GDPR related issue at: gdpr@threatq.com
  • The right to rectification
    • You have the right to request that we correct any information you believe is inaccurate. You also have the right to request of us to complete the information you believe is incomplete.
  • The right to erasure
    • You have the right to request that we erase your personal data, under certain conditions.
    • The right to erasure is also known as ‘the right to be forgotten’.
  • The right to restrict processing
    • You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to data portability
    • You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The right to object
    • You have the right to object to ThreatQuotient’s processing of your personal data, under certain conditions.
  • Rights in relation to automated decision making and profiling.
    • We will tell our customers about any profiling and automated decision-making we carry out, what information we use to create the profiles and where we get this information from.
    • We don’t use special category data in our automated decision-making systems unless we have a lawful basis to do so, and we can demonstrate what that basis is. We delete any special category data accidentally created.

EU-U.S. Privacy Shield

ThreatQuotient complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit www.privacyshield.gov

In compliance with the Privacy Shield Principles, ThreatQuotient commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact us at: privacy@threatq.com. We will make all efforts to resolve your complaints in a timely and accurate manner. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S. based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim.

ThreatQuotient has further committed to cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and to comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints as determined by the Privacy Shield Principles. Under certain conditions, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. ThreatQuotient is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Changes to this Privacy Policy

ThreatQuotient has the discretion to update this Privacy Policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage visitors to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You should review this Privacy Policy periodically to become aware of modifications.

How to Contact Us

If you have questions about this Privacy Policy, please contact us in one of the following ways:

Email us at privacy@threatq.com 

Or write to us at:
ThreatQuotient, Inc.
11400 Commerce Park Drive, Suite 200
Reston, VA 20191

For Subject Access Requests or any other GDPR inquiry, please email us at: 

gdpr@threatq.com 

Last updated: November 03, 2020