ThreatAware

Privacy Policy

In this Privacy Policy when we refer to “ThreatAware”, “we”, “us” or “our”, we mean ThreatAware which provides businesses with cybersecurity tools and products as described in more detail on our Website. ThreatAware is committed to protecting the privacy of individuals who use our services or even if you are just visiting our website. If you would like to know more about how we process your personal information, please contact us by one of the following means:

Phone: +4420 3926 6080 (from the UK) or +18882309348 (from the US)
Email: gdpr@threataware.com

INTRODUCTION

This Privacy Policy gives you information about how we process personal information we come into contact with, via the delivery of a service or via submission to us by you. This policy is relevant to our customers only and does not cover our responsibilities as an employer. Any Personal Information we collect through the delivery of services will be processed in accord with your instructions within contract and where applicable in line with our non-disclosure agreement with you. If you do not agree for the processing of personal information in line with this Privacy Policy, then you should not sign up for any service that ThreatAware provide.

CHANGES TO OUR PRIVACY POLICY

From time to time we may amend this Privacy Policy to fall in line with changes to legislation, including from not limited to the General Data Protection Regulation 2016, Privacy and Electronic Communication Regulation 2003 and the Data Protection Bill 2017 - 2019. Amendments to this policy will be shown on our website.

If we materially alter our Privacy Policy, we will let you know of such changes by posting a notice on our website. Your continued use of the website will be considered your agreement that your information may be used per the new policy. If you do not agree with the changes, then you should stop using the website, and you should let us know that you do not want your information used per the changes.

PERSONAL DATA

‘Personal data’ is defined in law as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This may include but will not be limited to, name(s), email address, telephone number, your client's data, your employee data. We do not collect or amass personal data outside the delivery of a contract or the purposes of employment, nor do use said information for anything other than delivering the service that you signed up for.

WHAT INFORMATION DO WE PROCESS?

ThreatAware processes information pertaining to the delivery of a service under contract; this is detailed in the license agreement when the contract offered. This information may include name, IP address, IT access/usage/browsing or compliance data. The data processed using cookies on this website can be reviewed in the Cookie Policy.

How We Use Cookies and other Tracking Technologies?

For more information on the cookies and tracking technologies used on our website, please see our Cookie Policy. Most internet browsers accept cookies by default, but you can change your browser preferences to block or restrict cookies if you do not want your web browsing activity tracked. Please note that some cookies are necessary for our website to run and, as such, cannot be declined. However, such cookies do not collect any personally identifiable information. If you choose, you may use the Digital Advertising Alliance (DAA) WebChoices Tool to globally opt out of third-party tracking via website cookies. There are also a variety of other tools publicly available to manage cookies and similar technologies that collect information related to your use of our website. To learn more about cookies and modifying your browser settings related to these cookies you can review guidance from the Federal Trade Commission.

We are not responsible for the effectiveness or compliance of third-party opt-out mechanisms or programs. Please note that if you remove your cookies or upgrade your browser after having opted out, you will need to opt out again. Your opt out is specific to the browser you are using and the device you use to access the website. Therefore, if you use multiple browsers or devices you will need to opt out on each browser or device. You can access the information on our website without enabling cookies in your browser, but disabling cookies may result in a diminished ability to take advantage of the services and related informational content on our website.

CLIENT FEEDBACK

We may from time to time post our client feedback on our website, this may include details such as your name and company. If you would like this removed, please contact us at hello@threataware.com.

SOCIAL MEDIA

We use social media to keep you informed about our products and services and also about news that may be of interest to you. We use LinkedIn and Twitter social media services to achieve this, if you do not wish to receive this information you may unsubscribe from the feed on the relevant social media platform. By accessing these third party websites through our website, you are consenting to the terms and privacy policies of those websites. We do not accept any responsibility or liability for their policies or practices whatsoever as we have no control over them.

HOW DO WE USE THE INFORMATION WE COLLECT / PROCESS ABOUT YOU?

The information that we collect and process about you or on your behalf is used for the following:

  • The provisioning of ThreatAware services.
  • To bill you for those services.
  • To perform credit checks on you or your company.

DATA RETENTION

The length of time we retain your data will depend on the purpose for which we process it. We will retain your information for as long as you are contracted to receive a service from ThreatAware. We may retain some of your data in server logs and backups of associated systems for a period of up to seven (7) years beyond the cessation of contracted services to comply with legal obligations such as regulation or for legal defense. Other retention periods will be defined by yourself within contract.

3RD PARTY SHARING

We will never sell or pass on your details to others for marketing or advertising purposes. It may be necessary to provide your information onto a 3rd party for the delivery of a service that you have requested but we will require those 3rd parties to implement and agree to appropriate safeguards to protect your information prior to transferring. ThreatAware may share your information with parties on our authorized vendors list, our consultants, our staff or providers of services for which you are seeking. Additionally, these parties may disclose your information to others for the delivery of the service you have requested; please ensure you have familiarized yourself with their terms and conditions and/or their privacy notices. If you would like a copy of our authorized vendors list please contact us at gdpr@threataware.com, please note that we will only disclose our vendors list to those that we process data regarding. Where we believe there is a need to investigate, prevent or report illegal activities, suspected fraud, issues pertaining to threats to the physical safety of any person we may pass your information onto other 3rd parties including but not limited to legal authorities, such as The Metropolitan Police, City Of London Police, City Of Manchester Police, Serious Fraud Office, Information Commissioners Office or the Health and Safety Executive. Where your data is transmitted internationally, outside of the EEA, we shall ensure that enforceable binding contracts are in place in the absence of a suitable data protection legislation. We will not conduct business where there is neither an enforceable contract nor a suitable data protection legislation.

SECURITY

ThreatAware utilizes technical controls such as intrusion prevention and detection systems, anti-virus, firewalls, encryption, internet usage monitoring and role based access to help protect your information from loss, destruction, misuse, unauthorized access or disclosure as part of our Cyber Essentials certification. In addition, we utilize organizational controls such as policies and procedures as part of our ISO/IEC 27001:2005 to govern the technical controls. Nonetheless, the transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically on our website, and transmission of such data is therefore entirely at your own risk.

OTHER WEBSITES

Our website may contain links to other websites that are not controlled by us; therefore, we are not responsible for the content or use of these services, whereas we always strive to vet our vendors and those we are associated with in a service provider capacity the use of services outside our control is at your own risk.

CHILD DATA

We do not knowingly process any information from anyone under 16 years of age. All services are aimed at those aged 18 and over, however if you are a client of ours that uses our hosting services you may upload data pertaining to children to our platform. In this scenario it is your responsibility as the controller of data to notify us so that we can ensure you have the appropriate technical controls in place to safeguard the confidentiality, integrity and availability of this data. By using our website, you affirm that you are at least 18 years of age or older. We are not liable for any damages that may result from a user's misrepresentation of age.

UPDATING YOUR PERSONAL INFORMATION

If you receive a service from ThreatAware, you can modify your personal information by sending us a request to hello@threataware.com with the subject ‘Right to Rectification’. A member of staff will then respond to your request in due course.

GDPR RIGHTS

You have many rights under the GDPR, they are defined as below:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

If you are an existing client of ours, please contact your data controller who will then assist you in exercising your rights with us as a processor. If you are a former employee or had another relationship with ThreatAware and you would like to exercise your rights, please contact us at gdpr@threataware.com

CONTACT US

We are committed to providing excellent service, however if you have a complaint about your privacy or the use of your personal data and you are an existing customer of ours, please initially contact your line manager so that they may contact our account management team. Alternatively, if you are not a client then please contact us and ask to speak with the Data Protection Officer.

We may be contacted in writing at ThreatAware Ltd, 18 Crucifix Lane, London, SE1 3JW. By phone on 020 3926 6080 or via email at gdpr@threataware.com.

ThreatAware USA Inc. is incorporated and registered in the state of Delaware, United States with its principal offices at 1330 Avenue of the Americas, 23F, New York, NY, 10019. By phone on +18882309348 or via email at gdpr@threataware.com.

Effective Date: 23 July, 2024