Effective Date: May 25, 2018
1. Information We Collect
When you use the website and the Services, NowSecure collects certain information that can be used to contact or identify you including, but not limited to, your email address, name, phone number, postal address, or other information (“Personal Information”). We also collect technical or non-personal information, which independent of your Personal Information cannot identify you.
Personal Information includes:
- Contact information: When you submit a form to download resources, request information, attend a webinar, respond to a survey, apply to a job opening, or otherwise contact us electronically.
- Account information: You may register to create an account and provide Personal Information in order to be able to save your profile and the data associated with it.
- Identity Provider Information: If you authenticate on the Services using an identity provider such as GitHub or Google (the “Identity Provider”), the Identity Provider may send us your registration or profile information on that service and other information that you authorize. This information enables us to authenticate you and improve the Services.
Other information includes:
- Log and Analytics Data: We may also collect information that your browser sends whenever you visit our Services (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, approximate location, browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages and other statistics.
2. How We Use this Information
We collect Personal Information and other information for these purposes:
- To deliver, monitor and enhance the Services
- To identify and communicate with you, respond to your requests/inquiries, provide customer service and fulfill orders
- To process payments where applicable
- To control unauthorized use or abuse of the Services, and detect, investigate or prevent activities that may violate our policies or be illegal
- To analyze trends, administer or optimize the Services, monitor usage or traffic patterns (including to track users’ movements around the Services) and gather demographic information about our user base
- To market our Services to you, including by sending you newsletters, promotions and special offers or information about new products and services. Your opt-out options for promotional communications are described in Section 8: Your Controls and Choices
- To deliver advertising, including by managing ads on third party sites and to tailor ads based on your interests and browsing history.
3. Sharing Your Information with Third Parties
We do not sell, trade, share or transfer your personal information to third parties except in the following limited circumstances:
- With our parent/subsidiary companies;
- With legal authorities or our legal advisors when we have a good faith belief that it is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, including as required by the Privacy Shield principles; (b) enforce contractual obligations, including investigation of potential violations thereof, or (c) protect against imminent harm to our rights, property or safety, or that of our users or the public as required or permitted by law;
- With organization partners who offer a service to you jointly with us, for example when running a cross-promotion.
- In connection with a merger, acquisition, or any form of sale of some or all of our assets; and
- With a third party if we have your consent to do so.
We may also share aggregated or anonymized information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information including coarse geolocation, device configurations, and performance metrics related to the use of the Services which we collected through our technology. If we are required under applicable law to treat such information as personal information, then we will only disclose it as described above. Otherwise we may disclose such information for any reason.
Our Services employ the following types of cookies:
- Essential Cookies. First party cookies that are necessary to provide the functionality of the Services. Essential cookies help remember your login, settings, and session state information.
- Functionality Cookies. First party and third party cookies used to remember information you have entered or choices you make, which may not be essential but help tailor the Services to you.
- Analytics Cookies. First party and third party cookies that track information about how the Services are being used so that we can assess performance and make improvements. They collect information about how visitors use the Services, which site the user came from, the number of each user’s visits, and how long a user stays on the Services.
- Advertising Cookies. Third party cookies are placed by third party advertising platforms or networks in order to deliver ads, track ad performance, and enable advertising networks to deliver ads that may be relevant to you based upon your activities (this is sometimes called “behavioral” “tracking” or “targeted” advertising). More information about how cookies are used for advertising purposes is explained below in Marketing and Ad Personalization.
Web beacons. These are tiny graphics (clear GIFs or pixel tags) with a unique identifier, similar in function to cookies. Unlike cookies, beacons are not stored on your computer. We use beacons to track activities of users on the Services, manage content, and to compile statistics about usage. We (and our third party service providers) also use beacons in HTML emails to track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Opting Out of Ad Networks. If you wish to not have cross-site information used for the purpose of serving you personalized ads, you may opt-out of many ad networks by visiting http://optout.aboutads.info/, or if you are located in the European Union, by visiting http://www.youronlinechoices.eu/. You will continue to see ads on the sites you visit, but the ad networks from which you have opted out will no longer personalize ads to you based upon your activities on other sites. These opt-out mechanisms are cookie based, so if you delete cookies, block cookies or use another device, your opt-out will no longer be effective. For more information, go to www.aboutads.info.
Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. You can use your browser to prevent your computer from accepting cookies, or only block third party cookies, as described in the following section. If you disable cookies, be aware that some features of our Services may not function.
How to Disable Cookies. The “Help” feature on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you disable cookies, be aware that some features of our Services may not function. To learn more about how to control cookie settings through your browser:
- Click here to learn more about the “Private Browsing” setting and managing cookie settings in Firefox.
- Click here to learn more about “Incognito” and managing cookie settings in Chrome.
- Click here to learn more about “InPrivate” and managing cookie settings in Internet Explorer.
- Click here to learn more about “Private Browsing” and managing cookie settings in Safari.
5. Our Service Providers
6. Privacy Shield Framework
NowSecure complies with the U.S. – E.U. and U.S. – Swiss Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the E.U. or Switzerland to the United States. The Federal Trade Commission (FTC) has jurisdiction over NowSecure’s compliance with the Privacy Shield. To learn more about the Privacy Shield program please visit https://www.privacyshield.gov.
If you have a dispute with us about our adherence to the Privacy Shield Principles, we will seek to resolve it through our internal complaint resolution process, or if necessary through an independent dispute resolution body. NowSecure has selected JAMS as our designated independent arbitrator, which can be contacted here: https://www.jamsadr.com/eu-us-privacy-shield. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.
All NowSecure employees or contractors who handle personal information from Europe and Switzerland are required to comply with this Statement.
7. Users in the European Economic Area (EEA)
As required by the General Data Privacy Regulation (GDPR) we collect personal data from EU subjects with the following legal basis: (a) with your consent, or (b) for legitimate organization purposes. Individuals in the EEA have the following rights with respect to their personal data, as defined in Chapter 3, Article 18 [https://gdpr-info.eu/art-18-gdpr/]:
- Access. You can ask us whether we are processing your personal data, request information about how we use, protect and share it, and request a copy of the data.
Rectification. You can ask us to rectify inaccurate information.
- Erasure. You can ask us to erase your personal data, where (a) it is no longer needed for the purposes for which it was collected, (b) you object to our legitimate interest basis, or (c) you withdraw your consent. There are some circumstances in which we are not required to comply with your erasure request, such as a legal obligation, but we will always respond to erasure requests and comply where we can.
- Restriction. You can ask us to restrict (i.e. store but not use) your personal data, when (a) its accuracy is contested, to allow us to verify its accuracy, (b) the processing is unlawful, but you do not want it erased, (c) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims, or (d) you have exercised the right to object, and verification of overriding grounds is pending.
- Objection. You can object to our processing of your personal data based on our ‘legitimate interests’ legal basis, and you can object to the processing of your personal data for direct marketing purposes.
- Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
- Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data which is based upon a consent which you have previously provided.
To exercise any of your rights as an EU subject, contact us as specified in Section 14.
8. Your Controls and Choices
Promotional Email: We may use your Personal Information to contact you with newsletters, marketing and promotional materials and other information that may be of interest to you. If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included on such communications or in the Services. (Please note that you may be unable to opt-out of certain service-related communications while you have an active account.)
Blocking Cookies: You can view and receive notifications on cookie activity, and remove or block certain cookies, using the settings in your internet browser (see Section 4 for more information). Be advised that the Services may cease to function properly if you block cookies.
Do Not Track: Do Not Track is a preference you can set in your web browser. Our Services do not change behavior based on a web browser’s Do Not Track signal.
Access Your Data: Individuals may request information on which personal information we have collected by emailing privacy [at] nowsecure.com. Please allow up to 21 days processing time to respond to your request. Identity verification may be required before we furnish actual personal information.
9. Data Retention
We keep your personal data for as long as reasonably necessary for the purposes set out in Section 2 above. Except as noted below, we will retain your account profile data as necessary for our legitimate organization purposes or to comply with our legal obligations (such as record keeping, accounting, fraud prevention and other organization administrative purposes). Generally we will anonymize or delete personal data from the Services within 180 days after an account is deleted. However, we will maintain certain personal information longer for legitimate purposes including (a) accounting purposes, (b) to be able to defend or raise a claim, (c) direct communications regarding past organization transactions, (d) marketing (where you have not opted-out), and (e) maintaining complete organization records of services rendered. Any data so retained is controlled and protected per this Policy. Where your information is no longer required, we will ensure it is disposed of in a secure manner.
10. Protecting Your Information
The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure. Be advised that no system of transmission over the internet, or method of electronic storage is perfectly secure, and we are unable to guarantee the absolute security of any Personal Information we have collected from you.
11. International Transfer
Your information, including Personal Information, may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you are located outside United States and choose to provide information to us, be advised that we transfer the information, including Personal Information, to the United States and process it there.
12. Children’s Privacy
Our services are not intended for use by anyone under the age of 13 (“Child” or “Children”). We do not knowingly collect personally identifiable information from Children. If you are a parent or guardian and you learn that your Child has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a Child without verification of parental consent, we take steps to remove that information from our servers.
We may change this policy by posting a new version of this policy on this Website. When we do change the policy, we will also revise the “Last updated” date at the top of this page and may notify you of any material changes or post a message on the Website. Your continued use of this Website and the Services following such changes constitutes your acceptance of the revised policy.
14. Contact Us
ATTN: NowSecure Privacy Officer
141 W. Jackson Blvd. Suite 2502,
Chicago, IL 60604
2018-05-25 — Updated for clarity and to provide more information for EEA/GDPR subjects
2017-12-15 — Updated to revise structure, include new Privacy Shield information (replacing Safe Harbor) and remove references to Sensors.
2014-12-02 — Company name change, added usage and mobile intelligence data info
2014-08-20 — Clarifications, added disclaimer
2014-04-30 — Clarifications and simplified wording