Date of Last Revision: July 8, 2020
Disclosure of Your Personal and Other Information: We do not sell your personal information. There are, however, certain circumstances in which we may share your personal information with certain third parties without further notice to you, including in connection with business transfers, to affiliates, service providers, agents, consultants and related third parties, partners and resellers, to other users of BitSight Connect and to comply with legal requirements. Learn more
Accessing, Updating and Deleting Your Personal Information: Upon request we will provide you with information about whether we hold any of your personal information and allow you to access, correct, object to processing or request deletion of such information. In the event you close any account in connection with the Services, we will remove access to your name and other personal information. Learn more
Links from other Sites: Certain pages of the Sites and Services may, from time to time, contain external links or access to services provided by third parties. We are not responsible for the privacy practices of other websites or third parties. Learn more
Security: We take reasonable steps to protect the personal information provided via the Sites and Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Learn more
Children: Our Sites and our Services are designed for business use and are not directed to persons under 18. If we become aware that a child under 18 has provided us with personal information, we will delete such information from our files. Learn more
International Use: We are headquartered in the United States of America. Personal information may be accessed by us or transferred to us in the United States or to our affiliates, service providers, agents, consultants and related third parties, partners and resellers, or service providers elsewhere in the world. By providing us with personal information, you consent to this transfer. Learn more
EU-U.S. and Swiss-U.S. Privacy Shield: We participate in and have certified our compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Framework. Learn more
California Privacy Rights: California consumers have certain rights afforded to them under the California Consumer Privacy Act. This section provides additional details on those rights. Learn more
Our Contact Information: We have designated our Privacy Manager to oversee our compliance with applicable privacy laws. Questions and inquiries concerning your privacy may be directed by email to email@example.com, by phone to 1(800) 776-2136, or to the address below. Learn more
When you interact with us through the Services or Sites, we may collect personal information and other information from you, including:
We may accumulate and aggregate certain statistical and related data in order to improve the performance and functionality of the Sites and Services, to develop new products and/or services or to analyze the usage of the Sites and Services or to provide our products and services. As noted above, we may use aggregate, anonymous or non-personally identifiable information for such purposes as we, in our sole discretion, deems to be appropriate.
We are the sole owner of information collected on the Sites and Services (including any metadata), except for vendor lists and contact information that you provide to us in connection with your use of our Sites and Services.
To extent the General Data Protection Regulation (the “GDPR”) applies to any personal information you give us to enable us to provide the service or operate our Sites, we rely on legitimate interest. We also process data based on consent for sales and marketing purposes.
If you provide personal information for a certain reason, we may use such personal information in connection with the reason for which it was provided. We may also use personal information for the following business purposes:
We may also use this information to contact you in the future to tell you about services we believe will be of interest to you. Each bulk marketing communication we send to you will contain instructions to "opt-out" of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or wish to have your name deleted from our mailing lists, contact us as indicated below under “Our Contact Information.” You may also opt out as to whether your personal information is (i) to be disclosed to a third party other than as described herein or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected (or subsequently authorized by you) by contacting us as indicated below under “Our Contact Information.”
We do not sell your personal information. There are, however, certain circumstances in which we may share your personal information with certain third parties without further notice to you, as set forth below:
We may also share aggregated and non-identifiable information with any third party, including the media and industry observers and as part of our products and services. For example, we may disclose security trends, benchmarking data or the number of customers that have evaluated or purchased our products and services.
Upon request we will provide you with information about whether we hold any of your personal information. You may access, correct, object to processing or request deletion of your personal information by logging into your account or contacting us (including our European representative) at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe. Please be aware that even after we have processed your request, we may retain certain residual information in the backup and/or archival copies of our database or any data that we may retain in compliance with applicable law.
In the event you close any account in connection with the Services, your account will be deactivated and your name and other personal information will no longer be accessible by you. We may retain your personal information for as long as your account is active or to provide you services, improve our Services, comply with our legal obligations, resolve disputes and enforce our agreements.
Certain pages of the Sites and Services may, from time to time, contain external links or access to services provided by third parties. You should verify and validate any and all privacy practices of other websites. We encourage you not to provide personal information, without first assuring yourself of the privacy policies of such other websites.
WE ARE NOT RESPONSIBLE IN ANY WAY FOR THE PRIVACY PRACTICES OF OTHER WEBSITES OR THIRD PARTIES OR FOR ANY USE AND/OR MISUSE OF ANY PERSONAL INFORMATION OR OTHER INFORMATION PROVIDED BY YOU AT SUCH OTHER WEBSITES OR SERVICES.
We take reasonable steps to protect the personal information provided via the Sites and Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. For example, access to your personal information and/or your information on the Services is password-protected (it is your responsibility to protect the security of any of your login information). Notwithstanding our efforts, we cannot guarantee absolute or unqualified protection of this information given the open nature and resulting instability of the Internet, and we make no representations or warranties as to the effectiveness of our security and assume no liability for security breaches or any failure in the security of your computer equipment, your internet service provider or other networks and communications providers. If you have any questions about the security of your personal information, you can contact us at email@example.com.
Our Sites and our Services are designed for business use and are not directed to persons under 18. We do not knowingly collect personal information from children under 18. If a parent or guardian becomes aware that his or her child has provided us with personal information without such parent or guardian's consent, he or she should contact us. If we become aware that a child under 18 has provided us with personal information, we will delete such information from our files.
We participate in and have certified our compliance with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, Switzerland and the United Kingdom to the United States, respectively. We are committed to subjecting all personal information received from European Union (EU) member countries, the United Kingdom and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
We are responsible for the processing of personal information we receive under each Privacy Shield Framework and subsequent transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal information from the EU, the United Kingdom and Switzerland, including the onward transfer liability provisions.
With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act (“CCPA”).
For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the Information We Collect section above. We collect this information for the business and commercial purposes described in the Our Use of Your Information section above. We share this information with the categories of third parties described in the Disclosure of Your Personal and Other Information section above. BitSight does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please note that we do use third-party cookies for our advertising purposes as further described in our Tracking Technologies section above.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us as described in the Our Contact Information section below.
We may verify your request using the information associated with your account, including email address. California consumers may also designate an authorized agent to make a “request to know” or a “request to delete” your personal information by providing the authorized agent written permission to do so and by verifying your own identity with us directly.
We have designated our Privacy Manager to oversee our compliance with applicable privacy laws. Questions and inquiries to us (including our European representative) concerning your privacy may be directed by email to firstname.lastname@example.org. You may also reach us by phone at 1 (800) 776-2136, or you can write us at:
BitSight Technologies, Inc.
111 Huntington Ave, Suite 2010
Boston, MA 02199
Attn: Legal Department/Privacy Manager
We will use commercially reasonable efforts to make an initial response to your inquiries, questions or comments within five (5) business days of their receipt.