Date of Last Revision: June 17, 2022
Summary and Contents
- Information We Collect: When you interact with us through the Sites or the Services, we may collect personal information and other information from you, including information you give us, information we get from your use of our Services, information we receive from other sources and information collected by third parties on our Sites. Learn more
Disclosure of Your Personal and Other Information: We do not sell your personal information. There are, however, certain circumstances in which we may share your personal information with certain third parties without further notice to you, including in connection with business transfers, to affiliates, service providers, agents, consultants and related third parties, partners and resellers, to other users of BitSight Connect and to comply with legal requirements. Learn more
Accessing, Updating and Deleting Your Personal Information: Upon request we will provide you with information about whether we hold any of your personal information and allow you to access, correct, object to processing or request deletion of such information. In the event you close any account in connection with the Services, we will remove access to your name and other personal information. Learn more
Links from other Sites: Certain pages of the Sites and Services may, from time to time, contain external links or access to services provided by third parties. We are not responsible for the privacy practices of other websites or third parties. Learn more
Security: We take reasonable steps to protect the personal information provided via the Sites and Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Learn more
Children: Our Sites and our Services are designed for business use and are not directed to persons under 18. If we become aware that a child under 18 has provided us with personal information, we will delete such information from our files. Learn more
International Use: We are headquartered in the United States of America. Personal information may be accessed by us or transferred to us in the United States or to our affiliates, service providers, agents, consultants and related third parties, partners and resellers, or service providers elsewhere in the world. By providing us with personal information, you consent to this transfer. Learn more
Privacy Shield Frameworks - EU, UK, and Switzerland: We participate in and have certified our compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area, Switzerland and the United Kingdom to the United States, respectively. Learn more
California Privacy Rights: California consumers have certain rights afforded to them under the California Consumer Privacy Act. This section provides additional details on those rights. Learn more
Our Contact Information: We have designated our Privacy Manager to oversee our compliance with applicable privacy laws. Questions and inquiries concerning your privacy may be submitted by completing this form, by email to [email protected], by phone to 1 (844) 735-0076, or to the address below. Learn more
Information We Collect
When you interact with us through the Services or Sites, we may collect personal information and other information from you, including:
- Information you give us.
- Contact Information: We collect personal information from you when you complete our online forms or contact us with inquiries or create an account to access and use the Services. This information includes contact information such as name, mailing address, email, phone number and company information.
- Account Information: We also collect personal information from you when you log into or post in BitSight Connect (our online forum). You are solely responsible for the personal information you choose to submit in these forums. Please note that once the account has been created for the Services, it automatically creates your access to BitSight Connect.
- Call Information: We may collect personal information from you when you call us and calls may be recorded and analyzed for training, quality control and for sales and marketing purposes. During such calls we will notify you of the recording via either voice prompt or script.
- Information we get from your use of our Sites or Services - (i.e. IP Address, Log Data, and Other Data).
- As is true of most websites, we gather certain information automatically. This information may include Internet protocol ("IP") addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
- Such information we get from your use of our Sites and Services, which is collected passively using various technologies, cannot presently be used to specifically identify you unless you have previously interacted with us by completing a form on our website (see “Contact Information” above). We may store such information itself or such information may be included in databases owned and maintained by our affiliates, agents or service providers.
- Tracking Technologies:
- To opt-out of interest-based advertising by participating companies in the following consumer choice mechanisms, please visit:
- Digital Advertising Alliance (DAA)’s self-regulatory opt-out page (http://optout.aboutads.info/) and mobile application-based "AppChoices" download page (https://youradchoices.com/appchoices)
- European Interactive Digital Advertising Alliance (EDAA)'s consumer opt-out page (http://youronlinechoices.eu)
- Network Advertising Initiative (NAI)’s self-regulatory opt-out page (http://optout.networkadvertising.org/).
- Information we receive or collect from other sources.
- Third Party Data: We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
- Call Information: We may contact you by telephone to provide support for our Services or for sales and marketing purposes. We may record these calls and analyze and share them for training, quality control and for sales and marketing purposes. During such calls we will notify you of the recording via either voice prompt or script.
- Information collected by third parties on our sites.
Social Media Information: Our Sites include social media features and widgets such as Facebook, Twitter and LinkedIn or interactive mini-programs that run on our Sites. These features may collect your Internet protocol address, which page you are visiting on our Sites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Sites. Your interactions with these features are governed by the privacy statement of the company providing it.
We may accumulate and aggregate certain statistical and related data in order to improve the performance and functionality of the Sites and Services, to develop new products and/or services or to analyze the usage of the Sites and Services or to provide our products and services, including providing our customers with support and customer success, and for sales and marketing purposes.
We are the sole owner of information collected on the Sites and Services (including any metadata), except for vendor lists and contact information that you provide to us in connection with your use of our Sites and Services.
To extent the General Data Protection Regulation (the “GDPR”) applies to any personal information you give us to enable us to provide the service or operate our Sites, we rely on legitimate interest. We also process data based on consent for sales and marketing purposes.
Our Use of Your Information
If you provide personal information for a certain reason, we may use such personal information in connection with the reason for which it was provided. We may also use personal information for the following business purposes:
- To administer your account,
- To communicate with you by responding to your requests, comments and questions,
- To help us improve the content and functionality of the Sites and Services,
- To provide aggregated and non-identifiable analytical and benchmarking data for security and other insights,
- To better understand our users and to improve the Sites and Services and to market our Services to you.
We may also use this information to contact you in the future to tell you about services we believe will be of interest to you. Each bulk marketing communication we send to you will contain instructions to "opt-out" of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or wish to have your name deleted from our mailing lists, contact us as indicated below under “Our Contact Information.” You may also opt out as to whether your personal information is (i) to be disclosed to a third party other than as described herein or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected (or subsequently authorized by you) by contacting us as indicated below under “Our Contact Information.”
Disclosure of Your Personal and Other Information
We do not sell your personal information. There are, however, certain circumstances in which we may share your personal information with certain third parties without further notice to you, as set forth below:
- Business Transfers. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal information may be part of the transferred assets or otherwise shared as is in our legitimate business interests.
- Service Providers, Agents, Consultants and Third Parties. Occasionally, we enter into contracts with carefully selected third parties so that they can assist us in servicing you (for example, providing or maintaining databases, processing payment, fraud detection and deterrence or access to advertising assets), to assist us in our own marketing and advertising activities or to engage in co-marketing activities with us. Our contracts with such third parties prohibit them from using any of your personal information for any purpose beyond the purpose for which it was shared.
- Partners and Resellers. We may share your personal information with our partners and resellers so that they can assist you in using our Services and sell or resell our Services to you.
- Data Submitted in Connection with BitSight Connect. Your name and/or username and the information you post in BitSight Connect forums and any activities you engage in will be available to other users of BitSight Connect.
- Legal Requirements. We may disclose your personal information as is in our legitimate interests when such disclosure is necessary or advisable, in our sole discretion, to conduct an investigation, respond to a third party or law enforcement subpoena or court order, bring legal action, prevent harm to others or pursue other relief when you or a third party are or may be: violating our terms and conditions of use; causing injury or other harm to, or otherwise violating our property or other legal rights, or those of other users of our Sites and Services or third parties; or violating federal, state, local, or other applicable law. This disclosure may include transferring information to the U.S. and outside the European Economic Area
We may also share aggregated and non-identifiable information with any third party, including the media and industry observers and as part of our products and services. For example, we may disclose security trends, benchmarking data or the number of customers that have evaluated or purchased our products and services.
Accessing, Updating and Deleting Your Personal Information
Depending on the jurisdiction in which you are located, you may have the right to request that we provide the following information regarding the personal information we hold about you:
- The categories and/or specific pieces of personal information we collected
- The categories of sources from which personal information is collected
- The business or commercial purpose for collecting personal information
- The categories of third parties with whom we shared personal information
If you are entitled to exercise privacy rights under applicable law, you may access, correct, object to processing or request deletion of your personal information by logging into your account or contacting us (including our European representative) by completing this form. We will respond to your request within a reasonable timeframe. Please be aware that even after we have processed your request, we may retain certain residual information in the backup and/or archival copies of our database or any data that we may retain in compliance with applicable law. We will not discriminate against you for exercising any of your rights with respect to your personal information.
In the event you close any account in connection with the Services, your account will be deactivated and your name and other personal information will no longer be accessible by you. We may retain your personal information for as long as your account is active or to provide you services, improve our Services, comply with our legal obligations, resolve disputes and enforce our agreements.
Links from other Sites
Certain pages of the Sites and Services may, from time to time, contain external links or access to services provided by third parties. You should verify and validate any and all privacy practices of other websites. We encourage you not to provide personal information, without first assuring yourself of the privacy policies of such other websites.
WE ARE NOT RESPONSIBLE IN ANY WAY FOR THE PRIVACY PRACTICES OF OTHER WEBSITES OR THIRD PARTIES OR FOR ANY USE AND/OR MISUSE OF ANY PERSONAL INFORMATION OR OTHER INFORMATION PROVIDED BY YOU AT SUCH OTHER WEBSITES OR SERVICES.
We take reasonable steps to protect the personal information provided via the Sites and Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. For example, access to your personal information and/or your information on the Services is password-protected (it is your responsibility to protect the security of any of your login information). Notwithstanding our efforts, we cannot guarantee absolute or unqualified protection of this information given the open nature and resulting instability of the Internet, and we make no representations or warranties as to the effectiveness of our security and assume no liability for security breaches or any failure in the security of your computer equipment, your internet service provider or other networks and communications providers. If you have any questions about the security of your personal information, you can contact us at [email protected].
Our Sites and our Services are designed for business use and are not directed to persons under 18. We do not knowingly collect personal information from children under 18. If a parent or guardian becomes aware that his or her child has provided us with personal information without such parent or guardian's consent, he or she should contact us. If we become aware that a child under 18 has provided us with personal information, we will delete such information from our files.
Privacy Shield Frameworks – EU, UK, and Switzerland
We participate in and have certified our compliance for our U.S. entitles - BitSight Technologies, Inc. and VisibleRisk, Inc. - with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area, Switzerland and the United Kingdom to the United States, respectively. We are committed to subjecting all personal information received from European Union (EU) member countries, the United Kingdom and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
We are responsible for the processing of personal information we receive under each Privacy Shield Framework and subsequent transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal information from the EU, the United Kingdom and Switzerland, including the onward transfer liability provisions.
With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
California Privacy Rights
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act (“CCPA”).
For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the Information We Collect section above. We collect this information for the business and commercial purposes described in the Our Use of Your Information section above. We share this information with the categories of third parties described in the Disclosure of Your Personal and Other Information section above. BitSight does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please note that we do use third-party cookies for our advertising purposes as further described in our Tracking Technologies section above.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us as described in the Our Contact Information section below.
We may verify your request using the information associated with your account, including email address. California consumers may also designate an authorized agent to make a “request to know” or a “request to delete” your personal information by providing the authorized agent written permission to do so and by verifying your own identity with us directly.
Our Contact Information
We have designated our Privacy Manager to oversee our compliance with applicable privacy laws. Questions and inquiries to us (including our European representative) concerning your privacy may be directed by email to [email protected] You may also reach us by phone at 1 (844) 735-0076, or you can write us at:
BitSight Technologies, Inc.
111 Huntington Ave, Suite 2010
Boston, MA 02199
Attn: Legal Department/Privacy Manager
We will use commercially reasonable efforts to make an initial response to your inquiries, questions or comments within five (5) business days of their receipt.
All data subject or similar access requests must be made by completing this form.
Notification of Changes