European Safe Harbor Privacy Policy

Background:

The U.S.-E.U. Safe Harbor Framework was established in June 2000 by the United States Department of Commerce and the European Commission, as a method for transferring personal information from the European Union (“EU”), to companies in the United States. The program is a voluntary self-certification process for companies operating in the United States. Companies that certify represent that they are upholding privacy standards for personal information received from the EU that have been jointly accepted by the EU Commission and the US Department of Commerce. AttackIQ has certified to the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework and has developed this Safe Harbor Privacy Policy to describe its commitment to the Safe Harbors framework.

AttackIQ abides by the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information (as defined below) from European Union member countries and Switzerland. AttackIQ has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.   To learn more about the Safe Harbor program, and to view AttackIQ’ certification, please visit http://www.export.gov/safeharbor/

Scope:

This Safe Harbors Privacy Policy applies to all Personal Information received by AttackIQ in the United States from the EU and Switzerland in any format including electronic or paper-based Personal Information.

The principles of this Safe Harbor Privacy Policy apply solely to the extent that AttackIQ collects Personally Information directly from individuals.

Definitions:

“Personal Information” means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

“Privacy Policy” means AttackIQ’ web site privacy policy, available here.

“Safe Harbors Privacy Policy” means this European Safe Harbor Privacy Policy.

Notice:

AttackIQ will inform individuals about the purposes for which it collects and uses Personal Information about them, the types of non-agent third parties to which AttackIQ discloses that information, and the choices and means, if any, AttackIQ offers individuals for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to AttackIQ, or as soon as practicable thereafter, and in any event before AttackIQ uses the information for a purpose other than that for which it was originally collected.

Choice:

AttackIQ will offer individuals the opportunity to choose (opt out of) whether their Personal Information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive Personal Information, AttackIQ will give individuals the opportunity to affirmatively and explicitly (opt in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

AttackIQ will provide individuals with reasonable mechanisms to exercise their choices should requisite circumstances arise. In order to request that AttackIQ not use an individual’s non-public Personal Information, such individual should contact AttackIQ by email at: [email protected] to request access to, correct or delete any Personal Information that you have provided to us. Individuals may also opt out of receiving marketing messages from AttackIQ by notifying AttackIQ at: [email protected].

Data Integrity:

AttackIQ will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. AttackIQ will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.

Onward Transfer:

AttackIQ may disclose Personal Information to business partners and subcontractors as necessary in connection with the performance of requested services or solutions, or as otherwise appropriate in connection with a legitimate business need. AttackIQ may also disclose Personal Information as necessary in connection with the sale or transfer of all or part of its business. In these situations, AttackIQ will require the recipient of the data to protect the data in accordance with the relevant principles in the Safe Harbors or otherwise take steps to ensure that the Personal Information is appropriately protected.  AttackIQ may also disclose Personal Information as required or permitted by law, or when AttackIQ believes that disclosure is necessary to protect its rights and/or to comply with a judicial proceeding, a court order, a law enforcement request, or other legal process.

Security:

We are committed to securing all Personal Information provided to us. We have deployed and maintain process and technology measures to provide reasonable assurance that your Personal Information is secured against unauthorized use, loss or disclosure.

Access:

Upon request, AttackIQ will grant individuals reasonable access to Personal Information that it holds about them. In addition, AttackIQ will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. AttackIQ agrees to process all reasonable requests for access within a reasonable time period, but reserves the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the individual’s privacy or in the case of a vexatious or fraudulent request. Any employee of AttackIQ that desires to review or update their Personal Information can do so by contacting their human resources representative.

Enforcement:

We have deployed internal processes to monitor our compliance with this Safe Harbors Privacy Policy and to address all questions or complaints. We encourage you to raise any concerns or complaints directly with us by contacting us at [email protected]. AttackIQ will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between AttackIQ and the complainant, complaints will be submitted to the American Arbitration Association (“AAA”) for mediation and then if necessary, to binding arbitration for final resolution. Information about AAA services can be found at its website: www.adr.org.

Comments:

If you have any questions, comments or concerns about our privacy practices, please contact us by e-mail at [email protected].