Effective Date: July 1, 2021
This Policy is intended to meet requirements globally, including those in North America, Europe, APAC, and other jurisdictions. This Policy does not apply to information we collect by other means (including offline) or from other sources.
This Policy applies to all of NTT AppSec’s operating divisions, branches, and entities directly controlled by NTT AppSec, including its U.S. affiliates, and any additional entities directly controlled by NTT AppSec that we may subsequently form.
2. INFORMATION WE MAY GATHER FROM YOU
The types of personal information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with NTT AppSec and the requirements of applicable law. Some of the ways that NTT AppSec may collect personal information include:
2.1 Information You Provide Directly to Us
- Inquiries and Requests – We may provide you with the opportunity to contact us via e-mail or chat to ask questions, request information and materials, register or sign up for guides, seminars, or training classes, or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our Services. To facilitate this request, we may request additional personal information from you, such as your name, telephone number, and other contact information, to help us satisfy your request.
- Service Enrollment– If you choose to enroll for one of our Services, we may require, without limitation, your name, address (including country, city and state), telephone number, e-mail address, credit card number, bank account information, IP address, IP range, domain name(s), or Web Application URL(s). The types of information required to fulfill a service request depend on the types of Services being requested.
- Statistical Information about Your Visit – We may collect certain information automatically through our Services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, mobile advertising identifiers, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferences.
- Surveys: From time to time we may request information from customers via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for improving our customer service and service offerings.
- Human Resources Data: NTT AppSec collects personal information from current, prospective, and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number, financial information related to credit checks, bank details for payroll, information that may be recorded on a CV or application form, language abilities, contact information of Third Parties in case of an emergency, and beneficiaries under any insurance policy.We may also collect Sensitive Human Resources Data such as the need for a leave of absence due to a disability, including mental health, medical leave, and maternity leave; information about national origin or immigration status; and optional demographic information such as race, which helps us achieve our diversity goals. We acquire, hold, use, and process Human Resources-related personal information for a variety of business purposes that may include, but are not limited to the following:
- Workflow management, including assigning, managing and administering projects;
- Human Resources administration and communication;
- Payroll and the provision of benefits;
- Compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
- Job grading activities;
- Performance and employee development management;
- Organizational development and succession planning;
- Benefits and personnel administration;
- Absence management;
- Helpdesk and IT support services;
- Regulatory compliance;
- Internal and/or external or governmental compliance investigations;
- Internal or external audits;
- Litigation evaluation, prosecution, and defense;
- Diversity and inclusion initiatives;
- Restructuring and relocation;
- Emergency contacts and services;
- Employee safety;
- Compliance with statutory requirements;
- Processing of Employee expenses and travel charges; and
- Acquisitions, divestitures, and integrations.
2.2 Information from Other Sources
We may receive information about you from other sources, including through Third-Party services and organizations to supplement information provided by you. This supplemental information allows us to verify information that you have provided to NTT AppSec and to enhance our ability to provide you with information about our business, products, and Services.
2.3 Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising
3. HOW WE USE YOUR INFORMATION
3.1 Business Information
Generally, we use the personal information we receive to:
- Provide the Services, respond to inquiries or send you administrative messages regarding the operation and use of the Services;
- Personalize and improve the Services;
- Monitor and analyze usage and trends of the Services;
- Send communications related to the Services;
- Provide you with relevant advertisements;
- Process any transactions initiated by you;
- For any other purpose for which the information was collected;
- To meet our legal obligations, for example:
- For audit and reporting purposes;
- To perform accounting and administrative tasks;
- To respond to requests for information by competent public bodies and judicial authorities;
- To respond to inquiries we receive from you or your company or organization;
- To enforce or manage legal claims;
- To deliver advertising and promotional and other communications, including periodically contacting you with offers and information about our products, services, features, and events and sending you newsletters or other information about topics that we believe may be of interest; conducting online surveys; and otherwise promoting our products, services, features, and events; and
- To deliver targeted advertisements to you, both on and off the Services, including by using cookies, web beacons, and other Technologies, as explained in this Policy.
3.2 Human Resources Information
With regard to personal information we receive in connection with the employment relationship:
- we will use such personal information only for employment-related purposes as more fully described in this Policy; and
- if we intend to use this personal information for any other purpose, we will provide the individual with an opportunity to opt out of such uses.
3.3 Additional Uses Aligned with Our Legitimate Interests
In addition, we may use your personal information for the following purposes for which we have a legitimate interest:
- Direct marketing
- Processing for research purposes (including marketing research)
- Disclosure to affiliated organizations
- Network and information security (e.g., server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.)
- Physical security
- Exercise of the right to freedom of expression or information, including in the media and the arts
- Unsolicited non-commercial messages, including for political campaigns or charitable fundraising
- Enforcement of legal claims including debt collection via out-of-court procedures
- Prevention of fraud, misuse of services or money laundering
- Employee monitoring for safety or management purposes
- Whistle-blowing schemes
- Processing for historical, scientific or statistical purposes
3.4 Instances Where We May Share Personal Information
- General. We will share your personal information with Third Parties only as described in this Policy. We do not sell your personal information to Third Parties.
- Vendors and Service Providers: In some cases NTT AppSec may share personal information with our vendors and service providers who assist us to collect, use, analyze, and otherwise process information on our behalf. It is our practice to require such entities to handle information in a manner consistent with NTT AppSec’s policies and to use your personal information only as necessary to provide these services to us.
- Business Partners: NTT AppSec information with our business partners and affiliates for their internal business purposes or to provide you with a product or service that you have requested. NTT AppSec may also provide personal information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner’s name will appear, along with NTT AppSec’s. We require our affiliates and business partners to agree in writing to maintain the confidentiality and security of personal information they maintain on our behalf and not to use it for any purpose other than the purpose for which NTT AppSec provided it to them.
- To Protect Ourselves or Others: We may access, preserve, and disclose your personal information, other account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours’, ours’ or others’ rights, property, or safety; (iv) to enforce NTT AppSec policies or contracts; (v) to collect amounts owed to NTT AppSec; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
- Merger, Sale, or Other Asset Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. Should such an event occur, NTT AppSec will endeavor to direct the transferee to use personal information in a manner that is consistent with the Policy in effect at the time such personal information was collected.
- Testimonials: We may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact the NTT AppSec Privacy Contact as described in the “How to Contact Us” section below.
- Public Profiles: The profile you create on our website will be publicly accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.
- Data Transfers: All personal information collected via or by NTT AppSec may be stored anywhere in the world, including but not limited to, in the United States, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Your personal information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to NTT AppSec, you consent to the storage of your personal information in these locations.
4. YOUR CHOICES
Where you have consented to NTT AppSec’s processing of your personal information, you may withdraw that consent at any time and opt out of further processing by following the instructions in this section. Even if you opt out, we may still collect and use non-personal information regarding your activities on our websites and/or information from the advertisements on Third-Party websites for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.
4.1 Email and Telephone Communications
If you would like to discontinue receiving promotional communications from us, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you. You may also change your preferences online at https://info.whitehatsec.com/Subscription-Management.html.
Note that even if you opt out, you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain communications regarding WhiteHat and our Services and you will not be able to opt out of those communications (e.g., communications regarding updates to our Terms of Service or this Policy, information regarding the security, initial use, expiration, product enhancement or migration of our products or services from this site).
We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.
4.2 “Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. WhiteHat does not recognize or respond to browser-initiated DNT signals. For information about “do-not-track”, please visit http://www.allaboutdnt.org/.
4.3 Cookies and Interest-Based Advertising
You may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that cookie-based opt-outs are not effective on mobile applications. However, on many mobile devices, application users may opt out of certain mobile ads via their device settings.
The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at http://www.networkadvertising.org/managing/opt_out.asp
or http://www.youronlinechoices.eu/ and http://www.aboutads.info/choices/. You can also choose not to be included in Google Analytics here.
To be clear, whether you are using our opt-out or an online industry opt-out, these cookie-based opt-outs must be performed on each device and browser that you wish to have opted out. For example, if you have opted out on your computer browser, that opt-out will not be effective on your mobile device. You must separately opt out on each device. Advertisements on Third Party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.
5. THIRD-PARTY LINKS
Our website may contain links to other websites for news and other information. Our Policy only applies to the NTT AppSec website and we are not responsible for the privacy practices or the content of other websites. You should check the privacy policies of those sites before providing your personal information to them.
6. YOUR PRIVACY RIGHTS
In accordance with applicable law, you may have the following rights:
- the right to rectify inaccurate personal data we hold about you without undue delay, and taking into account the purposes of the processing, to have incomplete personal data about you completed.
- the right to ask us to erase your personal data (the right to be forgotten) without undue delay in certain circumstances.
- the right to restrict the processing of your personal data in certain circumstances.
- the right to receive your personal data from us in a structured, commonly used and machine-readable format and to transmit your personal data to a third party without obstruction (right to data portability) in certain circumstances.
- where we process personal data based on your consent, you have the right to withdraw your consent at any time for future processing.
- where we process your personal data based upon our legitimate interests or those of a third party, you have the right to object to the processing of your personal data at any time (including to any profiling).
- where we process your personal data for direct marketing purposes, you have the right to object to processing of your personal data at any time, including profiling to the extent that it is related to such direct marketing.
- the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- the right to opt in or opt out of the sale of your personal information to Third Parties, if applicable, where such requests are permitted by law.
- if you are a California resident, you also have the right not to receive discriminatory treatment by us for the exercise of your rights conferred by the California Consumer Privacy Act.
6.1 Exercising these Rights
If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” section below.
Although NTT AppSec makes good faith efforts to provide individuals with access to their personal information, there may be circumstances in which NTT AppSec is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where it is commercially proprietary. If NTT AppSec determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, NTT AppSec will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.
7. DATA RETENTION
NTT AppSec will retain personal information for as long as needed to provide Services or as otherwise permitted by law. NTT AppSec will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We consider the protection of all personal information we receive as critical. Please be assured that we have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering the Services using the Secure Sockets Layer (SSL) protocol.
9. CHILDREN’S PRIVACY
Because of the nature of our business, this website is not designed to appeal to children under the age of 13 (or 16 in certain jurisdictions) and we do not knowingly request or receive any information from children under the age of 13 (or 16 in certain jurisdictions). If you learn that your child has provided us with personal information without your consent, you may alert us at [email protected]. If we learn that we have collected any personal information from children under 13 (or 16 in certain jurisdictions), we will promptly take steps to delete such information and terminate the child’s account.
10. INTERNATIONAL USERS
By using the website, you will transfer data to the United States. By choosing to visit the website, utilize the Services or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Policy will be governed by the laws of the State of California and the adjudication of any disputes arising in connection with NTT AppSec or the website will be in accordance with the Terms.
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. By providing your personal information, you consent to any transfer and processing in accordance with this Policy.
11. CALIFORNIA PRIVACY RIGHTS
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. NTT AppSec does not share personal information with third parties for their own marketing purposes.
12. CHANGES TO THIS POLICY
We may update this Policy to reflect changes to our information practices. If we make any material changes we may notify you by email or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
If you are an EU citizen and feel that NTT AppSec is not abiding by the terms of this Policy or is not in compliance with the Standard Contractual Clauses, please contact us as described in the “How to Contact Us” section below.
In addition, you may lodge a complaint with a data protection supervisory authority if you believe that your data protection rights relating to your personal data have been breached by NTT AppSec or that your personal data has been compromised in some way. A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
This Policy shall be implemented by NTT AppSec and all its operating divisions, subsidiaries and affiliates. NTT AppSec has put in place mechanisms to verify ongoing compliance with Standard Contractual Clauses and this Policy. Any Employee who violates these privacy principles will be subject to disciplinary procedures.
14. HOW TO CONTACT US
If you have questions about this Policy or would like to exercise any of your rights described in this Policy, please contact us at:
1741 Technology Drive, Suite 300
San Jose, CA 95110
Telephone (toll free): +1 844-947-3696
Email: [email protected]
The following capitalized terms shall have the meanings herein as set forth below.
“Agent” means any Third Party that Processes personal information pursuant to the instructions of, and solely for, NTT AppSec or to which NTT AppSec discloses personal information for use on its behalf.
“Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker, or retiree of NTT AppSec or its subsidiaries worldwide.
“Process” or “Processing” means any operation which is performed upon personal information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Sensitive Data” or “Sensitive Personal Information” is a subset of personal information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes personal information regarding EU residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the Individual’s sex life; or (8) information relating to the commission of a criminal offense.
“Standard Contractual Clauses” is a data transfer mechanism described in Article 46(2)(c) of the General Data Protection Regulation (GDPR) and approved by the EU Commission Decision 2010/87/EU on February 5, 2010 and includes any successor standard contractual clauses that may be adopted pursuant to an EU Commission decision.
“Third Party” is any company, natural or legal person, public authority, agency, or body other than the Individual, NTT AppSec or NTT AppSec’s Agents.