Effective Date: August 24, 2020
This Policy is intended to meet requirements globally, including those in North America, Europe, APAC, and other jurisdictions. This Policy does not apply to information we collect by other means (including offline) or from other sources.
This Policy applies to all of WhiteHat’s operating divisions, branches, and entities directly controlled by WhiteHat, including its U.S. affiliates, and any additional entities directly controlled by WhiteHat that we may subsequently form.
2. INFORMATION WE MAY GATHER FROM YOU
The types of personal information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with WhiteHat and the requirements of applicable law. Some of the ways that WhiteHat may collect personal information include:
2.1 Information You Provide Directly to Us
We may also collect Sensitive Human Resources Data such as the need for a leave of absence due to a disability, including mental health, medical leave, and maternity leave; information about national origin or immigration status; and optional demographic information such as race, which helps us achieve our diversity goals. We acquire, hold, use, and process Human Resources-related personal information for a variety of business purposes that may include, but are not limited to the following:
2.2 Information from Other Sources.
We may receive information about you from other sources, including through Third-Party services and organizations to supplement information provided by you. This supplemental information allows us to verify information that you have provided to WhiteHat and to enhance our ability to provide you with information about our business, products, and Services.
2.3 Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising
3. HOW WE USE YOUR INFORMATION
3.1 Business Information
Generally, we use the personal information we receive to:
3.2 HUMAN RESOURCES INFORMATION
With regard to personal information we receive in connection with the employment relationship:
3.3 Additional Uses Aligned with Our Legitimate Interests
In addition, we may use your personal information for the following purposes for which we have a legitimate interest:
3.4 Instances Where We May Share Personal Information
4. YOUR CHOICES
Where you have consented to WhiteHat’s processing of your personal information, you may withdraw that consent at any time and opt out of further processing by following the instructions in this section. Even if you opt out, we may still collect and use non-personal information regarding your activities on our websites and/or information from the advertisements on Third-Party websites for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.
4.1 Email and Telephone Communications
If you would like to discontinue receiving promotional communications from us, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you. You may also change your preferences online at https://info.whitehatsec.com/Subscription-Management.html.
Note that even if you opt out, you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain communications regarding WhiteHat and our Services and you will not be able to opt out of those communications (e.g., communications regarding updates to our Terms of Service or this Policy, information regarding the security, initial use, expiration, product enhancement or migration of our products or services from this site).
We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.
4.2 “Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. WhiteHat does not recognize or respond to browser-initiated DNT signals. For information about “do-not-track”, please visit http://www.allaboutdnt.org/.
4.3 Cookies and Interest-Based Advertising
You may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that cookie-based opt-outs are not effective on mobile applications. However, on many mobile devices, application users may opt out of certain mobile ads via their device settings.
The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, or http://www.youronlinechoices.eu/ and www.aboutads.info/choices/. You can also choose not to be included in Google Analytics here.
To be clear, whether you are using our opt-out or an online industry opt-out, these cookie-based opt-outs must be performed on each device and browser that you wish to have opted out. For example, if you have opted out on your computer browser, that opt-out will not be effective on your mobile device. You must separately opt out on each device. Advertisements on Third Party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.
5. THIRD-PARTY LINKS
Our website may contain links to other websites for news and other information. Our Policy only applies to the WhiteHat website and we are not responsible for the privacy practices or the content of other websites. You should check the privacy policies of those sites before providing your personal information to them.
6. YOUR PRIVACY RIGHTS
In accordance with applicable law, you may have the following rights:
6.1 Exercising these Rights
If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” section below.
Although WhiteHat makes good faith efforts to provide individuals with access to their personal information, there may be circumstances in which WhiteHat is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where it is commercially proprietary. If WhiteHat determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, WhiteHat will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.
7. DATA RETENTION
WhiteHat will retain personal information for as long as needed to provide Services or as otherwise permitted by law. WhiteHat will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We consider the protection of all personal information we receive as critical. Please be assured that we have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering the Services using the Secure Sockets Layer (SSL) protocol.
9. CHILDREN’S PRIVACY
Because of the nature of our business, this website is not designed to appeal to children under the age of 13 (or 16 in certain jurisdictions) and we do not knowingly request or receive any information from children under the age of 13 (or 16 in certain jurisdictions). If you learn that your child has provided us with personal information without your consent, you may alert us at [email protected] If we learn that we have collected any personal information from children under 13 (or 16 in certain jurisdictions), we will promptly take steps to delete such information and terminate the child’s account.
10. INTERNATIONAL USERS
By using the website, you will transfer data to the United States. By choosing to visit the website, utilize the Services or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Policy will be governed by the laws of the State of California and the adjudication of any disputes arising in connection with WhiteHat or the website will be in accordance with the Terms.
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. By providing your personal information, you consent to any transfer and processing in accordance with this Policy.
11. CALIFORNIA PRIVACY RIGHTS
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. WhiteHat does not share personal information with third parties for their own marketing purposes.
12. CHANGES TO THIS POLICY
We may update this Policy to reflect changes to our information practices. If we make any material changes we may notify you by email or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
If you are an EU citizen and feel that WhiteHat is not abiding by the terms of this Policy or is not in compliance with the Standard Contractual Clauses, please contact us as described in the “How to Contact Us” section below.
In addition, you may lodge a complaint with a data protection supervisory authority if you believe that your data protection rights relating to your personal data have been breached by WhiteHat or that your personal data has been compromised in some way. A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
This Policy shall be implemented by WhiteHat and all its operating divisions, subsidiaries and affiliates. WhiteHat has put in place mechanisms to verify ongoing compliance with Standard Contractual Clauses and this Policy. Any Employee who violates these privacy principles will be subject to disciplinary procedures.
14. HOW TO CONTACT US
If you have questions about this Policy or would like to exercise any of your rights described in this Policy, please contact us at:
1741 Technology Drive, Suite 300
San Jose, CA 95110
Telephone (toll free): +1 844-947-3696
email: [email protected]
The following capitalized terms shall have the meanings herein as set forth below.
“Agent” means any Third Party that Processes personal information pursuant to the instructions of, and solely for, WhiteHat or to which WhiteHat discloses personal information for use on its behalf.
“Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker, or retiree of WhiteHat or its subsidiaries worldwide.
“Process” or “Processing” means any operation which is performed upon personal information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Sensitive Data” or “Sensitive Personal Information” is a subset of personal information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes personal information regarding EU residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the Individual’s sex life; or (8) information relating to the commission of a criminal offense.
“Standard Contractual Clauses” is a data transfer mechanism described in Article 46(2)(c) of the General Data Protection Regulation (GDPR) and approved by the EU Commission Decision 2010/87/EU on February 5, 2010 and includes any successor standard contractual clauses that may be adopted pursuant to an EU Commission decision.
“Third Party” is any company, natural or legal person, public authority, agency, or body other than the Individual, WhiteHat or WhiteHat’s Agents.