We self-certify compliance with
Effective Date: August 7, 2014
- Information We Gather from You
You may decide to provide us with your personal information in the following situations:
- E-mail as a Request for Information or Registrations for Guides or Seminars – We may refer you to links throughout our site to provide you with the opportunity to contact us via e--mail to ask questions, request information and materials, register or sign up for guides, seminars, training classes or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our services. To do so, we may request additional personal information from you, such as your name, telephone number and other address information, to help us satisfy your request.
- Service Enrollment – If you choose to enroll for one of our Services, we may request certain information from you, which may vary depending on the type of service that you request. For enrollment in our Services, we may require your name, address (including country, city and state), telephone number, e-- mail address, credit card number, bank account information, IP address, IP range, domain name(s), or Web Application URL(s).
- Recruitment and Employment – You may choose to provide us with information about yourself, such a resume or other employment related information in connection with a job application or inquiry whether advertised on the site or as otherwise provided by WhiteHat Security. WhiteHat Security may use this information throughout WhiteHat Security and its related entities for the purpose of employment consideration or as you inquire.
Statistical Information About Your Visit
When you visit a WhiteHat Security Site, our systems collect personal information (in the manner described above) and statistical or non--personally identifiable information about your visit to our sites (e.g. IP address, pages visited, origin of visitor domains, and types of browsers used). However, unless you actively submit personal information, we do not typically identify you via the non-personally identifiable information. Notwithstanding the foregoing, to the extent permitted by applicable law, we reserve the right to combine non--personally information with personal information that you have actively submitted.
Our uses of “cookies” are limited to the following specific situations. The first situation is with respect to temporary cookies. There are two instances in which we use temporary cookies. First, if you are accessing our services through one of our online applications our Web server may automatically send your browser a temporary cookie, which is used to help your browser navigate our site. The only information contained in these temporary cookies is a direction value that lets our system determine which page to show when you hit the back button in your browser. This bit of information is erased when you close your current browser window. If you come to our site from one of our business or advertising partners, our Web server may also send your browser a temporary cookie that reflects an “origination code” for that partner. We use this information for statistical and marketing purposes.
List of Temporary Cookies:
APID – The WhiteHat Sentinel API session cookie that only is set when you log in via our API. Typically does not have a value set.
WHID – The WhiteHat Sentinel Session Cookie that is set upon login.
WHMFA – Multifactor Authentication Cookie that is only set when you log in using MFA. Typically does not have a value set.
USE_CVSS – Used in the legacy WhiteHat Sentinel UI to specify whether or not CVSS scores are displayed in the findings tab
List of Permanent Cookies:
ELOQUA, ELQSTATUS – For visitor tracking across multiple WhiteHat Security websites.
_utma, _utmb, _utmc, _utmv, _utmz – For Google Analytics across multiple WhiteHat Security websites.
jive.recentHistory,jive_wysiwygtext_height – Used by WhiteHat Security Community to remember user preferences.
List of Third Party Cookies: Various third--party cookies are set by the following entities and used for statistical and marketing purposes: LivePerson (http://liveperson.net) and Adroll (http://d.adroll.com).
- WhiteHat Security may use Web beacons alone or in conjunction with cookies to compile information about Customers and site visitors’ usage of the site and interaction with emails from WhiteHat Security. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, WhiteHat Security may place Web beacons in marketing emails that collect information when you click on a link in the email that directs you to WhiteHat Security’ site. We may use Web beacons to operate and improve WhiteHat Security’ site and email communications. WhiteHat Security may use information from Web beacons in combination with data about WhiteHat Security to provide you with information about WhiteHat Security and the WhiteHat Security Services.
- How We Use Your Information
We may use the information that we receive from you or collect on our own:
Instances Where We May Share Personal Information
- To provide the Services, respond to inquiries or send you administrative messages regarding the operation and use of the Services,
- To personalize and improve the Services,
- To monitor and analyze usage and trends of the Services,
- To send email updates or other promotions related to the Services,
- To provide you with relevant advertisements,
- To process any transactions initiated by you,
- For any other purpose for which the information was collected.
We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties. In some cases WhiteHat Security uses suppliers to collect, use, analyze and otherwise process information on its behalf. It is WhiteHat Security’ practice to require such suppliers and other service providers to handle information in a manner consistent with WhiteHat Security’ policies and to use your personal information only as necessary to provide these services to us.
We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process. When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
We may also share your personal information if WhiteHat Security is involved in a merger, acquisition, or sale of all or a portion of its assets.
WhiteHat Security Supported Blogs and Forums
We may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact the WhiteHat Security Safe Harbor Contact as described below.
From time-to-time we may request information from customers via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for improving our customer service and service offerings. The feedback and data we collect from these surveys is aggregated and we do not single--out individual responses unless the respondent chooses to be identified.
Social Media Widgets
Our web site includes social media features, such as the Facebook Like button and widgets, such as the ShareThis button or interactive mini--programs that may run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our web site. Your interactions with these features are governed by the privacy statement of the company providing it.
The profile you create on our site will be publically accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.
Your Ability to Opt--Out of Notifications
From time to time, we notify visitors of new products, announcements, upgrades and updates unless you have opted out of these notices. If you would like to opt-out of being notified, please contact us at the address given at the end of this Privacy Statement.
You may also change your preferences online at https://www.whitehatsec.com/marketing/communications/preferences.html Please be aware that you may not opt out of receiving information regarding the security, initial use, expiration, product enhancement or migration of our products or services from this site.
Access or Update Personal Information
If your personally identifiable information changes, or if you no longer desire our service, you may correct, update, amend, delete or deactivate it by making the change on your WhiteHat Sentinel information page or by emailing our Customer Support at the contact information listed below. We will use reasonable efforts respond to your request to access to personal information within 30 days.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Our Security Practices
We consider the protection of all personal information we receive from our Web site visitors and customers as critical. Please be assured that we have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering the Services using the Secure Sockets Layer (SSL) protocol.
- Choice –
- Opt-In: we collect personal information about you only if you decide to provide such information to us as describe above.
- Opt-Out: you may opt--out of receiving certain notifications from us as describe above.
- e-collect information for our clients; if you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly.
- Onward Transfer – WhiteHat Security may transfer personal information to companies that help us provide our service. The provisions in this statement regarding notice and choice cover transfers to subsequent third parties and the service agreements with our clients or within master services agreement signed with customers.
- Access to Data Controlled by our Clients – WhiteHat Security has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the WhiteHat Security’ client or the data controller. If the client requests WhiteHat Security to remove the data, we will respond to their request within 30 business days.
- Security – please see the description of our security practices above (“Our Security Practices”).
- Data Integrity – WhiteHat Security will retain personal data we process on behalf of our clients for as long as needed to provide services to our client. WhiteHat Security will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
- Enforcement – if you have a comment or concern about our compliance with the Safe Harbor Privacy Principles, please contact us at email@example.com. Any unresolved disputes will be adjudicated by the ICDR/AAA U.S.-EU Safe Harbor program.
WHITEHAT SECURITY SAFE HARBOR NOTICE
Scope of Safe Harbor Certification
WhiteHat Security, Inc. complies with the U.S.–E.U. Safe Harbor framework and the U.S.–Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. WhiteHat Security, Inc. has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view WhiteHat Security, Inc.’s certification, please visit http://www.export.gov/safeharbor/.
WhiteHat Security adheres to the Safe Harbor Privacy Principles published by US Department of Commerce (“Safe Harbor Principles”) with respect to personal data about individuals in the EEA those subsidiaries, customers, suppliers and other businesses in the EEA send to WhiteHat Security.
Categories of Information Collected From the EEA
WhiteHat Security collects data processing and advisory services largely for businesses and rarely if ever for consumers. Thus, WhiteHat Security receives mostly business-- related information from the EEA. Occasionally, WhiteHat Security also receives contact information related to individual representatives of businesses with whom WhiteHat Security is dealing (including, without limitation, names, addresses, work phone numbers, work email addresses, etc.), and, in connection with our managed document review and advisory services, WhiteHat Security processes data that may be relating to EEA residents on behalf of, and in accordance with instructions from, customers (collectively “EEA Data”). Since EEA Data covered by this Notice is by definition sent to WhiteHat Security by another company in the EEA (e.g., a supplier to WhiteHat Security), the categories of data sent and the purposes of processing often depend on such other company, with whom the EEA Persons typically have a closer employment, business or other relationship (and which therefore, can provide additional information on categories of data shared with us).
WhiteHat Security collects and uses EEA Data for purposes of providing data processing and advisory services to its customers, communicating with corporate business partners about business matters, processing EEA Data on behalf of corporate customers, transmitting marketing emails and performing other marketing activities, and conducting related tasks for legitimate business purposes.
Changes To This Statement
We may update this privacy statement to reflect changes to our information practices. If we make any material changes we may notify you by email or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
If you have questions about WhiteHat Security’ Privacy Statement, please contact our WhiteHat Security Safe Harbor Privacy Administrator at 3970 Freedom Circle, Santa Clara California 95054, telephone: +1 (408) 343-8300, or fax: +1 (408) 904-7142; or email us at firstname.lastname@example.org