Your privacy is important to us. It is Security Compass’ policy to respect your privacy regarding any information we may collect from you through our website,
, through other sites we own and operate, and through the products and services we provide.
This policy (together with our
terms of service
and any other documents referred to in it) sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed.
Compliance with Privacy Laws
At Security Compass, the security of your data isn’t an afterthought. We have prioritized the security of customer data long before it was legally required. Our approach has been anchored with a strong commitment to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with various regulatory frameworks, including EU data protection requirements set out in the General Data Protection Regulation (“GDPR”), which became enforceable on May 25, 2018, and the California Consumer Privacy Act (“CCPA”) which came into effect January 01, 2020.
Where a company collects, transmits, hosts or analyzes personal information of EU data subjects, GDPR requires the company to process such data only in a way which guarantees the technical and organizational safeguards mandated by the GDPR.
Understanding the Key Concepts
What is ‘Personal Information’?
‘Personal Information’ means any information relating to an identified or identifiable natural person. The personal information we collect is explicitly stated below.
What is ‘Processing’ of personal information?
This can include a large number of actions. In simplified terms, processing your personal information means any use we make of it, whether we collect it in a database, store it somewhere or send it to someone else. You can see how we process your data below under ‘What we use your information for’.
What information do we collect?
We may collect and process the following data about you:
(i) Personal information
We may ask for personal information, such as your:
Social media profiles
Date of birth
This data is considered “identifying information”, as it can be used to personally identify you. We only request personal information relevant to providing you with a service, and only use it to help provide or improve this service. If you consent to receiving communications about our products and services, we may use your personal information to send you product and industry related news and updates. We only send out communications where we are legally allowed to do so.
(ii) Log data
When you visit our website, our servers may automatically log the standard data provided by your web browser. This data is considered “non-identifying information”, as it does not personally identify you on its own. It may however include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other non-identifying details.
We may also collect data about the device you are using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.
How we collect the information.
We collect information by fair and lawful means, with your knowledge and consent. We only process your data when we have a lawful reason for doing so. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.
What we use the information for.
We may use a combination of identifying and non-identifying information to understand who our visitors are, how they use our services, and how we may improve their experience of our website in future. We do not disclose the specifics of this information publicly but may share aggregated and anonymized versions of this information, for example, in website and customer usage trend reports.
We may use your personal details to contact you with updates about our website and services, along with promotional content that we believe may be of interest to you. We may contact you via phone, email, social media, or conventional mail. If you wish to opt out of receiving promotional content, you can follow the “unsubscribe” instructions provided alongside any promotional correspondence from us.
Where we store the information.
The personal information we collect is stored and processed in, or where we or our partners, affiliates and third-party providers maintain facilities. We only transfer data within jurisdictions subject to data protection laws that reflect our commitment to protecting the privacy of our users.
We only retain personal information for as long as necessary to provide a service, or to improve our services in future. In most cases, we delete personal information after a period of 2 years if we have not received any communication, opt-in notification, or other form of consent from the contact. While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security.
If you request your personal information be deleted, or where your personal information becomes no longer relevant to our operations, we will erase it from our system within a reasonable timeframe.
Who is the data processor?
Who are our sub-processors?
Security Compass’ maintains an up-to-date list of the sub-processors used for hosting, or other processing of data in the product specific privacy policies (see above under GDPR Compliance)
How we protect your information.
Security Compass employs the following safeguards to ensure the security your data:
Data encryption in transit and at rest
Network protection (including firewalls and intrusion detection systems)
Periodic penetration testing
Minimum access policies
Security by design (though the use of SD Elements and its approach to a secure development lifecycle)
Which third parties have access to your information?
We use third-party services for:
Advertising and promotion
These third-party service providers may only access your data for the sole purpose of performing specific tasks behalf of Security Compass. We do not share any personally identifying information with them without your explicit consent. We do not give them permission to disclose or use any of your data for any other purpose.
We may, from time to time, allow limited access to our data by external consultants and agencies for the purpose of analysis and service improvement. This access is only permitted for as long as necessary to perform a specific function.
We will refuse government and law enforcement requests for data if we believe a request is too broad or unrelated to its stated purpose. However, we may cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity.
We do not otherwise share or supply personal information to third parties. We do not sell or rent your personal information to marketers or third parties.
This website does not knowingly target children or collect personal information from children. As a parent/guardian, please contact us if you believe your child is participating in an activity involving personal information on our website, where you have not consented to the collection of such data. We do not use your supplied contact details for marketing or promotional purposes.
Limits of our policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices.
Your rights and responsibilities
As our user, you have the right to be informed about how your data is collected and used. You are entitled to know what data we collect about you, and how it is processed. You are entitled to correct and update any personal information about you, and to request this information be deleted. You may amend or remove your account information at any time, using the tools provided in your account control panel.
You are entitled to restrict or object to our use of your data, while retaining the right to use your personal information for your own purposes. You have the right to opt out of data about you being used in decisions based solely on automated processing.
How do I exercise my privacy rights?
In certain jurisdictions such as the EU and California privacy laws and regulations provide you with an array of rights, which lead to greater transparency into the use and control over your personal information. To ensure we honor your rights, you may contact us and submit a verifiable request in regard to the following:
Where you have previously agreed to us using your personal information for direct marketing purposes, and you wish to withdraw your consent (this may also be done through the unsubscribe function in an email received from us).
You may request access to your information, or to have your information changed or removed. Requests will be handled as soon as reasonably possible, but in all cases within 30 days. If you believe the information we hold about you is incorrect, or your personal information is being processed unlawfully, you may contact us have this rectified.
Your California Privacy Rights
The CCPA provides California residents with specific consumer rights regarding their personal information:
The right to access the personal information we have about you
The right to request the deletion of personal information we have about you
The right to not be discriminated against for having exercised your consumer rights
, we will notify you using the contact details saved in your account. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.
How to contact us:
Attn: Legal Department
390 Queens Quay West,Toronto, Ontario, M5V 3A6,