SAFE SECURITIES, INC.
Last Updated March 04, 2022
Welcome to the website (the “Site”) of Safe Securities, Inc. (“Safe Securities,” “we,” “us,” or “our”). Safe Securities provides mobile and web-based applications for enterprise wise, objective, consistent and real time visibility of cyber risk posture and cybersecurity risk assessment (collectively, including the Site, the “Service”). This Privacy Policy explains what personal information we collect, how we use and share that information, and your choices concerning our information practices.
Before using the Service or submitting any personal information to Safe Securities, please review this Privacy Policy carefully and Contact Us if you have any questions. By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not access the Site or otherwise use the Service.
1. PERSONAL INFORMATION COLLECTION
Personal Information You Provide: We collect the following categories of personal information from you:
- Identification Information: We collect your name, email address, phone number, mailing/billing addresses, and other information that you voluntarily provide to us, such as when you create an account for the Service, fill out a form on our Site, submit a job application, etc.
- Communication Information: We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback. Providing communication information is optional to you.
- Social Media Information: We maintain a social media presence on platforms like Instagram, Facebook, Medium, Twitter, and LinkedIn (“Social Media Pages”). When you interact with us on social media, we may receive personal information that you provide or make available to us based on your settings, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
Third Party Information: To enhance our ability to provide relevant services to you, we may receive information about you from third parties, such as public databases, partners, lead generation services, and social media platforms. We also collect information from other sources to help us correct or supplement our records such as customer enrichment services, improve the quality or personalization of our services to you and to verify your identity in instances of suspected fraud or identity theft. This may include personal information, internet or other electronic network activity information, and any inferences which may be drawn from the above information. In each instance we will only accept information from third parties where those third parties can demonstrate they have received all necessary consents to share such information with us.
Internet Activity Information: When you visit, use, and interact with the Service, the following information may be created and automatically logged in our systems:
- Device Information: The manufacturer and model, operating system, IP address, and unique identifiers of the device, as well as the browser you use to access the Service. The information we collect may vary based on your device type and settings.
- Usage Information: Information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities. We use Google Analytics, a web analytics service provided by Google LLC (“Google”) to help collect and analyze Usage Information. For more information on how Google uses this information, click here.
- Location Information: We may derive a rough estimate of your location from your IP address when you visit the Site.
- Email Open/Click Information: We may use pixels in our email campaigns that allow us to collect your email and IP address as well as the date and time you open an email or click on any links in the email.
The following technologies may be used to collect Internet Activity Information:
- Cookies, which are text files stored on your device to uniquely identify your browser or to store information or settings in the browser to help you navigate between pages efficiently, remember your preferences, enable functionality, help us understand user activity and patterns, and facilitate online advertising.
- Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
- Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
Personal Information We Process on Behalf of Our Customers: In order to provide the Service, we process certain data on behalf of our customers. We process that data, including any personal information contained within it, pursuant to our agreements with our customers. We have no direct relationship with the individuals whose personal information we process in the course of providing our Service to our customers. If you are such an individual and have questions about the processing of your personal information or want to exercise one of your privacy rights, please contact the customer that you interact with directly.
2. PERSONAL INFORMATION USE
Your personal information is used for the following purposes:
Service Delivery, including to:
- Provide, operate, maintain, secure and improve the Service;
- Create, maintain, and authenticate your account;
- Process transactions through our third party payment processors;
Communicating with You:
- to send you updates about administrative matters such as changes to our terms or policies; and
- provide user support, and respond to your requests, questions and feedback.
Service Improvement, including to:
- improve the Service and create new features;
- personalize your experience; and
- create and derive insights from de-identified and aggregated information.
Marketing and Advertising: We and our advertising partners may use your personal information for marketing and advertising purposes, including:
- Direct Marketing: To send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via postal mail, email, telephone, text message, and other means. In connection with our marketing activities, we may enrich the personal information you have provided to us through use of third party sales and marketing platforms.
- Interest-Based Advertising: We engage advertising partners, including third party advertising companies and social media companies, to display ads on the Service and other online services. These companies may use cookies and similar technologies to collect information about your interaction over time across the Service, our communications, and other online services, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to our or similar users (known as a “lookalike audience”) on other online platforms. You can learn more about your choices for limiting interest-based advertising in the Limit Online Tracking section below.
Compliance and Protection, including to:
- Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- Audit our compliance with legal and contractual requirements and internal policies; and
- Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
3. PERSONAL INFORMATION SHARING
Our Sharing: We do not sell, rent, license, or lease your personal information to third parties. However, in certain circumstances we may share the categories of personal information described above without further notice to you, unless required by the law, with the following categories of third parties:
- Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal information with service providers, including hosting services, cloud services, and other information technology services, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and analytics services. Pursuant to our instructions, these parties will access, process, or store personal information in the course of performing their duties to us. We take commercially reasonable steps to ensure our service providers adhere to the security standards we apply to your personal information.
- Professional Advisors: We may share personal information with our professional advisors such as lawyers and accountants where doing so is necessary to facilitate the services they render to us.
- Business Transfers: If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, dissolution, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), we may share your personal information with counterparties and others assisting with the Transaction and with a successor or affiliate as part of or following that Transaction.
- Legal Requirements: We do not volunteer your personal information to government authorities or regulators, but we may disclose your personal information where required to do so for the Compliance and Protection purposes described above.
- Affiliates: We may share personal information with our current and future affiliates, meaning an entity that controls, is controlled by, or is under common control with Safe Securities. Our affiliates may use the personal information we share in a manner consistent with this Privacy Policy.
4. PERSONAL INFORMATION RETENTION
We keep personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g. for tax, legal, accounting, or other purposes), whichever is longer.
5. NOTICE TO CALIFORNIA RESIDENTS
Where provided for by law and subject to any applicable exceptions, California residents may have the following rights:
- Know: You can request to know the categories of personal information that Safe Securities has collected about you, the business purpose for collecting your personal information, the categories of sources from which the personal information was collected, whether Safe Securities has disclosed your personal information for business purposes, the categories of personal information so disclosed, and the categories of third parties to whom we have disclosed your personal information (we provide this information in the Personal Information Collection, Use, and Sharing sections above);
- Access: You can request access to the specific pieces of personal information that Safe Securities has collected about you;
- Delete: You can request that we delete the personal information we collected from you; and
- Opt out: You can instruct businesses that sell your personal information to stop doing so – Safe Securities, however, does not sell personal information.
If you would like to exercise any of these rights, or want an alternative form of this Privacy Policy, please contact us. After we receive your request, we may request additional information from you to verify your identity. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you authorized the agent to submit the request. We will not treat you differently for exercising your rights.
6. EU USERS
Scope: This section applies to individuals in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway, the United Kingdom, and, to the extent applicable, Switzerland).
Data Controller: Data protection laws in the EU differentiate between the “data controller” and “data processor” of personal information. Safe Securities is the data controller for the processing of your personal information unless it is processing such personal information on behalf of a customer or other third party. You can find our contact information in the “Contact Us” section below.
Data Processor: Safe Securities is the data processor for the processing of your personal information when it is processing such information on behalf of a customer. To exercise the rights described below in such a circumstance, please contact the corresponding Safe Securities customer.
Legal Bases for Processing: This Privacy Policy (the paragraph “Personal Information Use”) describes the legal bases we rely on for the processing of your personal information. Please contact us if you have any questions about the specific legal basis we are relying on to process your personal information.
As used in this Privacy Policy, “legitimate interests” means our interests in conducting our business and developing a business relationship with you. This Privacy Policy describes when we process your personal information for our legitimate interests, what these interests are and your rights. We will not use your personal information for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted by law.
Your Rights: Pursuant to the European Union General Data Protection Regulation (or GDPR), you have the following rights in relation to your personal information, under certain circumstances and subject to any applicable exceptions:
- Right of access: If you ask us, we will confirm whether we are processing your personal information and, if so, provide you with a copy of that personal information along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your personal information is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal information with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal information so you can contact them directly.
- Right to erasure: You may ask us to delete or remove your personal information, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal information with so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your personal information in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your personal information with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal information so you can contact them directly.
- Right to data portability: You have the right to obtain your personal information from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by automated means. We will give you your personal information in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Rights in relation to automated decision-making: You have the right to be free from decisions based solely on automated processing of your personal information (including profiling) which produce a significant legal effect on you, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.
- Right to object: You may ask us at any time to stop processing your personal information, and we will do so:
- If we are relying on a legitimate interest to process your personal information — unless we demonstrate compelling legitimate grounds for the processing or we need to process your data in order to establish, exercise, or defend legal claims;
- If we are processing your personal information for direct marketing. We may keep minimum information about you in a suppression list in order to ensure your choices are respected in the future and to comply with data protection laws (such processing is necessary for our and your legitimate interest in pursuing the purposes described above);
- Right to withdraw consent: If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal information, you can report it to the data protection authority that is authorized to hear those concerns (in the UK, the Information Commissioner’s Office (ICO), who can be contacted at https://ico.org.uk/concerns, and in other EU countries the data protection authority of the country in which you are located).
Please see the “Contact Us” section below for information on how to exercise your rights.
Data Transfers: Safe Securities is based in the United States; however we are a global business. We may transfer personal information to countries other than your own country in connection with our lawful business purposes. These countries may have data protection rules that are different from your country. On behalf of our customers, we may process personal information in the United States, Germany, United Kingdom, Bahrain, India, Australia and Singapore, as determined by our customer. With respect to personal information we process in our capacity as a data controller, we may process or use third party service providers to process personal information in various countries, including the United States, United Kingdom, France, Netherlands, Hong Kong, India, Dubai, and Singapore. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer.
7. CHILDREN
Our Service is not directed to children who are under the age of 18. Safe Securities does not knowingly collect personal information from children under the age of 18. If we learn that we have collected personal information from a child under the age of 18 without the consent of the child’s parent or guardian as required by law, we will delete that information.
8. LINKS TO OTHER WEBSITES
The Service may contain links to other websites not operated or controlled by Safe Securities, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.
9. SECURITY
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, we cannot guarantee the security of your personal information and you use the Service at your own risk.
10. YOUR CHOICES
Update or Correct Personal Information: You can contact us and request any updates or corrections needed to keep your personal information accurate, current, and complete.
Opt Out of Marketing Communications: You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in any marketing communication we send you. Please note, however, that you may continue to receive communications as described in the Communicating with You section after opting out of marketing communications.
Limit Online Tracking: Here are some of the ways you can limit online tracking:
- Block Cookies: Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Use the following links to learn more about how to control cookies and online tracking through your browser:
- Firefox ; Chrome ; Microsoft Edge ; Safari
- Limit the Use of Advertising ID: You may be able to limit use of your mobile device’s advertising ID for interest-based advertising purposes through your device’s settings.
- Use Privacy Plug-Ins or Browsers: You can block our Services from setting cookies used for interest-based ads by using a browser with privacy features, like Brave , or installing browser plugins like Privacy Badger , DuckDuckGo, Ghostery or uBlock Origin , and configuring them to block third party cookies/trackers. You can also install a browser add-on to opt out of Google Analytics.
- Advertising Industry Opt-Outs: You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
Note that the above opt-out mechanisms are specific to the device or browser on which they are exercised. You will need to opt out on every browser and device that you use.
Do Not Track. We currently do not respond to “Do Not Track” or similar signals. Learn more about “Do Not Track” here .
11. CHANGES TO THE PRIVACY POLICY
The Service and our business may change from time to time. As a result we may change this Privacy Policy at any time. When we do we will post an updated version on this page, unless another type of notice is required by applicable law. By continuing to use our Service or providing us with personal information after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and the practices described in it.
12. CONTACT US
If you have any questions about our Privacy Policy or information practices, please feel free to contact us at our designated request address: [email protected]
You may also contact our Privacy Officer directly:
Name – Viditkumar Baxi
Email – [email protected]
Address: Safe Securities, 3000 El Camino Real, Building 4, Suite 200, Palo Alto, CA 94306, USA