Effective Date: January 1, 2020
II. WHAT WE MEAN BY "PERSONAL INFORMATION"
III. WHAT DATA DO WE COLLECT?
(1) Data Collected Automatically
Most of the data we collect in and through the Websites and the Services is technical in nature and is collected and processed automatically through scripts, cookies and similar software-based technologies. Alone or in combination with other data, such automatically collected data may constitute Personal Information. The data we may collect by automated means may include, without limitation:
- Device data: including data on device IDs and similar hardware qualifiers.
- Websites, applications and browsers: including data on the existence, characteristics and behavior of websites, applications and browsers (e.g., browser type, version, language, preferences).
- Network and internet information: including URLs, IP addresses, bounce rates, use of spoofing, active (TCP/IP) ports, originating search engine, number of sessions initiated, click streams, location information and network/Wi-Fi access points.
Google Analytics is an element of the Websites. By using cookies, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the Websites, the Internet Protocol address, and the type of operating system used in the devices used to access the Website. By using a browser plugin available at http://www.google.com/ads/preferences/plugin/ provided by Google, you can opt out of Google Analytics.
(2) Data You Provide to Us
When you use the Websites or otherwise communicate with us, we collect data that you provide to us directly. For example, we collect data in the following circumstances: when you sign up for a newsletter, when you contact us via the Websites; and when you otherwise communicate with us.
The data you provide to us directly may include, without limitation, the following information that may, alone or in combination with other data, constitute Personal Information:
- Information you provide through our 'Contact' section, including your name, company, e-mail, country, inquiry, and any other information you decide to provide;
- Information you provide via email or using the contact details listed on various parts of the website, including your name, company, and phone number, and any other information you provide to us;
- Information you provide in order to subscribe to our newsletters and updates, including your email address, the topic for which you wish to receive updates, or any other information you decide to provide us with. You may always unsubscribe from these emails by following the instructions included;
- If you are one of our customers, suppliers or prospects, we may process limited Personal Information in the course of our business relation with you, for example when you place an order, request a demo or vice versa. Such Personal Information may include your name, company, title, e-mail address, telephone number, address, order details, and where applicable and relevant, credit registrations and credit limits;
- transaction and limited (non-PCI) payment data; and
- Other information: We may also collect any other information you may want to share with us, such as Personal Information related to recruitment / job applications. Moreover, if you contact us, a record of this correspondence may be kept.
We may also obtain data from third-party sources such as our customers, data providers, and credit bureaus, where permitted by law.
IV. PURPOSES FOR OUR COLLECTION AND USE OF PERSONAL INFORMATION
The Personal Information we collect is primarily processed for and on behalf of our customers and used to provide our abuse, fraud and user experience protection solutions on their websites, platforms and applications. In providing our Services, we obtain feedback from our customers. We process and use this feedback for the legitimate interests of our Customers, their bona fide end-users and of us providing our Services, preventing fraud and abuse (including identity and credit card fraud) and securing online websites and environments.
We use the Personal Information you provide to us when you contact us in relation to enquiries, orders, comments or complaints made by you for conducting business with you and for our legitimate interest of communicating with you about our products and services. With your consent (unless otherwise permitted by applicable law) we use the Personal Information you provide us via our Websites (for example when signing up to our newsletters) to send you information on our products and services, special offers and other information based on the interests that you have indicated to us. If you do not wish to receive such information, you can indicate so via the details directly below or the links provided in our emails. If you are one of our customers, suppliers or prospects, we use Personal Information about you to establish and fulfil our contract with you. This may include verifying your identity, communicating with you and arranging the provision of products and services. We also use Personal Information about you for our legitimate interests of documenting and managing our internal administration.
We use the Personal Information we obtain from use of the Websites for market research in pursuance of our legitimate interests of improving our products and services and being able to offer our customers and prospects tailored products and services.
In addition to the above, we use the Personal Information in order to comply with applicable laws and for our legitimate purposes of protection our legal rights, in connection with legal claims, and for compliance, regulatory, and investigative purposes. This may include sharing the Personal Information with third parties, such as governmental authorities or law enforcement officials subject to applicable law.
V. WHO DO WE SHARE PERSONAL INFORMATION WITH?
We may disclose Personal Information you provide to us or that we collect automatically on the Websites and in and through the Services with the following categories of third parties:
- Service providers, such as data storage service providers, marketing service providers, accounting service providers, social media platforms you use, and communications service providers (e.g. Intercom.io, Salesforce.com, Outreach.io, Stripe.com, Unbounce.com and Marketo.com) and human resources service providers;
- Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and
For service providers and third parties outside of the European Economic Area ("EEA") that are not subject to an adequacy decision from the European Commission we rely on the so-called EU model clauses, their EU-US Privacy Shield Certification and the Binding Corporate Rules they may have adopted. If you wish to hear more about these safeguards, please contact us through the details further below.
VI. THIRD PARTY PRACTICES
Our Services are set up in such way that they allow our customers a great deal of control of any (further) use of the Services and Personal Information. As our customers exercise such control and can use and implement the Services to their liking (as detailed in their contract with us), we are not responsible for any further use of our Services and Personal Information (including the combination of the Personal Information with other information) by our customers. If you would like to have more information on how the Services and Personal Information are used by our customers, we invite you to read their respective data protection notices and/or contact them directly.
VII. INDIVIDUAL RIGHTS
Where we process Personal Information, individuals are entitled to ask us for an overview of the Personal Information we have about them and also to access, correct or delete certain Personal Information, restrict processing of their Personal Information, or to ask us to transfer some of Personal Information to other organizations. Certain individuals can also object to some processing of their Personal Information and, where we have asked for their consent, they can withdraw their consent at any time. Insofar as Personal Information about them is processed, certain individuals also have a right to know more about the protection we apply when transferring Personal Information to non-EEA countries.
Note that we are not legally obligated to agree to such requests in all circumstances, and in certain circumstances, agreeing to a request may be infeasible – for example, a deletion request when we are required by law to maintain the Personal Information. Please also note that we are not able to act on any of the above requests if we are not in a position to identify an individual filing such request.
Where applicable, these rights can be exercised by sending us an email through the contact details further below. Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information about you. We encourage you to first reach out to us at email@example.com so we have an opportunity to address your concerns directly before you do so. We are committed to compliance with the General Data Protection Regulation ("GDPR") where applicable, so please contact us through the details listed below if you have any questions about these rights.
VIII. FOR CALIFORNIA RESIDENTS
California Civil Code Section 1798.83 permits Website(s) users who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make a request, please contact us: firstname.lastname@example.org.
Your California Privacy Rights:
Subject to the limitations set forth in Cal. Civ. Code § 1798.100 et seq, if you are a California resident you may have the right:
- to request disclosure of the categories and specific pieces of Personal Information collected about you;
- to request the disclosure of the business purpose for collecting or selling your Personal Information; the categories of third parties with whom it is shared, and the categories of sources from which Personal Information is collected;
- to request the deletion of Personal Information collected about you, subject to the limitations set forth in California Civil Code Section 1798.105(d);
- not to be discriminated against for exercising the rights guaranteed by California Civil Code Section 1798.100 et seq.
For the categories of Personal Information we collect, the purposes for processing that information, and the categories of third parties to whom we disclose that information please refer to Section 3 “What Data Do We Collect”, 4 “Purposes for Our Collection and Use of Personal Information”, and 5 “Who Do We Share Personal Information With”, above.
Requests to Know
You have the right to request that we disclose:
- The categories of Personal Information we collect;
- The categories of Personal Information we sell or disclose for a business purpose;
- The categories of sources from which we collect your Personal Information;
- Our business or commercial purpose for selling or collecting your information;
- The categories of Personal Information sold or shared about you, as well as the categories of third parties to whom the Personal Information was sold, by category of Personal Information for each party to whom information was sold;
- The specific pieces of Personal Information collect.
You may submit a request to know via email at email@example.com. Delivery may take place electronically or by mail. We are not required to provide Personal Information to you more than twice in a 12-month period.
Requests to Delete
You have the right to request that businesses delete any Personal Information about you collect from you. Upon receiving a verified request to delete your Personal Information, we will do so unless otherwise authorized by law.
You may submit a request to delete your information via email at firstname.lastname@example.org.
We will acknowledge the receipt of requests to know or requests to delete your information free of charge, within 10 days. You may submit requests via the mechanisms given below.
In order to protect your privacy and the security of your information, we verify consumer requests by asking you to submit specific pieces of personal information that we can verify by matching against our records.
We will respond to your request within 45 days of receipt, after we have successfully verified your identity.
Sale of Personal Information
You have a right to opt-out of the sale of your Personal Information. You may, at any time, direct businesses that sell your Personal Information to third parties not to sell your Personal Information.
Under the CCPA, a “sale” includes “renting, releasing, disclosing disseminating, making available, transferring or otherwise communicating a consumer’s personal information to another business or third party for monetary or other valuable consideration.” Sales do not necessarily require that money be exchanged for the transfer of personal information. We have taken substantial steps to identify whether any of our data sharing arrangements would constitute a “sale” under the CCPA. Due to the complexities and ambiguities in the CCPA, we will continue to evaluate some of our third party and customer relationships as we await the publication of final implementing regulations and guidance.
It is unclear if some elements of our Services qualify as “sales” under the CCPA. Your interaction with our Services may depend on your affirmative actions with relation to our customers’ platforms.
We will continue to update our business practices as regulatory guidance becomes available and provides clarity on what constitutes a sale transaction, in the online security space.
The Right to Non-Discrimination
You have a right not to receive discriminatory treatment for the exercise of your California privacy rights.
Personal Information the We Have Disclosed for a Business Purpose in the Last 12 Months
(A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
(B) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
(C) Geolocation data.
(D) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney pursuant to Probate Code sections 4000-4465 may submit a request on your behalf.
You may submit a request for access to or deletion of your information via email at email@example.com.
IX. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
X. TRANSFERS OF PERSONAL INFORMATION FROM THE EU OR SWITZERLAND TO THE UNITED STATES
In compliance with the Privacy Shield Principles, NS8 commits to resolve complaints about your privacy and our collection or use of Personal Information about you. Persons from the EU or Switzerland who have inquiries or complaints regarding this Statement should first contact us via email at: firstname.lastname@example.org.
NS8 has committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
Additionally, with respect to complaints concerning human resources data that is transferred from the EU and Switzerland to the United States, we have agreed to participate in the dispute resolution procedures of the EU Data Protection Authorities. Contact details for the EU data protection authorities can be found at: http://ec.europa.eu/justice/dataprotection/bodies/authorities/index_en.htm. NS8 will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints concerning human resources data that is transferred from the EU and Switzerland to the United States under the Privacy Shield.
These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Pursuant to the Privacy Shield, NS8 remains potentially liable for the transfer of Personal Information to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.
In cases of onward transfer to third parties of Personal Information of EU individuals received pursuant to the EU-US and Switzerland-US Privacy Shield, NS8 is potentially liable.
XI. DATA RETENTION
We retain Personal Information about you only for as long as needed for the purposes for which it was collected.
If you are a customer or supplier of NS8, NS8 will retain Personal Information about you for the duration of the contractual relationship you or your company has with us and after the end of that relationship for as long as necessary to perform the purposes set out above or to comply with other legal obligations. Personal Information we collect as a result of you subscribing to our newsletter or press releases will be stored until you decide to withdraw your subscription.
XII. DATA SECURITY
We maintain commercially reasonable risk-based security and data protection measures, which include end-to-end encryption for Personal Information in transit and encryption for Personal Information at rest. For more information on our security practices, please review our Security Policy at https://www.ns8.com/en-us/policies/security.
XIII. LINKS TO OTHER WEBSITES
NS8 does not offer Services to children. If you are under 18, you may use the Services only with the full knowledge and consent of a parent or guardian.
XVII. CONTACT US
Data Protection Officer (Spencer Fairbairn):
241 W Charleston Blvd, Suite 111
Las Vegas, NV 89102
Attn: Data Protection Officer
NS8's representative in the EU is:
1018 VN Amsterdam, Netherlands
Attn: Managing Director