Privacy Policy Privacy Policy

1 INTRODUCTION AND SCOPE

1.1 INTRODUCTION

Conformance CyberSecurity LLC is a company incorporated in the USA whose registered office is at 6834 Cantrell RD # 1111, Little Rock, AR 72207, USA.

Conformance CyberSecurity LLC and its subsidiaries (together “Conformance CyberSecurity”, “we”, “us”, “our”), are committed to maintaining the privacy, security, and accuracy of your personal data. As a result, Conformance CyberSecurity has developed this policy to inform you of the steps it has taken to protect your privacy. In addition, Conformance CyberSecurity and its employees also adhere to strict internal information security policies and procedures to safeguard your information. For more information about which subsidiaries are covered by this policy, please see the “Scope of Policy” section below.

Conformance CyberSecurity complies with all applicable data protection laws, including the General Data Protection Regulation (“GDPR”).

Conformance CyberSecurity also complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and the United Kingdom to the United States (the “Privacy Shield”). Conformance CyberSecurity Holdings, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”). If there is any conflict between the terms in this privacy policy and the Principles, the Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

The Federal Trade Commission and/or the Department of Transportation have jurisdiction over Conformance CyberSecurity Holdings, Inc.’s and its subsidiaries’ compliance with the Privacy Shield.

1.2 SCOPE OF POLICY

This policy and Conformance CyberSecurity’s Privacy Shield certification cover personal data that is transferred from the European Economic Area to Conformance CyberSecurity LLC.

Conformance CyberSecurity may share your personal data with any member of the subsidiaries listed above who may process your personal data for the purposes specified in this privacy policy. The list of Conformance CyberSecurity companies with whom your data may be shared will change from time to time, so please ensure that you revisit this policy regularly.

Because Conformance CyberSecurity respects your right to privacy, it has implemented privacy practices in the provision of its services, products, and website, including in accordance with the Privacy Shield and GDPR. Specifically, Conformance CyberSecurity commits to complying with the following Principles in respect of all personal data which is received from individuals based in the European Union and transferred to the United States of America:

  1. Notice: Conformance CyberSecurity is committed to providing you information about its participation in and responsibilities under the Privacy Shield, the types of information that Conformance CyberSecurity may collect from you and how it is used, your rights in relation to your personal data, and how to contact Conformance CyberSecurity and/or the available independent dispute resolution body designated to address complaints;
  2. Choice: Where possible, Conformance CyberSecurity will allow you to opt-out of (i) disclosures of your personal data to third parties; or (ii) use of your personal data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you;
  3. Accountability for Onward Transfers: Conformance CyberSecurity will only transfer your personal data to third parties where: (i) such transfer is only for limited and specified purposes; (ii) the third party provides at least the same level of privacy protection as the Principles; (iii) the processing is consistent with Conformance CyberSecurity’s obligations under the Principles; (iv) the third party is required to notify Conformance CyberSecurity if it can no longer provide sufficient protection for your personal data; (v) the third party takes steps to stop and remediate unauthorized processing; and (vi) Conformance CyberSecurity commits to provide a summary of the relevant privacy protections in place with that third party to the Federal Trade Commission upon request;
  4. Security: Conformance CyberSecurity will take reasonable and appropriate measures to protect personal data from loss misuse or unauthorized access, disclosure, alteration or destruction;
    Data Integrity and Purpose Limitation: Conformance CyberSecurity will take steps to limit the personal data that it processes about you to that which is relevant for the purposes of the processing. Conformance CyberSecurity will also take steps to hold the data it processes about you for as long as it serves the purpose of processing. Conformance CyberSecurity will also take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current;
  5. Access: You have a right to access the personal data that Conformance CyberSecurity holds about you and to correct, amend, or delete that information where it is inaccurate or has been processed in violation of the Principles; and
  6. Recourse, Enforcement and Liability: Conformance CyberSecurity provides robust mechanisms for assuring compliance with the Principles and recourse for individuals who are affected by non-compliance with the Principles. Further details on the recourse mechanisms available to you can be found under the “Recourse and Dispute Resolution” section below.
    Lawful basis of processing: Conformance CyberSecurity will process personal data on the basis of consent, out of necessity for the performance of a contract, and to protect our legal position in the event of legal proceedings.

2 PRIVACY PRACTICES

2.1 PERSONAL DATA COLLECTED

In general, you can access Conformance CyberSecurity’s website(s) and use its services without giving us any personal data. However, many of Conformance CyberSecurity’s products, services and interactions with you will involve the collection of various “personal data” about you which are explained in detail below. Personal data is information which can identify you as a living individual when used in isolation or in conjunction with other information.

In addition to any information you voluntarily provide to us or input through Conformance CyberSecurity(s) website, we may collect the information in the following circumstances:

Products / Services. Conformance CyberSecurity may collect your personal data in connection with providing you with services and/or products. The specific types of personal data collected from you are dependent on the services or products you select but this information may include:

  • full name;
  • contact details including address, phone numbers, and email address;
  • job role and employer name;
  • bank account information including credit card number;
  • tax identification number; and
  • second-level domain information and IP addresses.

Partners. Conformance CyberSecurity may also obtain your personal data from third parties, such as partners and resellers, but only to the extent it is required to provide you with our products and/or services. This information may include:

  • full name;
  • contact details including address, phone numbers and email address; and
  • bank account information including credit card number.

Website and Subscriptions. Other than during your enrollment for services and/or products, Conformance CyberSecurity also collects personal data from you if you access Conformance CyberSecurity’s website(s) and/or you choose to register for events, subscribe to email listings throughout our website, or request that we contact you. This information may include:

  • full name;
  • contact details including address, phone numbers and email address;
  • second-level domain information and IP addresses;
  • information gathered from cookies (see “Cookies” section below).

Cookies. Conformance CyberSecurity also utilizes cookies when you visit its website(s), or during the use of its products, which is a piece of data used by web servers to help identify you. A cookie is installed automatically when you use the site but you can reject or disable a cookie by changing a setting on your browser. Conformance CyberSecurity uses session, non-persistent cookies to help offer you secure pages to our website that allows you to login automatically across sessions. A list of our cookies can be provided on request in accordance with the “Contact Details” section.

2.2 USE OF PERSONAL DATA

Conformance CyberSecurity may use your personal data as follows:

  • Where collected in connection with our products and services:
    • to provide you with products, services and any renewals thereof;
    • to provide you with support and maintenance for products/services;
    • to inform you of any new or updated services or product offerings;
    • to bill you for products and services;
    • to notify you of any changes to your use of our website, products, or services;
    • to respond to your inquiries;
    • to have a partner or independent reseller contact you to facilitate the renewal, support or purchase of products/services, but only to the extent such third party has executed a confidentiality agreement with obligations to protect your personal data (for a list of these third parties, please contact us at the address set forth at the end of this policy);
    • to authenticate your identity in order to provide you with an SSL certificate (your personal data may be provided to an independent third party resource for verification);
    • to transfer or negotiate the transfer of ownership of Conformance CyberSecurity or its assets during any merger, acquisition or sale, even if they are not in the same line of business like us (in such event, your personal data will be held subject to this Privacy Policy; and
    • to comply with applicable law and law enforcement authorities.
  • Where collected from third parties:
    • to provide you with products, services and any renewals thereof;
    • to provide you with support and maintenance for products/services;
    • to inform you of any new or updated services or product offerings;
    • to bill you for products and services;
    • to notify you of any changes to your use of our website, products, or services;
    • to respond to your inquiries;
    • to have a partner or independent reseller contact you to facilitate the renewal, support or purchase of products/services, but only to the extent such third party has executed a confidentiality agreement with obligations to protect your personal data (for a list of these third parties, please contact us at the address set forth at the end of this policy);
    • to transfer ownership of Conformance CyberSecurity during any merger, acquisition, or sale (in such event, your personal data will be held to the same confidentiality obligations); and
      to comply with applicable law and law enforcement authorities.
  • Where collected in connection with your access to Conformance CyberSecurity’s website(s) and/or you register for events, subscribing to email listings or requesting that we contact you:
    • to inform you of any new or updated services or product offerings;
    • to notify you of any changes to your use of our website, products, or services;
    • to analyze the use of our website to improve its layout and services;
    • to respond to your inquiries;
    • to transfer ownership of Conformance CyberSecurity during any merger, acquisition, or sale (in such event, your personal data will be held to the same confidentiality obligations); and
    • to comply with applicable law and law enforcement authorities.

This uses listed above are not intended to be exhaustive and may be updated from time to time as business needs and legal requirements dictate. Where appropriate, you will be given a more detailed explanation as to how your personal data is used on a case by case basis.

Conformance CyberSecurity’s website(s) may link to other websites which are not within its control. Once you have left Conformance CyberSecurity’s website(s), Conformance CyberSecurity cannot be responsible for the protection and privacy of any information which you provide. You should exercise caution and look at the privacy statement applicable to the website in question.

2.3 SENSITIVE INFORMATION

Information about you which is considered sensitive or a special category of personal data under data protection laws can include information about your medical or health conditions, racial or ethnic origin, political opinions, trade union membership, religious or philosophical beliefs, genetic data, biometric data, sexual life and sexual orientation, and suspected or proven criminal activity and related proceedings. If we need to process sensitive or special categories of personal data, you will be notified of such processing and asked to specifically agree to the use of such information as appropriate.

Conformance CyberSecurity asks that you do not provide any sensitive or special categories of personal data unless Conformance CyberSecurity specifically asks for this.

2.4 DISCLOSURES

Conformance CyberSecurity may share your personal data with any of its subsidiaries who may process your personal data for the purposes specified in this privacy policy.

Sometimes Conformance CyberSecurity will share your information with carefully selected third parties outside of Conformance CyberSecurity’s corporate group (such as its partners, resellers and subcontractors). Conformance CyberSecurity may do this for the following reasons:

  • To carry out services for Conformance CyberSecurity;
  • To provide you with information about special promotions and offers which we think you might be interested in;
  • In response to lawful requests by public authorities, including to meet national security or law enforcement requirements;
  • When Conformance CyberSecurity believes it is necessary to comply with the law or protect our or another person's rights, property, or safety; and/or
  • If there is (or is to be) any change in ownership of any Conformance CyberSecurity business or assets then Conformance CyberSecurity may wish to share your information so that the new (prospective) owners may continue to operate our business effectively and continue to provide services to customers. This may include new shareholders or any organization that might take an assignment or transfer of any agreements we have entered into with Conformance CyberSecurity’s customers.

Conformance CyberSecurity will place appropriate obligations and restrictions on third parties to protect your details.

Conformance CyberSecurity will remain responsible to you under the Principles in the event any of its agents processes your personal data in a manner inconsistent with the Principles except where Conformance CyberSecurity can prove that it is not responsible for the relevant event.

Conformance CyberSecurity, and sometimes other third parties with whom we share personal data, are or may be located outside the European Economic Area; for example, Conformance CyberSecurity LLC. is located in the USA.

2.5 OPTING OUT / IN

If you are a customer or you have previously asked us for information on Conformance CyberSecurity’s products and/or services, Conformance CyberSecurity may send you information on its range of products and services to your contact details, unless you have asked us not to do so.

You may opt-out of having your personal data used for marketing purposes and/or any purpose inconsistent with the purpose it was originally collected or authorized by you. Please contact info@conformancecybersecurity.com to opt-out or change your preference.

If you receive marketing material from our partners or other third parties and no longer wish to receive such material, you must opt-out directly with that party.

It is important to note that you may not opt-out of receiving materials that would detrimentally affect the use, security, or accuracy of Conformance CyberSecurity’s products and services, including without limitation SSL certificates. Such materials may include critical security notices, product updates, and service and product expiration dates.

2.6 RIGHTS OF DATA SUBJECTS

At any time, you may have access to your personal data for any reason, including without limitation reviewing, correcting, deleting inaccuracies or updating such information by sending a request to Conformance CyberSecurity in accordance with the “Contact Details” section below. You may also have the right to erase your personal data, restrict the processing, the right of portability, and the right to object to the processing in certain circumstances. A small fee may be payable. Conformance CyberSecurity will verify your identity before processing any requests.

2.7 SECURITY

Conformance CyberSecurity takes reasonable precautions to protect your personal data. However, please be aware that there are inherent security risks of providing information and dealing online over the internet and Conformance CyberSecurity cannot, therefore, guarantee the security of any data disclosed online.

2.8 DATA INTEGRITY

Conformance CyberSecurity has implemented reasonable measures to ensure that your personal data is relevant for the purposes for which it is to be used and that it is reliable for its intended use and is accurate, complete, and current.

If you think any information we have about you is incorrect or incomplete, please write to or e-mail us as soon as possible. We will correct or update any information (as appropriate) as soon as possible.

2.9 CHANGES TO THIS PRIVACY POLICY

Conformance CyberSecurity may amend this privacy policy from time to time. If any amendments are made then a notice will be posted on Conformance CyberSecurity’s website. This privacy policy was last updated on 20 May 2019.

3 CONTACT DETAILS & DISPUTE RESOLUTION

3.1 CONTACT DETAILS

All inquiries, questions, and complaints regarding how Conformance CyberSecurity processes your personal data and/or this privacy policy may be sent to Conformance CyberSecurity’s Privacy Department:

E-mail: info@conformancecybersecurity.com

Conformance CyberSecurity will promptly respond to all inquiries and implement a corrective course of action, if necessary.

3.2 DISPUTE RESOLUTION

In compliance with the Privacy Shield Principles, Conformance CyberSecurity commits to resolve complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Conformance CyberSecurity at info@conformancecybersecurity.com

Conformance CyberSecurity has further committed to refer unresolved Privacy Shield complaints to JAMS International (“JAMS”), an alternative dispute resolution provider located in London, England. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS at https://www.jamsinternational.com/ for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Conformance CyberSecurity also commits to cooperate with the panel established by the EU data protection authorities (“DPAs”) and comply with the advice given by the panel with regard to personal human resources (HR) data transferred from the European Union.

Under certain conditions, you have a right to invoke binding arbitration for complaints regarding Conformance CyberSecurity’s Privacy Shield compliance not resolved by under the dispute resolution mechanism set out above. For additional information regarding binding arbitration, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Last amended: 20 May 2020