Effective date: August 16, 2018
- Processor Data: When Great Bay Software provides Security Services, we typically process personal data within our client’s infrastructure and environment, and such processing is subject to the applicable client’s privacy policies and procedures. There are, however, some occasions where we will collect personal data from our clients. In these instances, the personal data we collect and process is done on behalf of our clients. We refer to this data as “Processor Data.” Under applicable law, Great Bay Software is considered the “data processor” of the Processor Data, and the “data controller” of the data (i.e. the company with the right to decide how data is used) is our applicable client.
- Controller Data: Great Bay Software may also process personal data for our own business purposes. We refer to this data as “Controller Data.” This includes, for example: (a) personal data we use for marketing, sales, and client relationship management; (b) personal data related to the personnel of our clients or service providers; and (c) other business-related personal data collected on the Site or elsewhere for our own business.
I. OUR COLLECTION, USE, AND DISCLOSURE OF PROCESSOR DATA
- Collection of Processor Data
Great Bay Software’s Security Services are installed and operated within a client’s security infrastructure. Though we rarely collect personal data when providing Security Services, there are some instances in which we may collect certain information, including personal data, from or on behalf of our Security Services clients and their personnel. Because of the nature of the Security Services, this information may contain any type of personal data, including names, contact information, and other identifying information. For example, in providing Security Services, we may collect the following types of information that may be Processor Data:
- Device identifiers, operating system, time zone, MAC addresses, and other information about computing systems, applications, and networks;
- Names, emails, and phone numbers;
- Job-related information, such as job titles, company name, and company address;
- Information about activity on computing systems, websites, applications, and networks;
- System logs and traffic, including URLs;
- Data, including geolocation information (e.g., GPS coordinates or building/floor location), regarding where devices used for the Security Services are located;
- IP addresses and inferred information related to IP addresses (e.g., inferred company, inferred country, etc.); and
- Information provided to us for troubleshooting or security inquiries (e.g. if a client sends us support tickets).
Some of the technical information listed above is considered personal data in certain contexts.
- Uses of Processor Data
Subject to our contractual obligations, and depending on the particular Security Services, we may use and disclose the information described above (sometimes in combination with other information we obtain, such as from our clients):
- To provide the Security Services, including by (a) providing maintenance and technical support; and (b) analyzing and improving the Security Services;
- To enforce the legal terms that govern the Security Services;
- To comply with law and protect rights, safety, and property; and/or
- For other purposes requested or permitted by our clients, or as reasonably required to perform our business.
- Disclosures of Processor Data
Subject to our contractual obligations, and depending on the particular Security Services, we may share the information described above as follows:
- To provide the Security Services, which can involve sharing personal data with our client and with third parties selected by the client or its users;
- To enforce the legal terms that govern the Security Services;
- To comply with law, and where we deem disclosure appropriate to protect rights, safety and property (for example, for national security or law enforcement);
- As part of an actual or contemplated business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization; and/or
- For other purposes requested or permitted by our clients or users, or as reasonably required to perform our business.
II. OUR COLLECTION, USE, AND DISCLOSURE OF CONTROLLER DATA
- Collection of Controller Data
We collect two types of Controller Data: (1) data provided directly to us by you or third parties; and (2) data collected automatically from your browser or device.
- Data Directly Provided by You or Third Parties
When visiting or using our Site, we may ask you to provide us with certain information, including information that can be used to contact or identify you. The data we collect may include, but is not limited to: (1) name; (2) email address; (3) phone number; (4) business address; (5) mailing address; and (6) business phone number. We obtain Controller Data directly from Site visitors or their employers, and also from third-party sources, such as clearinghouses, data brokers, fraud databases, referrals from clients and users, as well as publicly-available sources such as company websites.
- Cookies and Automated Data Collection
We also collect Controller Data through the technology described in the Cookies and Similar Automated Data Collection section below.
- Uses of Controller Data
We use Controller Data for the following purposes:
- To provide our Site and other services, and any other business offerings;
- For marketing, advertising, and other communications;
- To manage our relationships with clients, partners, suppliers, and others;
- To notify clients about changes to our products and services;
- To analyze, improve, and create products and services;
- To enforce the legal terms that govern our business and online properties;
- To comply with law and protect rights, safety, and property;
- For other purposes as reasonably required to perform our business.
- Disclosures of Controller Data
Subject to our contractual obligations, we disclose Controller Data as follows:
- Affiliates: We may disclose Controller Data to our affiliates or related companies;
- Consent: We may disclose Controller Data to nonaffiliated third parties based on your consent to do so.
- Service Providers: We may provide access to Controller Data to select third parties who perform services on our behalf. These third parties provide a variety of services for us, including without limitation billing, sales, marketing, advertising, market research, data storage, fraud and safety protection, and legal services.
- Business Transfers: We may disclose Controller Data as part of an actual or contemplated business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization;
- Other: We may disclose Controller Data as reasonably required to perform our business.
- Our Legal Bases for Use of Controller Data
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds for processing Controller Data are as follows:
- Legitimate interests: In most cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
- Protecting our business, personnel and property
- Customer service
- Analyzing and improving our business; and/or
- Managing legal issues
We may also process personal data for the same legitimate interests of our clients and business partners.
- To honor our contractual commitments to the individual: Some of our processing of personal data is to meet our contractual obligations to individuals, or to take steps at clients’ request in anticipation of entering into a contract with them.
- Consent: Where required by law, and in some other cases, we handle personal data on the basis of consent.
- Legal compliance: We may also use and disclose personal data in certain ways to comply with our legal obligations.
III. YOUR EU RIGHTS AND CHOICES
We provide the options described below for exercising rights and choices, which are subject to important limits or exceptions under applicable law:
- Processor Data
To exercise rights or choices with respect to Processor Data, please make your request directly to the client for whom we process the personal data.
- Controller Data
To keep your personal data accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct personal data in our possession that you have previously submitted via this Site.
The law of your jurisdiction (for example, within the European Economic Area) may give you additional rights to request access to and rectification or erasure of certain of your personal data we hold. In some cases, you may be entitled to receive a copy of the personal data you provided to us in portable form or to request that we transmit it to a third party. The law may also give you the right to request restrictions on the processing of your personal data, to object to processing of your personal data, or to withdraw consent for the processing of your personal data (which will not affect the legality of any processing that happened before your request takes effect). You may contact us as described below to make these requests.
For example, residents of the European Economic Area and certain other jurisdictions may have a right to opt out of our processing of Controller Data for direct marketing purposes. You can exercise this right by contacting us as described below. Our marketing emails and certain other communications include unsubscribe instructions, which you can use to limit or stop the relevant communications. Opt-out processes may take some time to complete, consistent with applicable law. Certain communications (such as certain billing-related communications or emergency service messages) are not subject to opt-out.
You may contact us with any concern or complaint regarding our privacy practices, and you also may lodge a complaint with the relevant governmental authority.
IV. AGGREGATE OR DE-IDENTIFIED DATA
V. COOKIES AND SIMILAR AUTOMATED DATA COLLECTION
These technologies help us (a) remember your information, including any applicable logins, on the pages you visit; (b) display personalize content; (c) perform analytics, and measure traffic and usage trends, and better understand the demographics of our users; (d) diagnose and fix technology problems; and (e) otherwise plan for and enhance our business.
You can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Microsoft Edge; Google Chrome; Mozilla Firefox; or Apple Safari). Please note that by blocking any or all cookies, you may not have access to certain features or offerings of the Site. We may also use local shared objects (also known as “Flash cookies”) to assist in delivering special content, such as video clips or animation. Flash cookies are stored on your device, but they are not managed through your web browser. To learn more about how to manage Flash cookies, you can visit the Adobe website and make changes at the Global Privacy Settings Panel.
We may use third-party web analytics services (such as those of Google Analytics) on our Site to collect and analyze the information discussed above, and to engage in auditing, research or reporting. The information (including your IP address) collected by various analytics technologies described in above may be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Site, including by noting the third-party website from which you arrive, analyzing usage trends, assisting with fraud prevention, providing certain features to you, and other purposes. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here. If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
Also, in some cases, we facilitate the collection of information by advertising services administered by third parties. The ad services may track users’ online activities over time by collecting information through automated means such as cookies, and they may use this information to show users ads that are tailored to their individual interests or characteristics and/or based on prior visits to certain sites or apps, or other information we or they know, infer or have collected from the users. For example, we and these providers may use different types of cookies, other automated technology, and data (i) to recognize users and their devices, (ii) to inform, optimize, and serve ads and (iii) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).
To learn more about interest-based advertising generally, including how to opt out from the targeting of interest-based ads by some of our current ad service partners, visit aboutads.info/choices or youronlinechoices.eu from each of your browsers. You can opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page. If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again. We do not respond to browser-based do-not-track signals.
Please visit your mobile device manufacturer’s website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.
If a password is used to help protect your personal data, it is your responsibility to keep the password confidential. Do not share this information with anyone.
VII. DATA RETENTION
VIII. CHILDREN’S PRIVACY
The Site and our Security Services are not intended for anyone under the age of 18. If we become aware that we have inadvertently collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 13, children under the age of 14 in Spain or South Korea, or from an EU resident under the age of 16 without parental consent, we will take reasonable steps to delete it as soon as possible. We also comply with other age restrictions and requirements in accordance with applicable local laws.
IX. LINKS TO OTHER WEBSITES AND SERVICES
XI. CONTACT US