Privacy Policy

Last updated: September 7, 2016

Your privacy is of paramount importance to us. At TrustedSec we have a few fundamental principles:

TrustedSec, LLC. (“TrustedSec”, “we”) operates trustedsec.com. It is TrustedSec’s policy to respect your privacy regarding any information we may collect while operating our website, products and services (“Services”).

  • We don’t ask you for personal information unless we truly need it.
  • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
  • We don’t store personal information on our servers unless required for the on-going operation of one of our services.

If you have questions about deleting or correcting your personal data, please contact our team at privacy@trustedsec.com.

What information we collect

Sales-related Activities

In the course of marketing our Services, we will collect information on customers or potential customers in the course of doing business. This may include names, job titles and roles, current employers, employer’s address, as well as contact information such as email addresses or phone numbers. For example, if you reach out to us through our contact page, we will collect your name and email address and/or phone number.

Website Visitors

Like most website operators, TrustedSec collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. TrustedSec’s purpose in collecting non-personally identifying information is to better understand how TrustedSec’s visitors use its website. From time to time, TrustedSec may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

TrustedSec uses cookies to help us identify and track visitors, their usage of TrustedSec’s website, and their website access preferences. A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. TrustedSec visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using TrustedSec’s websites, with the drawback that certain features of TrustedSec’s websites may not function properly without the aid of cookies.

TrustedSec also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on our blog. TrustedSec only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that blog commenter IP addresses and email addresses are visible and disclosed to the administrators of the blog.

Service-related Activities

While this is not common, there may be circumstances where we would have to retain evidence that would contain personally-identifying information from our customers in the course of delivering our Services. An example of this is when we have to respond to an incident or collect evidence of adhering to a compliance or regulatory standard.

How we use your personal information

Aggregated Statistics

TrustedSec may collect statistics about the behavior of visitors to its websites. For instance, TrustedSec may monitor common landing pages or pages related to our services to ensure good customer engagement. TrustedSec may display this information publicly or provide it to others. However, TrustedSec does not disclose personally-identifying information other than as described below.

Fulfilling Our Services

TrustedSec discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on TrustedSec’s behalf or to provide services available at TrustedSec’s websites, and (ii) that have agreed not to disclose it to others. For example, evidence containing personally-identifying information may be collected to provide expert advice around the scope of services for a customer.

Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using TrustedSec’s websites, you consent to the transfer of such information to them.

TrustedSec will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, TrustedSec discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when TrustedSec believes in good faith that disclosure is reasonably necessary to protect the property or rights of TrustedSec, third parties or the public at large.

If you are a registered user of an TrustedSec website and have supplied your email address, TrustedSec may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with TrustedSec and our services. We primarily use our various blogs to communicate this type of information, so we expect to keep this type of email to a minimum. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users.

Your Choices & Obligations

Rights to Access, Correct, or Delete Your Information, and Closing Your Account

You have a right to (1) access, modify, correct, or delete your personal information controlled by TrustedSec regarding your profile, (2) change or remove your content, and (3) close your account. You can request your personal information that is not viewable on your profile or readily accessible to you (for example, your IP access logs) by emailing us at privacy@trustedsec.com. If you close your account(s), your information will generally be removed from the Service within one (1) week. We generally delete closed account information and will de-personalize any logs or other backup information through the deletion process within thirty (30) days of account closure, except as noted below.

Data Retention

We retain the personal information you provide while your account is in existence or as needed to provide you services. We may retain your personal information even after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, prevent fraud and abuse, or enforce this Privacy Policy. We may retain personal information, for a limited period of time, if requested by law enforcement.

Other Important Information

Privacy Policy Changes

Although most changes are likely to be minor, TrustedSec may change its Privacy Policy from time to time, and in TrustedSec’s sole discretion. TrustedSec encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Business Transfers

If TrustedSec, or substantially all of its assets, were acquired, or in the unlikely event that TrustedSec goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of TrustedSec may continue to use your personal information as set forth in this policy.

Security and Breach Notification

TrustedSec is committed to the security of your information, and has in place physical, administrative and technical measures designed to prevent unauthorized access to that information. TrustedSec security policies cover the management of security for both its internal operations as well as the services. These policies, which are aligned with the ISO/IEC 27001:2013 standard, govern all areas of security applicable to services and apply to all TrustedSec employees.

TrustedSec is also committed to reducing risks of human error, theft, fraud, and misuse of TrustedSec facilities. TrustedSec’s efforts include making personnel aware of security policies and training employees to implement security policies. TrustedSec employees are required to maintain the confidentiality of services data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.

TrustedSec promptly evaluates and responds to incidents that create suspicions of unauthorized handling of services data. TrustedSec Management is informed of such incidents and, depending on the nature of the activity, define escalation paths and response teams to address the incidents. If TrustedSec determines that your services data has been misappropriated (including by an TrustedSec employee) or otherwise wrongly acquired by a third party, TrustedSec will promptly report such misappropriation or acquisition to you.

California Shine the Light Law

California Civil Code Section 1798.83, known as the “Shine The Light” law, permits our customers who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, we currently do not share any personal information with third parties for their direct marketing purposes.

Cross Border Transfers

Personal information may be transferred, accessed and stored globally as necessary in accordance with this privacy policy.

TrustedSec complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. TrustedSec is also responsible for ensuring that third parties acting as an agent our behalf do the same.

TrustedSec has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.

With respect to personal information received or transferred pursuant to the Privacy Shield Framework, TrustedSec is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Dispute Resolution

If you have any complaints regarding our compliance with this privacy policy, you should first contact us at privacy@trustedsec.com or at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this privacy policy.

TrustedSec, LLC
ATTN: Privacy Officer
14780 Pearl Road, Suite 300
Strongsville, OH 44136

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact your local EU Data Protection Agency (DPA) at https://webgate.ec.europa.eu/odr/main/?event=main.home.show. Under certain conditions, you may have the right to invoke a binding arbitration to resolve the matter.