Data controller information
Threatpost, Inc., located at: 500 Unicorn Park Drive, Woburn, MA 01801, USA (“Threatpost”, “Threatpost.com”, “Threatpost Inc.”, “TP”, or “we”)
If you have any questions regarding the processing of your personal information, please contact Threatpost at firstname.lastname@example.org.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by [the General Data Protection Regulation 2016/679 (the “GDPR”)
Why we process your personal data
We use your personal data for the following purposes:
- Marketing and service information.
- Servicing our contractual obligations to you as set out in our contract with you.
The categories of personal data
We process the following categories of your data:
- Email address
- Static IP address
We have obtained your personal data from you directly.
In order to post comments and help moderate comments on this Web site, you must first create an account with a username and password. That information is used to provide you with access to your profile and comments. The registration system also requires that you provide a valid email address to confirm your account. Separately, when you email Threatpost.com, we retain your address and correspondence, which may be used to raise and respond to issues and inquiries of all types.
If you send us an email, we may collect your name, your email address, and any other information which you choose to give us. Any information that you provide is used by Threatpost Inc. solely for the purposes for which it is provided. If we do collect any personal data, it will be processed and stored securely, for no longer than is necessary in light of the reasons for which it was first collected. We will comply with our obligations and safeguard your rights under the GDPR at all times.
What is our legal basis for processing your personal data
Our lawful basis for processing your general personal data:
- Consent of the data subject.
- Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
- Processing necessary for compliance with a legal obligation.
Sharing your personal data
We may disclose your personal data as follows:
Aggregate Information (non-personally identifiable)
We share aggregated demographic information about our reader base with our third-party advertising partners including browser information and traffic statistics. We do not link this data to individual readers’ accounts or personally identifiable information.
Personally identifiable information
We will not collect any personal information about you on this website without your consent. Any personal information which you volunteer to us will be treated with the highest standards of data security and confidentiality, strictly in accordance with GDPR.
We do not share personally identifiable information with third parties, with one limited exception: we may disclose personally identifiable information about you if we have a good faith belief that doing so is required by law, such as pursuant to a subpoena or other judicial or administrative order.
We use both short-term cookies and persistent cookies. A short-term cookie expires within a limited period of time. We use session cookies so that readers with accounts can navigate and contribute to our site without logging in multiple times over a short period of time. A persistent cookie remains on your hard drive for an extended period of time. We use persistent cookies to recognize account holders and present the site accordingly.
You can remove cookies by following directions provided in your Internet browser’s “help” file. If you reject cookies, you may still use our site, but your ability to use some areas of our site, such as comments, will require logging in for each action you want to take.
Third Party Advertisers may place or recognize unique cookies on your browser and use information about your visits to this and other Web sites in order to provide advertisements on this site and other sites about goods and services. The information collected does not include personally identifiable information like your name, address, email address or telephone number. It does include IP addresses, though these are not tied to individual readers’ accounts. No attempt is ever made to link source IP addresses to any information that is personally identifiable.
Links to Other Sites
This Website contains links to other sites that are not owned or controlled by Threatpost Inc. Please be aware that we are not responsible for the privacy practices of these other sites. This privacy statement applies only to information collected by Threatpost.com.
Transfer of data abroad
The personal data provided by users to Threatpost can be processed in the following countries, including countries outside European Union (EU) or the European Economic Area (EEA) which have not been deemed to have an adequate level of data protection by the European Commission: EEA: Germany, Netherlands, France, United Kingdom; non-EEA: Switzerland, Canada, Singapore, Russia, Japan, USA, Mexico, China, Azerbaijan. According to our general business practice, the data received from users in the EU are processed on servers located in the USA.
Threatpost Inc. has taken appropriate security measures to protect your personal data in accordance with security and privacy best practices, including, utilizing the European Commission’s Standard Contractual Clauses for transfers of personal information between its group companies, which requires all group companies to protect personal information being processed from the EEA to an equivalent standard to that required under EU data protection law. Where we share your personal data with a third party service provider outside of the European Economic Area and Switzerland (as detailed in the section entitled “Sharing your information”), we contractually oblige the third party service provider to implement adequate safeguards to protect your information.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary for a period of 6 years in order to meet legal requirements. Examples include in case of any legal claims/complaints and for safeguarding purposes.
Automated decision making
We do not use automated decision making.
Your rights and your personal data
Also we inform you that you have certain rights regarding the personal data we maintain about you:
- Right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights.
- Right of access. You have the right to request information about how we use your personal data. In addition, you can request to receive a copy of the Personal Data we process about you and to check that we are lawfully processing it.
- Right to rectification. Request correction of the personal data that we process about you.
- Right to erasure (Right to be forgotten). This enables you to ask us to delete or remove personal data where there is no good reason, such as statutory retention periods, for us continuing to process it.
- Right of restriction of processing. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it
- Right to data portability. You may request the transfer of your personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
- Right to object. You may object at any time to our processing of your personal data when such processing is based on our legitimate interests.
- Right to withdraw data protection consent. If you withdraw your consent, we may not be able to provide you with access to the certain specific functionalities of our Site. We will advise you if this is the case at the time you withdraw your consent.
- Right to complain. You have the right to contact the data protection authority of your country in order to lodge a complaint against our data protection and privacy practices
How to exercise your rights
If you wish to exercise these rights, you may at any time directly at email@example.com.
Typically, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, except in relation to consent withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you would like to make a complaint regarding this Privacy Statement or our practices in relation to your personal data, please contact us at firstname.lastname@example.org.
If you consider that the processing of personal data relating to you infringes applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority at any time. Which supervisory authority has competence for your complaint can depend on the country where you reside.