This webpage sets out when and how we use your personal information.
WHO WE ARE
Digital Shadows is made up of different legal entities, details of which can are below:
1.1 Digital Shadows Inc. registered in Delaware
1.2 Digital Shadows US Inc. a wholly owned subsidiary of Digital Shadows Inc. registered in Delaware
1.3 Digital Shadows LTD. a wholly owned subsidiary of Digital Shadows Inc. registered in England
1.4 Digital Shadows GmbH a wholly owned subsidiary of Digital Shadows Ltd. registered in Germany
1.5 Digital Shadows PTE. LTD. a wholly owned subsidiary of Digital Shadows Ltd. registered in Singapore
This privacy notice is issued on behalf of the Digital Shadows Group, so when we mention “Digital Shadows”, “we”, “us” or “our” in the privacy notice, we are referring to the relevant company in our group responsible for handling your personal information. We will let you know which company is responsible for your data when you purchase a service from us. You can also contact us to ask who the responsible company is over particular data sets at any time.
Digital Shadows Limited is the controller and responsible for this website.
We have appointed a data protection officer who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our data protection officer (James Merrick) by email at email@example.com.
WHAT WE DO
Our work concerns measuring the digital shadows of our clients and their employees. Digital shadows are the publicly available information that we all leave behind us in our day to day interactions with the internet. By definition, this information is in the public domain.
We help raise awareness with both our clients and employees of the risks associated with certain types of public information. We aim to do this in a manner which respects that an individual may have unintentionally put content online.
We do this to help our clients be aware of the risks and operate safely and free from harm. We also work with employees to help increase awareness and provide support to help control published content.
THE DIGITAL SHADOWS PRIVACY PROMISE:
- We only hold data while it’s required to provide our security advice.
- We never share information with third parties or transfer data outside of the UK without first seeking our clients’ consent, and making sure it’s adequately protected.
- We will always be open about our intended use of the data.
- When requested by an individual we will disclose all information held on that individual.
- Our business is about putting security first. As such, our clients’ data is our most important asset and our IT systems are built with this in mind.
HOW DO YOU USE MY DATA?
When you purchase our services
When you become a client of Digital Shadows, we will use your personal information to provide the services you have purchased. The details we collect from you when you sign up to our services are: name, address, email address, phone number and details required for making payment.
To complete your purchase and provide the services to you, we share your personal information with our payment processing and data storage subcontractors, on some occasions we may share business details with credit reference agencies who we use to assess fraud, credit and/or security risks.
We need to process your personal information in this way to fulfill the contact between us.
When our security software captures your information
In a similar way to how search engines work, we search (and store) parts of the internet and the dark web to check for security risks that might negatively impact our clients. As part of this, we may capture your personal information which is publicly available on the internet and the dark web. We only do this as part of providing security services to our clients – we do not target or focus our efforts on collecting data relating to particular members of the public who have no links to our clients.
Generally, if we capture any personal information about you, it will include the following: name, work and home address, email address, contact details, aliases and social media accounts.
If relevant to our clients, we may use publicly available information to help address security issues. This may include personal information that has been published on the Internet. In some cases we may also remove your personal information from the online sources should this be necessary.
We process your personal information for these reasons because we have a legitimate interest in providing a comprehensive service to our clients.
You have various rights in connection with our use of your information. For more detail on these rights, please see the “What Are My Rights” section below.
When you attend one of our events
When you attend one of our events (such as a webinar or hosted event at a location), we will collect the following information from you: name, address, email address, phone number, and dietary preferences. If you are already a client and register to attend an event, we will use the details we already hold for you to confirm your booking. We need to use your personal information in this way to complete the booking contract between us.
We provide a delegate list to the organisations and other individuals who attend our events. We do this because our events provide a useful networking opportunity and we have a legitimate interest in wanting to help build and develop the digital security community. You can object to us using your information in this way by contacting us at firstname.lastname@example.org.
When you phone us or use our website chat service
When you phone us or contact us by email with general queries, we may also handle your personal information (your name, contact details and the other details you provide to us) in order to provide the customer services you have asked us to. This could be when you ask us to provide more information about our software, or explain how our search tools work.
We rely on your consent to handle your personal information in this way. If you do not provide us with the personal information we request from you for customer services purposes, we may not be able to fully answer your queries.
When you have expressed an interest in Digital Shadows:
This section applies if you have opted in to receive marketing communications from us, or have previously expressed an interest in Digital Shadows and not opted out.
We will handle your personal information (such as your name, email address, postal address, telephone number and preferences) to provide you with marketing communications in line with any preferences you have told us about.
When we send you marketing emails because you have opted-in to receive them, we rely on your consent to contact you for marketing purposes.
If you have not opted-in and we send you marketing emails, we do this because of our legitimate interest to promote our business.
Every email we send to you for marketing purposes will also contain instructions on how to unsubscribe from receiving them.
You are not under any obligation to provide us with your personal data for marketing purposes.
You can tell us that you do not want your personal information to be processed in this way at any time by contacting us at email@example.com or, where relevant, by following the unsubscribe link shown in every marketing communication you receive from us.
To make our site better:
We will also use your personal information to provide you with a more effective user experience (such as by displaying articles and links we think you will be interested in).
Our use of your information in this way means that your experience of our site will be more tailored to you, and that the articles and links you see on our site may differ from someone accessing the same site with a different history or browsing habits.
We also share your aggregated, anonymous data with third party analytics and search engine providers that assist us in the improvement and optimisation of our site.
We will also use your personal information for the purposes of making our site more secure, and to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
We process your data for this reason because we have a legitimate interest to provide you with the best experience we can, and to ensure that our site is kept secure.
You can prevent us from using your personal information in this way by using the ‘do not track’ functionality in your internet browser. If you enable do not track functionality, our site may be less tailored to your needs and preferences.
If our business is sold:
We will transfer your personal information to a third party:
- if we sell or buy any business or assets, we will provide your personal information to the seller or buyer (but only to the extent we need to, and always in accordance with data protection legislation); or
- if Digital Shadows or the majority of its assets are acquired by somebody else, in which case the personal information held by Digital Shadows will be transferred to the buyer.
We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal information in this way, the relevant seller or buyer of our business may not be able to provide services to you.
In some circumstances we may also need to share your personal information if we are under a duty to disclose or share it to comply with a legal obligation.
WHAT ABOUT TECHNICAL INFORMATION AND ANALYTICS?
Information we collect about you: When you visit our site we will automatically collect the following information:
- technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, screen resolution, operating system and platform; and
- information about your visit, including the full Uniform Resource Locators, clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
Information we receive from other sources: We are also working closely with third party advertising networks, analytics providers, hosting providers and search information providers from whom we may also receive general aggregated anonymous information about you.
We will combine the information you provide to us with information we collect about you.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. We only use (and store) non-essential cookies on your computer’s browser or hard drive if you provide your consent.
|__atuvc||Social sharing widget|
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Except for essential cookies, all cookies will expire after 2 years.
WHERE IS MY DATA STORED?
Parts of our corporate group (and many of our external third parties) are based outside the European Economic Area (EEA) so their processing of your personal information will involve a transfer of data outside of the EEA.
Whenever we transfer your personal information outside of the EEA, we ensure it is protected by making sure at least one of the following safeguards is in place:
- by transferring your personal information to a country that has been deemed to provide an adequate level of protection by the European Commission;
- by using specific contracts approved by the European Commission which give your personal information the same protection it has as if it stayed in the EEA;
- where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield programme which requires them to provide similar protection to personal data shared between Europe and the US.
All information you provide to us is stored on our secure servers or those of our third party data storage providers.
HOW LONG DO WE RETAIN YOUR DATA FOR?
Where you are a client of Digital Shadows, we will retain your data for a period of 2 years to ensure that we are able to assist you should you have any questions, feedback or issues in connection with your membership or if any legal issues arise.
Where we have used your personal information to contact you for marketing communications, if you have opted-in to receive our marketing emails:
- we will contact you at least every 4 years to ensure you are happy to continue receiving electronic communications.
If you tell us that you no longer wish to receive marketing communications from us, we promise to stop sending them to you.
Where we have processed your data for any other reason (such as where you have contacted us with a question in connection with a customer service question) we will retain your data for 2 years.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
YOUR RIGHT TO OBJECT UNDER DATA PROTECTION LAWS
You have the right to object to us handling your personal information when:
- we are handling your personal information based on our legitimate interests (as described in the “How do you use my data” section above). If you ask us to stop handling your personal information in this way, we will stop unless we can show you that we have compelling grounds as to why our use of your personal information should continue; or
- for marketing purposes. If you ask us to stop handling your personal information on this basis, we will stop.
WHAT ARE MY RIGHTS UNDER DATA PROTECTION LAWS?
You have various rights under the data protection laws, which you can exercise by contacting us. The easiest way to do this is by email at firstname.lastname@example.org.
If you exercise your right of access before 25 May 2018, your request will be subject to a £10 fee.
Right of access
You are entitled receive confirmation as to whether your personal information is being processed by us, as well as various other information relating to our use of your personal information.
You also have the right to access your personal information which we are handling.
Right to rectification
You have the right to require us to rectify any inaccurate personal information we hold about you. You also have the right to have incomplete personal information we hold about you completed, by providing a supplementary statement to us.
Right to restriction
You can restrict our processing of your personal information where:
- you think we hold inaccurate personal information about you;
- our handling of your personal information breaks the law, but you do not want us to delete it;
- we no longer need to process your personal information, but you want us to keep it for legal reasons; or
- where we are handling your personal information because we have a legitimate interest (as described in the “How We Use Your Data” section above, and are in the process of objecting to this use of your personal information.
Where you exercise your right to restrict us from using your personal information, we will then only process your personal information when you agree, except for storage purposes and to handle legal claims.
Right to data portability
You have the right to receive your personal information in a structured, standard machine readable format and to send this to another organisation controlling your personal information.
This right only applies to your personal information we are handling because you consented to us using it or because there is a contract in place between us.
Right to erasure
You have the right to require us to erase your personal information which we are handling in the following circumstances:
- where we no longer need to use your personal information for the reasons we told you we collected it for;
- where we needed your consent to use your personal information, you have withdrawn your consent and there is no other lawful way we can continue to use your personal information;
- when you object to our use of your personal information and we have no compelling reason to carry on handling it;
- if our handling of your personal information has broken the law; and
- when we must erase your personal information to comply with a law we are subject to.
Right to complain
You have the right to lodge a complaint with the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales.
WHAT ABOUT WEBSITES WE LINK TO?
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates.
Our site connects you to different websites. If you follow a link to any of these websites or use our services, please note that you have left our site and these websites have their own privacy policies.
We do not accept any responsibility or liability for these policies or websites. Please check their policies before you submit any personal information to these websites.
HOW DO I CONTACT YOU WITH FEEDBACK?