SecurityMetrics Privacy Policy

Introduction

SecurityMetrics, Inc. is aware of the privacy concerns of its customers. Our policy for collecting and using personal information is detailed below.

General Data Protection Regulation (“GDPR”), EU-US Privacy Shield & Swiss-US Privacy Shield

Privacy and data security are a top priority at SecurityMetrics. We have implemented policies designed to address GDPR and help us better protect your information.

This Privacy Policy describes how SecurityMetrics collects, uses, and discloses certain personally identifiable information that we receive in the US from the European Economic Area (“EEA Personal Data”).

SecurityMetrics recognizes that the EEA has established strict protections regarding the handling of EEA Personal Data, including requirements to provide adequate protection for EEA Personal Data transferred outside of the EEA. To provide adequate protection for certain EEA Personal Data about Customers received in the US, SecurityMetrics has elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce ("Privacy Shield"). SecurityMetrics adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. To make a rights request, please click here: Privacy Rights Requests

SecurityMetrics also complies with the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland.

For purposes of enforcing compliance with the Privacy Shield, SecurityMetrics is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce's Privacy Shield website located at: https://www.privacyshield.gov. To review SecurityMetrics’ representation on the Privacy Shield list, see the US Department of Commerce's Privacy Shield self-certification list located at: https://www.privacyshield.gov/list

Information Collected

SecurityMetrics collects information about its Customers from Customers and from third parties such as acquiring banks, merchant service providers, and independent sales organizations (collectively “MSPs”), with whom the Customer has a contractual relationship and through its website and related eCommerce services at several points. The data that we collect include:

Information Usage

We use information that we collect that Customer’s provide to us, including any personal information to:

SecurityMetrics may use the information and data submitted by users and customers for any other purposes related to SecurityMetrics’ business that are compatible with the purposes for which your information was collected by SecurityMetrics, including, but not limited to, conducting market research, improving its products and services, sending surveys, and notifying customers of product upgrades and updates, new products, special offers, seminars and conventions and any other changes within SecurityMetrics that may affect customers and users.

We process EEA Personal Data for the purposes stated above. SecurityMetrics will only process EEA Personal Data in ways that are compatible with the purpose that SecurityMetrics collected it for, or for purposes the individual later authorizes. Before we use your EEA Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will notify you and provide you with the opportunity to opt out.

Third parties with whom SecurityMetrics Shares Information

SecurityMetrics' policy in relation to information collected through registration, testing, and/or any other means is to respect and protect the privacy and confidentiality of our users. SecurityMetrics does not disclose, rent, or sell email addresses, security test results, or any other information that we may receive to any third party, unless:

Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of EEA Personal Data that we transfer to them.

Access to Information

SecurityMetrics understands the importance of maintaining accurate information. Data subjects may exercise the following rights:

If you would like to exercise one of these rights, please contact us by email at privacy@securitymetrics.com or in writing addressed to SecurityMetrics, Inc., 1275 West 1600 North, Orem, UT 84057. SecurityMetrics will respond to the request within thirty (30) days.

Retention

SecurityMetrics retains information for as long as an account is active or as needed to provide the services requested by the Customer, and for five to seven years, depending on the data, after the account is not active. SecurityMetrics will also retain information as needed to comply with legal or tax obligations, comply with industry regulations, resolve disputes, and enforce agreements.

Privacy Questions or Complaints

You can direct any questions or complaints about the use or disclosure of your EEA Personal Data to us at privacy@securitymetrics.com. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EEA Personal Data within 30 days of receiving your complaint. For any unresolved complaints, we have agreed to cooperate with our Independent Dispute Resolution Body, JAMS, who will resolve the issue within a reasonable timeframe. JAMS can be reached at: https://www.jamsadr.com/eu-us-privacy-shield.

Data Security

SecurityMetrics maintains reasonable and appropriate security measures to protect EEA Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.

Use of Cookies

SecurityMetrics uses cookies to track how you interact with our website to optimize your experience with SecurityMetrics. SecurityMetrics does not sell cookies information to third parties or track you outside of SecurityMetrics’ website.

Opt Out

If you do not wish to have your contact information used by SecurityMetrics to promote our own products or services, you can opt-out by checking the relevant box located on the form on which we collect your data or at any other time by sending us an email stating your request to privacy@securitymetrics.com. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions, or by following the opt-out instruction in the email. This opt out does not apply to information provided to SecurityMetrics as a result of a(n) product purchase, account updates, product service experience, service expiration, or other transactions.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of the Privacy Shield Principles. We will post any revised policy on this website.

Contact

To access your information, ask questions about our privacy practices, request to limit the disclosure of your personal information, or issue a complaint, contact us at:

SecurityMetrics
1275 W 1600 N
Orem, UT 84057
privacy@securitymetrics.com
801-724-9600

Effective Date: May 25, 2018