This page informs you of our policies regarding the collection, use, and disclosure of personal information (as defined below) that we receive from users of the site.
Last updated: October 7, 2020
Security and Privacy
The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
NetSPI, LLC (“Company” or “us”, “we”, or “our”) operates https://netspi.com (the “Site”). This page informs you of our policies regarding the collection, use, and disclosure of Personal Information we receive from users of the site.
We use your Personal Information only for providing and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy.
This Site may from time to time include links to third-party sites whose information practices may be different than ours. Visitors should consult the other sites’ privacy policies, as we have no control over information that is submitted to, or collected by, these third parties.
Information Collection, Use, and Security
While using our Site, we may ask you to provide us with certain personally identifiable information (PII) that can be used to contact or identify you. Personally, identifiable information may include but is not limited to your name (“Personal Information”). For purposes of the sections of this policy related to GDPR, UK GDPR or the Swiss Federal Data Protection Act, “Personal Information” shall also include “personal data” about an identified or identifiable individual within the scope of these laws, received by NetSPI in the United States from the European Union, UK or Switzerland (as applicable), and recorded in any form.
We may share the Personal Information you provide to us with other companies we have hired to provide services for us. These companies are contractually bound to use Personal Information that we share to perform the services we have hired them to provide.
We may also collect and group demographic and preferences information, responses to surveys, and other Personal Information that we collect from you into an aggregate, non-personally identifiable (form i.e., that does not contain sufficient Personal Information to identify you) for disclosure to our existing or potential business partners, affiliates, sponsors, or other third parties. However, be assured that this aggregate data will in no way personally identify you or any other visitors to the site.
Blog Sites; User Content Submitted to Other Public Facing Portions of Site
Our Site includes interfaces that allow you to connect with social networking sites (each a “SNS”). If you connect to a SNS through our Site, you authorize us to access, use, and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use, and store that information in accordance with this Policy. You can revoke our access to the information you provide in this way at any time by amending the appropriate settings from within your account settings on the applicable SNS.
Our Site may contain links to third party websites and features. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any Personal Information to them. For example, we may link to social media pages through widgets on our Site or we may provide links to industry reports.
We post customer testimonials on our website. These testimonials may contain personally identifiable information, such as the customer’s name. We obtain the customer’s explicit consent prior to posting any testimonials.
Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive. Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
NetSPI does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.
Sharing Your Information
We do not share your Personal Information with third parties except with your consent or unless ordered by law enforcement agency or for other legal purposes. Other situations in which we may share Personal Information include the following:
- if we sell or buy any of our business or assets – we may disclose your Personal Information to the prospective buyer or seller;
- if we are acquired by a third party, in which case Personal Information held by it about its customers will be one of the transferred assets; or
- if we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation; or to protect the rights, property, or safety of NetSPI, our customers, or others.
With respect to our use of Google and LinkedIn for analytics and advertising purposes, a list of LinkedIn’s third parties can be found here, and Google’s here.
You may have rights available under applicable global privacy laws, including GDPR, UK GDPR, CCPA and the Swiss Federal Data Protection Act, which may include one or more of the following: access to your Personal Information we hold, its source, the purposes of processing your Personal Information on where this is shared or sold; correction of your Personal Information where it is inaccurate; the right to be forgotten/to request that Personal Information is deleted; the right to restrict the processing of Personal Information; portability of Personal Information; the right to object to our use of Personal Information; the right to opt-out of the sale of your Personal Information; rights relating to automated decision-making, and the right to non-discrimination.
1. Access to Your Personal Information
We will provide the information you request as soon as possible and in any event: within one month of receiving your request if made under the right of access under GDPR, UK GDPR or the Swiss Federal Data Protection Act; or within 45 days of receiving your request if made under the CCPA. If we need more information to comply with your request, we will let you know.
2. Rectification (Correction) of Your Personal Information
If you believe Personal Information, we hold about you is inaccurate or incomplete, you can ask us to rectify it. We will make the correction within one month, unless we don’t feel the change is appropriate for us to make, in that case, we will let you know why. We will also let you know if we need more time to comply with your request.
3. Right to be Forgotten
In some circumstances, you have the right to ask us to delete the Personal Information we hold about you when: we no longer need your Personal Information for the purpose for which we collected it; we have collected your Personal Information on the grounds of consent and you withdraw that consent; you object to the processing and we don’t have any overriding legitimate interests to continue processing the Personal Information about you; we have unlawfully processed your Personal Information (i.e. we have failed to comply with GDPR, UK GDPR, the Swiss Federal Data Protection Act or CCPA); and the Personal Information has to be deleted to comply with a legal obligation.
There are certain situations in which we are entitled to refuse to comply with a request. If any of those apply, we will let you know.
4. Right to Restrict Processing
In some circumstances, you are entitled to ask us to stop processing your Personal Information. But, while this means we must stop actively processing your Personal Information, we don’t have to delete it. This right is available if: you believe the Personal Information we hold isn’t accurate – we will cease processing it until we can verify its accuracy; you have objected to us processing the Personal Information – we will stop processing it until we have determined whether our legitimate interests override your objection; if the processing is unlawful; or if we no longer need the Personal Information but you would like us to keep it because you need it to establish, exercise, or defend a legal claim.
5. Data Portability
Where NetSPI acts as a Data Controller, you have the right to ask us to provide your Personal Information in a structured, commonly-used and machine-readable format so that you are able to transfer the Personal Information to another data controller. This right only applies to Personal Information you provide to us; when processing is based on your consent or for performance of a contract (i.e., the right does not apply if we process your Personal Information on the grounds of legitimate interests); and if the processing is automated.
We will respond to your request as soon as possible and in any event within one month. If we need more time, we will let you know.
6. Right to Object
You are entitled to officially object to us processing your Personal Information: if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority; for direct marketing purposes (including profiling); and/or for the purposes of scientific or historical research and statistics.
We will stop processing your Personal Information if you have ground for objecting unless we can show that there are legitimate compelling grounds that override your interests, rights, and freedoms or the processing is for the establishment, exercise or defense of legal claims.
7. Right to Opt-Out of the Sale of Your Personal Information
We do not sell Personal Information unless we sell, or a third party buys, all or a segment of our business or assets (but only to the prospective buyer or seller), or if we are acquired by a third party.
You have the right, at any time, to direct a business that sells Personal Information about you to third parties not to sell your Personal Information. NetSPI does not sell your Personal Information to anyone including third parties.
A business that has received direction not to sell a consumer’s Personal Information shall be prohibited from selling the consumer’s Personal Information after its receipt of the consumer’s direction, unless the consumer subsequently provides express authorization for the sale of the consumer’s Personal Information.
Any objections relating to the sale or use of Personal Information for marketing purposes shall be implemented promptly without question or undue delay.
8. Right to Disclosure of Information Sold
You may have the right to request that a business that sells the consumer’s Personal Information, or that discloses it for a business purpose, disclose to you: the categories of Personal Information that the business collected about you; the categories of Personal Information that a business sold about you and the categories of third parties to whom the Personal Information was sold; the categories of Personal Information that the business disclosed about you for a business purpose.
9. Right to Non-Discrimination
NetSPI shall not discriminate against any person who exercises their rights under the GDPR, UK GDPR, Swiss Federal Data Protection Act, or any other applicable data privacy legislation. This includes, but is not limited to: denying services; charging different rates for services; providing different levels or quality of services. Please be aware, however, that if you exercise such rights in a manner that prohibits or restricts our use of Personal Information, we may be unable to provide you with goods or services that require the use of your Personal Information.
If NetSPI offers any financial incentives for the collection or use of Personal Information, including but not limited to the sale of Personal Information or the deletion of Personal Information, it shall notify consumers and provide the option for consumers to opt-in. Such an opt-in may be revoked at any time by the consumer.
If you would like to exercise any of your rights in respect of your Personal Information, please contact us at firstname.lastname@example.org or write to us at 800 Washington Ave N, Suite 670, Minneapolis, MN 55401.
In compliance with GDPR, UK GDPR, and Swiss Federal Data Protection Act principles, NetSPI commits to resolve complaints about our collection or use of your personal information. European Union, UK, and/or Swiss (as applicable) individuals with inquiries or complaints regarding GDPR should first contact NetSPI at email@example.com or write to us at 800 Washington Ave N, Suite 670, Minneapolis, MN 55401, attn: CTO.
NetSPI complies with GDPR, UK GDPR, and the Swiss Federal Data Protection Act, when applicable, by entering into Standard Contractual Clauses with data controllers who supply Personal Information from EU, UK, or Swiss residents to NetSPI, when necessary.
Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, and other statistics. In addition, we may use third-party services such as Google Analytics that collect, monitor, and analyze this information.
In the event that you submit a form, we may use your Personal Information to contact you with newsletters, marketing, or promotional materials and other information that we think will be beneficial.
When you submit Personal Information to us through this Site, you will be opted into our mailing list at the time of submitting your Personal Information to us. If you do, you may be added to our list of users who will receive promotional and marketing communications from us. We never provide this information to partners or third parties.
If you initially elect not to opt out and later decide that you would like to opt out, you may opt out by contacting us at firstname.lastname@example.org. Please keep in mind that although Company strives to update our mailing list database as frequently as possible, it may take up to ten days to process e-mail requests and four to six weeks to process postal mail requests, during which time your information might be communicated to another party in connection with a mailing list. Additionally, you should be aware that any mailing lists that have been provided to third parties prior to your election to opt out cannot be retrieved by Company, and you cannot retroactively opt out with respect to such third parties. As noted above, however, when we do provide mailing lists to third parties, we enter into agreements with such parties limiting the use of the lists to a limited number of mailings or communications, after which the lists may not be further used for such purposes.