Last Updated: March 2, 2016
- Information We Collect
- How We Use the Information We Collect and How we share it
- Your Choices
- Access and Correction
- Data Transfers
- How We Protect Personal Information
- Links to Other Websites
- Protecting Children’s Online Privacy
- Your California Privacy Rights
- How to Contact Us
- On netdiligence.com (e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
- On quietaudit.com (e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
- On eriskhub.com (e.g., when you request information on the Site, establish an account, or utilize the Site’s functionality)
- On breachplanconnect.com (e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
- When you contact us by telephone or email
- In the mail (e.g., when you send us documents)
- When you subscribe to our Cyber Risk News email service
- Through assessment services and third party services at your request
- Contact details (e.g., name, postal address, email address and telephone number)
- Professional credentials (e.g., name, organizational title, work telephone and email contact information)
- Other details about you that you may submit to us (e.g., photographs, profile description information, etc.)
HOW WE USE THE INFORMATION WE COLLECT AND HOW WE SHARE IT Where necessary for the functionality of our websites, we use session cookies, which remain active as long as you are active on our sites and is deleted upon logout or after 60 minutes of inactivity. Additionally, we may use source IP addresses, referral URL information and “web analytics” (see http://en.wikipedia.org/wiki/Web_analytics) to improve out sites, help diagnose problems with our server and to administer our websites. In the event that we offer services that require payment, such payment information submitted at the time of purchase (i.e., credit card information, billing addresses, etc.) will only be utilized to complete and fulfill the purchase requested by you. To better understand how we use the information we collect and how we share it, we think it is most useful to look at the functional components of our business and describe our practices in each case:
- Our QuietAudit® Online Survey Services Because your organization has either contemplated, or entered into, a contractual relationship with NetDiligence® (or with one of our partners who have called upon us in a “perform” role), we may gather your professional credentials in order to provide your organization with authorized cyber security assessment surveys. Because we may be called upon by your organization or other parties due to our contractual relationship to provide required assessment regarding your organization’s activities and cybersecurity practices, we may retain your professional credentials for a period of at least two years following our most recent interaction with your organization. When you supply us with information as part of your completion of these assessment surveys, we retain your responses for at least two years. Our fulfillment of certain regulatory requirements (e.g., GLBA 501b, HIPAA) for our clients may optionally require a retention period that is substantially longer than our stated two-year minimum.We use the information gathered to prepare contractually required assessment deliverables that are shared with your organization and/or identified third parties in strict adherence with the terms specified in the contractual agreements (statement of work contracts) that define our roles and responsibilities with respect to your organization. We retain the unilateral right to conduct and publish research based on statistical analysis of any/all survey responses without identifying the personal or professional credentials of individual survey participants. If we are asked to provide personal or professional credentials outside of the terms of our contractual relationship, we will only do so upon receipt of your organization’s explicit written approval.We conduct focused marketing of other products/services that we provide, either directly or through our third-party partners under joint marketing agreements. In most cases, these marketing efforts are aimed at providing your organization with service that complements our cybersecurity assessment service such as a remediation or BCP service.
- Our eRiskHub®, Breach Coach® and Breach Plan Connect® Portal Services Your organization may have either contracted directly with us for, or obtained through a business relationship with a third party with whom NetDiligence has an ongoing relationship (e.g., an insurance carrier/broker or law firm), access to one of our portal services. Within the context of managing user registrations, NetDiligence’s collection and retention of personally identifiable information will typically include name, organization, title, and telephone/email contact information. In some cases, clients may use the portal service to seek out the professional services of one or more third-party vendors. Based on your specific requests generated while on the site, we may contact the vendor(s) in question in order to ensure that your specific request has been received and acted upon by the vendor’s management and/or customer support team.We conduct focused marketing of other products/services that we provide, either directly or through our third-party partners under joint marketing agreements. In most cases, these marketing efforts are aimed at providing your organization with service that complements our cybersecurity assessment service such as a remediation or BCP service. Additionally, our portal services include an email notification service for registered users.
- Our Assessment Services and/or Third Party Partner Services Our performance of assessments or any other services we provide are carried out in compliance with the terms stated in the “Our Online Survey Services, such as QuietAudit and NetDiligence® Online” section above, but with a few additional caveats: (a) When services are performed by or in conjunction with our third party partners, the handling of your personal/professional credentials and/or provided responses may be subject to the privacy policies and data retention schedules of both NetDiligence and those of any participating partners, (b) We will inform participating partners of your organization’s opt-out preferences, if any, and will require their conformance with your wishes in this area as a condition of our partnership arrangement.
HOW WE PROTECT PERSONAL INFORMATION We make use of appropriate protections, such as firewalls, encryption of data in transit during survey sessions and encrypted password-protection of report deliverables containing sensitive information such as your professional credentials and/or your organization’s existing practices. We adhere to industry-acknowledged practices in protecting our production servers, and take reasonable and cost-efficient precautions to ensure that your personal and/or professional credentials and survey responses that highlight organizational practices are safeguarded from accidental or malicious disclosure to unauthorized parties. However, as criminal elements and malevolent parties are increasingly sophisticated, we do not represent or guarantee that the information you provide to us will never under any circumstances be breached.
LINKS TO OTHER WEBSITES Our websites may provide links to other websites for your convenience and information. These linked websites may operate independently from NetDiligence. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit such websites. To the extent any linked websites you visit are not owned or controlled by NetDiligence, we are not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.
PROTECTING CHILDREN’S ONLINE PRIVACY NetDiligence encourages protection of children’s information on the Internet. Our websites are not intended for and may not be used by children under the age of 13. We do not knowingly collect information from children under the age of 13 and we do not target our websites to children under the age of 13.