This privacy notice sets out when and how we use your personal information that we collect, and which you or others provide to us. We are Digital Shadows, our company group is made up of the following legal entities:
|Company Name||Company Location||Registered Address|
|Digital Shadows Inc.||United States||235 Pine Street, Suite 1050, San Francisco, California 94104, United States|
|Digital Shadows Limited||United Kingdom||Floor 6, 7 Westferry Circus, Canary Wharf, London, United Kingdom, E14 4HD.|
|Digital Shadows GmbH||Germany||Theresienhöhe 30 80339, München, Bayern Germany|
|Digital Shadows PTE. LTD||Singapore||ICE71 Blk 71, Ayer Crescent, #02-18, Singapore 139951|
This privacy notice is issued on behalf of the Digital Shadows group, so when we mention “Digital Shadows”, “we”, “us” or “our” in the privacy notice, we are referring to the relevant company in our group responsible for handling your personal information. We will let you know which company is responsible for your data when you purchase a service from us. You can also contact us to ask who the responsible company is over particular data sets at any time.
We have appointed a data protection officer. If you have any questions about this notice, or wish to exercise your legal rights, please contact our data protection officer at email@example.com.
|We collect:||Your name, address, email address, phone number and payment details. Also the search keywords you give to us which you ask us to monitor for you.|
|Our lawful basis:||To enter into and perform the contract for the services you have purchased from us.|
|Who we share it with:||Our group companies to provide round the clock support. Our subcontractors who are involved in the purchase process, such as payment providers, as well as credit reference agencies who we use to assess fraud, credit and/or security risks. We also use sub-contractors for data storage, and will share your information with law enforcement agencies if we are required to do this by law.|
|How does the software work?||In a similar way to how search engines work, we search (and store) parts of the publically available webpages and files on the Internet and the Dark Web to check for security risks that might negatively impact our clients. As part of this, we may capture your publically available personal information. We only do this as part of providing security services to our clients – we do not target or focus our efforts on collecting data relating to particular members of the public who have no links to our clients.|
|Do we rely on any exemptions?||Due to the nature of our data collection, which is monitoring information published on the Internet and the Dark Web, it would be impossible for us to notify every single data subject whose personal data we collect. Data protection laws around the world enable us to not provide this information to each individual before handling their personal information where doing so is impossible, or involves a disproportionate effort. We rely on this exemption. Any questions about this exemption can be addressed to our DPO firstname.lastname@example.org.|
|We collect:||Any publically available personal information about you on the dark web, or on the Internet (public files located on the Internet are commonly PDF files or Word or Microsoft office documents, but can be a very broad range of file formats). Generally, if we capture any personal information about you, it will include the following: name, work and home address, email address, contact details, aliases and social media accounts.|
|Our lawful basis:||We are providing an important service which substantially assists our customers in identifying and addressing data breaches, whether those breaches relate to the compromising of commercial data, personal data or both. We rely on public interest as our lawful basis as well as legitimate interests. This is because it is in the public interest that companies, public authorities and others are able to take effective steps to detect and remediate data breaches. This is important in terms of maintaining fair play principles in the operation of commercial markets, protecting the business assets of commercial entities against theft and other improper misuse, as well as facilitating the identification of personal data breaches and their swift remediation.|
|Who we share it with:||Our subcontractors who are involved in providing security support services and our external storage providers, and law enforcement agencies if we are required to do this by law.|
|We collect:||Your name, contact details and if required, payment information and dietary preferences.|
|Our lawful basis:||We provide a delegate list to the organisations and other individuals who attend our events. We do this because our events provide a useful networking opportunity and we have a legitimate interest in wanting to help build and develop the digital security community. Residents of California can opt-out of this sharing of their personal information here, and you can object to us using your information in this way by contacting us at email@example.com.|
|Who we share it with:||Event co-sponsors as explained above. Our subcontractors who are involved in the purchase process, such as data storage subcontractors, payment providers, as well as credit reference agencies who we use to assess fraud, credit and/or security risks. We may also share your information with any of our subcontractors that assist us with the running of our events if we need to – such as venue providers, and law enforcement agencies if we are required to do this by law.|
|We collect:||Your name, contact details and the other details you provide to us via the live chat system.|
|Our lawful basis:||In accordance with the contract in place between us, or if you are not a customer, because of our legitimate interest to provide high quality customer service.|
|Who we share it with:||Who we share this data with depends on what we have been discussing over our live chat, but it will usually include our group companies. We will let you know at the time we share your data if we will share it with anyone other than our group companies.|
|We collect:||Information you provide to us, including your name, email address, postal address, telephone number and sector preferences. Where you are a business professional who is likely to be interested in our products and services, our data brokers provide us with your name, email address, job title and employer.|
|Our lawful basis:||When we send you marketing emails because you have opted-in to receive them, we rely on your consent to contact you for marketing purposes. If you have not opted-in and we send you marketing emails, we do this because of our legitimate interest to promote the success of our business. You can tell us that you do not want your personal information to be processed in this way at any time by contacting us at firstname.lastname@example.org or, where relevant, by following the unsubscribe link shown in every marketing communication you receive from us. If you have opted out of our email marketing, you may still continue to see targeted ads on social media platforms. Please check the social media platforms for more details on how to opt out of seeing these ads.|
|Who we share it with:||We also share your personal information with our subcontractors who help us electronic marketing platforms|
|We collect:||IP address, browser type, device type, referring website. How you interact with our website and whether you have interacted with us before.|
|Our lawful basis:||Our legitimate interest to provide you with the best experience we can, and to ensure that our site is kept secure, except where we collect that information via cookies on our website and pixels in our emails which you have consented to.|
|Who we share it with:||The service providers identified in our cookies policy.|
|We collect:||If Digital Shadows or the majority of its assets are acquired by somebody else, your personal information held by us will be transferred to the buyer.|
|Our lawful basis:||We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal information in this way, the buyer of our business may not be able to provide services to you. In some circumstances we may also need to share your personal information if we are under a duty to disclose or share it to comply with a legal obligation.|
|Who we share it with:|
We use third parties across the globe, including in the UK, EU and the US. Whenever we transfer your personal information outside of your home territory, we ensure it is protected in accordance with applicable data protection laws. We use the Standard Contractual Clauses to protect personal data transferred outside of the UK and/or the EU.
Digital Shadows Inc. remains certified under and compliant with the EU-US Privacy Shield Framework. Following the Schrems II case in which the EU-US Privacy Shield was declared invalid, Digital Shadows Inc. no longer relies on the Privacy Shield framework to facilitate any of its international data transfers. Any international transfers of data which previously relied on the EU-US Privacy Shield Framework are now subject to the Standard Contractual Clauses. The italicised and indented text in this section has been retained temporarily as it is a requirement to publicise this in order for Digital Shadows Inc. to retain its Privacy Shield certification.
We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
When Digital Shadows Inc. receives or transfers Personal Information in accordance with the Privacy Shield Frameworks, it will be subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: email@example.com. If your complaint isn’t satisfactorily addressed by us, then you can make use of the UK’s Information Commissioner’s Office to resolve a dispute.
You may be able to select binding arbitration under the Privacy Shield Framework, more information about this can be found here.
We will ensure that all onward transfers of your Personal Information are in line with the Privacy Shield Principles. Please note, we may disclose your Personal Information where we are requested to do so by public authorities or to meet national security or law enforcement requirements. We understand that we shall remain liable under the Privacy Shield Principles if any of our agents processes such personal information in a manner which is inconsistent with the Privacy Shield Principles. Please note we will not be liable in the event we are not responsible for any event that gives rise to the damage caused.
We may disclose information to the organisations we co-sponsor cybersecurity events with. We do this to introduce you to a wide variety of cybersecurity organisations you’re likely to be interested in, and to make our events financially viable to run. We also work with resellers to help us sell our software, and disclose your information to them if we believe you would be interested in hearing from them.
In each case, the information we provide includes your name, email address, job title, office location, and company.
If you are a resident of California then you have the right to opt-out of this, because our sharing of data in this way may constitute a “sale” of your personal information under the California Consumer Privacy Act. If you wish to exercise this right, please contact us via toll-free call at +1 (888) 889-4143 or use the web form here. In order to fulfil our obligations under the California Consumer Privacy Act, we may take steps to verify your identity, and ensure that the request is valid, including where an authorized representative is making a request on your behalf.
Please note where you have opted out of us sharing your information in this way, the service you receive will not be of an inferior quality or higher price, unless permitted by applicable law or where the services we provide to you rely on the sale of your personal information.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or legal requirements.
To determine the appropriate retention period for the other personal information we hold, we consider the amount, nature and sensitivity of the personal information, the risk of harm from unauthorised use or disclosure of your personal information, the reasons why we handle your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances (to understand digital security trends and how people interact with our website) we may anonymise your personal data so that it can no longer be associated with you for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We are happy to grant everyone the controls below, irrespective of where they are in the world:
Request access 你的数据. Ask us for a copy of the data we hold about you and we will provide it, following applicable data protection laws.
Request correction of the data that we hold about you. Let us know and we will correct any incomplete or inaccurate information we hold about you.
Request erasure of your data. This enables you to ask us to delete or remove data where there is no good reason for us continuing to process it.
Object to processing of your data, such as the sharing of your data with third parties. If you are based in a territory that has specific laws covering rights to object or opt-out, such as California, the UK and the EU, then we will follow the processes set out in those applicable laws when handling your objection.
Request the restriction of processing of your data. This enables you to ask us to suspend the processing of data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your data to another party.
Privacy law is often complicated, and whether these rights are available to you sometimes depends on the types of data we are handling, as well as why we are handling it. If you would like to exercise any of these rights, please contact us using the details at the bottom of this notice. You always have the right to lodge a complaint with us or the regulator for data protection in your country.
Our site connects you to different websites. If you follow a link to any of these websites or use our services, please note that you have left our site and these websites have their own privacy policies.
We do not accept any responsibility or liability for these policies or websites. Please check their policies before you submit any personal information to these websites.