508-217-3330

P.O. Box 815, 58 Main St., Fiskdale, MA 01518

PRIVACY STATEMENT

Last Updated August 2019

INTRODUCTION

At Product Security Group, Inc [PSG] we care about your privacy and we are committed to protecting your personal information.

This Privacy Statement governs personal information that PSG collects from customers, event attendees, and online visitors (“you” or “your”) in connection with your use of PSG’s websites, services, corporate meetings and other events where we post or link to this Privacy Statement, as well as information we automatically collect from your online visits (e.g. data collected via cookies).

For the purposes of this Privacy Statement, “personal information” means any information that, by itself, can identify you or can be combined with other information to identify you and for the purposes of the EU General Data Protection Regulation includes “personal data”.

WHAT PERSONAL INFORMATION DOES PSG COLLECT ABOUT YOU?

We collect personal information when you:

  • Purchase services;

  • Register for webcasts, seminars, conferences, or other events sponsored by us or one of our business partners;

  • Request quotes, services, product support, trials, whitepapers and related downloads, or additional information;

  • Subscribe to newsletters, promotional emails or other PSG materials;

  • Participate in surveys, sweepstakes or contests;

  • Apply for a job or submit your resume/CV; or

  • Contact us.


Personal information we may collect includes:

  • Job Applicant: Full name, email address, personal phone number, personal address, title, prior employer(s), education.

  • Employee: Full name, email address, personal phone number, personal address, title, prior employer(s), education, bank account number, tax ID, criminal history, photo

  • Customer / Prospective Customer / Partner employee: Full name, business email address, company, title, business phone number, business address, photo.

  • Visitor: Full name, email address, company, photo.


When we ask you to provide your personal information, we will advise you at the time of collection whether providing your personal information is necessary for your access to, or use of, PSG’s products, programs, applications and/or services.  When we ask for personal information through one of our registration pages on our website, you will have the option of not providing the information, in which case you may still be able to access other portions of the website, although you may not be able to access certain programs or services.

PERSONAL INFORMATION FROM OTHER SOURCES

We may also obtain information about you from other sources and combine that with information we collect through our Services. For example, we may aggregate your personal information with information that you make publicly available on social media or third-party websites to better market our Services to you.

INFORMATION AUTOMATICALLY COLLECTED

When you visit our websites, we automatically collect information about your visit, including pages you access, links you click, and actions you take in connection with PSG’s Services. We also collect certain information from your web browser, such as your device’s operating system, application software, browser type and language, and Internet Protocol (IP) address. For more information on data that we automatically collect, please see the PSG Cookie Policy: How does PSG use cookies and other tracking technologies section.

HOW DOES PSG USE YOUR PERSONAL INFORMATION?

We use your personal information to:

  • Provide and deliver the requested Services;

  • Send you transaction information, including confirmations, transaction status,  services information, updates, security alerts, and support and administrative messages;

  • Administer your account, including verifying your information;

  • Respond to your comments and questions and provide customer support or other services;

  • Offer Live Chat assistance to facilitate the delivery of the requested Services;

  • Operate and improve our websites, products, and services;

  • Ask you to take part in surveys used to measure our performance and improve our services and customer experience;

  • Communicate with you about new promotions and upcoming events if you have agreed to receive marketing communications from us;

  • Invite you to corporate events, online forums, communities and social networks;

  • Link or combine with other information we get from third parties, to help understand your needs, and customize our offerings and market our Services based on your needs;

  • Perform other functions or serve other purposes, as disclosed to you at the point of collection, or as otherwise required or allowed under applicable laws including tax and financial laws and regulations such as anti-money laundering and fraud prevention; employment laws; court orders, etc.

RETENTION OF PERSONAL INFORMATION

PSG retains your personal information data as long as is necessary to fulfill the purposes for which it was collected and in accordance with PSG’s record retention policy and applicable law.

HOW DOES PSG SHARE YOUR PERSONAL INFORMATION?

We share your personal information with third parties for the purposes described below:

  • Third-Party Vendors/Service Providers. We rely on third-party vendors, consultants and other service providers to perform functions on our behalf and under our instruction in order to make our websites and the Services available to you.

  • Legal Obligations and Rights. We disclose your personal information: (i) in connection with the establishment, exercise or defense of legal claims; (ii) to comply with laws or to respond to lawful requests or legal process; (iii) for fraud or security monitoring purposes (e.g., to detect and prevent cyberattacks); (iv) or as otherwise permitted by applicable law.

  • Business Reorganization. We may share your personal information in connection with a sale or business transaction (e.g., merger or acquisition).


PSG also uses or shares anonymized aggregate data (data from which personal information has been removed).

Except as described above, PSG will not disclose your personal information to third parties for their own marketing purposes without your consent.

HOW DOES PSG PROTECT YOUR PERSONAL INFORMATION?

PSG takes all reasonable steps to protect your information from loss, misuse, unauthorized access or disclosure, alteration, or destruction, including through the use of encryption when collecting or transferring personal information including credit card information.

HOW DOES PSG PROVIDE CHOICE IN EMAIL AND MARKETING?

In most instances, PSG gives you options with regard to the personal information you provide, including choices with respect to marketing materials. You may manage your receipt of marketing and non-transactional communications by: (i) clicking on the “unsubscribe” link located at the bottom of every PSG marketing email; or (ii) checking certain boxes on our preference center which can also be found on forms we use to collect personal information.

HOW DOES PSG USE COOKIES AND OTHER ONLINE TRACKING TECHNOLOGIES?

For information on how PSG uses cookies, please see our cookie policy.

SOCIAL MEDIA

Portions of our websites make chat rooms, forums, blogs, message boards, and/or news groups available to you. Please remember that any information that is disclosed in these areas could be made public, so exercise caution when deciding to disclose any personal information.

In addition, Veracode’s website(s) may include social media features, including the Facebook “Like” button.  These features may collect your IP address and identify the web page you are visiting on PSG’s website, and may set a cookie to enable the feature to function properly. You may be given the option by that social media site to post information about your activities on PSG’s website(s) to your profile page on that social media site. Your interactions with these features are governed by the privacy policy of the company that is providing them.

3RD PARTY WEBSITES

PSG’s websites may contain links to other third-party websites. This Privacy Statement does not apply to, and PSG is not responsible for, the privacy practices or the content of such third-party websites, including business partner websites, and their use of personal information will be governed by their own privacy policies.

HOW WILL YOU BE NOTIFIED ABOUT CHANGES TO THIS PRIVACY STATEMENT?

PSG may modify or update this Privacy Statement at any time without prior notice. If we make any changes to this Privacy Statement, we will change the “Last Updated” date at the beginning of this Privacy Statement. If we make material changes to this Privacy Statement that may impact individual rights, PSG will make prominent note of such change on its website at least one month prior to the change taking place.

HOW DO I CONTACT PSG?

If you have any questions, concerns, or comments about this Privacy Statement or our privacy practices, please contact PSG via email at privacy@productsecuritygroup.com with the words “PRIVACY STATEMENT” in the subject line.

You may also reach out by regular mail to:

Product Security Group, Inc.

P.O. Box 815

Fiskdale, MA 01518

Attention: Data Protection Officer

EU/EEA/SWISS - DATA PROTECTION OFFICER

PSG has appointed a Data Protection Officer as the person with responsibility for PSG’s EU/EEA and Swiss data protection compliance. This individual is – Marc French, CISO, PSG. PSG’s Data Protection Officer can be contacted at by email at privacy@productsecuritygroup.com. Questions about this Privacy Statement, or requests for further information, should be directed to PSG’s Data Protection Officer.

EU/EEA/SWISS - LEGAL BASIS

In order to collect, use and otherwise process your Personal Data, PSG relies on the following legal bases:

  • To fulfill any contractual obligations, such as where you have purchased a service from PSG. For example, we may require your contact details in order to deliver your order if you have purchased a service from us.

  • PSG’s legitimate interest in providing its websites and making the Services available to you, provided our interest is not outweighed by the risk of harm to your rights and freedoms.

  • Your consent, where PSG has obtained your consent to process your personal information for certain activities. You may withdraw your consent at any time by contacting privacy@productsecuritygroup.com  However, please note that your withdrawal of consent will not affect the lawfulness of any use of your personal information by PSG based on your consent prior to withdrawal.

  • For compliance with PSG’s legal obligations where applicable laws require PSG to process your Personal Data.

If you have any questions or would like more information regarding the legal basis on which PSG collects your personal information, please contact us at privacy@productsecuritygroup.com .

EU/EEA/SWISS - TRANSFERS TO INDEPENDENT 3RD PARTIES

PSG will disclose Personal Data to Third Parties other than those identified above only if:

  • required by law or legal process (e.g., lawful requests by public authorities, including disclosures to law enforcement authorities in connection with their duties or to meet national security requirements);

  • to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.

  • to protect and defend the legal rights, property/or and legitimate interests of PSG and/or members of its workforce, customers, business partners, Sub-contractors and/or Third Parties; or

  • where necessary for PSG to perform a contractual obligation owed to a customer, member of its workforce or for other lawful purposes.

EU/EEA/SWISS - EXERCISING YOUR PERSONAL DATA ACCESS RIGHTS

To make a personal data access request, individuals in the EU/EEA or Switzerland should send their request to PSG’s Data Protection Officer by email at privacy@productsecuritygroup.com with the words “Data Subject Access Request ” in the subject line.

You may also contact PSG by regular mail at:


Product Security Group, Inc.

P.O. Box 815

Fiskdale, MA 01518
Attention: Data Protection Officer

PSG may need to ask for proof of identification before a request can be processed. PSG will inform the requestor if it needs to verify his/her identity and the documents it requires.

PSG will normally respond to a request within a period of 30 days from the date a request is received. In some cases, such as where PSG processes large amounts of the individual’s data, it may respond within 90 days of the date the request is received. PSG will write to the requestor within 30 days of receiving the original request to tell him/her if more time is needed to complete the response to their request.

If an EU/EEA or Swiss individual submits a request which is manifestly unfounded or excessive, PSG is not required to comply with the request. Alternatively, PSG can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request.