Last Updated January 2020
At Product Security Group, Inc [PSG] we care about your privacy and we are committed to protecting your personal information.
This Privacy Statement governs personal information that PSG collects from customers, event attendees, and online visitors (“you” or “your”) in connection with your use of PSG’s websites, services, corporate meetings and other events where we post or link to this Privacy Statement, as well as information we automatically collect from your online visits (e.g. data collected via cookies).
For the purposes of this Privacy Statement, “personal information” means any information that, by itself, can identify you or can be combined with other information to identify you and for the purposes of the EU General Data Protection Regulation includes “personal data”.
WHAT PERSONAL INFORMATION DOES PSG COLLECT ABOUT YOU?
We collect personal information when you:
Register for webcasts, seminars, conferences, or other events sponsored by us or one of our business partners;
Request quotes, services, product support, trials, whitepapers and related downloads, or additional information;
Subscribe to newsletters, promotional emails or other PSG materials;
Participate in surveys, sweepstakes or contests;
Apply for a job or submit your resume/CV; or
Personal information we may collect includes:
Job Applicant: Full name, email address, personal phone number, personal address, title, prior employer(s), education.
Employee: Full name, email address, personal phone number, personal address, title, prior employer(s), education, bank account number, tax ID, criminal history, photo
Customer / Prospective Customer / Partner employee: Full name, business email address, company, title, business phone number, business address, photo.
Visitor: Full name, email address, company, photo.
When we ask you to provide your personal information, we will advise you at the time of collection whether providing your personal information is necessary for your access to, or use of, PSG’s products, programs, applications and/or services. When we ask for personal information through one of our registration pages on our website, you will have the option of not providing the information, in which case you may still be able to access other portions of the website, although you may not be able to access certain programs or services.
PERSONAL INFORMATION FROM OTHER SOURCES
We may also obtain information about you from other sources and combine that with information we collect through our Services. For example, we may aggregate your personal information with information that you make publicly available on social media or third-party websites to better market our Services to you.
INFORMATION AUTOMATICALLY COLLECTED
HOW DOES PSG USE YOUR PERSONAL INFORMATION?
We use your personal information to:
Provide and deliver the requested Services;
Send you transaction information, including confirmations, transaction status, services information, updates, security alerts, and support and administrative messages;
Administer your account, including verifying your information;
Respond to your comments and questions and provide customer support or other services;
Offer Live Chat assistance to facilitate the delivery of the requested Services;
Operate and improve our websites, products, and services;
Ask you to take part in surveys used to measure our performance and improve our services and customer experience;
Communicate with you about new promotions and upcoming events if you have agreed to receive marketing communications from us;
Invite you to corporate events, online forums, communities and social networks;
Link or combine with other information we get from third parties, to help understand your needs, and customize our offerings and market our Services based on your needs;
Perform other functions or serve other purposes, as disclosed to you at the point of collection, or as otherwise required or allowed under applicable laws including tax and financial laws and regulations such as anti-money laundering and fraud prevention; employment laws; court orders, etc.
RETENTION OF PERSONAL INFORMATION
PSG retains your personal information data as long as is necessary to fulfill the purposes for which it was collected and in accordance with PSG’s record retention policy and applicable law.
HOW DOES PSG SHARE YOUR PERSONAL INFORMATION?
We share your personal information with third parties for the purposes described below:
Third-Party Vendors/Service Providers. We rely on third-party vendors, consultants and other service providers to perform functions on our behalf and under our instruction in order to make our websites and the Services available to you.
Legal Obligations and Rights. We disclose your personal information: (i) in connection with the establishment, exercise or defense of legal claims; (ii) to comply with laws or to respond to lawful requests or legal process; (iii) for fraud or security monitoring purposes (e.g., to detect and prevent cyberattacks); (iv) or as otherwise permitted by applicable law.
Business Reorganization. We may share your personal information in connection with a sale or business transaction (e.g., merger or acquisition).
PSG also uses or shares anonymized aggregate data (data from which personal information has been removed).
Except as described above, PSG will not disclose your personal information to third parties for their own marketing purposes without your consent.
HOW DOES PSG PROTECT YOUR PERSONAL INFORMATION?
PSG takes all reasonable steps to protect your information from loss, misuse, unauthorized access or disclosure, alteration, or destruction, including through the use of encryption when collecting or transferring personal information including credit card information.
HOW DOES PSG PROVIDE CHOICE IN EMAIL AND MARKETING?
In most instances, PSG gives you options with regard to the personal information you provide, including choices with respect to marketing materials. You may manage your receipt of marketing and non-transactional communications by: (i) clicking on the “unsubscribe” link located at the bottom of every PSG marketing email; or (ii) checking certain boxes on our preference center which can also be found on forms we use to collect personal information.
Portions of our websites make chat rooms, forums, blogs, message boards, and/or news groups available to you. Please remember that any information that is disclosed in these areas could be made public, so exercise caution when deciding to disclose any personal information.
3RD PARTY WEBSITES
PSG’s websites may contain links to other third-party websites. This Privacy Statement does not apply to, and PSG is not responsible for, the privacy practices or the content of such third-party websites, including business partner websites, and their use of personal information will be governed by their own privacy policies.
If the California Consumer Privacy Act (CCPA) applies to your information, we provide these disclosures described in this policy so you can exercise your rights to receive information about our data practices, as well as to request access to and deletion of your information. You can also read more about PSG’s data retention periods, and the process we follow to delete your information in this document.
PSG does not sell your personal information. We only share your information as described in this policy. PSG processes your information for the purposes described in this policy, which include “business purposes” under the CCPA. These purposes include:
Protecting against security threats, abuse, and illegal activity. PSG uses and may disclose information to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, PSG may receive or disclose information about IP addresses that malicious actors have compromised.
Auditing and measurement. PSG uses information for analytics and measurement to understand how you use our website.
Maintaining our services. PSG uses information to ensure our services are working as intended, such as tracking outages or troubleshooting bugs and other issues that you report to us.
Research and development. PSG uses information to improve our services and to develop new products, features and technologies that benefit our users and the public.
PSG also uses information to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.
If you have additional questions or requests related to your rights under the CCPA, PSG at the address listed below.
HOW WILL YOU BE NOTIFIED ABOUT CHANGES TO THIS PRIVACY STATEMENT?
PSG may modify or update this Privacy Statement at any time without prior notice. If we make any changes to this Privacy Statement, we will change the “Last Updated” date at the beginning of this Privacy Statement. If we make material changes to this Privacy Statement that may impact individual rights, PSG will make prominent note of such change on its website at least one month prior to the change taking place.
HOW DO I CONTACT PSG?
If you have any questions, concerns, or comments about this Privacy Statement or our privacy practices, please contact PSG via email at firstname.lastname@example.org with the words “PRIVACY STATEMENT” in the subject line.
You may also reach out by regular mail to:
Product Security Group, Inc.
P.O. Box 815
Fiskdale, MA 01518
Attention: Data Protection Officer
EU/EEA/SWISS - DATA PROTECTION OFFICER
PSG has appointed a Data Protection Officer as the person with responsibility for PSG’s EU/EEA and Swiss data protection compliance. This individual is – Marc French, CISO, PSG. PSG’s Data Protection Officer can be contacted at by email at email@example.com. Questions about this Privacy Statement, or requests for further information, should be directed to PSG’s Data Protection Officer.
EU/EEA/SWISS - LEGAL BASIS
In order to collect, use and otherwise process your Personal Data, PSG relies on the following legal bases:
To fulfill any contractual obligations, such as where you have purchased a service from PSG. For example, we may require your contact details in order to deliver your order if you have purchased a service from us.
PSG’s legitimate interest in providing its websites and making the Services available to you, provided our interest is not outweighed by the risk of harm to your rights and freedoms.
Your consent, where PSG has obtained your consent to process your personal information for certain activities. You may withdraw your consent at any time by contacting firstname.lastname@example.org However, please note that your withdrawal of consent will not affect the lawfulness of any use of your personal information by PSG based on your consent prior to withdrawal.
For compliance with PSG’s legal obligations where applicable laws require PSG to process your Personal Data.
If you have any questions or would like more information regarding the legal basis on which PSG collects your personal information, please contact us at email@example.com .
EU/EEA/SWISS - TRANSFERS TO INDEPENDENT 3RD PARTIES
PSG will disclose Personal Data to Third Parties other than those identified above only if:
required by law or legal process (e.g., lawful requests by public authorities, including disclosures to law enforcement authorities in connection with their duties or to meet national security requirements);
to protect and defend the legal rights, property/or and legitimate interests of PSG and/or members of its workforce, customers, business partners, Sub-contractors and/or Third Parties; or
where necessary for PSG to perform a contractual obligation owed to a customer, member of its workforce or for other lawful purposes.
EU/EEA/SWISS - EXERCISING YOUR PERSONAL DATA ACCESS RIGHTS
To make a personal data access request, individuals in the EU/EEA or Switzerland should send their request to PSG’s Data Protection Officer by email at firstname.lastname@example.org with the words “Data Subject Access Request ” in the subject line.
You may also contact PSG by regular mail at:
Product Security Group, Inc.
P.O. Box 815
Fiskdale, MA 01518
Attention: Data Protection Officer
PSG may need to ask for proof of identification before a request can be processed. PSG will inform the requestor if it needs to verify his/her identity and the documents it requires.
PSG will normally respond to a request within a period of 30 days from the date a request is received. In some cases, such as where PSG processes large amounts of the individual’s data, it may respond within 90 days of the date the request is received. PSG will write to the requestor within 30 days of receiving the original request to tell him/her if more time is needed to complete the response to their request.
If an EU/EEA or Swiss individual submits a request which is manifestly unfounded or excessive, PSG is not required to comply with the request. Alternatively, PSG can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request.