Last updated: April 17, 2019.
This Policy does not apply to information collected by any third party, including through any application or content that links to or is accessible from the Fidelis Services. If you do not agree to the terms of this Policy, please do not use, access, download, install, or utilize (collectively, “use”) any Fidelis Services or otherwise provide us with any personal data.
Information We Collect and How We Use Your Information
Below we have outlined the categories of personal data that Fidelis will collect and the applicable processing purposes associated with the Fidelis Services. Fidelis does not process personal data revealing religious beliefs, racial or ethnic origin, political opinions, philosophical beliefs, trade union membership, or sex life. Fidelis will only process personal data that is necessary for carrying out the purpose for it was collected. The legal basis for the processing purposes listed below is either (i) in connection with a contract, (ii) legitimate business interests (if such interest is not overridden by an individual’s fundamental rights and freedoms or interests), (iii) other applicable legal provisions, or (iv) an individual’s explicit consent. The legitimate business interests are mainly order fulfillment, responding to customer inquiries, communicating with customers and Site users who have requested communication from Fidelis, and promoting Fidelis’ business.
While Using the Software
As an integral part of its functionality, the Software will automatically collect and transmit certain files and processes, including portable executable files or other executable code, that exist on, or are being introduced into a computer system or network (“Files”), to identify potential or actual malicious code, malware, or other intrusive artifacts or processes (collectively “Potentially Malicious Code”). Such Files are transmitted to our servers so that we can analyze them for malicious code, malware, or other intrusive programs. We will also collect certain systems telemetry information, including, without limitation, the path and file name of the Potentially Malicious Code, user names; MAC Addresses; network information; hardware type; model number; hard disk size; CPU type; disk type; RAM size; systems architecture; operating system; versions; locale; BIOS version; BIOS model; system telemetry; device ID; IP address; location; information about third-party products; and other configurations, settings, and artifacts. This is in order to provide customer support and provide functionality to the software. Where customers are using the cloud solution of the Software, under certain circumstances it will be possible for Fidelis to see the Files submitted, which could include personal data.
When You Use Fidelis Services
We will automatically collect certain aggregate information and analytical data related to the use of the Fidelis Services (including visiting the Site – see “Tracking Technologies” below), including the date and time of the visit; the Internet Protocol (“IP”) address of the computer; information about the browser and operating system used; the state or country from which the Site was accessed; the Internet address visited before reaching the Site; error logs; the name of the domain and host used to access the Internet; the features of the Site that were accessed; and other hardware and software information. We will associate the data we automatically collect about you with personal data that you share with us. We use data automatically collected about you as described in this Policy and to manage traffic loads and information technology requirements for providing reliable service, as well as to enhance the Site by tailoring our content to your interests and needs.
Email & Marketing Communications
If you opt-in (on line or in person) to our mailing list or to receive additional information, attend a webinar, or sign up to attend a live event, you will receive emails that include company news, updates, related product or service information, marketing materials, and other information related to Fidelis Services including any information that you have requested. In order to receive these communications, you must provide your name, company name, email address, and phone number. We will associate any personal data you submit to us with information collected about you through other means such as cookies, web beacons, or social media plugins. This will help us better tailor content delivered to you through a variety of ways, including online advertisements. Some of our third-party business partners provide Fidelis with services that require us to provide them with your personal data. These third-party business partners are not permitted to use the information collected on our behalf except to help us conduct business, improve, or provide the Fidelis Services. We include unsubscribe instructions at the bottom of each email if at any time you would like to unsubscribe from receiving future emails.
We will also send you notifications via email regarding Fidelis Services in order to keep you informed of any updates or changes to the Fidelis Services (e.g., product updates and support communications). These email communications are essential for the continued functionality of the Fidelis Services, and you will continue to receive these types of email communications even if you choose to opt-out of any other email communication from us.
If you would like to review your communication preferences, or if you do not want to receive further information or materials from us, you can update your information or opt-out by following the instructions contained within each communication from us. You can also contact us at firstname.lastname@example.org or write to us at the address listed at the end of this Policy.
Your Account Information
Information you provide when you create an account on our Site, register your Software, or in relation to the receipt of any other Service includes your name, company name, personal and/or business email address, phone number, and any other personal data you provide (“Account Information”). Your Account Information is stored securely with controlled access and used to inform you of updates, respond to inquiries for service requests, authenticate your use of the Software, manage the Site and the Software, assess the usage of the Services, and (where you have signed up to receive communication from us) send you email and marketing communications.
We will also collect and processes your personal and financial information (bank account information and business contact information) so that we can process your purchase of our Software and Services.
In connection with providing Fidelis Services to its clients, Fidelis collects personal data from employees and customers of our clients, users of our clients’ networks and systems, and individuals that connect to our clients’ networks and systems. The use of information collected as a result of providing Fidelis Services to our clients will be limited to the purposes for providing the Software or Services to the client. We will transfer personal data to other companies that help us provide our Software and Services to our clients. Transfers to subsequent third parties are covered by the service agreements with our clients.
- Review and report total audience size and traffic.
- Provide customized content.
- Track any preferences you specify while you are using Fidelis’ products and services.
- Conduct research to improve Fidelis’ content and services.
- Provide targeted advertising in relevant contexts on external sites.
- Keep track of preferences you specify while you are using third-party services.
- Enable third parties to aggregate anonymous user behavior data and provide such research data to Fidelis.
- Monitor and report on site and service usage across our website.
Outside Parties; Disclosure of Information
Except as provided in this Policy, we do not sell, trade, lease, rent, or otherwise transfer your personal data to third parties. We reserve the right to share your information with third-party business partners and service providers who assist us in operating our Site, conducting our business, and providing you with the Fidelis Services. Fidelis requires these third parties to take commercially reasonable steps to safeguard your personal data and not use your personal data for other purposes unless you consent.
We will also disclose your personal data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that such disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, respond to a government request, or to conduct investigations of violations of our End User License Agreement. For example, if we conduct a fraud investigation and conclude that one side has engaged in deceptive practices, we may provide that person or entity’s contact information to victims who request it.
We may also provide access to, assign, or disclose information maintained by us, including your Account Information, in connection with a corporate transaction, such as a merger, acquisition, or purchase of all or substantially all of our assets.
The Site includes links to third-party sites, products, or services, and your access to these third-party sites, products, or services will result in the collection or sharing of your information. These third parties have separate and independent privacy policies. We are not responsible or liable for the content and activities of these linked sites, products, or services. The inclusion of these third-party sites, products, or services on our Site shall not be construed to be an endorsement or representation regarding any third-party sites, products, or services. We encourage you to review the privacy policies of such third parties.
Your Rights With Regard to Your Personal Data
We remind you that you may at any time exercise the following rights:
- The right to request access to your personal data, which includes the right to obtain confirmation from us as to whether or not personal data concerning you is being processed, and where that is the case, access to the personal data and information related to how it is processed.
- The right to rectification or erasure of your personal data, which includes the right to have incomplete personal data completed, including by means of providing a supplementary statement, certain rights to request us to erase your personal data without undue delay.
- The right to restrict to processing concerning your personal data, which includes restricting us from continuing to process your personal data under certain circumstances (e.g., where you contest the accuracy of your personal data, processing is unlawful, your personal data is no longer needed for the purposes of processing, or you have otherwise objected to processing related to automated individual decision-making).
- The right to object to processing concerning your personal data, where your personal data is processed for direct marketing purposes, where processing is necessary for the performance of a task carried out in the public interest, or where processing is necessary for the purposes of the legitimate interests pursued by the Company or a third party, unless we demonstrate compelling legitimate grounds for the processing which override such interests.
- The right to data portability, which includes certain rights to have your personal data transmitted from us to another controller.
- Where data processing is based on your consent, the right to withdraw consent at any time.
- The right to lodge a complaint with a supervisory authority.
Any requests related to the above rights may be made by contacting us at email@example.com.
Fidelis acknowledges that you have the above rights regarding your personal data. However, Fidelis has no direct relationship with the individuals whose personal data it will process on behalf of Fidelis’ clients. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to Fidelis’ client (the data controller).
We have implemented measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure (such as identity an access management, password rotation, access control monitoring, and leading firewall technologies). Personal data provided to us in accordance with this policy will be encrypted in transit.
Cross-Border Transfers of Personal Data
The information we collect will be stored in the United States because our operations are primarily in the United States. As such, your information will be transferred to, used, processed, or maintained on computers located outside of your province, country, or other governmental jurisdiction, and privacy laws may not be as protective as those in your jurisdiction. In situations where you are located outside the United States and choose to provide information to us, we will transfer your information to the United States and process it there.
Where transfers of personal data are made outside of the European Economic Area (“EEA”) to countries that have different standards of data protection, we will ensure that appropriate safeguards to adequately protect the personal data are implemented to ensure such data transfers in compliance with applicable data protection laws. We have implemented international data transfer agreements based on EU Standard Contractual Clauses in order to provide appropriate and suitable safeguards for personal data being transferred to countries outside the EEA where an adequate level of protection is not already guaranteed. A copy can be obtained by contacting us (contact information provided below). Fidelis has also self-certified to the EU-U.S. Privacy Shield (please review the EU-U.S. Privacy Shield section below to learn more about our compliance).
EU-U.S. Privacy Shield
Fidelis complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union to the United States. Fidelis has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability for all personal data that it receives from the EU. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov. The Federal Trade Commission has jurisdiction over Fidelis’ compliance with the Privacy Shield.
Under certain circumstances, Fidelis may remain liable under the Privacy Shield Principles if our agents process your European Union personal data that we transfer to them in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Fidelis is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Fidelis may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Fidelis commits to resolve complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us by using our “Contacting Us” information provided below.
Fidelis has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, it may be possible for you to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information, see the U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).
Children Under the Age of 16
We do not knowingly collect any information from anyone under 16 years of age, and the Fidelis Services are not intended nor are they directed to children under the age of 16. If you become aware that your child has provided us with personal data without your consent, please contact us at firstname.lastname@example.org. A parent or guardian of a child under the age of 16 may review and request deletion of such child’s personal data as well as prohibit the use thereof. If we become aware that a child under 16 has provided us with personal data, we will take steps to remove such information from our active systems and will terminate the child’s account.
Unless otherwise required by law, Fidelis will erase personal data when it is no longer necessary in relation to the purposes for which was collected or otherwise processed; when you withdraw your consent (where lawfulness of processing was based on your consent) and there is no other legal ground for the processing; when you object to the processing and there are no overriding legitimate grounds for the processing; when your personal data has been unlawfully processed; and when it is necessary to comply with legal obligations.
Terms of Service for Site Usage
Please also visit our Terms of Service section establishing the use, disclaimers, and limitations of liability governing the use of the Site at Terms of Service.
Additional Terms and Conditions for Software
This Policy applies only to information collected through our Site or by the use of our Software or the utilization of our Services and not to information collected offline. Your download and use of our Software is subject to additional terms and conditions that define your rights, as well as our rights, with respect to the Software and its use. Those additional terms and conditions are contained in the Evaluation Agreement or End User License Agreement that you are required to accept prior to downloading the Software.
Each time you use the Fidelis Services, the current version of this Policy will apply. We reserve the right to change this Policy at any time to reflect changes in the law, the Fidelis Services we provide, our business and technology, and our data collection and use practices. Accordingly, each time you use the Fidelis Services, you should check the date of this Policy (which appears at the top of the Policy) and review any changes since the last version. If we make any material changes, we will notify you by the email address specified in your Account Information or by means of a notice on the Site prior to the change becoming effective.
Your continued use of the Fidelis Services following the posting of changes to this Policy will mean you accept those changes.
Notice To California Residents
If you are a California resident, California Civil Code Section 1798.83 permits you to request and obtain from us once a year, free of charge, information regarding the disclosure of your personal data by the Company to third parties for the third parties’ direct marketing purposes. With respect to these entities, this Policy applies only to their activities within the State of California. If you are a California resident and would like to request this information, please send an email to email@example.com or write to us at the address below.
If there are any questions regarding this Policy or our privacy practices, you may contact us using the information below:
Fidelis Cybersecurity, Inc.
Vice President & Corporate Counsel
4500 East West Highway, 4th Floor
Bethesda, MD 20814
If you are a resident in the European Economic Area, Fidelis Cybersecurity, Inc. is the data controller of your personal data, except where we are only acting as a processor on behalf of another controller.