When pentestIQ receives Personal Data from enterprise customers in the EU or Switzerland and processes that Personal Data on the customer’s behalf, pentestIQ acts as a processor (“Processor”). When pentestIQ collects and uses Personal Data on its own behalf or otherwise makes independent decisions about how the Personal Data will be used, pentestIQ acts as a controller (“Controller”). This Policy explains how pentestIQ complies with the Privacy Shield Principles as a processor and as a controller.
By using our Site or Services, you are accepting the practices described in this Policy.
Broadly speaking, we collect information in three ways: (1) when you provide it directly to us, (2) when we obtain information about you from third parties or our systems, and (3) passively through technology such as “cookies.” The types of information that we collect, and our use of that information are described below.
Cookies, Web Server Logs and Other Technologies
Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, language, and browser type and version. We use this information to ensure that the Site functions properly.
Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Site, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address.
To simply browse our Site, you are not required to provide any Personal data. However, we may gather information from cookies and similar technologies, as described directly above, for the purposes of monitoring and improving our Site and understanding and improving the effectiveness of our advertising.
To gain full access to our Site and Services, you must register for a pentestIQ account. When you register for an account, we collect Personal data such as the following:
Our Site and Services are directed to the general public. We do not knowingly collect Personal data from children under 13 years of age.
We may use and disclose information that is not Personal data for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine non-Personal data with Personal data. If we do, we will treat the combined information as Personal data as long as it is combined.
We will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete and current for as long as long as we retain it. We will not use the Personal Data for a purpose that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will also retain Personal Data about you in a form identifying or making you identifiable only for as long as it serves a purpose of the data processing.
We may disclose your Personal data to law enforcement, government officials, or other third parties if we believe necessary or appropriate: (i) to respond to a subpoena, court order or other legal process, (ii) to comply with laws, statutes, rules or regulations, (iii) to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms of Service.
In addition, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar events, any information in our possession may be transferred to our successor or assign.
We may occasionally email you with information about offers or new services. You can opt-out of these marketing email communications by replying with unsubscribe in the subject line, or via an unsubscribe link included in such communications. However, you will continue to receive certain email communications related to your account including information regarding transactions and your relationship with pentestIQ.
In accordance to the Privacy Shield Frameworks, you have the right to access, correct or delete your personal data. In case you would like to do so, please contact us via support@pentestIQ.com. Additionally, you may contact us to discuss specific options to limit the use and disclosure of your personal data. Please bear in mind however, that some data might be required to make use our services.
Although no data transmission can be guaranteed to be 100% secure, we take reasonable steps to protect Personal data. pentestIQ maintains reasonable administrative, technical, and physical procedures to protect information stored in our servers, which are located primarily in the United States.
The Site and Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. As mentioned above, in some cases, we might be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Your Personal data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Site and Services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal data.
You may revoke your consent to the processing of your data at any time by sending an email to support@pentestIQ.com. You may ask us at any time for information about any personal data we hold about you, or ask us to correct or delete that information.
We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Frameworks.