Privacy Policy

1. Introduction

This Privacy Policy describes the way Critical Start, Inc. and its subsidiaries and affiliates (collectively "Critical Start" or "we") collect, use, maintain, and disclose personal information from users of our websites and from customers who use our products and services ("Products and Services") including related Web portals. This Privacy Policy does not pertain to personal information of Critical Start employees.

2. Data Collection via Products and Services

Critical Start delivers security solutions to help protect organizations from advanced cyberattacks. Critical Start will collect data on behalf of and under the legal instructions of our customers in connection with the Product and Services. In that context, our customers are the data controllers and Critical Start is the data processor.

To protect our customers from attackers, Critical Start collects information directly from our customers. Most of the information we collect through our Products and Services is metadata or log alerts, for example, data about how a device is being used, information about software applications, login times, processes launched or executed files, and what operating systems are being utilized. Depending on local laws, some of the data we collect may be considered personal data, such as IP addresses or device ID names. Also, we may collect personal data if it appears within usernames, filenames, file paths, and machine names. However, we only use the data that we collect through our Products and Services in accordance with the terms of the contractual agreement between Critical Start and the Customer, to support the Product and Services, and to improve our capabilities generally.

For example, Critical Start may use the information, including personal data, collected in connection with our Products and Services in the following manner:

• To provide, operate, secure, support, personalize, and improve our Products and Services;
• To adapt Products and Services to respond to new threats and develop new feature, Products or Services;
• To participate in threat intelligence networks and conduct research and analysis;
• To provide customer support, manage Customer accounts, respond to requests, questions, and comments, and to work with our vendors;
• To meet our contractual requirements, to comply with legal or regulatory requirements and our internal policies, to protect against criminal activity, fraud, claims and other liabilities;
• To perform other activities consistent with this Privacy Policy or as otherwise requested or consented to by our Customers;
• To take actions necessary to protect and/or to defend Critical Start's rights and property (including intellectual property);
• To protect against misuse or unauthorized use of our Products and Services, and for other legitimate purposes.

3. Data Collection via Websites/Web Portals

We encourage visitors to our website to contact Critical Start. Registration is not required, except for requests for additional information. You may also choose to ask a question, download a whitepaper, or sign-up for email notifications. In all of these scenarios, the online form may require users to give us the following information:

• The user's first and last name
• The user's company or organization
• A valid telephone number for the user
• A valid e-mail address for the user
• The state or province in which the user is located
• The country in which the user is located

4. Cookies, Other Tracking Technologies and Contact Information

As you interact with our website, we may use automatic data collection technologies to collect certain information about your equipment and analyze information on site performance and usage, browsing actions and patterns, including Cookies, user data for sales tools, tracking codes in coordination with offers made on social media sites, and visitor IP addresses and domain names for reporting and website usage analysis.

User information provided to or gathered through the websites will not be sold or provided to third parties for the purposes of solicitation or direct marketing.

We may, however, disclose aggregated, anonymized information about our users, and information that does not identify any individual, without restriction. We may disclose user information that we collect, or you provide as described in this Privacy Policy to contractors, service providers and other third party service providers that we use to manage customer information and support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

User information will only be shared with a third party with assurances from such third party that it (1) will not use or disclose User Information for purposes of solicitation or direct marketing, and (2) will keep the information secure using methods comparable to, or more secure than, the security methods used by Critical Start.

Our website may contain links to other websites, including our partners and media web sites. Please be aware that our privacy policy does not apply to these other third-party sites.

User Information may be compiled into user profiles that are maintained by Critical Start or by third party services used by Critical Start to manage customer information, and may be used for the following purposes:

• To send you information about Critical Start, product updates, special offers, and newsletters
• To provide customer support for Critical Start Products and Services
• To initiate or to respond to a subpoena, investigative demand, or other discovery request
• To take actions necessary to protect and/or to defend Critical Start's rights and property
• To protect against misuse or unauthorized use of our website

5. Disclosures / Onward Transfers of Personal Data

Critical Start may provide personal data to third parties that act as agents, consultants, business partners and service providers to perform tasks on behalf of and under our instructions under appropriate safeguards. Such Third Parties may process personal data both inside and outside the United States. We ensure a similar degree of protection is afforded through appropriate data transfer mechanisms.

Where required to comply with applicable law, Critical Start may disclose your personal data to government or law enforcement officials.

6. General Data Protection Regulation (GDPR)

Critical Start complies with the GDPR Framework regarding the collection, use, and retention of personal information from users in the EU. If there is any conflict between this Policy and the GDPR Principles, the GDPR Principles shall govern.

Critical Start complies with the GDPR Principles for all onward transfers of personal data, including liability provisions. Critical Start conducts in-house verifications prior to re-certification.

7. Enforcement and Dispute Resolution

If you have questions or concerns about use of your data, contact us at privacy@criticalstart.com. If unresolved, contact our third party dispute resolution provider at this link.

8. Retention Period

We retain personal data as needed to fulfill its purpose, as required by legal obligations, or as permitted under customer agreements. Aggregated or anonymized data may be retained longer.

9. California Resident Notice

California residents may request a disclosure notice regarding shared personal data, or exercise any other right granted under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). To submit a request, email privacy@criticalstart.com with the subject "California Privacy Rights Request." You may also designate an authorized agent to submit a request on your behalf, subject to our verification procedures.

10. Notice Regarding Children's Data

Our websites and services are not intended for children under 13. We do not knowingly collect information from them. Contact us if you believe a child has provided data.

11. Data Integrity and Security

We use reasonable safeguards, including encryption and access restrictions, to protect personal data. However, no security system is completely foolproof.

12. Rights Regarding Personal Data

You may have rights such as access, rectification, erasure, objection, and direct marketing opt-out. Contact us to exercise these rights. If your data was submitted to us by a customer, please contact that customer directly.

13. Responsibilities and Management

George Jones, Chief Information Security Officer, is the Data Privacy Officer. He oversees compliance and approves material privacy-related changes. Contact: privacy@criticalstart.com

14. Changes to This Policy

We may amend this policy as necessary. Significant changes will be communicated via email or notice on our website.

15. Contacting Us

If you have any questions, please contact:

George Jones
Data Privacy Officer
Critical Start, Inc.
6100 Tennyson Parkway, Suite 200
Plano, TX 75024
privacy@criticalstart.com