Date Last Revised: September 13, 2023
2. DATA COLLECTION VIA PRODUCTS AND SERVICES
Critical Start delivers security solutions to help protect organizations from advanced cyberattacks. Critical Start will collect data on behalf of and under the legal instructions of our customers in connection with the Product and Services. In that context, our customers are the data controllers and Critical Start is the data processor.
To protect our customers from attackers, Critical Start collects information directly from our customers. Most of the information we collect through our Products and Services is metadata or log alerts, for example, data about how a device is being used, information about software applications, login times, processes launched or executed files, and what operating systems are being utilized. Depending on local laws, some of the data we collect may be considered personal data, such as IP addresses or device ID names. Also, we may collect personal data if it appears within usernames, filenames, file paths, and machine names. However, we only use the data that we collect through our Products and Services in accordance with the terms of the contractual agreement between Critical Start and the Customer, to support the Product and Services, and to improve our capabilities generally.
For example, Critical Start may use the information, including personal data, collected in connection with our Products and Services in the following manner:
3. DATA COLLECTION VIA WEBSITES/WEB PORTALS
We encourage visitors to our website to contact Critical Start. Registration is not required, except for requests for additional information. You may also choose to ask a question, download a whitepaper, or sign-up for email notifications. In all of these scenarios, the online form may require users to give us the following information:
4. COOKIES, OTHER TRACKING TECHNOLOGIES AND CONTACT INFORMATION
As you interact with our website, we may use automatic data collection technologies to collect certain information about your equipment and analyze information on site performance and usage, browsing actions and patterns, including Cookies, user data for sales tools, tracking codes in coordination with offers made on social media sites, and visitor IP addresses and domain names for reporting and website usage analysis.
User information provided to or gathered through the websites will not be sold or provided to third parties for the purposes of solicitation or direct marketing.
User information will only be shared with a third party with assurances from such third party that it (1) will not use or disclose User Information for purposes of solicitation or direct marketing, and (2) will keep the information secure using methods comparable to, or more secure than, the security methods used by Critical Start. To the extent that you provide user information to us concerning third parties, including information regarding your company, that information will be subject to the same conditions as set forth above.
User Information may be compiled into user profiles that are maintained by Critical Start or by third party services used by Critical Start to manage customer information), and may be used for the following purposes:
5. DISCLOSURES / ONWARD TRANSFERS OF PERSONAL DATA
Critical Start may provide personal data to third parties that act as agents, consultants, business partners and service providers to perform tasks on behalf of and under our instructions (“Third Parties”) under appropriate safeguards. For example, Critical Start may store such personal data in the facilities operated by Third Parties. Such Third Parties may process personal data both inside and outside the United States. Whenever we transfer personal data out of the organization, we ensure a similar degree of protection is afforded to it by ensuring that an appropriate and legitimate data transfer mechanism is in place.
Where required to comply with applicable law, Critical Start may disclose your personal data to government or law enforcement officials.
6. GENERAL DATA PROTECTION REGULATION (GDPR)
Critical Start complies with the GDPR Framework regarding the collection, use, and retention of personal information from users in the European Union member countries. Critical Start has certified that it adheres to the GDPR Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement, and liability. If there is any conflict between this Policy and the GDPR Principles, the GDPR Privacy Principles shall govern.
Critical Start is responsible for the processing of personal data it receives and subsequently transfers to a third party acting as an agent on its behalf. Critical Start complies with the GDPR Principles for all onward transfers of personal data from the European Union, including the onward transfer liability provisions.
Prior to the re-certification, Critical Start will conduct an in-house verification to ensure that its attestations and assertions regarding its treatment of personal data is accurate and that the company has appropriately implemented these practices.
7. ENFORCEMENT AND DISPUTE RESOLUTION
In compliance with GDPR Principles, Critical Start commits to endeavor to promptly resolve complaints about privacy and our collection or use of personal information. Individuals with questions or concerns about the use of their personal data should contact us at: [email protected] and, if applicable, identify the Company or other organization with whom they are affiliated or for whom their data was collected, if collection was for a customer.
If you have an unresolved privacy or data use concern that we have not addressed satisfactory, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.criticalstart.com/contact/general-inquiry/.
8. RETENTION PERIOD
We will retain your personal data as needed to fulfill the purposes for which it was collected. We will retain and use your personal data as necessary to comply with our business requirements, legal obligations and resolve disputes. When providing the Products and Services, Critical Start retains personal data for as long as our customer’s account is active and a short period thereof, as necessary to provide the Products and Services, as permitted in our agreement with Customers, to resolve any billing disputes, as needed for compliance audits and assessments, or as required or permitted under applicable law.
We may retain aggregated anonymized or de-identified data for longer periods of time, in accordance with applicable law and any applicable Customer agreement.
9. CALIFORNIA RESIDENT NOTICE
California Civil Code Section 1798.83 permits California residents to request a notice from us describing which categories of personal information we have shared with third parties or corporate affiliates for those third parties or corporate affiliates’ direct marketing purposes within the last calendar year, and the name and address of such parties. If you are a California resident and would like a copy of this notice, please send an email to [email protected] with “California Privacy Rights Request” in the subject line.
10. NOTICE REGARDING CHILDREN’S DATA
Our website and our Products and Services are not intended for children under 13 years of age. No one under age 13 may provide any information to or on our websites or our Products and Services. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on our websites, or our Products and Services, or on or through any of the features, including registration features, use any of the interactive or public comment features of the website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at [email protected].
11. DATA INTEGRITY AND SECURITY
Critical Start uses reasonable efforts to maintain the accuracy and integrity of personal data and to update it as appropriate. Critical Start has implemented physical and technical safeguards to protect personal data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. Critical Start also employs access restrictions, limiting the scope of employees and service providers who have access to personal data. Further, Critical Start uses secure encryption technology to protect certain categories of personal data. Despite these precautions, no data security safeguards guarantee 100% security all the time.
12. RIGHTS REGARDING PERSONAL DATA
Individuals may have one or more of the following additional rights regarding their personal data, depending on their country of residence and, if their data is collected by or on behalf of a Critical Start customer, depending on such customer’s policies and agreements with Critical Start: Access, Rectification, Erasure, Objection, Right to Object to Direct Marketing.
Critical Start will endeavor to respond in a timely manner to all reasonable written requests to exercise any of the rights listed above. Such requests must be made by contacting us as set forth below and including sufficient details so that we are able to understand the request and respond.
Critical Start only processes and discloses the personal data related to our Products and Services as specified in the agreements with our customers. Customers control how personal data is disclosed to us and processed, and how it can be modified. Accordingly, if you, as an individual, want to request access, or to limit use or disclosure of your personal data, please contact the company to which you submitted your personal data and that uses Critical Start Products and Services. If you contact Critical Start and provide the name of the Customer to which you provided your personal data, we will refer your request to that Customer and support them in responding to your request.
13. RESPONSIBILITIES AND MANAGEMENT
Critical Start will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the personal data that it collects. Critical Start personnel will receive training, as applicable, to effectively implement this Policy.
14. CHANGES TO THIS POLICY
This Policy may be amended from time to time, consistent with GDPR Principles and applicable data protection and privacy laws and principles. If we make material changes in how we use personal information, we will provide notification by email if feasible or by means of a notice on this website. We encourage Customers and users to periodically review this page for the latest information on our privacy practices.
15. CONTACTING US
Data Privacy Officer
Critical Start, Inc.
6100 Tennyson Parkway, Suite 200; Plano, TX 75024 [email protected]
CRITICALSTART® and MOBILESOC® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Cyber Operations Risk & Response™ platform, and Trusted Behavior Registry®. Any unauthorized use is expressly prohibited.