Privacy Policy

Dated 19 June 2020

Team Cymru, Inc. is an internet security research and threat intelligence company. We provide solutions to help our clients keep their data and networks secure.

This Privacy Policy (“Policy”) describes the how Team Cymru collects, uses, maintains, and discloses information from users of our website (“Site”), prospective clients or job candidates, situations in which Team Cymru is a data controller, and from the use of our products and community services (“Products”).

For purposes of this Policy: the terms “user,” “client,” “you,” and “your” are meant to refer to the individuals about whom we may collect personal information, and at times may be used within the Policy interchangeably; and the terms “we,” “us,” “our,” and “Team Cymru” are meant to refer to Team Cymru, Inc. and at times may be used within the Policy interchangeably.

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Policy.

1. What We Collect About You, Why, and How We Use It

A. What Information Do We Collect?

Information collected and used by Team Cymru may include, among other things, the Internet Protocol (IP) address, browser information, device ID, the type of computer and technical information about a user, such as the operating system and the Internet service providers utilized and other similar information, some of which may be considered personal information in your jurisdiction.

From users who are required to login to gain access to a particular website feature or Product, we collect usernames, passwords, and other login credentials that are used for the purpose of verifying user authorization to access the feature or Product.

Our site and our Products are not designed for or directed at children 18 years of age or younger. Team Cymru will not intentionally collect or maintain personal information from children 18 years of age or younger. If we learn we have collected or received personal information from a child 18 years of age or younger without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child 13 years of age or younger, please contact us via email at privacy@cymru.com

B. Why Do We Collect This Information?

Team Cymru processes information in the course of running our website, processing payments, providing support, improving user experience, running our infrastructure, preventing fraud, enforcing our legal rights, sending marketing and other communications, processing agreements, complying with our legal obligations, to achieve other legitimate interests, and where users have provided consent. Personal information, such as contact information, is collected from our website, Products, partners, and where you have provided it directly to Team Cymru.

C. How Do We Use And Share This Information?

Team Cymru does not sell, trade, or rent the personal information we collect from our website to others. When we collect personal information through our Products, it is made available to the Team Cymru client who was the source of the information and we use it as described in this Privacy Policy, terms and conditions, or otherwise as directed by our clients. We may use third party service providers or partners to help us operate our business; provide, support, maintain, or secure our Products and our website; or administer activities on our behalf, such as events or marketing campaigns. It may be necessary to provide or allow access to your personal information to these third-party service providers or partners for those purposes. We provide information regarding our business to our auditors and legal counsel. In some cases, the shared information may contain personal information, but the auditors and legal counsel may only use it for the purpose of providing their professional services. We may also disclose your personal information as required by law, such as to comply with a subpoena or similar legal process; or when we believe that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets.

Team Cymru is not a data broker. We do not maintain files on individuals’ purchases, nor sell lists of consumers. We do not collect consumer information for targeting of ads. We do not provide consumer scoring.

Team Cymru does not provide consumer marketing databases, or even the means to produce consumer marketing databases, in any shape or form.

2. Use of Cookies

We may also use cookies, web beacons, and other tracking technologies (such as scripts and tags) on our website to function properly, to personalize or customize the user’s experience (based on preferences or geography, for example) on our website, and to gather information about a user’s browsing habits. We use third party service providers to help us implement and utilize these technologies.

3. Our Products and Your Information

The vast majority of the information utilized in our Products is metadata. Metadata may include how and when a device or network is being used, login times and attempts, registry keys, types and versions of operating systems, browsers, and information about software applications. In some cases, that includes personal information as it may appear within the metadata, such as that associated with usernames, filenames, file paths, and machine names. To the extent Team Cymru Products include personal information, Team Cymru generally has obtained that information from its third-party service providers or partners, which often are corporate entities. Team Cymru typically has no direct relationship or contact with an individual whose personal information we may collect or receive from a third-party service provider or partner and subsequently analyze and use. Consequently, any inquiries about the specific processing of your personal information via Team Cymru Products should be directed to our service providers or partners. We do not use any personal information collected through our Products to contact or market products or services to these individuals. We also do not provide any personal information obtained through the Products to third parties for the purpose of contacting or marketing products or services to these individuals.

4. How We Protect Your Information

The security of client data and your personal information is important to us. We adopt data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of client data and your personal information. We follow generally accepted practices to protect client data and the personal information collected and submitted to us, both during transmission and once we receive it. If you have questions about the security of your personal information collected through our Products or website, you can contact us at privacy@cymru.com

5. Retention of Personal Information

We will retain your personal information for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, or legal requirements, or where we otherwise have a legitimate interest in doing so. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law. We may retain personal information preserved in automatically generated computer back up or archival copies generated in the ordinary course of our information technology systems procedures.

6. Legal Basis for Processing Personal Information (EEA Visitors Only)

If you are a visitor from the European Economic Area (EEA) and the United Kingdom, Team Cymru’s legal basis for collecting and using the personal information collected will depend on the personal information concerned and the specific context in which we collect it. In most circumstances, we collect personal information (i) where it is needed for the performance of a contract, (ii) where the processing of the personal information is in our legitimate interests and not overridden by your rights, or (iii) where you provide your consent. Other times, your personal information may be collected in order for us (iv) to comply with a legal obligation, (v) to perform a task for the public interest, or (vi) for the protection of your or another’s vital interests. If we collect and use your personal information in reliance on our legitimate interests or those of any third party, we will make clear to you at the relevant time through this Policy or otherwise what those legitimate interests are. Often times, legitimate interests involve our normal day-to-day operations, such as the ability to operate our platform and communicating with you as necessary to provide our services, responding to your inquiries, or marketing. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our clients. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided at the bottom of this Privacy Policy.

7. International Data Transfers

Team Cymru’s mission is global, and, therefore, we may store information in the United States and other locations worldwide where we or our service providers have facilities. Information that you submit via the site may be transferred to, and stored at, a destination outside of the EEA. For example, this may happen if one or more of our servers or service providers is located in a country outside the EEA. By submitting your personal information, you agree to this transfer, storing or processing. If we transfer your information outside the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected.

8. Your Data Protection Rights

If you are a resident of the European Economic Area, United Kingdom, or Switzerland, your data protection rights are as follows: • You may access, correct, update or request deletion of your personal information, • You may object to processing of your personal information, ask us to restrict processing of your personal data, or request portability of your personal information • You have the right to opt-out of marketing communications we send to you at any time • If Team Cymru has collected and currently processes your personal information with your consent, then you may withdraw your consent at any time (withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent) • You have the right to complain to a data protection authority about Team Cymru’s collection and use of your personal information.

9. Privacy Policy Acceptance

By using this Site, you signify your acceptance of this Policy. If you do not agree to this Policy, please do not use our Site. Your continued use of the Site following the posting of changes to this Policy will be deemed your acceptance of those changes.

10. Updates and Questions

Team Cymru may update this Privacy Policy at any time in response to changing legal, technical or operational developments or to reflect changes to our information practices. We will post any Privacy Policy changes on this page and, if we believe the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes). By using, or continuing to use, this service after being provided notice of the change is policy, you will be deemed to have consented to the change. Each version of this Privacy Policy will be identified at the top of the page by its effective date. We encourage you to periodically review this page for the latest information on our privacy practices. If you have any questions about this Privacy Policy or our privacy practices, please contact us: privacy@cymru.com