PRIVACY POLICY

1. SCOPE.

BastionWare takes your privacy seriously. This policy explains how we collect, use, and protect Personal Data submitted and collected by BastionWare.

• Personal Data means information that determines the identity of an individual.

• Controller and Processor. We are the controller of Personal Data as described in this Privacy Policy (unless otherwise stated). This Privacy Policy does not apply to the extent we process Personal Data in the role of a processor or service provider on behalf of our customers or otherwise collect, use, share or process Personal Data via our cloud services.

2. COLLECTION.

• Interest in Services. If you have an interest in obtaining information about our services; request customer support; contact us; register to use our websites; sign up for an event, webinar or contest; or download content, we may require that you provide to us your contact information (name, title, company name, address, phone number, email address or username and password);

• Purchases. If you make purchases via our website or register for an event or webinar, we may require that you provide to us your financial and billing information, such as billing name and address, credit card number or bank account information;

• Websites. If you interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data;

• Events. If you attend an event and we scan your badge, which will provide to us your information (name, title, company name, address, country, phone number and email address);

• Community. If you register for an online community that we provide, we may ask you to provide a username, photo or other biographical information, such as your occupation, location, social media profiles, company name, areas of expertise and interests;

• Log Files. If you use and interact with our services, we automatically collect information about your device and your usage of our services through log files and other technologies, some of which may qualify as Personal Data;

• Surveys. If you voluntarily submit certain information to our services, such as filling out a survey about your experience, we collect the information you have provided; and

• Office Visits. If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival.

• Other Sources. We also collect information about you from other sources including third parties from whom we purchase Personal Data and from publicly available information.

  • We may combine this information with Personal Data provided by you.

  • This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you.

  • The Personal Data we collect from other sources includes identifiers, professional or employment-related information, education information, commercial information, internet activity information, and inferences about preferences and behaviors.

• How We Gather Data. We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our services, or interact with emails we have sent to you.

  • Automatically When you Visit our Sites.

    • This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider and/or mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites.

    • This information is used to analyze overall trends, help us provide and improve our websites, offer a tailored experience for website users, and secure and maintain our websites.

  • Automatically as part of our Cloud Services.

    • This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system and system configuration information and date and time stamps associated with your usage.

    • This information is used to maintain the security of the services, to provide necessary functionality, to improve performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for development of the services, to assess capacity requirements, and to identify customer opportunities.

    • Some of the data collected by the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.

  • Cookies, Web Beacons and other Tracking Technologies.

    • We use technologies such as web beacons, pixels, tags, and JavaScript, alone or in conjunction with cookies, to gather information about the use of our websites and how people interact with our emails.

    • When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience.

    • We use both session-based and persistent cookies on our websites.

      • Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device.

      • Persistent cookies remain on your device after you close your browser or turn your device off.

      • You can control the use of cookies on your device, but choosing to disable cookies on your device may limit your ability to use some features on our websites and services.

    • We also use web beacons and pixels on our websites and in emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies to operate and improve our websites and marketing emails.

• Required Cookies

  • Basic Website Functionality.

    • Examples: session cookies needed to transmit the website, authentication cookies, and security cookies.

    • If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.

    • There is no option to opt out.

• Functional Cookies

  • Functional Cookies.

    • Examples: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.

    • Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant communications, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.

    • We may use our own technology or third-party technology to track and analyze usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.

    • For example, we use Google Analytics (Google Analytics), a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can learn about Google’s privacy practices by going to www.google.com/policies/privacy/partners/.

    • Google Analytics uses cookies to help us analyze how our websites are used, including the number of visitors, the websites from which visitors have navigated to our websites, and the pages on our websites to which visitors navigate. This information is used by us to improve our websites. We use Google Analytics with restrictions on how Google can process our data enabled. For information on Google’s Restricted Data Processing go to https://privacy.google.com/businesses/rdp/.

    • We may also use HTML5 local storage or Flash cookies for the above-mentioned purposes. These technologies differ from browser cookies in the amount and type of data they store, and how they store it. To learn how to manage privacy and storage settings for Flash cookies, click here.

  • Do Not Track.

    • While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites.

3. USES.

• Purposes. We rely on authorized legal basis (such as, performance of a contract or legitimate interest) to collect and process your Personal Data, unless consent is required by law.

  • Websites and services. We process your Personal Data to perform our contract with you for the use of our websites and services and to fulfill our contractual obligations; if we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our websites and to provide you with content you access and request (e.g., to download content from our websites);

  • Contact and user support. If you request support, or if you contact us by other means including via a phone call or webform, we process your Personal Data to perform our contract and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you;

  • Payments. If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you;

  • Security. We process your Personal Data by tracking use of our websites and services, creating aggregated non-personal data, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent it is necessary for our legitimate interest in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others;

  • Development. We process your Personal Data to analyze trends and to track your usage of and interactions with our websites and services to the extent it is necessary for our legitimate interest in developing and improving our websites and services and providing our users with more relevant content and service offerings;

  • Compliance. We process your Personal Data to review compliance with the contracts and policies to the extent that it is in our legitimate interest;

  • Customer opportunities. We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest;

  • Marketing communications. We will process your Personal Data or device and usage data to send you marketing information, product recommendations and other non-transactional communications about us and partners, including information about our products, promotions or events as necessary for our legitimate interest;

  • Managing contests or promotions. If you register for a contest or promotion, we process your Personal Data to perform our contract;

  • Managing event registrations and attendance. We process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract;

  • Registering office visitors. We process your Personal Data for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest; and

  • Legal obligations. We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest.

4. DISCLOSURE AND SHARING.

• Service Providers. With our contracted service providers, who provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, customer support;

• Your Affiliates. If you use our services as a user, we may share your Personal Data with your affiliated customer responsible for your access to the services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies;

• Our Affiliates. With affiliates within our corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for customer support, marketing, technical operations and account management purposes; and

• Event Sponsors. If you attend an event or webinar organized by us, or download or access content, we may share your Personal Data with sponsors of the event. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy statements;

• Contest and Promotion Sponsors. With sponsors of contests or promotions for which you register;

• Third party networks and websites: With third-party social media networks, advertising networks and websites, so that we can market and advertise on third party platforms and websites;

• Professional Advisers. In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers - including lawyers, bankers, auditors, and insurers based in countries in which we operate, and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data;

• Change in Ownership. To a successor, if we are involved in a merger, reorganization, or other corporate change, or sell a business unit, or a significant portion of our business. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.

• Anonymous and Aggregated. We may also share anonymous and aggregated usage data in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services.

• Legal Requirements. We may be required by law to disclose your Personal Data, and we will try to take steps to limit any such disclosure.

5. YOUR RIGHTS AS A DATA SUBJECT IN THE EU.

• Data Subject Rights. If you are a “Data Subject” in the EU, and any Personal Data as that term is defined under the General Data Protection Regulation (GDPR), the following applies:

  • You can ask us what personal data we hold, about you, and you can ask us to access it, have a copy of it, correct it if it is inaccurate, restrict the processing of it, and erase it, under certain circumstances.

  • To exercise your rights regarding your personal data by email, mail, or phone, please use the contact information provided at the bottom of this policy. We will try to respond to all legitimate requests within one month and will contact you should we require additional information in order to honor your request. You may also complain to the supervisory authority of your Member State.

• Transfer. As you register on our Service, your personal data is being stored outside of the EU on our servers in the United States. If we further transfer this personal data, it will be transferred to a Sub-processor that: (i) is located in a third country or territory recognised by the EU Commission to have an adequate level of protection; (ii) we have entered into Model Contractual Clauses with; or (iii) has other legally recognized appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.

• Retention. We will retain your personal data in accordance with our then current data retention policy, unless you otherwise request that it be deleted sooner in accordance with this Privacy Policy.

6. YOUR RIGHTS IF YOU ARE A “CONSUMER” UNDER THE LAWS OF THE STATE OF CALIFORNIA

• Consumer. If you are a “Consumer” and any Personal Data that we collect falls under the definition of “personal information” as that term is defined under the California Consumer Privacy Act (CCPA), the following applies:

  • You can ask us what personal data we hold about you, the source of the information, the use of your personal information, and you can ask us to access it, to have a copy of it, and to erase it, under certain circumstances (a “personal information request”) that was collected about you during the 12 months before your personal information request.

  • You can ask us if the information was disclosed to third parties, the categories of personal information disclosed to third parties and the categories of third parties to whom such information was disclosed.

  • To exercise your rights regarding your personal information by email, mail, or phone, please use the contact information provided at the bottom of this policy. When you make a personal information request, we will need to collect information from you so that we can verify your identity, and we will respond to all legitimate requests within 45 days.

  • We will retain your personal information in accordance with our then current data retention policy, unless you otherwise request that it be deleted sooner, in accordance with this Privacy Policy.

  • You have the right not to be discriminated against because of exercising any of your rights under the CCPA.

• No Sale. We do not sell your Personal Data to any third parties.

• [disclosure of whether your website honors “Do Not Track” (DNT) signals, and description of any process that you have in place to review and request changes to any Consumer Personal Data.]

7. OTHER TERMS.

• Industry Standard Security. While we use industry standard security measures to protect against the loss, misuse, and alteration of the Personal Data under our control, there is no guaranty that it cannot be compromised.

• No Under Age 13. We do not intentionally gather Personal Data about visitors who are under the age of 13.

• No Contractual Rights. This Privacy Policy is not a contract and does not create any contractual rights or obligations.

• Privacy Concerns. To exercise your rights regarding your Personal Data or if you have questions regarding this Privacy Policy or our privacy practices, please email us at support@bastionpass.com

• Links to Third Party Sites. Our Service may contain links to other sites and services, which are owned and controlled by others. These third-party websites have their own policies regarding privacy, and you should review those policies.

• Revisions to this Policy. We may change this policy at any time. Notice of any significant revision will be called out on this website for a period of time.

Last Revised 05/19/2020