January 1, 2021
Welcome to Cybereason Inc. (together with its majority-owned subsidiaries, “Cybereason”, “we”, “us” or “our”). Cybereason is a provider of endpoint detection and response software (“Services”) that is used to detect anomalous activity on our customers’ networks and systems.
As you gather information about Cybereason by visiting or engaging with our Platforms (defined below), or applying for a job, we will collect some personal data from you.
This Privacy Notice (the “Privacy Notice”) explains our data practices and your choices regarding personal data and other information that we collect in connection with: (i) your use of the Cybereason website https://www.cybereason.com, and any other website that Cybereason operates (each, together with its sub-domains, content and services, the “Site”) and Cybereason’s customer and partner portals (the “Portals”, together with the Site, the “Platforms”), (ii) job applications submitted to us through the Platforms, (iii) events you may attend to (for example, trade shows).
This Privacy Notice does not apply to personal data that our customers upload or otherwise submit to the Services, that we process on our customers’ behalf. Our practices concerning this data are addressed in our License and Services Agreement (Available at: https://www.cybereason.com/license-agreement).
By using the Platforms, and providing us with your personal data through your use of the Platforms, you agree to the practices described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not access or otherwise use the Platforms.
When you interact with the Platforms, we will collect information that, alone or in combination with other information, could be used to identify you (“Personal Data”), as described below:
Personal Data That You Provide Through the Platforms: When you request information, including a demo, ask to download content (such as white papers), register for a webcast or other event, apply to become a partner through the Platforms, or subscribe to emailing lists, we will collect the following Personal Data from you:
When you sign up for our blog, we collect your email address. If you choose to opt-in to receive promotional emails from us, we will also collect your email subscription preferences. If you would like to discontinue receiving information from us, you may update your email preferences by using the ‘unsubscribe’ link in emails or by contacting us at email@example.com.
When you apply for employment through the Platforms, our provider of recruiting services will collect your resume and any additional information that you elect to provide to us, including but not limited to employment history and education.
Events: When you attend one of our live events (for example, trade shows), and visit our booth or otherwise interact with us, we will collect the Personal Data that you elect to provide.
Data Collected On Behalf of Customers: We also collect information under the direction of our Customers, and have no direct relationship with the individuals whose Personal Data we process on behalf of Customers. If you are a client or user of one of our Customers and would no longer like to be contacted by one of our Customers that use our Services or you would like to access, correct or request deletion of your data, please contact the Customer that you interact with directly.
To provide the Services to you and respond to your requests. When you ask for information about the Services (for example, when you request a demo), ask to download content through the Platforms or apply to become a partner, we will use your contact information, including your phone number, to respond to your request by email, mail, phone, text message or other means directed to the contact information you have provided. For EU data subjects, such use is necessary to respond to or implement your request.
For marketing purposes. We will use your email or mail address to send you information (as applicable) by email and post about our new products and services, upcoming events or other promotions. You may opt-out of receiving such emails by following the instructions contained in each promotional email we send you or by contacting us at firstname.lastname@example.org. If you request a demo or download content from the Platforms, we may also use your phone number to contact you directly by phone, in connection with such new products and services, upcoming events or other promotions.
Where required by law (for example, if you are an EU data subject), we will only send you marketing information by email or mail, or contact you by phone, if you consent to us doing so at the time you provide us with your Personal Data. When you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you. In addition, if at any time you do not wish to receive future marketing communications or wish to have your name deleted from our mailing or calling lists, please contact us at email@example.com. We will continue to contact you via email regarding the provision of our Services and to respond to your requests.
Unless you are excepted by Section 8 of this Privacy Notice, by providing your contact information, you consent to receive communications, including, for example, telephone calls, text messages (including SMS and MMS messages), and other electronic communications (such as communications containing an artificial voice or prerecorded message or made using an automatic telephone dialing system) from us and our affiliates and partners at any of the contact information you provided, including your wireless number, even if that number is registered on a corporate, state, or national do not call registry. You also represent that you understand that your consent to such communications is not required to use or purchase the Services.
To analyze, administer, support, improve use of the Platforms. We use data relating to your use of the Platforms to analyze, administer, support and improve your access to and use of the Platforms. We may also compile, anonymize and/or aggregate your Personal Data and other data and use such anonymized and/or aggregated data for our business purposes, including sharing it with affiliates and business partners. For EU data subjects, this use of your Personal Data is necessary for our legitimate interests in understanding how the Platforms are being used by you and to improve your experience on it.
To process applications for a job. When you apply for employment through our Platforms we will use your contact details and data about your employment history and education to conduct job interviews, evaluate your application, and as is otherwise needed for recruitment. For EU data subjects, this use is necessary to respond to your request to process your application for employment.
If you are an EU data subject, please see the “EU Data Subject” section below for information on your rights in relation to the Personal Data we hold about you.
We may share your Personal Data and other information with certain third parties without further notice to you, as set forth below:
Vendors and Service Providers: We may share your information with third parties who provide services on our behalf in order to assist us in meeting business operations needs and to perform certain services and functions: providers of hosting, email communication and customer support services, analytics, marketing, advertising and retargeting (for more details on our third party suppliers of advertising technologies, please see the “Cookies and Other Tracking Technologies” section below). Pursuant to our instructions, these parties may only access, process or store Personal Data in the course of performing their duties to us.
Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.
Legal Requirements: We may disclose your Personal Data if required to do so by law, such as to comply with a subpoena or other legal process, or in the good faith belief that such action is necessary to: (i) comply with a legal obligation or governmental request, (ii) protect and defend the rights or property of Cybereason, (iii) act in urgent circumstances to protect the personal safety of users of the Platforms or the public, or (iv) protect against legal liability.
We will keep your Personal Data for as long as your account is active or as needed to provide you or our customers services, comply with our legal obligations, resolve disputes, and enforce our agreements.
If you need to change or correct your Personal Data, or wish to have your Personal Data removed from our systems, please contact us as described in the “Contact Us” section below and we will address your requests as required by applicable law.
This section applies if you reside in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway), the United Kingdom or Switzerland).
Compliance with European Privacy Principles
With respect to personal data that we receive either as a data controller or data processor from the European Economic Area (EEA), the United Kingdom and Switzerland (or accesses from the US in the EEA, the United Kingdom and Switzerland), we use the Standard Contractual Clauses approved by the EU Commission.
EU-U.S. and Swiss-U.S. Privacy Shields
In addition to using the Standard Contractual Clauses, we continue to comply with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area, the United Kingdom and Switzerland to the United States, respectively in reliance on the Privacy Shield. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Cybereason Inc. is the data controller for processing personal data provided to us through the Platforms. Our registered office is in 200 Clarendon St., Fl. 18, Boston, MA, 02116, USA. We are also based in London (Cybereason Limited, 5 New Street Square, London, United Kingdom, EC4A 3TW). Cybereason has appointed a Data Protection Officer. The appointed person’s contact information is as follows: Sam Curry at firstname.lastname@example.org.
Subject to applicable law, you have the following rights in relation to your Personal Data:
Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so: o If we are relying on a legitimate interest to process your Personal Data – unless we demonstrate compelling legitimate grounds for the processing or o If we are processing your Personal Data for direct marketing.
Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, that affect you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent.
Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent.
Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
You may exercise your rights by contacting us as indicated under “Contact Us” section below.
When we process Personal Data on behalf of our Customers, we will process such requests pursuant to our contract with the applicable Customer.
We will notify you of changes to the data processing activities described in this Privacy Notice by email or by posting a prominent notice on the Site and Platforms.
We are responsible for the processing of Personal Data we receive under the Privacy Shield that we may subsequently transfer to our service providers (as described in the “Sharing and Disclosure” section above) if they process Personal Data in a manner inconsistent with the Privacy Shield Principles and we are responsible if they do so and for the harm caused. Cybereason complies with the Privacy Shield Principles for onward transfers of Personal Data from the EU, including the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Privacy Shield, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have any inquiries or complaints regarding the data we transfer pursuant to the Privacy Shield, please contact us at email@example.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider JAMS (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim.
If your complaint is not resolved through these channels, under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-toSubmit-a-Complaint, a binding arbitration option may be available before a Privacy Shield Panel.
The Platforms offer publicly accessible areas such as blogs and comment threads. This includes, but is not limited to comments to the Cybereason blog or public forums. You should be aware that any information you provide in these areas may be read, collected, accessed, and used by others who access them, including third parties. To request removal of your Personal Data from these areas, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.
Cybereason does not knowingly collect Personal Data from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Data to Cybereason through the Platforms, please contact us at email@example.com and we will endeavor to delete that information from our databases.
We take reasonable administrative and technical steps to protect the Personal Data provided via the Platforms from loss, misuse and unauthorized access, disclosure, alteration, or destruction both during transmission and once it is received. However, the Internet cannot be guaranteed to be fully secure and we cannot ensure or warrant the security of any information you provide to us. Please keep this in mind when providing us with your Personal Data. If you have any questions about the security of your Personal Data, you can contact us at firstname.lastname@example.org.
The Site also uses pixel tags, a technology similar to cookies that is placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies. The Site uses pixels tags, from the below third parties, to help us improve use of our Site and the services, and know when content has been shown to you.
The types of technologies that we use are detailed below:
Analytics. The Site uses “analytical” cookies that allow us to recognize and count the number of visitors and to see how visitors move around the Site when they are using it. This helps us to improve the way our Site works, for example by making sure visitors are finding what they need easily. The information collected through these cookies include anonymous traffic statistics, like number of page views, number of visitors, and time spent on each page.
In particular, the Site uses:
Google Tag Manager, a tag management tool provided by Google. This helps us store information about your preferences regarding cookies on our Site. Learn more about Google’s privacy practices at the following link: https://www.google.com/intl/en/policies/privacy/.
LeadLander: This tool is used to collect information about your visit and interaction on the Site. Learn more about LeadLander’s privacy practices at: https://www.leadlander.com/privacy.html. You can prevent your data from being collected by LeadLander by turning off cookies in your browser (please see the “Your Choices” section below for more information).
HotJar: This tool is used to analyze how users are interacting with our Site, the actions they are taking, and how long they are remaining on the Site to help us improve the user experience of the Site. Learn more about HotJar’s privacy practices at the following link: https://www.hotjar.com/privacy and, to opt-out, please visit: https://www.hotjar.com/optout.
HubSpot: A Marketing Automation and Analytics tool provided by HubSpot Inc. This tool is used to help us analyze how users interact with the Site and enables us to personalize your experience, including through marketing communications, if you have volunteered your contact information for this purpose via a form on the Site. The HubSpot cookie collects personal information submitted by you via web form, including name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal information may also include Navigational information about your computer (such as operating system), geographical location (as indicated by publicly available IP address records), browser type, referral source, length of visit, and pages viewed. Learn more about HubSpot’s practices at the following link: https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-doeshubspotset-in-a-visitor-s-browser. You can also prevent your data from being collected by HubSpot by turning off cookies in your browser (please see the “Your Choices” section below for more information). You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, or by email at email@example.com.
Advertising. We partner with one or more third parties to either display advertising on our Site or to manage our advertising on other sites. Our third party partner(s) use technologies such as cookies and pixel tags to gather information about your activities on the Site and other websites to provide you with targeted advertising based upon your browsing activities and interests. In particular, the Site uses:
AppNexus: This is an advertising tool that enables us to serve users with ads across the web, based on their visit to and behavior on the Site. To learn more about AppNexus privacy practices please visit: https://www.appnexus.com/en/company/platform-privacypolicy and, to opt-out of your data from being collected by AppNexus, please visit: http://appnexus.com/platform-policy#choices. You can also prevent your data from being collected by AppNexus by turning off cookies in your browser (please see the “Your Choices” section below for more information).
DoubleClick: Google Inc.’s use of advertising tools enables Google and its partners to serve ads to you based on your visit to our Site. You may opt-out of personalized advertising by visiting Google’s Ads Settings at the following link: https://adssettings.google.com/authenticated. Learn more about Google’s privacy practices at the following link: http://www.google.com/intl/en/policies/privacy/. You can prevent your data from being collected by DoubleClick on our Site by downloading and installing the DoubleClick Opt-out Browser Add-on for your current web browser at the following link: https://support.google.com/ads/answer/7395996.
Perfect Audience: This technology allows the retargeting of digital ads across ad networks to Site’s visitors. Learn more about Perfect Audience’s privacy practices at the following link http://www.perfectaudience.com/privacy/. You can also prevent your data from being collected by Perfect Audience by turning off cookies in your browser (please see the “Your Choices” section below for more information).
Facebook: Facebook, Inc. provides technologies that enable us to serve users with ads on Facebook based on their visit to and interaction on the Site. Learn more about Facebook’s practices at the following link: https://en-gb.facebook.com/policies/cookies/. You can also prevent your data from being collected by Facebook by turning off cookies in your browser (please see the “Your Choices” section below for more information).
Outbrain: The Site uses technologies provided by Outbrain Inc. that allow us to retarget digital ads across the Outbrain ad network and to track traffic from Outbrain’s ads back to our Site. Learn more about Outbrain Inc.’s privacy practices at the following link: https://www.outbrain.com/legal/privacy#contact_us. You can also prevent your data from being collected by Outbrain Inc. by turning off cookies in your browser (please see the “Your Choices” section below for more information).
Marin Search Marketer: The Site uses technologies provided by Marin Software Incorporated that allow us to retarget digital ads across ad networks to Site’s visitors. Learn more about Marin Software’s privacy practices at the following link: http://www.marinsoftware.com/privacy/privacy-central. You can also prevent your data from being collected by Marin Software by turning off cookies in your browser (please see the “Your Choices” section below for more information).
Interactive Tools. We partner with one or more third parties to provide you with different ways to interact with us via the Site.
In particular, the Site uses:
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
Please note that if you reject cookies or turn cookies off, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site.
To find out more about cookies and similar technologies, including how to see what cookies and similar technologies have been set and how to manage and delete them, visit: http://www.allaboutcookies.org and/or the Network Advertising Initiative’s online resources, at: http://www.networkadvertising.org, and follow the opt-out instructions there. If you access the Site on your mobile device, you may not be able to control tracking technologies through the settings.
We may change this Privacy Notice at any time and when we do we will post an updated version on this page. If we make any material changes we will notify you prior to the change becoming effective. By continuing to use the Platforms or providing us with information after we have posted an updated Privacy Notice you consent to the revised Privacy Notice and practices described in it. We encourage you to periodically review this page for the latest information on our privacy practices.
Please feel free to contact us if you have any questions about Cybereason’s Privacy Notice or the information practices of our Platforms.
You may contact us as follows: You may send an email to firstname.lastname@example.org or send mail to:
200 Clarendon Street
Boston, MA 02116 +1-855-695-8200
5 New Street Square
London, EC4A 3TW