eBook


Privacy Notice

October 15, 2023

  1. INTRODUCTION

Welcome to Cybereason Inc. (together with its majority-owned subsidiaries, “Cybereason”, “we”, “us” or “our”). Cybereason is a provider of endpoint detection and response software (“Services”) that is used to detect anomalous activity on our customers’ networks and systems.

As you gather information about Cybereason by visiting or engaging with our Platforms (defined below), or applying for a job, we will collect some personal data from you.

This Privacy Notice (the “Privacy Notice”) explains our data practices and your choices regarding personal data and other information that we collect in connection with: (i) your use of the Cybereason website https://www.cybereason.com, and any other website that Cybereason operates (each, together with its sub-domains, content and services, the “Site”) and Cybereason’s customer and partner portals (the “Portals”, together with the Site, the “Platforms”), (ii) job applications submitted to us through the Platforms, and/or (iii) events you may attend to (for example, trade shows).

This Privacy Notice forms part of our Terms of Use, which are available at: https://www.cybereason.com/terms-of-use. Any capitalized but undefined term in this Privacy Notice shall have the meaning given to it in the Terms.

This Privacy Notice does not apply to personal data that our customers upload or otherwise submit to the Services, that we process on our customers’ behalf. Our practices concerning this data are addressed in our License and Services Agreement (Available at: https://www.cybereason.com/license-agreement).

By using the Platforms, and providing us with your personal data through your use of the Platforms, you agree to the practices described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not access or otherwise use the Platforms.

  1. INFORMATION WE COLLECT

When you interact with the Platforms, we will collect information that, alone or in combination with other information, could be used to identify you (“Personal Data”), as described below:

Personal Data That You Provide Through the Platforms: When you request information, including a demo, ask to download content (such as white papers), register for a webcast or other event, apply to become a partner through the Platforms, or subscribe to emailing lists, we will collect the following Personal Data from you:

  • First and last name
  • Job title
  • Company name
  • Email address
  • IP Address
  • Mailing address
  • Phone number
  • Country location
  • Your subscription preferences, if you choose to opt-in to receive promotional emails from us

When you sign up for our blog, we collect your email address. If you choose to opt-in to receive promotional emails from us, we will also collect your email subscription preferences. If you would like to discontinue receiving information from us, you may update your email preferences by using the ‘unsubscribe’ link in emails or by contacting us at privacy@cybereason.com.

When you apply for employment through the Platforms, our provider of recruiting services will collect your resume and any additional information that you elect to provide to us, including but not limited to employment history and education.

Events: When you attend one of our live events (for example, trade shows), and visit our booth or otherwise interact with us, we will collect the Personal Data that you elect to provide.

Automatically Collected Data: When you visit the Platforms, we will automatically collect information about you through cookies and similar technologies. Please see the “Cookies and Other Tracking Technologies” section below to learn more about how we use cookies and similar technologies. We collect information such as your Internet Protocol (IP) address, Internet Service Provider (ISP), browser type, files viewed on our Site (e.g., HTML pages or graphics), operating system, and clickstream data. We also collect information on the country you are connecting from based on your IP address at the time you visit the Platforms.

Data Collected On Behalf of Customers: We also collect information under the direction of our Customers, and have no direct relationship with the individuals whose Personal Data we process on behalf of Customers. If you are a client or user of one of our Customers and would no longer like to be contacted by one of our Customers that use our Services or you would like to access, correct or request deletion of your data, please contact the Customer that you interact with directly.

  1. HOW WE USE PERSONAL DATA AND OTHER INFORMATION

To provide the Services to you and respond to your requests. When you ask for information about the Services (for example, when you request a demo), ask to download content through the Platforms or apply to become a partner, we will use your contact information, including your phone number, to respond to your request by email, mail, phone, mobile message or other means directed to the contact information you have provided. For EU data subjects, such use is necessary to respond to or implement your request.

For marketing purposes. We will use your phone number, email or mail address to send you information (as applicable) by mobile message, email, and post about our new products and services, upcoming events or other promotions. You may opt-out of receiving such mobile message or emails by following the instructions contained in each promotional mobile message or email we send you or by contacting us at privacy@cybereason.com. If you request a demo or download content from the Platforms, we may also use your phone number to contact you directly by phone, in connection with such new products and services, upcoming events or other promotions.

Where required by law (for example, if you are an EU data subject), we will only send you marketing information by email, mobile message or mail, or contact you by phone, if you consent to us doing so at the time you provide us with your Personal Data. When you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you. In addition, if at any time you do not wish to receive future marketing communications or wish to have your name deleted from our mailing or calling lists, please contact us at privacy@cybereason.com. We will continue to contact you via email regarding the provision of our Services and to respond to your requests.

Unless you are excepted by Section 8 of this Privacy Notice, by providing your contact information, you consent to receive communications, including, for example, telephone calls, text messages (including SMS and MMS messages), and other electronic communications (such as communications containing an artificial voice or prerecorded message or made using an automatic telephone dialing system) from us and our affiliates and partners at any of the contact information you provided, including your wireless number, even if that number is registered on a corporate, state, or national do not call registry. You also represent that you understand that your consent to such communications is not required to use or purchase the Services.

To analyze, administer, support, improve use of the Platforms. We use data relating to your use of the Platforms to analyze, administer, support and improve your access to and use of the Platforms. We may also compile, anonymize and/or aggregate your Personal Data and other data and use such anonymized and/or aggregated data for our business purposes, including sharing it with affiliates and business partners. For EU data subjects, this use of your Personal Data is necessary for our legitimate interests in understanding how the Platforms are being used by you and to improve your experience on it.

To process applications for a job. When you apply for employment through our Platforms, we will use your contact details and data about your employment history and education to conduct job interviews, evaluate your application, and as is otherwise needed for recruitment. For EU data subjects, this use is necessary to respond to your request to process your application for employment.

If you are an EU data subject, please see the “EU Data Subject” section below for information on your rights in relation to the Personal Data we hold about you.

If you are a California resident, please see our California Consumer Privacy Statement for additional information on your rights in relation to the personal data we hold about you.

  1. SHARING AND DISCLOSURE

We may share your Personal Data and other information with certain third parties without further notice to you, as set forth below:

Vendors and Service Providers: We may share your information with third parties who provide services on our behalf in order to assist us in meeting business operations needs and to perform certain services and functions: providers of hosting, email communication and customer support services, analytics, marketing, advertising and retargeting (for more details on our third party suppliers of advertising technologies, please see the “Cookies and Other Tracking Technologies” section below). Pursuant to our instructions, these parties may only access, process or store Personal Data in the course of performing their duties to us.

Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.

Legal Requirements: We may disclose your Personal Data if required to do so by law, such as to comply with a subpoena or other legal process, or in the good faith belief that such action is necessary to: (i) comply with a legal obligation or governmental request, (ii) protect and defend the rights or property of Cybereason, (iii) act in urgent circumstances to protect the personal safety of users of the Platforms or the public, or (iv) protect against legal liability.

  1. DATA RETENTION

We will keep your Personal Data for as long as your account is active or as needed to provide you or our customers services, comply with our legal obligations, resolve disputes, and enforce our agreements.

  1. UPDATE YOUR INFORMATION

If you need to change or correct your Personal Data or wish to have your Personal Data removed from our systems, please contact us as described in the “Contact Us” section below and we will address your requests as required by applicable law.

  1. CALIFORNIA DO NOT TRACK DISCLOSURES

We and our third-party partners use cookies or other technologies on our Site or Platforms that collect information about your browsing activities over time and across different websites following your use of the Site or Platforms (for more information, please see the “Cookies and Other Tracking Technologies” section below). 

  1. EUROPEAN DATA SUBJECTS

This section applies if you reside in the EU (for these purposes, reference to the EU also includes the European Economic Area (EEA) countries of Iceland, Liechtenstein and Norway), the United Kingdom or Switzerland).

Compliance with European Privacy Principles

With respect to personal data that we receive either as a data controller or data processor from the EEA, the United Kingdom and Switzerland (or accesses from the US in the EEA, the United Kingdom and Switzerland), we use the Standard Contractual Clauses approved by the EU Commission and the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner’s Office.

EU-U.S. and Swiss-U.S. Data Privacy Frameworks and UK-Extension to the EU-U.S. Data Privacy Framework

In addition to using the Standard Contractual Clauses, we comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK-Extension to the EU-U.S. DPF, and the Swiss–U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Frameworks program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/.

Cybereason Inc. is the data controller for processing personal data provided to us through the Platforms. Our registered office is in 200 Berkeley St., Boston, MA, 02116, USA. We are also based in Munich, Germany (Cybereason Germany GmbH, Theresienhöhe 28, 80339 München, Germany) and in London, England (Cybereason Limited, 5 New Street Square, London, United Kingdom, EC4A 3TW). Cybereason has appointed a Data Protection Officer. The appointed person’s contact information is as follows: Cybereason Privacy Officer at privacy@cybereason.com.

Subject to applicable law, you have the following rights in relation to your Personal Data:

Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.

Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.

Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.

Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.

Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format.

Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so: a) If we are relying on a legitimate interest to process your Personal Data – unless we demonstrate compelling legitimate grounds for the processing or b) If we are processing your Personal Data for direct marketing.

Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, that affect you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent.

Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent.

Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

You may exercise your rights by contacting us as indicated under “Contact Us” section below.

When we process Personal Data on behalf of our Customers, we will process such requests pursuant to our contract with the applicable Customer.

We will notify you of material changes to the data processing activities described in this Privacy Notice by posting a notice on the Site and/or Platforms.

We are responsible for the processing of Personal Data we receive under the Frameworks that we may subsequently transfer to our service providers (as described in the “Sharing and Disclosure” section above) if they process Personal Data in a manner inconsistent with the Frameworks’ Principles and we are responsible if they do so and for the harm caused. Cybereason complies with the Frameworks’ Principles for onward transfers of Personal Data from the EU, including the onward transfer liability provisions.

With respect to Personal Data received or transferred pursuant to the Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have any inquiries or complaints regarding the data we transfer pursuant to the Frameworks, please contact us at privacy@cybereason.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider JAMS (free of charge) at https://www.jamsadr.com/eu-us-data-privacy-framework.

If your complaint is not resolved through these channels, under certain conditions, more fully described on the Frameworks websitehttps://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf, a binding arbitration option may be available before a Frameworks Panel.

  1. PUBLICLY POSTED INFORMATION

The Platforms offer publicly accessible areas such as blogs and comment threads. This includes, but is not limited to comments to the Cybereason blog or public forums. You should be aware that any information you provide in these areas may be read, collected, accessed, and used by others who access them, including third parties. To request removal of your Personal Data from these areas, contact us at privacy@cybereason.com. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.

  1. CHILDREN

Cybereason does not knowingly collect Personal Data from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Data to Cybereason through the Platforms, please contact us at privacy@cybereason.com and we will endeavor to delete that information from our databases.

  1. LINKS TO OTHER WEBSITES

The Platforms may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media websites and services. The information that you share with Third Party Sites, including Personal Data you choose to share, will be governed by the specific privacy notices and/or policies and terms of service of the Third Party Sites and not by this Privacy Notice. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact those sites directly for information on their privacy practices and policies. We encourage you to carefully read the privacy notice of any website you visit.

  1. SECURITY

We take reasonable administrative and technical steps to protect the Personal Data provided via the Platforms from loss, misuse and unauthorized access, disclosure, alteration, or destruction both during transmission and once it is received. However, the Internet cannot be guaranteed to be fully secure, and we cannot ensure or warrant the security of any information you provide to us. Please keep this in mind when providing us with your Personal Data. If you have any questions about the security of your Personal Data, you can contact us at privacy@cybereason.com.

  1. COOKIES AND OTHER TRACKING TECHNOLOGIES

We use cookies from third parties to optimize the functionality of the website, help us understand how the Site is used and provide you with interest-based advertising based upon a user’s browsing activities and interests. A cookie is a piece of information sent to your browser from a website and stored on your computer’s hard drive. Cookies can help a website like ours recognize repeat users and allow a website to track web usage behavior. Cookies work by assigning a number to the user that has no meaning outside of the assigning website. We use cookies to collect information about your device, such as IP address, operating system and browser type, in addition to the information described below.

The Site also uses pixel tags, a technology similar to cookies that is placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies. The Site uses cookies and pixels tags, from the below third parties, to help us improve use of our Site and the services, and know when content has been shown to you.

We also partner with third parties to display advertising on our website or to manage our advertising on other sites, as described above. Our third-party partners may use cookies or similar tracking technologies to provide you advertising based upon your browsing activities and interests.

Technologies Used

The types of technologies that we use are detailed below:

Google (includes YouTube)

Google Tag Manager, a tag management tool provided by Google. This helps us store information about your preferences regarding cookies on our Site. Learn more about Google’s privacy practices at the following link: https://www.google.com/intl/en/policies/privacy/.

Strictly Necessary

Hubspot Ad Tracking

Hubspot is our content management system and hosting platform. This cookie allows Hubspot to collect data on users coming to the website from any digital advertisement across platforms.

Strictly Necessary

Google (includes YouTube)

Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies to help the Site analyze how users interact with the Site. The information collected by Google (including your internet protocol (IP) address) will be transmitted to and stored by Google on servers in the United States. Google will use this information on our behalf for the purpose of evaluating your use of the Site, compiling reports on the Site activity and providing further services to us relating to the Site usage. You can prevent your data from being collected by Google Analytics on our Site by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Learn more about Google Analytics’ privacy practices, and see a copy of Google’s privacy policy, at the following link: https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631.

Performance

Hotjar

The next best thing to sitting beside someone browsing your site. See where they click, ask what they think, and learn why they drop off.

Performance

Onclusive

Onclusive is a media monitoring analytics platform. This cookie tracks website activity data to inform reporting.

Performance

Zoominfo

Leading B2B contact data combined with sales intelligence, engagement software, and workflow tools.

Performance

Demandbase

Demandbase is a targeting and personalization platform for B2B marketing. This cookie is used to identify users and build detailed audiences to support marketing initiatives.

Functional

Drift

Drift’s Conversation Cloud helps businesses connect with customers in the moments that matter most — using chat, email, video, and more.

Functional

Gartner

Gartner provides actionable insights, guidance, and tools that enable faster, smarter decisions and stronger performance on an organization’s mission-critical priorities.

Functional

On24

Create webinars, virtual events and personalized content experiences that drive engagement, generate first-party data and deliver revenue growth.

Functional

Techtarget

Identify, influence and engage active buyers in your tech market with TechTarget's purchase intent insight-powered solutions.

Functional

Wistia

Wistia is a video hosting platform used by Cybereason to host videos on our site. The information collected is used provide data on user engagement with videos to improve user experience.

Functional

DCM

DCM is an ad server for generating ad tags and tracking digital ad campaigns. This cookie is used to target advertising and improve reporting on ad campaign performance.

Targeting

Encore

Encore is a programmatic advertising service platform. This cookie gathers targeting data from users reaching the Cybereason website via a digital media campaign being run through the Encore platform.

Targeting

Google (includes YouTube)

Google Ads

Targeting

LinkedIn Insight Tag

The LinkedIn Insight Tag is a JavaScript tag that provides conversion tracking, website audiences, and website demographics to optimize advertising via the LinkedIn platform.

Targeting

MediaMath

MediaMath is a cloud-based digital advertising platform. This cookie is used to gather user behavior data to provide more targeted advertising based on interests.

Targeting

Podsites Pixel

Podsites is a podcast marketing attribution platform. The pixel reports page visits and conversion events. Podsights uses this data to calculate conversion rates and customer acquisition cost.

Targeting

Reddit Pixel

The Reddit pixel is a snippet of code that allows us to track actions that users take on the website after seeing or clicking our ads on Reddit.

Targeting

Peerspot

At PeerSpot you'll find reviews, ratings, comparisons of pricing, performance, features, stability and more.

Targeting

 

Your Choices

On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:

  • Internet Explorer
  • Mozilla Firefox
  • Google Chrome
  • Apple Safari

Please note that if you reject cookies or turn cookies off, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site.

To find out more about cookies and similar technologies, including how to see what cookies and similar technologies have been set and how to manage and delete them, visit: http://www.allaboutcookies.org and/or the Network Advertising Initiative’s online resources, at: https://thenai.org, and follow the opt-out instructions there. If you access the Site on your mobile device, you may not be able to control tracking technologies through the settings.

  1. CHANGES TO OUR PRIVACY NOTICE

We may change this Privacy Notice at any time and when we do, we will post an updated version on this page. If we make any material changes, we will attempt to notify you prior to the change becoming effective. By continuing to use the Platforms or providing us with information after we have posted an updated Privacy Notice you consent to the revised Privacy Notice and practices described in it. We encourage you to periodically review this page for the latest information on our privacy practices.

  1. CONTACT US

Please feel free to contact us if you have any questions about Cybereason’s Privacy Notice or the information practices of our Platforms.

You may contact us as follows: You may send an email to privacy@cybereason.com or send mail to:

Cybereason Inc.
200 Berkeley Street
Boston, MA 02116
+1-855-695-8200

Or to:

Cybereason Germany GmbH
Theresienhöhe 28
80339 München
Germany