- Personal Information Protection & Electronic Documents Act (PIPEDA);
- California Consumer Privacy Act (CCPA);
- California Privacy Rights Act (CPRA); and
- An Act to modernize legislative provisions as regards the protection of personal information (Law 25).
What Do We Collect?
When you visit the Site, we automatically collect a certain amount of technical information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. As you browse the Site, we collect information about the individual web pages or products that you view, any third-party sources of referrals from other websites, search terms that referred you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
Additionally, when you fill out the contact form on the website, we collect information about you, including your name, phone number and email address. We refer to this information as “Contact Information”.
How Do We Use Your Personal Information?
We use the Contact Information that we collect to communicate with you regarding the services we offer. When you decide to place an order with us, we refer to this as “Order Information”. We use Order Information to:
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services. We will only provide you with advertising if you choose to sign up for (opt into) our mailing list, and we will only communicate any such offers to you in compliance with CASL. You may choose to opt out of receiving these communications at any time.
We use the Device Information that we collect for the following purposes:
- Screen for potential risk and fraud (in particular, your IP address); and
- Improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
Only internal ThreatIQ staff and contractors (service providers) are permitted to use your Personal Information. We grant access on a strict “need-to-know” basis, and only if it is determined to be necessary for an individual to perform tasks as part of their duties to ThreatIQ staff and service providers.
How Do You Share or Disclose My Personal Information?
We share your Personal Information with third parties to perform the functions described above to identify and verify customers, process business orders, and deliver services as requested. Additionally, we use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here. You can also opt-out of Google Analytics here.
As with the section above on the use of customer data, we disclose Personal Information to internal ThreatIQ staff and contractors on a strict “need-to-know” basis, only if it is determined to be necessary for an individual to perform tasks as part of their duties to ThreatIQ staff and service providers.
When you choose to receive marketing-based communications from us, we also disclose your Personal Information to Facebook, Google, and Bing for the purposes of behavioural advertising. Please see the next section for further details.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page HERE.
You can opt out of targeted advertising by clicking below links for Facebook, Google, and Bing:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Do Not Track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
When you fill out any form through our website, we will maintain your Contact Information for our records unless and until you ask us to delete this information.
For more information about our privacy practices, if you have questions, or if you would like to make an inquiry, please contact us by e-mail at firstname.lastname@example.org
California Privacy Rights Notice
Your Rights Under California Privacy
As a California resident, you have the following consumer privacy rights under the CCPA and the CPRA:
- Right to access your personal information or data.
- Right to delete your personal data.
- Right to know the disclosure of your personal data to third parties with whom we do business.
- Right to non-discrimination if you exercise your rights; and
- Right to request that your information not be disclosed to third parties (“Do Not Sell”).
Right of Access
This Right permits you to request access to any Personal Information we have collected about you. If you make an access request, we will provide you with the following:
- The categories of personal information we have collected from and about you.
- The categories of personal information we have collected from and about you.
- The categories of sources from where we have collected your personal information.
- The business purpose(s) for which we have collected your personal information.
- The categories of third parties to whom we have shared your personal information; and
- A listing of categories of third parties to whom we have disclosed or sold your personal information, and the business purpose for doing so.
If you make an access request, please note the following:
- You may make an access request up to two (2) times within a rolling twelve (12) month period; and
- The personal information we disclose to you may be limited to only the previous twelve (12) month period within which we collected your personal information.
Right of Deletion
You have the right to ask ThreatIQ to delete your Personal Information, which includes any personal data we have gathered from you indirectly through other third-party sources. However, ThreatIQ reserves the right to retain some or all the Personal Information if required to do so under applicable laws, or if it is absolutely required to continue doing business with you. For instance, we might need to retain your Personal Information while investigating a privacy breach or if we are compelled to do so by court order.
Right to Disclosure of Personal Data to Third Parties
ThreatIQ discloses some personal information with certain third-party service providers, which is considered a “sale” of personal information under CCPA and CPRA. We are permitted to disclose some personal data to effect services. We do not knowingly sell the personal data of minors under 16 years of age. For a complete listing, please contact our Privacy Officer.
Right to Non-Discrimination
If you choose to exercise your privacy rights, ThreatIQ shall not discriminate against you or your business. We will not, for example, provide or suggest that you receive a different level of quality of services, illegally use or share our Personal Information, or refuse to serve you (within reason).
Do Not Sell
You have the right to instruct us not to “sell” or disclose your Personal Information to third parties. A “sale” does not always mean a monetary disclosure but may involve a disclose or exchange of Personal Information in exchange for other good and valuable consideration. Please also refer to the section titled Right to Disclosure of Personal Data to Third Parties” above.
If you would like to opt out of our use of your personal information for these purposes, you may do so by sending an email to email@example.com.
Right of Data Portability
At any time, you may request an electronic copy of the personal information we collect from you. Upon request, we will provide you with a copy of the data in a common, machine-readable format. Please note that if any of the personal information we collected from you has been anonymized or de-identified so it is no longer identifiable, we will advise you of same in our response. You may request a copy of your data by sending an email to firstname.lastname@example.org.
How to Contact Us
For more information about our privacy practices, if you have questions, or if you would like to make an inquiry, please contact us by e-mail at email@example.com.
Law 25 Privacy Rights Notice
Access to Information & Data Portability
Under Law 25, you have the right to request a copy of your personal data processed by ThreatIQ. If you would like a copy of the personal information collected by ThreatIQ, please submit a request to us in writing at firstname.lastname@example.org.
Once we have received your request, we will respond to you within 30 business days, although we reserve the right under Law 25 to extend the time frame to respond if your request is extensive or requires additional resources to ensure that our response to your request is complete and no information is missing.
Please be aware that if your access request is inaccurate or vague, that Law 25 decrees that the time to respond will not begin until we confirm the exact scope of your request.
Any records we disclose to you in response to your access request will be in a structured, commonly used technological format so you can easily view the information. We are not responsible for or bound under Law 25 to customize the information in the access request to your device’s specifications.
Right of De-Indexation
As a Quebecois resident, you have the right under s. 28.1 of Law 25 to “de-index”, or to direct ThreatIQ to stop the processing of any of your personal data. You may exercise your right of de-indexation by sending us a written request outlining the personal information you wish to be deleted.
Please note that we reserve the right under s. 28.1 to retain your personal information if it is necessary to provide our services to you. Additionally, if you exercise your right to de-index but the personal data is absolutely required, you may not be able to fully access all the features and services that ThreatIQ offers. Once received, we will review your request and respond to you in writing.
Data Retention & Destruction
ThreatIQ will only collect and retain your personal data for as long as required by law. Generally, we are permitted to retain your personal information for up to seven (7) years after we have exhausted the use of your personal data before deleting it entirely. The retention period is to comply with privacy legislation that permits you to access a copy of the personal data we have collected from and processed about you. After the one-year term has expired, we will delete your personal data permanently. This seven-year period does not apply to any other reasons permitted by law to retain personal information. All personal data collected by ThreatIQ is hosted and stored in Canada.