Last updated: 07/04/2020
Responsible Cyber, Pte. Ltd. (“RCPL,” “we” or “us”) is the owner and operator of https://www.responsible-cyber.com/ (the “Website”).
As part of our core mission to help businesses to protect against cyber risks, we committed to safeguarding the privacy of our customers and those who use our Website, and our product and services, including our cloud-based products or services, our platform, social media, communications, web-based tools & our mobile app (collectively our “Services”).
Personal Data is any data relating to an identified or identifiable individual and may include name, address, email address, phone number login (account number password), marketing preferences, social media account, or payment card number. If we link other data with your Personal Data, we will treat that linked data as a Personal Data. We also collect Personal Data from trusted-third party sources such as marketing partners, channel partners such as resellers, and other business partners, and engage third parties to collect Personal Data to assist us.
Where we provide the Services under contract with an organization (for example your employer) that organization controls the information processed by the Services. Please see Notice to end users below.
We, as the Data Controller, can be contacted via our representative and Data Protection Officer, Magda Chelly via email at firstname.lastname@example.org
INFORMATION WE COLLECT:
Depending on the Services you use, we collect the following types of information:
Information you provide us:
- Personal information including first and last name, date of birth, photograph and/or likeness;
- Business contact information, including names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title.
- User IDs and passwords
- Personal information that you choose to share within our user communities,
- Payment Information (Securely Stored through our 3rd Party Payment Processor)
- Content that you create, input, submit, post, upload, transmit, or store while using our Services
- Other data that you may submit to our Services or to us directly, such as when you request customer support or communicate with us via email or social media sites
- Details of any insurance made by you through the Website, together with details relating to subsequent correspondence (if applicable).
- Work contact details, qualifications, CVs, application letters, employment history, education history, references, candidate assessment (including interview notes and interview video), ID documentation (including passport copy and information, driver’s license copy and information), board memberships, right to work checks.
Information we collect automatically:
- Technical information (primarily used for security monitoring of your account) including Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information that you search for, your locale and language preferences, your mobile carrier, and system configuration information, the length of your visit and your interactions with the Website.
- We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services.
- Information obtained through our correspondence and monitoring in accordance with our section below “When we monitor or record sensitive information”.
Information we collect from other sources:
- Occasionally we may receive information about you from other sources, for example any insurance companies where you have an active policy, cyber security software providers, cloud service providers you connect with through the Website, or from any third party websites and applications that integrate or communicate with the Website in relation to you. If so, we will add this information to the information, we already hold about you in order to help us carry out the activities listed below.
WHY WE COLLECT INFORMATION FROM AND ABOUT YOU
We will not use your personal information for anything other than the following lawful purposes:
To establish and maintain contractual relationships with our customers:
- To provide our customers with product-based alerts, recommendations, warnings, training results, training modules, vulnerability reports, and more in relation to the services we provide.
- To establish relationships with new customers
- To fulfill our obligations to current customers
- To contact customers regarding account-related issues and business communications relating to the Services, including technical notices, updates, security alerts, and administrative messages
- To enable individuals to access and use our Services
To provide services and information that you request and consent to receive:
- To provide customer service and support
- To communicate with you, including responding to your comments, questions, tickets, and requests regarding our Services
- To process and complete transactions, and send you related information, including purchase confirmations and invoices
- To provide direct marketing, email, and other information distribution
- To disclose your information to selected third parties as permitted by this Policy, and you have provided express consent.
To fulfil our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms:
- To administer, operate, maintain, and secure our website and Services
- To monitor and analyse trends, usage, and activities in connection with our Services
- To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities
- To verify compliance with our internal policies and procedures
- For accounting, recordkeeping, backup, and administrative purposes
- To customize and improve the content of our communications, websites, and social media accounts
- To educate and train our workforce in data protection and customer support
- To provide, operate, maintain, improve, personalize, and promote our Services
- To ensure that content from the Website is presented in the most effective manner for you and for your device.
- To develop new products, services, features, and functionality
- To notify you of any changes to this website
- To market our products and services (first-party marketing only)
To comply with our legal obligations:
- To comply with legal obligations, including but not limited to complying with tax and financial reporting and audit requirements
- To demonstrate compliance with applicable privacy and data security laws and regulations, such as PDPA (Personal Data Protection Act in Singapore) and GDPR (General Data Protection Regulation).
- To comply with incident monitoring, reporting, assessment, and notification requirements
- To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law
If we need your Consent
As noted above, you will be required to give consent to certain activities before we can process your information as set out in this Policy. Where applicable, we will seek this consent from you when you first submit data to or through the Website.
If you have previously given consent you may freely withdraw such consent at any time. You can do this through your account on the Website or by notifying us in writing.
Please note that if we need to process your data in order to operate the Website and/or provide our services, and you object or do not consent to us processing your data, the Website and/or those services may not be available to you.
Our marketing activities and your option to opt-out
Where you have previously ordered products or services, submitted a quote or obtained a trial from us, we may contact you by email, SMS and post to inform you about the services, promotions and special offers that may be of interest to you on the product or service you are ordering. We will inform you (during the sale, signup or quote process) if we intend to use your data for such purposes and give you the opportunity to opt-out of receiving such information from us.
If you prefer not to receive any direct marketing communications from us, or you no longer wish to receive them, you can opt out at any time.
You have the right at any time to ask us to stop processing your information for direct marketing purposes. If you wish to exercise this right, you should contact us by sending an email to email@example.com giving us enough information to identify you and deal with your request. Alternatively, you can follow the unsubscribe instructions in emails you receive from us.
Your data and its use
You may upload data to our Website, which may include personal information or data about your end users (all of which we call “Customer Data”). Customer Data is owned and controlled by you, and any Customer Data that we maintain or process we consider to be strictly confidential. We collect and process Customer Data solely on behalf of you/our customers, and in accordance with our agreements with customers. We do not use or disclose Customer Data except as authorized and required by our customers and as provided for in our agreements with our customers.
RCPL will not be liable for any third-party costs, penalties or claims that arise from the use of Customer Data that is uploaded by you.
RCPL respects the rules and laws of the jurisdiction in which it operates, as well as the privacy and rights of its customers. Accordingly, RCPL provides Customer information in response to law enforcement requests only when we reasonably believe that we are legally required to do so. To protect our customers’ rights, we carefully review requests to ensure that they comply with the law. RCPL reserves the right to disclose Customer Data to law enforcement officials in the investigation of fraud or other alleged unlawful activities, only after law enforcement officials provide legal process appropriate for the type of information sought, such as a subpoena, court order, or a warrant.
WHEN AND WHY WE SHARE OR DISCLOSE PERSONAL DATA
We may share your information in the following ways:
With your express consent: We will share your personal information with companies, organizations, or individuals outside of RCPL when we have your consent to do so.
When you choose to directly share your information while using our Services: When you use our Services, certain features allow you to make some of your content accessible to the public or other users of the Services. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
When your account is accessed by your organization’s designated RCPL administrator: Your RCPL account owners and administrators may be able to:
- Access information in and about your RCPL account;
- Disclose, restrict, or access information that you have provided or that is made available to you when using your RCPL account, including your content; and
- Control how your RCPL account may be configured, accessed, or deleted.
With our vendors and business partners, to accomplish our business purposes: We may share your information with our service providers and other third parties who perform services on our behalf. We provide your payment information to our service providers for payment processing and verification. Service providers such as analytics providers may collect information about your online activities over time and across different online service when you use our Services. We also work with third-party service providers to add critical capability to the modules of the Platform, E.g: Threat intelligence, Training videos, Pen-Test and Vun Scanning services etc.
When necessary to comply with laws and law enforcement requests, or otherwise to protect our rights or those of individuals: We may disclose your information (including your personal information) to a third party if:
- We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request;
- To enforce our agreements, policies and terms of service;
- To protect the security or integrity of RCPL’s products and services;
- To respond to an incident involving personal data for which RCPL has direct or indirect responsibility
- To protect the property, rights, and safety of RCPL, our customers or the public from harm or illegal activities;
- To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
- To investigate and defend ourselves against any third-party claims or allegations.
With our other companies within our group of companies (which means our subsidiaries and branches): RCPL may share data with our regulated insurance entities for the purpose of providing you an insurance quote or policy.
When we monitor or record sensitive information
We may monitor and record communications with you (such as telephone conversations, screen recordings and emails) for the purposes of provision of services, support, quality assurance, training, fraud prevention and compliance purposes. We are also required by law to record any customer communication for the purposes of obtaining insurance. We will always verbally advise that recording is happening for this purpose. Any information that we receive through such monitoring and communication will be added to the information we already hold about you.
We may operate forums, websites and related information services, to better assist you in using our products and services, discussing technical issues and sharing your experiences. You should be aware that any data you provide in these public forums will not be kept confidential, as it may be read, collected and used by others who access them. To request removal of your Personal Data from any forum, contact us (See Contact Us section in this Policy). In certain circumstances, we may not be able to remove your Personal Data, in which case we will let you know why. Your use of these other services may be subject to additional terms and conditions.
Overseas transfers (EEA Users only)
From time to time we may need to transfer your data to countries outside the European Economic Area, which comprises the EU member states plus Norway, Iceland and Liechtenstein (“EEA”). Non-EEA countries that we may need to transfer your data to include Singapore, because we are primarily based there.
Such countries may not have similar protections in place regarding protection and use of your data as those set out in this Policy. Therefore, if we do transfer your data to countries outside the EEA we will take reasonable steps in accordance with applicable Privacy and Data Protection Requirements to ensure adequate protections are in place to ensure the security of your Data, including:
- Use of approved contractual clauses; and
- Ensuring that we only transfer your Data to persons or entities that are appropriately authorized and/or accredited to process Personal Data in compliance with applicable Privacy and Data Protection Requirements.
By submitting your Data to us in accordance with this Policy you consent to these transfers for the purposes specified in this Policy.
HOW LONG WE KEEP OUR PERSONAL DATA
We will hold your Personal Data on our systems for the longest of the following periods:
- As long as necessary to maintain our ongoing business relationship, or as needed to provide you with the products, services or information which you are entitled to or can otherwise reasonably expect to receive from us;
- For as long as necessary for the purpose for which we collected it or for which you supplied it to us in accordance with any product or service relevant activity or process;
- Any retention period that is necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements; or
- The end of the period in which litigation or investigations might arise in respect of our business relations or other interactions with you.
For the sake of clarity where RCPL is a data controller processing your Personal Data for our own purposes, your Personal Data will be deleted or de-identified when it is no longer needed for its originally stated processing purposes, or any additional compatible purpose for which RCPL may lawfully further process such data.
Moreover, where RCPL is a data processor processing your Personal Data for the purposes and on the instructions of another data controller or data processor, we will comply with the time limits agreed with that other controller or processor unless we are compelled by applicable laws and regulations to delete such data sooner, or to retain it further.
HOW WE KEEP YOUR DATA SECURE
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. That said, we certainly try very hard, employing a variety of organizational, technical and administrative measures to provide a level of security appropriate to the risk associated with the personal information you trust us with.
While we will use all reasonable efforts to safeguard your data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any data that is transferred from you or to you via the internet.
RCPL protects personal information under its control, and requires its service providers to also protect against, accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored, or otherwise processed.
The data we collect from you may be stored, with risk-appropriate technical and organizational security measures applied to it, on in-house as well as third-party servers in Singapore, Scotland, as well as anywhere RCPL or our vendors operate.
Security of your personal data is important to us
- We shall make reasonable security arrangements to prevent your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
- Both electronic storage and transmission of personal data are secured with appropriate security technology. We use industry-standard encryption (transport layer security (“TLS”) or secure socket layer (“SSL”) technology) to protect your data in transit. Your personal data is encrypted using industry-standard encryption algorithms. We also practice defense in depth by implementing a combination of technical, physical, and logical safeguards to enforce security controls over personal data in our possession or under our control.
- We may anonymise or convert your personal data into data that cannot be used to identify any particular individual for the purposes of storage and security.
- In the event of a security system breach, we may attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us, or by posting a notice on the Website.
- Our Website may contain links to other websites and software products which are not maintained by us. When accessing or using these third-party websites and software products, you should read their privacy policies which will apply to such access and use.
If you have concerns about the security of your information with RCPL, please contact us immediately to report an issue.
Personal Data Breaches
RCPL takes every reasonable measure to prevent Personal Data breaches. When these do occur, we have a process in place to take swift action within our responsibilities. These actions will be consistent with the role we have in relation to the products, services or processes affected by the breach. In all cases, we will work together with affected parties to minimize effects, to make all notifications and disclosures that are required by applicable law or otherwise warranted, and to take action to prevent future breaches. We systematically outline responsibilities in case of Personal Data breaches in our contracts, both with customers as well as with our vendors
Our websites are not directed to, nor do we knowingly collect data from, children under 13 years of age. If you learn that a child under 13 has provided us data, please contact us.
YOUR RIGHTS TO YOUR DATA
- You have the right to request access to information about Personal Data that we may hold and/or process about you, including: whether or not we are holding and/or processing your Personal Data; the extent of the Personal Data we are holding; and the purposes and extent of the processing.
- You have the right to have any inaccurate information we hold about you be rectified and/or updated. If any of the Data that you have provided changes, or if you become aware of any inaccuracies in such Data, please let us know in writing giving us enough information to deal with the change or correction.
- You have the right in certain circumstances to request that we delete all Personal Data we hold about you (the ‘right of erasure’). Please note that this right of erasure is not available in all circumstances, for example where we need to retain the Personal Data for legal compliance purposes. If this is the case, we will let you know.
- You have the right in certain circumstances to request that we restrict the processing of your Personal Data, for example where the Personal Data is inaccurate or where you have objected to the processing
- You have the right to request a copy of the Personal Data we hold about you and to have it provided in a structured format suitable for you to be able to transfer it to a different data controller (the ‘right to data portability’). Please note that the right to data portability is only available in some circumstances, for example where the processing is carried out by automated means. If you request the right to data portability and it is not available to you, we will let you know.
- You have the right in certain circumstances to object to the processing of your Personal Data. If so, we shall stop processing your Personal Data unless we can demonstrate sufficient and compelling legitimate grounds for continuing the processing which override your own interests. If, as a result of your circumstances, you do not have the right to object to such processing then we will let you know.
- You have the right to object to direct marketing, for which see “Our marketing activities and your option to opt-out” above.
Our software may issue ‘cookies’ (small text files) to your device when you access and use the Website and you will be asked to consent to this at the time (e.g. when you first visit our website). Cookies do not affect your privacy and security since a cookie cannot read data off your Website or read cookie files created by other sites.
You can set your Website not to accept cookies if you wish (for example by changing your browser settings so cookies are not accepted), however please note that some of our Website features may not function if you remove cookies from your Website. For further general information about cookies please visit www.aboutcookies.org or www.allaboutcookies.org.
Changes to this Policy
We keep this Policy under regular review and may change it from time to time. If we change this Policy, we will post the changes on this page, and place notices on other pages of the Website as applicable, so that you may be aware of the data we collect and how we always use it . You are responsible for ensuring that you are aware of the most recent version this Policy as it will apply each time you access the Website.
Your continued use of our Services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of this Policy.
This Policy was last updated on 7th April 2020
Links to other websites
Our Website may contain links to other websites. This Policy only applies to our Website. If you access links to other websites any data, you provide to them will be subject to the privacy policies of those other websites.
We have no control over third party websites or systems and accept no legal responsibility for any content, material or information contained in them. Your use of third-party sites or systems will be governed by the terms and conditions of that third party. It is your responsibility to ensure you are happy with such third-party terms and conditions.
The display of any hyperlink and/or reference to any third-party website, system, product or service does not mean that we endorse that third party’s website, products or services and any reliance you place on such hyperlink, reference or advert is done at your own risk.
This Policy aims to provide you with all relevant details about how we process your data in a concise, transparent, intelligible and easily accessible form, using clear and plain language. If you have any difficulty in reading or understanding this Policy, or if you would like this Policy in another format (for example audio, large print or braille), please get in touch with us.
Notice to End Users
Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
Administrators are able to:
- Require you to reset your account password;
- Restrict, suspend or terminate your access to the Services;
- Access information in and about your account;
- Access or retain information stored as part of your account;
- Install or uninstall third-party apps or other integrations
In some cases, administrators can also:
- Restrict, suspend or terminate your account access;
- Change the email address associated with your account;
- Change your information, including profile information;
- Restrict your ability to edit, restrict, modify or delete information
Even if the Services are not currently administered to you by an organization, if you use an email address provided by an organization (such as your work email address) to access the Services, then the owner of the domain associated with your email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. You will be notified if this happens.
If you do not want an administrator to be able to assert control over your account or use of the Services, use your personal email address to register for or access the Services. If an administrator has not already asserted control over your account or access to the Services, you can update the email address associated with your account through your account settings in your profile. Once an administrator asserts control over your account or use of the Services, you will no longer be able to change the email address associated with your account without administrator approval.
Please contact your organization or refer to your administrator’s organizational policies for more information.
We conduct an annual self-assessment of our practices regarding Personal Data intended to verify that the assertions we make about our practices are true and that such practices have been implemented as represented.
If you have any questions or concerns, we encourage you to first write to us as indicated below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data.
We welcome your feedback and questions on this Policy. If you If you wish to contact us, please email us at firstname.lastname@example.org