fbpx

Privacy Policy

LAST UPDATED: May 25th, 2018

This is the Privacy Notice of Phishgoggles as well as any subsidiaries, (“Phishgoggles”), whose headquarters is located at 8223 Cloverleaf Drive, Suite 100, Millersville, Maryland 21108.

1. IMPORTANT NOTICES

Phishgoggles provides products and services to help organizations successfully build, manage and grow in an efficient and secure manner (collectively “Services”).

Phishgoggles respects your privacy. This Privacy Notice sets out how Phishgoggles collects and processes your personal data when you access and use our Services, including but not limited to the site www.phishgoggles.com (“Site” or “Sites”). This Privacy Notice also provides certain information that is legally required and lists certain of your rights in relation to your personal data under applicable law.

Certain sections of this Privacy Notice may apply only to residents of the U.S. (“U.S. Only”), while other sections apply only to residents outside of the U.S. (“Outside the U.S.”). We identify those sections accordingly. Sections not otherwise designated or not otherwise superseded by a country-specific statement apply globally.

This Privacy Policy is effective with respect to any data that we have collected, or collect, about and/or from you, according to our Terms.

We may amend this Privacy Notice from time to time. We encourage you to check our Privacy Notice regularly to understand how we may process your Personal Data. This Privacy Policy will include the date of last update. Please be advised that your continued use of our Sites and/or Services constitutes your acceptance of the most recent version of this Privacy Policy.

2. INFORMATION ABOUT PERSONAL DATA PROCESSING
2.1. Personal Data

This Privacy Notice relates to data about you and your interaction with our Services. “Personal Data” is information that can be used to identify you, directly or indirectly, alone, or together with other information. Personal Data includes such things as your full name, email address, phone number, precise location, device IDs, and certain cookie and network identifiers. Phishgoggles collects, uses, and discloses Personal Data as outlined in this Privacy Policy, including to operate and improve the Services and our business; for advertising and marketing; and to provide you products and the Services.

2.2. How We Collect Personal Data
  • When you or your organization register(s) you for an account, Products, or Services.
  • When you request information from us or interact with or utilize our Products or Services.
  • We may collect Personal Data when you use or interact with our Sites and Services, including when you register with us, browse our websites, request information, or make purchases from us. This Personal Data may include name, address, phone number, username and password, email address, date of birth, location data, and payment information.
  • We collect Personal Data when you communicate with us or sign up to receive promotional materials or information, including email address and phone number.
  • We may collect data from third parties or publicly-available sources.
  • We may obtain certain data about you from third-party sources to help us provide and improve the Services and for marketing and advertising. We may combine your Personal Data with data we obtain from our Services, other users, or third parties to enhance your experience and improve the Services.
  • When we leverage and/or collect cookies, device IDs, Location, data from the environment, and other tracking technologies.
  • We may collect certain Personal Data using cookies and other technologies, such as web beacons, device IDs, geolocation, HTML5 local storage, Flash cookies, and IP addresses. We specifically use browser cookies for different purposes, including cookies that are strictly necessary for functionality and cookies that are used for personalization, performance/analytics, and advertising. Our Use of Cookies section contains more information and options to control or opt-out of certain data collection or uses.

Users Under 18 Years of Age
  • We do not knowingly collect Personal Data online from individuals under 18 years of age without parental consent. If you become aware that an individual under 18 years of age has provided us with Personal Data without parental consent, please contact us at privacy@phishgoggles.com. If we become aware that an individual under 18 has provided us with Personal Data without parental consent, we will take steps to remove the data as permitted by law.
2.3. How We Disclose Personal Data

We may disclose your Personal Data as described in this Privacy Notice, including:
  • To Affiliates and Partners.
    With companies or ventures that are owned, controlled by, or affiliated with, Phishgoggles, and internally within Phishgoggles, in order to provide and improve Services, for marketing purposes, for advertising, and for analytics.
  • To Service Providers and Vendors.
    With business partners, marketing partners, and vendors to provide, improve, and personalize the Services.
  • For Advertising and Marketing.
    With advertising and marketing partners for advertising and marketing purposes on Phishgoggles’ behalf.
  • For Certain Analytics and Improvement.
    With certain companies for purposes of analytics and improvement of the Services.
  • For Interest-Based Advertising.
    With companies involved in interest-based advertising. This advertising consists of Phishgoggles [and third-party ads] that are personalized and displayed on our sites and through other channels. For more information on how data is disclosed for advertising, see Advertising and Analytics section of this Privacy Notice.
  • For Legal Compliance, Law Enforcement, and Public Safety Purposes
    As permitted by law, with law enforcement, government or regulatory bodies, lawful authorities, or other authorized third parties in order to comply with laws, regulators, court orders, or other legal obligations or to assist in an investigation, to protect and defend our rights and property, or the rights or safety of third parties, to enforce our Terms of Use, this Privacy Notice, or agreements with third parties, or for crime-prevention purposes.
  • Actual or Contemplated Sale, Acquisition, or Reorganization.
    In connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, acquisition or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.
3. LEGAL BASIS FOR PROCESSING

We collect and process your personal data for a variety of different purposes which are set out in further detail below.

In some cases, we will ask for your consent so that we may process your Personal Data. However, in certain circumstances, applicable data protection laws allow us to process your Personal Data without needing to obtain your consent. In the (U.S. Only)., you typically provide consent when you receive notice of this Privacy Notice. This section addresses the legal basis for processing your Personal Data if you reside (Outside U.S.).
3.1. Processing Personal Data Where Consent Not Obtained

In certain cases, separate consent is not required, including:
  • For the performance of a contract.
    To perform our contractual obligations to you, including our fulfilling orders or purchases you have made, contacting you in relation to any issues with your order or use of the Services, in relation to the provision of the Services, or where we need to provide your Personal Data to our service providers related to the provision of the Services.
  • To comply with legal obligations.
    To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.
  • Legitimate Interests.
    To operate our business and provide the Services, other than in performing our contractual obligations to you for Phishgoggles’ “legitimate interests” for the purposes of applicable law, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Legitimate interests may include:
    • To communicate with you regarding the Services, including to provide you important notices regarding changes to our Terms and to address and respond to your requests, inquiries, and complaints.
    • To send you surveys in connection with our Services.
    • To assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties.
    • To develop, provide, and improve our Services.
    • To enforce our Terms or this Privacy Notice, or agreements with third parties.
3.2. Matters That May Require Consent

In cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data, including:
  • Marketing
    We may ask for your consent to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or services which we think may be of interest to you and for other marketing purposes.
  • Research
    We may ask for your consent to use your Personal Data for research purposes.
  • Use of Cookies
    The Sites may use cookies to improve user experience.

    A "cookie" is a small text file that a web server stores in browser software. A browser sends cookies to a server when the browser makes a connection to the server (for example, when requesting a web page from the same domain that created the cookie). The purpose of cookies is to remember the browser over time and distinguish one browser instance (or user) from all others. Some cookies and other technologies may serve to recall Personal Data previously indicated by a web user. Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them. Cookies can remember login information, preferences, and shopping cart contents. Other cookies, often placed by our partners or other third parties, are used for analytics, marketing, or advertising.

    Cookies, as well as other tracking technologies, such as HTML5 local storage, Local Shared Objects (such as “Flash” cookies), web beacons, and similar mechanisms, may record information such as Internet domain and host names; Internet protocol (IP) addresses; browser software and operating system types; clickstream patterns; and dates and times that our Site(s) are accessed.

    Cookies used for analytics may use non-Personal Data that is not directly linked to you. We use analytics technologies to improve our Sites and Services.

    Users are advised that if they wish to deny the use and saving of cookies from the Sites on to their computer’s hard drive, they should take necessary steps within their web browser’s settings to block all cookies from the Sites and their external serving vendors. Please note that if you choose to erase or block your cookies, you may need to re-enter your original user ID and password to gain access to certain parts of the Sites. For information on how to disable cookies, refer to your browser’s documentation.
3.3. Withdrawing Your Consent (Outside U.S.)

You may at any time withdraw the consent you provide for the processing of your Personal Data for the purposes set forth in this Privacy Notice by contacting us at privacy@phishgoggles.com provided that we are not required by applicable law or professional standards to retain such information.

If you wish to opt-out of future marketing messages and materials, you may do so at any time by following the instructions provided in those messages.
4. DE-IDENTIFIED OR ANONYMIZED DATA

We may create de-identified or anonymous data from Personal Data by excluding data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you or through obfuscation or through other means. Our use of anonymized data is not restricted by this Privacy Notice.

5. DATA RETENTION

We will retain your Personal Data for as long as long as necessary to provide you information, Products or Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Where we no longer need to process your Personal Data for the purposes set out in this Privacy Notice, we will delete your Personal Data from our systems.

Where permissible or required, we will also delete your Personal Data upon your request, as further described in the Data Subject Access, Modification, and Deletion Rights section of this Privacy Notice.

6. ADVERTISING AND ANALYTICS

Interest-based advertising is advertising that is targeted to you based on your web browsing and app usage over time. We may disclose various types of de-identified information to enable interest-based advertising. You have the option to restrict the use of information for interest-based advertising and to opt-out of receiving interest-based ads.

You can make decisions about your privacy and the ads you receive. You can control whether companies serve you on-line behavioral advertising by visiting the Digital Advertising Alliance website and using its opt-out: http://www.aboutads.info/choices/ (U.S. Only) / http://www.youronlinechoices.com/ (EU). The DAA opt-out requires that cookies not be blocked in your browser.

As an alternative to the DAA opt–out, you can also elect to block browser cookies from first parties (such as those from our websites) and browser cookies from third parties (such as advertisers) by using the cookie blocking options built into your browser software. If you block browser cookies, some parts of our websites may not function correctly. Also, blocking cookies will not stop third-parties from collecting IP address, data stored in "Flash" cookies, and certain other types of technical information that may uniquely identify your browser.
6.1. Do-Not-Track

Due to the lack of consensus around a Do Not Track standard, our websites to not change how they collect or track data when they receive the “Do Not Track” flag.
7. SOCIAL NETWORK WIDGETS

Our Sites may include social network sharing widgets that may provide information to their associated social networks or third-parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interact with the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where widget appears. If you use social network tools or visit social networking sites, you should read their privacy disclosures, to learn what information they collect, use, and share.

8. WHY WE COLLECT AND PROCESS YOUR PERSONAL DATA

We need to process certain of your Personal Data in order to fulfil our contractual obligations to you and to provide you with the Services.

Where we ask for your consent to process your Personal Data, you have the right to withdraw such consent as described in this Privacy Notice. Please note, however, we may be unable to provide you certain Services that require the use of Personal Data.

Please note that even where your consent would otherwise be required, we may nevertheless process your Personal Data in accordance with our legitimate interests under applicable law, as described in this Privacy Notice.

9. TRANSFER AND STORAGE OF PERSONAL DATA

Phishgoggles and associated Services and systems may be stored on servers in the United States. If you are located outside of the United States, please be aware that Personal Data we collect will be processed and stored in the United States, a jurisdiction in which the data protection and privacy laws may or may not offer the same level of protection as those in the country where you reside or are a citizen.

By using our Services and/or submitting your Personal Data, you agree to the transfer, storage, and/or processing of your Personal Data in the United States.

10. DATA SUBJECT ACCESS, MODIFICATION, AND DELETION RIGHTS (OUTSIDE U.S.)

You have the right in certain circumstances to request confirmation from us as to whether or not we are processing your Personal Data. Where we are processing your Personal Data, you also have the right to request access to, modification of, or deletion of such Personal Data.

You have the right in certain circumstances to receive the Personal Data concerning you that you provided to us and have the right in certain circumstances to transmit such data to another controller.

To exercise your rights with respect to your Personal Data, please contact us at privacy@phishgoggles.com. As permitted by law, certain data elements may not be subject to access, modification, and/or deletion. Furthermore, we may charge for this service and will respond to reasonable requests as soon as practicable and/or as required by law.

11. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY (OUTSIDE U.S.)

You may have a right to lodge a complaint with a supervisory authority.

12. SECURITY SAFEGUARDS AND LINKS TO OTHER WEBSITES

We implement reasonable and appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing of Personal Data and against the accidental loss, destruction, or damage of Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.

This Privacy Notice only applies to our Sites. Our Sites or Services may provide a link or otherwise provide access to another website, mobile application, or Internet location (collectively “Third-Party Sites”). We provide these links merely for your convenience. We have no control over, and are not responsible for Third-Party Sites, their content, or any goods or services available through the Third-Party Sites. Our Privacy Policy does not apply to Third-Party Sites, and any data you provide to Third-Party Sites, you provide at your own risk. We encourage you to review the privacy policies of any Third-Party Sites with which you choose to interact.

13. NOTICE OF BREACH OF SECURITY

If a security breach occurs that exposes or may have exposed your Personal Data we will notify you as soon as possible and/or as required by law.

14. YOUR CALIFORNIA PRIVACY RIGHTS (U.S. ONLY)

Under Section 1798.83 of the California Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Data the business shares with third parties for those third parties’ direct marketing purposes, and the identities of the third parties with whom the business has shared such data during the immediately preceding calendar year. To exercise your rights, you may make one request each year by emailing us at privacy@phishgoggles.com with “Request for California Privacy information” on the subject line and in the body of your message. Be sure to provide in the request sufficient information to properly identify you and/ or the members of your family.

15. CONTACT US

For questions regarding this Privacy Notice, please contact us at: privacy@phishgoggles.com.