Last update date: July 9, 2024
This Privacy Policy (“Privacy Policy”) describes how SilverSky Inc. and our subsidiaries (“we“, “our“, “us“, “SilverSky“) collect, use and disclose Personal Data and personal information as defined in data protection and privacy laws (“Personal Data”) of our current, former and prospective customers, vendors, job-applicants, employees, workers, website users, members of the public and other third parties who can be identified from such Personal Data (being “Data Subjects”). This privacy policy will explain how the Personal Data We collect from you.
INTRODUCTION
SilverSky is in the vanguard of cybersecurity companies developing and deploying technology for threat detection, response and cyber protection. As an advanced technology company, we have developed deep and complex analytics to shield our customers from cyber risks. Our technology provides our continuous learning of threats and attacks, allowing speedy detection and response of incidents. We provide our customers military-grade behavioral tracking and machine learning and operate in some of the most sensitive US government networks. We offer other products and services for protection of systems, including consulting, email protection, vulnerability assessments and programs, firewalls and cyber advisor services. Changes we make to this Privacy Policy will be made through our website.
PURPOSE OF THIS POLICY
We are committed to safeguarding the privacy of our website visitors and service users. This privacy policy describes how we collect, use, and disclose information you provide to us, including Personal Data.
This policy applies where we are acting as a “controller” with respect to the Personal Data of Our website visitors and service users; in other words, where we determine the purposes and means of the processing of that Personal Data. The “Controller” is the entity who, alone or jointly with others, determines the purposes and means of processing Personal Data (in other words: who decides how and why Personal Data is being used). On the other hand, a “Processor” is an entity who processes Personal Data on behalf of a Controller. In most cases, our customers will be deemed the “Controller” and we will be the “Processor” of the Personal Data provided to us by our customers.
We use cookies on our website. Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website. Our dedicated Cookie Policy can be accessed here: https://www.silversky.com/cookie-policy/.
Topics:
- What Data Do We Collect, How Do We Collect It and How Will We Use It?
- Data Security
- International Transfers of Your Personal Data
- Notice Regarding California Consumer Privacy Act (CCPA)
- Retaining and Deleting Personal Data
- Amendments
- Your Data Protection Rights
- How to Contact Us
- Complaints
- Jurisdiction
- Disclosures
WHAT DATA DO WE COLLECT, HOW DO WE COLLECT IT AND HOW WILL WE USE IT?
In this Section We have set out:
(a) the general categories of Personal Data that we may process;
(b) in the case of Personal Data that we did not obtain directly from you, the source and specific categories of that data;
(c) the purposes for which we may process Personal Data; and
(d) the legal bases of the processing.
Where you have an option, you may choose not to provide certain information to us but doing so may limit our ability to communicate with you or fulfill your requests.
Other than in relation to employment data (as defined below), we do not collect any special categories of Personal Data about you (including details about your race or ethnicity or philosophical beliefs, medical information, sexual orientation, political opinions, trade union membership, genetic and biometric data or information on your criminal convictions and offences), other than where this is voluntarily supplied by you (including by making such information manifestly public or through employment application document).
We collect and use your Personal Data in the following ways (and ancillary, compatible ways):
Usage – We may process data about your use of Our website and services (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. We may process your information included in your personal profile on our website. The profile data may include your name, address, telephone number, email address and other Personal Data provided by you, as well as employment details. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is consent OR our legitimate interests, namely delivering, performing, managing, monitoring and improving Our website and services and contractual requirements.
Account – We may process your account data (“account data“). The account data may include your name and email address. The source of the account data is you or your employer. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is consent OR our legitimate interests, namely the proper administration of our website and business including delivering, performing, managing, monitoring and improving our services and contractual requirements.
Services – We may process your Personal Data that are provided in the course of the use of our contracted services (“service data“). The service data may include name, email address, IP, asset ID, location, and device log data. The source of the service data is you or your employer. We may process information relating to Our customer relationships, including customer contact information (“customer relationship data“). The customer relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between us and you or your employer. We may process information contained in any enquiry you submit to us regarding our services The service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is consent OR our legitimate interests, namely the proper administration of our website and business including delivering, performing, managing, monitoring and improving our services and contractual requirements.
Publication – We may process information that you post for publication on our website or through our services (“publication data“). The publication data may be processed for the purposes of enabling such publication and administering Our website and services. The legal basis for this processing is consent OR our legitimate interests, namely the proper administration of Our website and business including delivering, performing, managing, monitoring and improving our services and contractual requirements.
Transaction – We may process information relating to transactions, including purchases of goods and services, that your organization enters into with us and/or through Our website (“transaction data“). The transaction data may include your contact details, card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased equipment and services and keeping proper records of those transactions. The legal basis for this processing is Our legitimate interests, namely the proper administration of our website and business including delivering, performing, managing, monitoring and improving our services and contractual requirements.
Correspondence – We may process information contained in or relating to any communication that you send to us (“correspondence data“). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
Marketing – We may process information about you in order to send relevant marketing, and awareness communications. This data may include your name, email address, telephone number, address, age, professional title. The source of this data is subscribing to our mailing lists or your organization being a client of SilverSky. This data may be processed for marketing of products and services and to inform you of our latest news and blog articles. The legal basis for this processing is consent OR our legitimate interests, namely marketing to, and awareness of, our existing clients.
Job applications – We will process the Personal Data you send to Us or We receive from other sources (like recruiters and recruitment websites) in order to manage recruitment, selection and employment (including any dispute process and associated legal requirements like compliance with tax laws and fair employment reporting requirements). This data will include any information you provide to Us as part of any of the above, including during a recruitment campaign and included on your CV, covering letters and on any responses to job applications and selection processes, including your racial or ethnic origin, religious or philosophical beliefs and trade union membership.
Disputes – We may process any of your Personal Data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
Inter-Group – We may share all or any of the above data with our group of companies. Where this happens we require all recipients to respect the security of your Personal Data and to treat it in accordance with the law. We do this on the basis of our legitimate interests, including the effective and efficient operation of our business.
Professional Support – We may process any of your Personal Data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
Legal compliance – In addition to the specific purposes for which We may process your Personal Data set out in this section, We may also process any of your Personal Data where such processing is necessary for compliance with a legal obligation to which We are subject, or to protect your vital interests or the vital interests of another natural person.
Please do not supply any other person’s Personal Data to Us unless We prompt you to do so. Where you do so anyway, you will be responsible for ensuring that that individual is aware of the content of this Privacy Policy and consents to however we may use their Personal Data.
When our Company processes your order, it may send your data to, and use the resulting information from, credit reference agencies to prevent fraudulent purchases.
DATA SECURITY
SilverSky has put in place appropriate security measures and technologies to prevent Personal Data being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
In this Section, we provide information about the circumstances in which your Personal Data may be transferred internationally.
SilverSky complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, set forth by the U.S. Department of Commerce. SilverSky has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. In addition to SilverSky, our U.S. subsidiaries (i.e., Cygilant Inc., Cybraics Inc., Cybraics Defense Corp. and Caerus Analytics, LLC., D/B/A Caerus Associates, LLC. Defense Corp.) also will adhere to the EU-U.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF, and is covered by our DPF submission. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
We and our affiliated companies have offices and facilities in the UK and US. Transfers to each of these countries will be protected by appropriate safeguards. We may store, access or use your Personal Data in the United States or in any other country where we or our service providers do business or maintain facilities. Therefore, we may transfer Personal Data between different jurisdictions. We transfer Personal Data in compliance with the General Data Protection Regulation and other applicable law.
When we transfer EEA and UK personal information to non-EEA/non-UK countries, we will implement appropriate safeguards to protect this information. If the Personal Data is not subject the General Data Protection Regulation, we may implement standard contractual clauses issued by the European Commission and/or the International Data Transfer Agreement(s) (“IDTA”) issued by the UK’s Information Commissioner’s Office for data transfers to data controllers and data processors established outside of the European Economic Area and the UK.
Rights of the Data Subject Residing in the European Union or to Which GDPR Applies
Residents of the European Union have rights under European data protection law with respect to Personal Data, including the right to request access to, correct, amend, delete, limit the use of, object to or withdraw your consent for the processing of your Personal Data at any time. They may also have the right to receive a copy of your personal information in a commonly used and machine-readable format and to transmit such information to another controller (data portability).
If you consent to the processing of your personal data, you may withdraw your consent at any time by contacting us at legal@silversky.com. Any withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal, and we will continue to retain the information that you provided us before you withdrew your consent for as long as allowed or required by applicable law.
You have the right to object to the processing of your Personal Data for direct marketing purposes or based solely on our legitimate interests. If you do object in these circumstances, the processing of your Personal Data will be stopped unless there is an overriding, compelling reason to continue the processing, or the processing is necessary to establish, pursue or defend legal claims. After receiving your request and sufficient information to verify your identity, we will provide you with a copy of the Personal Data we have about you which you are entitled to receive under applicable law. We will also confirm the purposes for which such Personal Data is being used, its recipients and the origin of the information.
You may write to us at any time requesting amendments to certain Personal Data that you consider to be incorrect or irrelevant, or to request that we block, erase or otherwise remove your Personal Data. We will update, block, erase or remove your Personal Data upon request in line with applicable law.
You may at any time ask us to delete your Personal Data. We will consider and where necessary comply with your request in accordance with applicable law, as explained above.
You acknowledge that Personal Data that you submit for publication through our website or services may be available via the internet. We cannot prevent the use (or misuse) of such Personal Data by others.
Third Party (Onward) Transfers. We will remain responsible for all the Personal Data we receive and that we subsequently transfer to third parties acting as agents on our behalf if they process Personal Data in a manner inconsistent with the data privacy principles, unless we prove we are not responsible for the event giving rise to the damage.
NOTICE REGARDING CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
To the extent you disclose personal information or Personal Data of California consumers or households to us to provide Services to you, we may be considered a “service provider” as defined in the CCPA Section 1798.140(v). We acknowledge and agree that your personal information and Personal Data disclosed to us will be used solely for: (i) a valid business purpose; and (ii) for us to perform or provide our services as set forth in an agreement by and between you and us. We are prohibited from: (i) selling personal information and Personal Data if the California consumer or household has opted out of the sale of their personal information or Personal Data; (ii) retaining, using, or disclosing personal information or Personal Data for a commercial purpose other than providing services to you; (iii) retaining, using, or disclosing the personal information or Personal Data outside of the direct business relationship between us and you; or (iv) using the personal information or Personal Data to provide services to another person or entity. We hereby certify that We understand and will comply with these obligations and restrictions in accordance with the CCPA. Furthermore, we agree to reasonably assist you in responding to any requests from a California consumer or household exercising their rights under the CCPA. For purposes of this Notice, “Personal Information” is defined in CCPA Section 1798.140(o). Further, this Notice is effective for the term of the Agreement by and between you and Us.
RETAINING AND DELETING PERSONAL DATA
This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of Personal Data.
Personal Data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. For each customer, we will retain your information for as long as your account is active, or as needed to provide your products and/or services. You may cancel your account or request that we no longer use your information to provide our offerings by contacting support@silversky.com. In all other cases, we will retain and use your information as necessary for legitimate business reasons, including as needed to comply with our legal obligations, to resolve disputes, and to enforce our agreements. When we have no ongoing legitimate business reason to process your information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your information and isolate it from any further processing until deletion is possible.
AMENDMENTS
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of significant changes to this policy by email.
YOUR DATA PROTECTION RIGHTS
Our company would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request our Company for copies of your Personal Data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that our Company correct any information you believe is inaccurate. You also have the right to request our company to complete information you believe is incomplete.
The right to erasure – You have the right to request that our Company erase your Personal Data, under certain conditions.
The right to restrict processing – You have the right to request that our Company restrict the processing of your Personal Data, under certain conditions.
The right to object to processing – You have the right to object to our Company’s processing of your Personal Data, under certain conditions.
The right to data portability – You have the right to request that our company transfer the data that We have collected to another organization, or directly to you, under certain conditions.
If you make a request, we will respond to you within thirty days from receipt of such request. If you would like to exercise any of these rights, please contact us:
Call Us at: 1-800-234-2175
Or email Us: legal@silversky.com
HOW TO CONTACT US
If you have any questions about Our Company’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact Us.
Email Us at: legal@silversky.com
Call us: 1-800-234-2175
Or write to Us at:
SilverSky, 3015 Carrington Mill BLVD, Suite 400, Morrisville, NC, United States
COMPLAINTS
If you have any complaints about the way SilverSky is handling your Personal Data, please let us know immediately. You may email us directly at legal@silversky.com in relation to data held by us. We will respond within 30 days at the latest, unless required to respond earlier under applicable law.
We commit to resolve data privacy related complaints about our collection and use of your Personal Data.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, SilverSky commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
If you are a resident of the EEU and your concerns with us have not been addressed satisfactorily, or if you believe we are not processing your Personal Data in accordance with applicable law or in accordance with this Privacy Policy, you have the right to file a complaint with the Data Protection Authority in the member state in which you reside.
If you are a data subject based in the UK, you may have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk), or other competent supervisory authority of an EU member state if we collect your data outside the UK.
We would appreciate the chance to deal with your concerns before you approach such bodies so would ask that you, please contact us in the first instance. If you would like to make a complaint to the ICO, their contact details are:
By phone – 0303 123 1113
Online – https://ico.org.uk/concerns
Additional Recourse: If your complaint cannot be resolved with us directly or through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms as provided by applicable data protection laws.
JURISDICTION
The Federal Trade Commission (FTC) has jurisdiction over SilverSky’s compliance with the EU-US DPF and the UK Extension to the EU-US DPF.
DISCLOSURES
SilverSky may be required to disclose personal information it receives under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF response to lawful requests by public authorities, including to meet national security or law enforcement requirements.