Eclypsium Privacy Notice

Effective: March 1, 2021

Eclypsium is committed to protecting your privacy and keeping your data secure. We want you to understand what information we collect from you, how we use that information, who we share that information with and how we keep that information secure.

Scope

This Privacy Policy (“Policy”) informs you of the types of information Eclypsium Inc. (“Eclypsium,” “we,” “us,” “our,” or the “Company”) collects about you when you visit our website at http://www.eclypsium.com and associated sub-domains (“Site”); download and install any of our products, or any installer or other applications we provide to you (“Software”), or utilize any of our services (“Services”), and how we use that information. The term “Eclypsium Services” means the Site, the Software, and the Services. By visiting the Site, downloading the Software, or utilizing our Services, you agree to the provisions of this Policy. Unless stated otherwise, our current Policy applies to all information that we collect from or about you.

This Policy does not apply to information collected by any third party, including through any application or content that may link to or be accessible from the Eclypsium Services. If you do not agree to the terms of this Policy, please do not use, access, download, install, or utilize (collectively, “use”) any Eclypsium Services or otherwise provide us with any personal information.

Why do we collect your personal information?

Eclypsium processes personal information in the course of running our websites, processing payments, registering visitors to our offices and events, managing webinars and promotions, providing support, improving user experience, running our infrastructure, preventing fraud, protecting intellectual property, maintaining endpoint and network security, enforcing our legal rights, sending marketing and other communications, processing agreements, complying with our legal obligations, and to achieve other legitimate interests as well as where you have provided consent. Personal information, such as contact information, is collected from websites, web portals, Eclypsium’s Services, events, partners, office visitor registration systems, and where you have provided it directly to Eclypsium.

Legal Basis for Processing Personal Information (EEA Visitors Only)

If you are a visitor from the European Economic Area and the United Kingdom, Eclypsium’s legal basis for collecting and using the personal information collected will depend on the personal information concerned and the specific context in which we collect it.

In most circumstances, we collect personal information (i) where it is needed for the performance of a contract, (ii) where the processing of the personal information is in our legitimate interests and not overridden by your rights, or (iii) where you provide your consent. Other times, your personal information may be collected in order for us (iv) to comply with a legal obligation, (v) to perform a task for the public interest, or (vi) for the protection of your or another’s vital interests.

If we collect and use your personal information in reliance on our legitimate interests or those of any third party, we will make clear to you at the relevant time through this notice or otherwise what those legitimate interests are. Oftentimes, legitimate interests involve our normal day-to-day operations, such as the ability to operate our platform and communicating with you as necessary to provide our services, responding to your inquiries, or marketing. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided at the bottom of this Privacy Notice.

When do we collect your information?

We collect your information when you contact us and provide us with information, when you visit one of our websites or social media sites, when you license and use Eclypsium software products,  and when you sign up for and use one of our Eclypsium’s Services.

What information do we collect?

Eclypsium collects both personal and non-personal information.  Personal information is information that can be used on its own or in combination with other information to identify, contact, or locate a person, or to identify a person in context. Non-personal information does not, on its own, identify a person.

When you interact with us through the Software, we may collect Personal Data and other information from you, as further described below:

  • Personal Data That You Provide. We collect Personal Data from you when you voluntarily provide such information, such as when you contact us with inquiries or register yourself or your company online for access to the Software. Wherever Eclypsium collects Personal Data we make an effort to provide a link to this Privacy Policy. By voluntarily providing us with Personal Data, you are consenting to our use of it in accordance with this Privacy Policy. If you provide us Personal Data, you acknowledge and agree that such Personal Data may be transferred from your current location to the offices and servers of Eclypsium and the authorized third parties referred to herein located in the United States.
  • Non-Identifiable Data. When you interact with Eclypsium, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. Eclypsium may store such information itself or such information may be included in databases owned and maintained by Eclypsium affiliates, agents or service providers. We may use such information and pool it with other information to track, for example, the total number of users of our Eclypsium’s Services, the number of visitors to each page of our Site, and the domain names of our visitors’ Internet service providers. It is important to note that no Personal Data is available or used in this process. In operating the Services, we may use a technology called “cookies.” A cookie is a piece of information that our computers give to your browser when you access the Site. Our cookies help provide additional functionality to the Services and help us analyze usage of the Services more accurately. In all cases in which we use cookies, we will not collect Personal Data except with your permission. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive notification when you are receiving a new cookie and how to turn cookies off. We recommend that you leave cookies turned on because they allow you to take advantage of some of the special features of the Services[QT1] .
  • Aggregated Personal Data In an ongoing effort to better understand and serve our users, Eclypsium often conducts research on user demographics, interests and behavior based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and Eclypsium may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally. Eclypsium may also disclose aggregated user statistics to current and prospective business partners, and to other third parties for other lawful purposes.
  • Google Analytics and Similar Technologies We may allow third party service providers to use cookies or similar technologies to collect information about your browsing activities over time and across different websites following your use of the Services. For example, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze how users use the Site and enhance your experience when you use the Service. For more information on how Google uses this data, go to https://google.com/policies/privacy/partners/.

How do we collect your information?

  • We collect information from you directly. For example, when you request a demo of or license the Software, or sign up for one of our services, you provide [your name, company name, email address, job title and phone number.] In the event you provide information to the Company in the form of a request we may use that information to process orders and downloads for Software demonstration or evaluation purposes.  In the event you provide information to us in connection with a technical support request, such information will be processed and used by us for the purpose of providing the requested technical support, including performing error analysis.
  • We collect information through web browsers or devices when you visit one of our websites or social media sites, log into our Software or use one of our services.  Most browsers and devices collect certain information automatically, and may include, for example, the type and version of your computer operating system, the screen resolution of your monitor, your device manufacturer and model, the primary language used by your device, the Internet browser type and version you use, and the name and version of the software you are using. We use this information to make sure that the Software is functioning properly, to analyze the performance of the Software, and improve and maintain our services.
  • We collect information through “cookies”.  Cookies are text files saved by your browser when you log into our Software or services. We may use both session cookies and persistent cookies to identify that you have logged in, to tell us how and when you interact with our Software or services, and to check aggregate usage and web traffic. Unlike persistent cookies, session cookies are deleted when you log off and close your browser. You can change your browser options to stop accepting cookies or to prompt you before accepting cookies.
  • We collect information from your IP Address and your web logs.  The IP Address generally identifies the host or network interface for your device and where your device is located.  IP addresses are automatically transmitted as part of any Internet communication.  We use IP addresses to communicate with your device, to calculate usage levels, to help diagnose server problems, to help maintain security and to otherwise administer our software and our services. In the process of managing our websites, we review and evaluate usage through web server logs.  These logs tell us what types of browsers are accessing our sites, what pages receive the most traffic and the times when there is the most traffic to the sites.
  • We also use a tool called “Google Analytics” to collect information about use of our sites. Google Analytics collects information such as how often users visit a website, what pages they visit when they do so, and what other sites they used prior to coming to our site. We use the information we get from Google Analytics only to improve our sites. Google Analytics collects only the IP address assigned to you on the date you visit our site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit our site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use (as amended for government websites) and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.[3]
  • We collect information when you log into and use the Software.  The Software automatically collects and transmits to our servers data and “hashes.”  Hashes are a key to a string of characters used to index and retrieve items in a database.  These data and hashes may include system files, dynamic link library files (types of files that contain specific code that many programs can share), binary files (computer files that are not text files) and/or other executable code(s) that may contain users’ names, device ID, information about third party products, and the computer’s configurations, settings and artifacts of your computer system.  From your use of the Software we may also collect users’ names, media access control (MAC) addresses, network information, hardware type, model number, hard disk size, CPU type, disk type, RAM size, systems architecture, operating system, versions, locale, BIOS (basic input/output) version, BIOS model, system telemetry (an automated communications process by which measurements and other data are collected at remote or inaccessible points and transmitted to receiving equipment for monitoring), device ID, and information about third party products.[4]
  • We collect information and performance data so we can determine if the Software is up to date and functioning properly and to see how the Software operates in relation to different hardware and software environments.  We may use this information to maintain or upgrade a system. We may also use this information to address performance and fix issues. On occasion, we may develop new versions, patches, updates, and other fixes to our programs and services, such as security patches addressing newly discovered vulnerabilities.
  • We collect information from job applicants and employees. When a job application or an information request form is submitted to us, we may collect individually identifiable personal information such as name, home address, personal telephone number, email address and employment history, and voluntarily provide sensitive personal information such as racial or ethnic origin, or health information. As part of the job application process we also collect names and contact information for referrals and alternative-contact purposes. Applicant information is collected in the country where the job position is located. Information collected from applicants is used solely to assess the applicant’s qualification and skills, to communicate with the applicant, to verify the submitted information, including reference and background checks, to the extent permitted by applicable law, and for legal compliance purposes including for purposes of compiling government and government-contracting labor statistics. We also collect and use personal information of employees as reasonably necessary in connection with the employment relationship, including for purposes of performance evaluation, compensation, benefits administration, tax withholding, compliance and reporting.
  • Information from Other Sources. We may receive information about you from other sources, including through Third-Party services and organizations to supplement information provided by you. This supplemental information allows us to verify information that you have provided to Eclypsium and to enhance our ability to provide you with information about our Company and Services.

How we Use Your Information

Business Information

Generally, we use the personal information we receive to:

  • Provide the Services, respond to inquiries or send you administrative messages regarding the operation and use of the Services;
  • Personalize and improve the Services;
  • Monitor and analyze usage and trends of the Services;
  • Send communications related to the Services;
  • Provide you with relevant advertisements;
  • Process any transactions initiated by you;
  • For any other purpose for which the information was collected;
  • To meet our legal obligations, for example:
    • For audit and reporting purposes;
    • To perform accounting and administrative tasks;
    • To respond to requests for information by competent public bodies and judicial authorities;
    • To respond to inquiries we receive from you or your company or organization;
    • To enforce or manage legal claims;
  • To deliver advertising and promotional and other communications, including periodically contacting you with offers and information about our products, services, features, and events and sending you newsletters or other information about topics that we believe may be of interest; conducting online surveys; and otherwise promoting our products, services, features, and events; and
  • To deliver targeted advertisements to you, both on and off the Services, including by using cookies, web beacons, and other Technologies, as explained in this Policy.

Human Resources Information

With regard to personal information we receive in connection with the employment relationship:

  • we will use such personal information only for employment-related purposes as more fully described in this Policy; and
  • if we intend to use this personal information for any other purpose, we will provide the individual with an opportunity to opt out of such uses.

Additional Uses Aligned with Our Legitimate Interests

In addition, we may use your personal information for the following purposes for which we have a legitimate interest:

  • Direct marketing
  • Processing for research purposes (including marketing research)
  • Disclosure to affiliated organizations
  • Network and information security (e.g., server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.)
  • Physical security
  • Exercise of the right to freedom of expression or information, including in the media and the arts
  • Unsolicited non-commercial messages, including for political campaigns or charitable fundraising
  • Enforcement of legal claims including debt collection via out-of-court procedures
  • Prevention of fraud, misuse of services or money laundering
  • Employee monitoring for safety or management purposes
  • Whistle-blowing schemes
  • Processing for historical, scientific or statistical purposes

How We Share Your Information

Eclypsium is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:

We may share personal information with our subsidiary or affiliated companies for the purposes described in this Privacy Policy, such as to help provide services or improve or monitor the performance of our Software.

We may share personal information with our authorized service providers and partners.  These third parties may only use or disclose personal information obtained from us to perform services on our behalf or to comply with legal obligations.

We may share personal information in the event of a contemplated or actual reorganization, merger, sale, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy proceedings).

In certain instances, it may be necessary for Eclypsium to disclose your collected or personal information to government officials or otherwise: (1) to satisfy or comply with any applicable law, regulation or legal process; (2) to respond to lawful requests, including subpoenas, warrants or court orders; (3) to protect our property, rights and safety and the rights, property and safety of third parties or the public in general; and (4) to prevent or stop activity we consider to be illegal or unethical.  Subject to applicable laws, Eclypsium reserves the right to cooperate with any legal process and any law enforcement or other government inquiry related to your use of the Software. This means that Eclypsium may provide documents and information relevant to a court subpoena or to a law enforcement or other government investigation.

How We Protect Your Information

To protect your information, we have taken appropriate administrative, technical, physical and procedural security measures, consistent with international information practices. We take commercially reasonable measures to protect your information from unauthorized access, use, and disclosure. However, no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we can not guarantee the absolute security of your information.

Retention of Personal Information

We will retain your personal information for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, or legal requirements, or where we have a legitimate interest in doing so. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law. We may retain personal information preserved in automatically generated computer backup or archival copies generated in the ordinary course of our information technology systems procedures.

Accessing, Updating or Correcting Your Information

Under certain circumstances, you may be able to request the removal of information we have about you. We will respond to requests to access or delete your information within 30 days. We may retain certain data contributed by you if it may be necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally identifiable data, account recovery, or if required by law.

International Users

The information we collect may be stored in the United States because our operations are primarily in the United States. As such, your information may be transferred to, used, processed, or maintained on computers located outside of your province, country, or other governmental jurisdiction, and privacy laws may not be as protective as those in your jurisdiction. In situations where you are located outside the United States and choose to provide information to us, we will transfer your information to the United States and process it there. Furthermore, this Policy is governed by the laws of the United States and the State of California.

Your California Privacy Rights

Eclypsium does not share your personal information with any non-affiliated third party for their own marketing use without your affirmative consent.[8]

Children’s Privacy

Eclypsium complies with the U.S. Children’s Online Privacy Protection Act.  Eclypsium does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to Eclypsium, please contact us, and we will endeavor to delete that information from our databases.

Changes to This Notice

Any information that we collect is subject to our privacy policy in effect at the time such information is collected. We may, however, modify and revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we will notify you of such changes by posting a prominent notice on this website prior to the change becoming effective, or by sending you an email or other notification. If the change would have the effect of introducing a purpose for the use of your personal information, which is inconsistent with this notice, and where required by applicable law, we will either notify you or provide you with an opportunity to opt-out from such use.

Your Privacy Rights

In accordance with applicable law, you may have the following rights:

  • the right to rectify inaccurate personal data we hold about you without undue delay, and taking into account the purposes of the processing, to have incomplete personal data about you completed.
  • the right to ask us to erase your personal data (the right to be forgotten) without undue delay in certain circumstances.
  • the right to restrict the processing of your personal data in certain circumstances.
  • the right to receive your personal data from us in a structured, commonly used and machine-readable format and to transmit your personal data to a third party without obstruction (right to data portability) in certain circumstances.
  • where we process personal data based on your consent, you have the right to withdraw your consent at any time for future processing.
  • where we process your personal data based upon our legitimate interests or those of a third party, you have the right to object to the processing of your personal data at any time (including to any profiling).
  • where we process your personal data for direct marketing purposes, you have the right to object to processing of your personal data at any time, including profiling to the extent that it is related to such direct marketing.
  • the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • the right to opt in or opt out of the sale of your personal information to Third Parties, if applicable, where such requests are permitted by law.
  • if you are a California resident, you also have the right not to receive discriminatory treatment by us for the exercise of your rights conferred by the California Consumer Privacy Act.

Exercising these Rights

If you would like to exercise any of these rights, please contact us as described in the “Contact Us” section above.

Although Eclypsium makes good faith efforts to provide individuals with access to their personal information, there may be circumstances in which Eclypsium is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where it is commercially proprietary. If Eclypsium determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, Eclypsium will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.

Contact Us

For any questions, concerns, or complaints or inquiries about the information contained in this Notice or about Eclypsium’s privacy practices, please contact the Eclypsium Privacy Program Office at the address given below. The Company will conduct a reasonable investigation of and will attempt to resolve any complaints in accordance with the principles contained in this Statement.

Office of Trust & Security

Eclypsium
920 SW Sixth Avenue, Suite 375
Portland, OR 97204
[email protected]
+1 (833) FIRMSEC