Field Effect Software Inc. and its subsidiaries[hover]Where Field Effect is the data controller, the entity that controls your personal information may differ depending on where you reside. The following entity is the data controller:
1. If you reside in the United Kingdom or the European Union, Field Effect Security Inc.
2. If you reside in the United States, Field Effect Security Ltd.
3. If you reside in Australia, Field Effect Security Pty Ltd.
4. If you reside in Canada or anywhere else not stated, Field Effect Software Inc. (collectively "Field Effect", “we”, “our” and “us”) believe customer security and privacy are paramount and we are committed to protecting your privacy and maintaining the security of your personal information.
What is Personal Information
Personal information, also called personal data, and referred to in this policy as “personal information,” is generally considered to include any information related to an identifiable individual. The precise definition may vary depending on your jurisdiction. The types of personal information that we may process depends on the business context and the purposes for which the information was collected.
Collection of Personal Information
We may collect personal information directly from you when you interact with our websites (which may include requesting a demo or information or applying for an open employment position), the Field Effect portal, though electronic communications or when you interact with us in person. For example, you may provide Field Effect with contact information, job title, work or employment history, payment information, physical address, telephone number, email address and other personal information directly when you:
- set up an account with us
- provide information to us in connection with a purchase of our products and services
- post comments, participate in forums or blogs
- contact us by email, text, chat or phone or through the client portal for customer support or other matters
- partner with us as a reseller of our services.
Only the personal information necessary to achieve the stated purpose of the collection will be collected.
We may also collect personal information about you indirectly from:
- Third parties
- Our customers when they use our service
- Automatically collected information (cookies and other similar technologies)
1. Third Parties
If permitted by applicable laws, we may obtain information about you from third parties, such as our business or marketing partners, social media, event organizers, commercial lead providers, and other data providers and/or publicly available sources. Personal information we obtain from these sources may include your contact information, job title, information concerning your business, or other information pertaining to the nature of your request.
If you choose to provide Field Effect with the personal information of another individual (such as name, email, and phone number), you are representing through that action that you have the third party's permission to do so.
2. Our customers when they use our services
We may obtain personal information from our customers and users of our services and products, including by accessing data within environments hosted by various third parties, such as our customers’ cloud service providers. We obtain such personal information for the purposes of providing products and services to our customers, including for purposes of authenticating users, monitoring and investigating security incidents and events, obtaining information, reports and metrics relating to the operation of software and hardware solutions within our customers’ environment, making recommendations, and supporting our business operations.
The information we may collect in the course of offering products and services to our customers, and depending on which products and services you use, includes contact and job title information of users and others in the customer or partner organization as well as passwords and IP addresses; log data from various sources such as data centres, applications, cloud and on premise infrastructure and remote endpoints; event data obtained from inspection of network traffic and devices; any other information provided by customers while using the services, such as event logs, and network data including metadata, operating systems and versions, users and groups from directories, network vulnerability data and customer-authored training courses.
Our customers/users are responsible to ensure that they have a legal basis or consent to provide us with access to such personal information, and to ensure the quality, integrity, reliability, and appropriateness of data submitted to us, and must comply with terms contained in the applicable customer agreement.
3. Automatically Collected Information
- analyze trends and monitor how visitors move around the website
- identify and authenticate visitors across different pages within our website
- retrieve your previously stored data, for example, information that you previously submitted to the website using a form
- provide visitors with relevant and applicable advertising and content applicable to their likely interests.
Field Effect may also work with third parties that collect data about your use of our website for non-advertising purposes and with third parties that serve ads on behalf of us. For example, Field Effect uses Google Analytics to improve the performance of the website and for analytics and marketing purposes. You can find more information about how Google Analytics collects and uses data by visiting this page: https://policies.google.com/technologies/partner-sites
If you prefer not to accept cookies, most internet browsers will allow you to change the setting of cookies by adjusting settings on your browser; however, you should note that disabling cookies may negatively affect the functionality of this and other websites you visit. You can ask third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking the relevant boxes to adjust your marketing preferences.
Use of Your Personal Information
Field Effect may use and process your personal information to provide, improve and customize our products and services that we offer, to develop new products or services, to send communications to you and to comply with legal requirements. We will only process your personal information when we need to do so for a reason related to your business with us (referred to in privacy laws as “legitimate business purposes” or “legitimate interests”) and when we have a lawful basis for doing so, which includes:
- your consent (whether express or implied), where consent is required as the lawful basis for the collection, use and disclosure of personal information. By providing your information and/or using our services with knowledge of how we will collect, use and disclose your information, you consent to the collection, use and disclosure of your information as described in this policy.
- providing services under a contractual obligation to you or your company, including products and services delivery
- creating and managing your accounts, access to our client portal and authenticating your identity when you log into your account on the portal or when you request information that is specific to you
- sending order forms and/or invoices
- providing you with great customer support and responding to your inquiries
- as permitted by applicable laws, sending communications to you including commercial electronic messages and promotional communications (which you may opt out of)
- when you visit our website, collecting information relating to your access and use of our website and to improve the operation of our website and the effectiveness of our marketing campaigns
- sending notices to you on upgrades, updates and improvements and advising on our services
- protecting and ensuring the security of our systems, business, assets and customers
- developing our services, including by obtaining information on security threats and threat actors
- complying with legal and regulatory requirements and legal processes, for example, responding to lawful requests from public and governmental authorities and court orders
- Otherwise as required or permitted by applicable laws.
Sharing Your Personal Information
- sending marketing and other communications related to the services we provide you
- billing and payment processing
- customer relations management
- IT and cloud infrastructure and data storage
- Employment application related services
- Security and compliance services
- Services and product improvement initiatives.
Our subsidiaries and third party service providers are only provided with information they need to perform their designated functions and service providers are not authorized to use or disclose information for their own marketing or other purposes. Our subsidiaries and service providers may be located in the U.S., Canada or other foreign jurisdictions.
In accordance with applicable laws, we may also share your information in connection with, or during negotiations of, a corporate transaction such as a merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business.
We may disclose your information in response to a request for information by a legal authority or government agency in compliance with, or as required by, applicable laws, regulation or legal processes, or if required to protect and defend the rights, property and safety of our business and customers, in accordance with applicable laws.
We may share your information with third parties with your consent, whether express or implied as required by applicable law. In most cases, the consent will have been given to us in order to complete a business transaction or provide you with services you requested, or if we otherwise notify you and you consent to the sharing of your personal information. We may disclose your information for other legitimate purposes permitted or required by applicable law. We do not sell, lease or trade the personal information we collect from you.
Security of Your Personal Information
We take security very seriously and that includes the security of your personal information. We have put in place and maintain reasonable and appropriate technical, physical and administrative safeguards to protect your personal information from unauthorized disclosure or access, alteration and destruction. When we share your personal information with third parties, we make sure those third parties have controls to protect the privacy of your personal information, including the security and deletion of such information when it is no longer required. Field Effect requires third party service providers to take commercially reasonable steps to protect your personal information, to use it only for the required purpose and to comply with applicable laws and regulations.
While we maintain comprehensive security practices, no transmission of information over the Internet or method of electronic storage can be absolutely guaranteed. You also have a part to play in maintaining the security of your personal information by using best practices in the access and sharing of your information.
Retention and Disposal of Personal Information
Field Effect retains your personal information as needed to fulfil the purposes for which it was collected and for a reasonable period thereafter to comply with legal obligations and stated contractual and operational requirements. When your information is no longer required, we will take steps to have the information deleted, destroyed, aggregated or made anonymous.
Your Rights and Choices
Please be advised that in the delivery of our services, Field Effect acts as data processor/service provider to process our customers’ data (including personal information held by our customers) on behalf of our customers under the terms of services agreement. Any such customer data is under the control of our customer and is not under Field Effect’s control. Accordingly, if you make an inquiry regarding your personal information in circumstances where we are acting as processor (such as a request for access, withdrawal of consent, data deletion, or all such other related inquiries), we will direct such request to our customer and will assist our customer in its response to your request as per our customer’s instructions and in accordance with the terms of our agreement with them.
If you are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) govern the collection, use and disclosure of your personal information that you provide and we collect from you. Subject to exceptions prescribed under the law, under PIPEDA, we may only collect your personal information with your consent (whether express or implied as required by applicable law) and only what is necessary for the purpose for which it is being collected. You have the right to expect that your personal information is accurate and complete. You may ask to view your personal information and ask us to make corrections to it, and may withdraw your consent to our further collection, use and disclosure of your personal information subject to legal and contractual restrictions. Similar rights exist under substantially similar provincial privacy laws. You can find out more about protecting your privacy in Canada by visiting: https://www.priv.gc.ca/en/about-the-opc/publications/guide_ind/
If you are a resident of the United Kingdom or the European Economic Area, the UK General Data Protection Regulation (UK GDPR) or the EU General Data Protection Regulation (EU GDPR) applies, and Field Effect is the data controller of your personal information, except in situations where our products and services have been deployed with your business or organization, in which case Field Effect would act as the data processor. To the extent allowed under the UK GDPR or EU GDPR, you may request access to the personal information Field Effect has collected about you, update inaccurate information, and request that your personal data be deleted, among other things. You may exercise these rights by contacting us at the contact information provided below.
You may refuse to provide your personal information or to limit the personal information you choose to provide. Should you choose to limit your personal information provided to us, we may be unable to complete a transaction or provide services that you have requested if we do not have the necessary information to do so. Your choices do not apply to service notifications or other required communications that are considered part of products and services you have agreed to receive from us. You will continue to receive these communications unless you cancel or stop access in accordance with the contractual terms and conditions that apply to our| provision of those products and services to you.
International Transfer, Processing and Storage of Personal Information
As part of performing the services we are providing you and supporting the functioning of our products and services, your personal information may be collected, used, processed, transferred or stored by our subsidiaries globally or by Field Effect service providers in other jurisdictions which may be outside of the region in which you are located. By using our websites, products and services or by providing any personal information to us, where applicable law permits and unless specified otherwise in a separate notice, you acknowledge and consent to the transfer to, processing, and storage of your personal information in a location outside of your country of residence which may have different data protection standards from those in your country of residence. In such cases, personal information may be subject to the local laws of the jurisdictions within which it is collected, used, disclosed and/or stored, and may be accessed by governmental and law enforcement authorities in those jurisdictions.
Field Effect is compliant with PIPEDA and relies on the recognition by the UK and the EU of the adequacy of PIPEDA as a lawful basis for the transfer of personal data, which governs how we collect, use and disclose personal information. The adequacy decision is an acknowledgement that PIPEDA provides an adequate level of personal information protection to our customers. For UK and EU customers, we may transfer your personal data outside of the UK and EU within the Field Effect group of companies and to our service providers located outside the UK and EU. When we do transfer your personal data outside of the UK or EU, we ensure a similar degree of protection is afforded to it by ensuring that we only transfer your data to countries deemed to provide an adequate level of protection for personal data and, when we use certain service providers, we ensure we have appropriate contractual obligations in place with the service providers.
Chief Privacy Officer
Field Effect Software Inc.
207-825 Exhibition Way
Ottawa, ON Canada K1S 5J3
Last Updated: January 20, 2023
©2022 Field Effect Software Inc. and its subsidiaries. All rights reserved.