BreachAware® Privacy Policy

Last updated: December 2018
Introduction

Here at BreachAware Limited (‘BreachAware’) we are committed to protecting and respecting the privacy of your personal data. This privacy policy will explain how your data is collected, stored, used and transferred by BreachAware.

This privacy policy covers data collected when you visit our website, fill out any forms, use any of our services or interact with us through social media, email or phone.

Please read this information carefully so you are aware of how we process your data. If you have any questions about any content in this privacy policy, please contact us at privacy@breachaware.com.

About Us

BreachAware is a tool that can identify compromised assets within data breaches for risk analysis and account takeover prevention.

BreachAware Limited of 71-75 Shelton Street, London WC2H 9JQ (collectively referred to as ‘BreachAware’, ‘us’, ‘we’, and ‘our’ in this document) is the controller of the data collected via our website and services. Our GB company registration number is 10478267.

We take you personal data and it’s protection seriously and are committed to processing it in a manner which is fair, lawful and transparent and within all principles and requirements of data protection regulations

The data you provide to us is used for the following purposes:

  • to manage and provide your BreachAware service;
  • to improve your browsing experience by personalising BreachAware features or content;
  • to enable you to use BreachAware and it’s services;
  • to send you occasional updates and communication about BreachAware service changes, maintenance requirements; billing enquiries; and other events directly related to your subscription;
  • to send you occasional newsletters and other relevant and targeted promotional communications;
  • to deal with enquiries, complaints and feedback from you;
  • to send you offering’s by email, requesting you to take part in an optional survey and/or give feedback;
  • to monitor and protect the security of our information, systems and network;
  • to ensure all content presented to you and your device is presented most effectively; and
  • to meet our legal responsibilities

Data Collected

Personal data means any information about an individual from which that person can be identified. This does not include data where the identity or the identifying information has been removed, this is called anonymised data.

As our website and services are for use by a general audience, we will not knowingly collect any data from children under the age of 13 or sell products to children. If you are under the age of 13 you are not permitted to use or submit your data to our website or service.

Through our website and service we may collect the following types of data from you;

  • email address
  • first and last name
  • password
  • job title
  • company you work for
  • phone number
  • IP address
  • domain address
  • payment methods and basic (not full) credit card information
  • transaction data related to your purchase of our services
  • other technical data including frequency of access to our services, usage and movement around our website and services, browser type and version, time zone settings, operating system and platforms, website performance statistics and traffic statistics.

We may collect personal data about you through any of the actions identified below;

  • visiting our website
  • signing up for an account through our website, email or through a partner
  • requested by us through phone, email or other communications
  • provided by you to access all or any of our services
  • provided by you for billing and transactions
  • You contact us with an enquiry or to report a problem

All data collected by us is processed only in accordance with data protection regulations therefore all data processing activities have a legal basis for processing it, which varies depending on the manner and purpose for which we collected it. We therefore, only collect personal data from you when;

  • we have your consent to do so; or
  • we need your personal data to perform a contract with you; or
  • we have a legal obligation to collect or disclose personal data from you; or
  • the processing is in our legitimate interests and not overridden by your rights

Any questions about the legal basis of processing your data can be asked by contacting us at privacy@breachaware.com.

How long do we keep your data

We will keep your data for no longer than is necessary for the purpose(s) it was provided for and to meet any legal responsibilities or obligations. If you would like to know more about the periods in which we retain your data please contact us at privacy@breachaware.com

How we share and transfer your data

In order to provide our service, we share your data with 3rd parties (also known as ‘processors’). All processors of your data are reviewed with care to ensure their technologies and data protection policies are in-line with data protection law.

The processors or 3rd parties who we may share your personal data with include:

    Customer Relationship Management (‘CRM’)applications Subscription and Billing applications Productivity tools and applications Website hosting and data storage companies Google services

Your data, on occasion be stored or transferred outside of the UK and European Economic Area (“EEA”). These instances occur only for the purpose of providing you our service. By submitting your personal data, you agree to this storing and transferring. We will take all the necessary steps, within reason, to ensure your data is treated securely and in accordance with this privacy policy.

All data transferred to 3rd parties or outside of the EEA are done so with data protection principles and regulations at the forefront of the process. Processors and transfer methods are analysed to ensure appropriate security measures are taken to protect your data as best as possible.

All staff at BreachAware are trained to treat your data in accordance with this privacy policy. Only staff who require access to your data is permitted access and all staff use appropriate technologies, including but not limited to, password management software, to assist in the prevention of data leaks or data breaches.

In the event BreachAware is bought by another company or merged with another company, your details may be transferred. By using any of services, you are agreeing to all data being transferred to any company who buys or merges with BreachAware. BreachAware is committed to keeping its users up to date on the transfer of their data so you will be notified by email on this occasion.

How we store your data

The data we collect from you is stored within the UK using the secure servers at Amazon Web Services (‘AWS’) and is therefore stored and protected by the AWS policies and security measures. If you do not wish for your data to be stored by AWS, please do not use our service. BreachAware implements appropriate encryption and other technologies to increase the security of all stored data and can provide a copy of our detailed security whitepaper on data storage upon request.

Your personal data and it’s security is taken very seriously by us and so we use all reasonable efforts to ensure appropriate security measures to protect it. It is known, however, with information being transmitted via the internet that guaranteed security is not available. All data submitted is at your own risk. We still follow strict procedures to protect your data and prevent unauthorised access.

Your rights

Under data protection regulations you have rights, under certain circumstances, when it comes to your data. To request to exercise any of these rights or for more information, please email us at privacy@breachaware.com indicating clearly in writing your request and we will respond appropriately within 30 days as per data protection law.

These rights include, under certain circumstances, the right to;

  • request access to a personal copy of your personal data that we store and process;
  • request correction of the personal data we store or process of you if you believe it is incorrect;
  • request us to erase your data and discontinue processing it;
  • request to transfer your personal data to another entity;
  • object to processing of your personal data;

BreachAware encourages you to read more about your rights under applicable data protection law by contacting your local data protection authority. In the UK, this is the Information Commissioner's Office (‘ICO’).

Before exercising your rights, BreachAware may request more information from you in order to prove your identity for the security of peresonal data. By using our services you are agreeing to us using appropriate measures before complying to your rights request.

In the event we cannot verify your identity, we have the right to deny your rights request.

We may also have the right to deny your rights request for the purpose of fulfilling other legal obligations and responsibilities.

BreachAware is allowed to retain sufficient information about you to ensure any of your rights requests are upheld in future, such as your right to erasure or restriction of processing.

Notification services

One of BreachAwares services is to provide notifications via email, SMS or webhook to users. This service enables a customer to appoint other users by providing their email address or phone number. In this instance the ‘account owner’ is the person who owns the account with BreachAware and the ‘additional user’ is the person who was added to the account by the account owner to receive similar notification services.

The account owner makes a request to add an additional user by inputting their email address or phone number within our services. Upon this action, the account owner is giving us permission to contact the additional user to verify their identity and add them to the notification service.

By providing us their details, the additional user is agreeing to be onboarded onto our notification service and to receive notifications from us.

By providing us their details, the additional user also agrees to our terms and conditions and privacy policy.

When the account owners makes a request to add an additional user, BreachAware acknowledges this information isn’t provided firsthand and will make attempts to verify this user and their acceptance of this privacy policy.

The account owner, upon requesting an additional user, acknowledges that they are giving permission to BreachAware to provide this user with alerts of breach activities.

It is important to know that information regarding an email addresses registration to particular web services, including those with an adult nature, may be highlighted and the account owner should consider this before assigning any additional users.

BreachAware reserves the right to remove any services to any persons or users who are deemed to be breaching our Terms & Conditions or cannot provide acceptable agreement to our Privacy policy.

Lodging complaints

If you have any concerns or complaints about our data activities or the way in which we process your data, please email us directly at privacy@breachaware.com

You also have the right to make a complaint to your local data protection authority, in the UK this is the Information Commissioner's Office (‘ICO’). We would however appreciate the opportunity to deal with your concerns before you approach the ICO, so we encourage you to contact us first.

Cookies

We may collect information about your computer, including your IP address, operating system and browser type, for system administration and in order to create reports. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

The only cookies in use on our site are for Google Analytics. Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so that they can improve it.

Like many services, Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our site.

Cookies contain information that is transferred to your computer’s hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the site before and what site referred the visitor to the web page.

Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page.

Third party cookies are used by us. These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. Cookies may be set by **LinkedIn, Twitter and Facebook. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.

You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.

Newsletters and promotional communications

At your discretion, you can subscribe to any newsletter published by us or receive any other targeted and relevant communications for promotional purposes. At any time you can choose to ‘opt-out’ of this service by unsubscribing using a link always provided in our emails or by completing a ‘contact us’ form available on our website or in your account dashboard.

External Website Links

Any link available on our services which direct to external websites that are not operated by BreachAware,do not follow our guidelines, terms & conditions or privacy policy. Users are encouraged to read the privacy policy of each external website visited.

Changes to our Policy

We reserve the right to amend our policies at any time. In such an instance, you will be notified by email of the changes to our privacy policy or terms and conditions. They will also be reflected on this page.

Contact details

If you have any questions about the use, storage and collection of your personal information, please do not hesitate to contact us by emailing privacy@breachaware.com