Less than 100 Days to GDPR

Forcepoint has the expertise to help your organization prepare. Download the GDPR Resource Pack.
Close
Privacy Policy

Last Updated: November 20, 2017

FORCEPOINT PRIVACY POLICY 

This Privacy Policy explains how Forcepoint™ LLC and its affiliates1 ("Forcepoint", "we", "us", or "our") collects, uses, discloses and transfers the personal information you provide to us or we collect:

  • When you use http://www.forcepoint.com/ (and any of its sub-domains (the “Website”));
  • When you do business with Forcepoint as outlined below;
  • When you use Forcepoint products; or
  • As otherwise described in this policy.

As reflected below, this Privacy Policy expresses our commitment to the Privacy Shield Framework Principles (“Principles”) and the program by which the Principles are implemented.

This Privacy Policy was last updated at the date indicated above. We may change this Privacy Policy from time to time so please check back regularly to keep informed of updates.

Forcepoint has a separate privacy policy that governs how we collect, use and manage personally identifiable information regarding our employees. Forcepoint also follows the Principles with respect to our employees’ personally identifiable information. A link to our employee privacy policy can be found on the Forcepoint intranet home page.

1. PRIVACY SHIELD PARTICIPATION 

Forcepoint is pleased to participate in the Privacy Shield program and to adhere to the Principles (https://www.privacyshield.gov/). The Privacy Shield program was established by the United States (US) government, in consultation with the European Commission and others. Privacy Shield provides a reliable means for transferring personal data from the European Union (EU) to the US, thereby assuring that EU-based data subjects’ personally identifiable information continues to benefit from European data protection laws when their personal data is transferred to Forcepoint offices and Forcepoint’s vendors in the United States.

We are committed to applying the Principles to EU data subjects’ personally identifiable information, including the Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield program and the Framework Principles, visit the U.S. Department of Commerce's Privacy Shield List here. In the event of a conflict between the terms in this privacy policy and the Principles, the Principles shall govern.

Forcepoint annually self–certifies its commitment to apply the Principles to all personal data received or collected from the EU. The Department of Commerce reviews the Forcepoint self-certification and includes Forcepoint in the list of Privacy Shield program participant companies if Forcepoint’s Privacy Shield certification is found to be acceptable, The Privacy Shield list can be found by clicking on this link: https://www.privacyshield.gov/. Forcepoint’s compliance with the Privacy Shield principles is subject to the enforcement powers of the US Federal Trade Commission.

Note that Forcepoint may also transfer personal data from the EU to other non-EU countries besides the United States. In those cases, we will implement Standard Contractual Clauses or other measures approved by EU law so as to ensure the transfer is lawful. A copy of the relevant agreements is available to those affected - See Section 6 below.

2. WHAT INFORMATION DO WE COLLECT? 

General: We receive and store information, including information that can be used to identify you ("personal information"), entered on our Website or given to us in any other way. This occurs, for example, when you make inquiries about the Website or about Forcepoint partners, products or services (whether via the Website or otherwise). Except to the limited extent that may be necessary in the context of online job applications, we neither request nor collect sensitive personal information (i.e., personal information specifying criminal offences/convictions, medical or health conditions, biometric or genetic data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual).

Information that we automatically collect when you use the Website: When you use our Website, we automatically collect the following information: 

  • Navigation and click-stream data
  • HTTP protocol elements
  • Search terms

This information is not identifiable to you unless you choose to register yourself on the website.

We also collect information automatically through the use of cookies. Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors to their sites. Please see our Cookie Policy available at https://www.forcepoint.com/cookie-policy for more detailed information about what cookies are used on our Website, why they are used, and how you can control their use.

Personal Information we collect when you register with us online or create an online account: You can browse the Website without registering with us or creating an online account. If you choose not to register with us or create an online account we do not collect your personal information. However, in order to access certain resources or services via the Website (e.g., to download reports or papers, access technical alerts or to join technical forums), you will need to register with us. If you register and create an online account, we collect certain personal information about you such as:

  • Your first and last name;
  • Your telephone number;
  • Email address;
  • Job function;
  • Job title;
  • Organization name and size; location; and
  • Whether or not you are acting on behalf of a current customer.

Personal Information we collect when we obtain online feedback from you: We collect your name, online contact information and any other personal information that you choose to provide in the context of obtaining online feedback from you. At your option, we may also collect your organization's name and physical contact information although we may already hold this information if you have provided it to us for another purpose.

Personal Information that we collect when you do business with Forcepoint: We may collect and process Customer, Vendor or Business Partner Data when you conduct business with Forcepoint on behalf of a Customer or prospective customer, or as, or on behalf of, a vendor, supplier, consultant, professional adviser or other third party. "Customer, Vendor or Business Partner Data" means information relating to an identified or identifiable natural person that Forcepoint receives on behalf of a customer or prospective customer, or from or on behalf of a vendor, supplier, consultant, professional adviser or any other third parties that do business with Forcepoint, whether or not such natural person is also a Website user. Examples of Customer, Vendor or Business Partner Data include:

  • Contact details of points of contact for Customers, Vendors or Business Partners (such as name, business phone numbers, business address);
  • Business contact information (such as job title, responsibilities, department and name of organization);
  • Financial information (such as financial account information) if needed to take payment or fulfill contractual obligations or for related purposes;
  • Information necessary to evaluate Forcepoint's performance and that of Business Partners; and
  • If you also hold an online Forcepoint account, we add any purchase information we collect, including details of the purchase and your business address, to your online account information.

Personal Information that you provide about another person: We rely on our customers, vendors and business partners to bring this Privacy Policy to the attention of any individuals who they identify to us. If you provide us with information about another person, you confirm that you have informed them of our identity and the purposes (as set out in this Privacy Policy) for which their personal information will be processed and that you have obtained their consent to such processing. Forcepoint reserves the right to ask the other person to confirm their consent.

Personal Information that we collect when you apply online for employment: You may submit personal information through use of our website to be considered for employment at Forcepoint. Such information includes your name, your address, your phone number, your email address, job preferences, experience, desired salary, relocation preferences, work authorization, security clearance, education, job skills and other information contained on your resume or curriculum vitae (CV). Forcepoint uses such information solely for consideration of your candidacy for employment, to communicate with you and to generate related correspondence, including offer letters and employment agreements. Such information may also be used, subject to applicable local laws, to conduct necessary background checks for compliance and other employment related purposes. Finally, Forcepoint only retains such information for as long as is necessary to address your employment application and any questions that may arise regarding your application’s processing. Your submission of personal information or a resume through our website constitutes your consent to the collection, storage and use of that information, including in the United States, as described above.

Personal Information received from the use of certain Forcepoint products. Some Forcepoint products enable customers to monitor their networks to protect against cyber threats. Consequently, we may receive personal information of end users of such monitored networks (“End User Personal Information”). The type of End User Personal Information we may receive from the use of such monitored networks includes:

  • Forcepoint Subscriber ID information: Customer ID (i.e., the ID used to identify which customer is sending or receiving files), User ID or Visitor ID (the ID used to identify client IP visiting the file), network user name, first name, last name, company name, country, and email address.
  • Communication information: email metadata, including email addresses of sender and recipient, sender email in SMTP transaction and email subject.
  • Traffic data: proxy log, web traffic logs, apache browsing logs, browsing and diagnostic logs, IP addresses, URL information, website session data and files submitted by end users of Forcepoint products.
  • Such other data as the Forcepoint customer collects in furtherance of its cybersecurity program.

In Section 3 below we explain how the processing of this End User Personal Information is processed in accordance with our customers’ decisions regarding what is necessary to protect the security and other vital interests of the customer and the users of the products. Forcepoint may use End User Personal Information for the legitimate interest purpose of ensuring the products work effectively.

Personal Information we obtain from other sources: We also may periodically obtain both personal and non-personal information about you from Forcepoint subsidiaries, business partners or resellers and other third-party sources and add it to the information we already hold about you, such as:

  • Updated business address information;
  • Purchase history;
  • Demographic information; and
  • Credit information about Customers, Vendors or Business Partners from credit reference agencies (for more information see Section 4 below).

3. HOW WE USE YOUR INFORMATION 

Personal Information: We use or may use your personal information for the following purposes (or as otherwise described at the point of collection) in line with the “legitimate interests” requirements of data protection laws:

  • Creating and administering records about your online account (if you have one), including your organization’s purchase history;
  • To provide you with information, access to resources or other products or services that you have requested from us on behalf of your organization;
  • To send you customer service-related communications, including in relation to administering your organization's online account and providing online services to you on behalf of your organization;
  • To provide technical product support to Customers and to enhance Customer technical product support services.
  • To deal with communications that you send to Forcepoint;
  • To alert you to upgrades and enhancements to our products and to new products and/or services, including by email, in accordance with your communication preferences. Please see the "Your Choices" section below for further information about how you can control these updates;
  • To request your feedback;
  • To assess financial, credit or insurance risks arising from any relationship or prospective relationship with a Customer, Vendor or Business Partner;
  • To complete and support the current activity, Website and system administration, research and development, and to improve the navigation and content of the Website;
  • To carry out User analysis, User profiling and decision making2;
  • To improve the Website; and
  • To improve our products and services.

Website usage data: We use tools to measure Website visitor performance, click data, engagements with content on the Website, pathing, form completions, etc. When aggregated, we use it to analyze user behavior and make decisions about how to improve the user experience. We do not use cookies to carry out these activities. However, no individual will be individually identifiable in such information and statistics.

Marketing: We and our business partners may contact you by mail, telephone, fax, email or other electronic messaging service with offers of goods, services, promotions or other information that may be of interest to you in accordance with your communication preferences. Where required by applicable law, your prior consent will be obtained before sending you direct marketing and you may opt out of receiving marketing messages from Forcepoint (See Section 5, "Your Choices", below).

Forcepoint does not in any way sell, lease or rent your information to third parties.

Anonymous and Non-personal Information: We may generate, use and disclose aggregated anonymous and non-personal information and statistics about the Website for marketing and strategic purposes. Similarly, we may generate aggregate usage and statistical information related to Customers’ and end-users’ use of the Products in order to facilitate analysis and comparisons.

End User Personal Information: Certain Forcepoint products and services enable our customers to monitor End User Personal Information passing through their networks to protect against cyber threats. In providing these products, Forcepoint acts as a “Processor” on behalf of the customer who acts as the “Controller” under applicable data protection laws.

TAs Controllers of the End User Personal Information, our customers retain full responsibility for ensuring the End User Personal Data collected by their use of Forcepoint products is handled in accordance with applicable privacy laws and regulations.

In its role as Processor, Forcepoint will process the End User Personal Data as required to perform the service including to manage and administer Forcepoint’s customers’ services such as providing technical support, tailoring network monitoring policies, and developing product improvements. As a Processor, Forcepoint undertakes to comply with the laws applicable to Processor activities. We meet our obligations in this regard by ensuring our contracts with customers (i) define the obligations of Forcepoint and the customers according to applicable privacy legislation and (ii) require our customers to comply with relevant privacy legislation.

4. SHARING YOUR PERSONAL INFORMATION 

We may share your personal information as follows: 

  • With Forcepoint affiliates, for the purposes described in Section 3 above;
  • With our service providers or agents solely to the extent necessary to enable such service providers or agents to provide services to Forcepoint or on Forcepoint's behalf.
  • In response to subpoenas, court orders or other legal process, for reasons relating to national security, to defend against legal claims, to protect the rights, property or safety of Forcepoint, Forcepoint Customers, Vendors or Business Partners, Website users, employees or others, or as may otherwise be required by applicable law;
  • To Forcepoint auditors, legal representatives or similar agents;
  • To resellers for the purposes of sales and support-related matters;
  • To any third party that purchases, or to which a Forcepoint entity transfers, all or substantially all of the Forcepoint assets or business (in which case the relevant Forcepoint entity will use reasonable efforts to ensure that the third party to which it transfers personal information uses it in a manner that is consistent with this Policy);
  • To credit reference agencies for the purposes of making periodic searches in the context of managing and taking decisions about Forcepoint's relationship or prospective relationship with a Forcepoint Customer, Vendor or Business Partner. Such information as is provided to credit reference agencies may be used by other credit providers to take decisions about the Forcepoint Customer, Vendor or Business Partner.

Forcepoint’s policy is to maintain contracts with all third parties with whom we share personal information that restrict their access, use and disclosure of personal data in compliance with our legal obligations, including those under the Privacy Shield.

Note that Forcepoint does not control the sharing of End User Personal Information; rather, this is governed by our customer (i.e., the data controller), in accordance with the customer’s privacy policy and applicable privacy legislation.

5. YOUR CHOICES 

If at any time you decide you do not want us to retain any personal information we collected from you when you registered on our website, or otherwise collected about you from others as described in Section 2 of this Policy, you may request we delete your information. Instructions for contacting us are provided in Section 6 of this policy. Of course, once we delete your information you will no longer be registered with us and you will not have access to the services that are only available through registration. As noted above, even if you are not registered with us we collect Navigation and click-stream data, HTTP protocol elements, and search term data, which helps us to optimize the browsing experience. This data is not personally identifiable if you are not registered on the website.

You may opt-out of receiving marketing messages from Forcepoint or its business partners without de-registering with us. To opt out of receiving marketing messages please send an opt out email to communications@forcepoint.com. Please note that, by opting out, you acknowledge and agree that you will not receive emails concerning upgrades and enhancements to Forcepoint products. However, we will continue to send you services-related (non-marketing) communications in connection with the administration of your organization's account and products or services that you have requested from Forcepoint on behalf of your organization.

6. YOUR RIGHTS: ACCESSING AND CHANGING YOUR PERSONAL INFORMATION3

Forcepoint seeks to ensure that your information and preferences are accurate and complete. You have the right to update your information and/or preferences at any time. If you wish to review or change the information we have regarding you or to update your preferences regarding our retention or use of your personal information please let us know by sending an e-mail with your name, full mailing address and e-mail address to privacy@forcepoint.com together with a description of the changes you request.4

You may also make changes by writing to Forcepoint at: 

Forcepoint
Attention: Director, Global Compliance & Ethics/Data Protection Officer
10900-A Stonelake Blvd., Quarry Oaks 1, Suite 350
Austin, TX 78759

In certain circumstances, persons in the EU may have rights of rectification (where data is inaccurate), erasure, restriction, objection or portability. EU persons may also have a right to receive from us a copy of their personal data we have in our possession. To exercise these rights or to obtain a copy of the personal information we hold about you, please write to the above address.

Further, Forcepoint International Technology Limited, an Irish incorporated company with a registered office at Riverside One, Sir John Rogersons Quay, Dublin 2, Ireland, and a wholly-owned subsidiary of Forcepoint LLC, is the place of central administration for Forcepoint in the EU and as such is the “Main Establishment” for Forcepoint in the EU. EU Data subjects seeking to make changes to the information we have regarding you or to update your preferences regarding our retention or use of your personal information can send an e-mail with your name, full mailing address and e-mail address to privacy@forcepoint.com together with a description of the changes you request.

QUESTIONS, OBJECTIONS AND COMPLAINTS

We are responsible for our collection, use and disclosure of EU Personal Data in accordance with the Principles. We also are responsible for onward transfers to third party agents that are processing such data on our behalf, unless we prove that we are not responsible for the event giving rise to the damage. In certain situations, we may be required to disclose EU Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

Where we are relying on our legitimate interests to process your personal data (see section 3 above), you have the right to object to such processing. To exercise your right to object, please contact us as specified above. We will consider your objection and we will comply with it unless we have a compelling legitimate ground as permitted by applicable law.

Forcepoint is committed to reply to any questions and resolve any complaints you have about our collection or use of your Personal Data. Anyone with inquiries or complaints regarding our collection or use of his or her Personal Data may contact Forcepoint as specified above.

If you are a resident of the EU and you have an issue with the collection and transfer of your personal data to the United States you may also submit your complaints to Forcepoint’s alternative dispute resolution representative, the International Centre for Dispute Resolution (ICDR). ICDR can be contacted at http://info.adr.org/safeharbor. If none of the foregoing resolved your concern you may seek binding arbitration through the Privacy Shield Panel. The Privacy Shield arbitration program requirements can be found at this link

CALIFORNIA’S “SHINE THE LIGHT” LAW 

We acknowledge that California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what personal information is disclosed to third parties for direct marketing purposes in the preceding calendar year. Forcepoint does not, without your consent, distribute your personal information that it collects to outside parties for their direct marketing, or any other purpose, except as provided for in this Privacy Policy.

PROTECTING YOUR INFORMATION 

Forcepoint acknowledges your trust and is committed to protecting the information you provide to us. To prevent unauthorized access, maintain accuracy, and ensure proper use of information, we have employed physical, technical, and administrative processes to safeguard and secure the information we collect.

Website users can help further protect their personal information by using a secure web browser and by changing any access passwords regularly. Please note that data transmission over the Internet is not 100% secure and any information disclosed online can potentially be collected and used other than by the intended recipient. Please be aware that, by posting information to the technical forum via the Website, you may be making this information available to the public. You should be careful not to reveal any sensitive or other personal details about yourself.

CHANGES TO THIS PRIVACY POLICY 

We may revise this Privacy Policy from time to time as we determine is necessary to ensure it is accurate, complete and up-to-date. We will provide notice of any such changes (including when they will take effect) in accordance with law. You will be deemed to have accepted such amendments by your continued use of the Website after the effective date. Accordingly, you are advised to check this Privacy Policy from time to time. We will, of course, notify you of any changes where we are required to do so.

OTHER LINKS 

From time to time, the Website may contain links to other websites owned by non-Forcepoint affiliated entities and we may display advertisements from third parties on our Website. When you click on these links, you enter another website. Forcepoint is not responsible for the content, operation or privacy practices of any such websites. Your use of such websites will be subject to any terms of use posted on such websites and not by the terms of use of the Website. In particular, unless expressly stated, we are not agents for these sites or advertisers, nor are we authorized to make representations on their behalf.

RETENTION OF PERSONAL INFORMATION 

Forcepoint will only keep your personal information (i) for as long as is necessary for the purpose or purposes for which it was intended; (ii) for the purposes of performing or fulfilling a contractual obligation with the organization that you represent; (iii) for as long as required by law; or (iv) where applicable, for as long as Forcepoint may be sued.

MONITORING AND COMPLIANCE 

We may monitor, store, review and disclose to third parties any information, including your personally identifiable information, obtained on or through the Website as may be necessary to satisfy any applicable governmental law, regulation, investigation or proceeding. Forcepoint may also disclose your personally identifiable information (1) where such disclosure is required by law; (2) to protect Forcepoint’s legal rights to the extent authorized or permitted by law; or (3) in an emergency where the health or safety of you or another individual may be endangered, to the extent permitted by law. Additionally, we may use IP addresses to identify a particular user if we believe it is needed to enforce compliance with these terms or to protect our company, employees, Website, or customers.

CONTACT US

If you have any questions or concerns about our use of your information or about this Privacy Policy, please send an e-mail to privacy@forcepoint.com or write us at:

Forcepoint
Attention: Director, Global Compliance & Ethics/Data Protection Officer
10900 Stonelake Blvd.
Quarry Oak 1, Suite 350
Austin, TX 78759

In your e-mail or letter, state your question or concern as clearly as possible.

 

1 Carnelian LLC, Forcepoint Federal LLC, New Websense, Inc., PortAuthority Technologies, LLC, Raytheon Oakley Systems, LLC, SurfControl, Inc., Tomahawk Acquisition, Inc., Tomahawk Holdings, Inc., Websense, LLC, Red Owl Analytics, Inc.

2 In addition to any other options you have with regard to our retention or use of your personal information (See Section 5 of this Policy), you are allowed to opt-out of this usage.

3 If you are a resident of the EU and your query relates to personal information that you have provided to us through an online employment application then you may also raise your query with the Data Protection Authority in your home country. The Forcepoint Compliance & Ethics Director will provide contact information for the Data Protection Authority upon request.

4 If you are an End User of Forcepoint Products, you should contact the data controller of your personal information (our customer) for any information related to personal information held about you and the privacy policy which governs the relationship between you and the data controller.