Last Updated: 29 November 2016
- When you use http://www.forcepoint.com/ (and any of its sub-domains (the “Website”));
- When you do business with Forcepoint as outlined below;
- When you use Forcepoint products; or
- As otherwise described in this policy.
1. PRIVACY SHIELD PARTICIPATION
Forcepoint is pleased to participate in in the Privacy Shield program (https://www.privacyshield.gov/). Privacy Shield was established by the United States (US) government, in consultation with the European Commission and others, to provide a reliable means for transferring personal data from the European Union (EU) to the US while assuring data subjects continue to benefit from effective safeguards and protection as required by European legislation with respect to the processing of their personal data when they have been transferred to non-EU countries.
Forcepoint has self–certified its commitment to subject all personal information received or collected from the EU to the Principles of the Privacy Shield program. Forcepoint’s Privacy Shield certification is reflected in the list of Privacy Shield program participant companies, which can be found by clicking on this link: Privacy Shield list. Forcepoint’s compliance to the Privacy Shield principles is subject to the enforcement powers of the US Federal Trade Commission.
2. WHAT INFORMATION DO WE COLLECT?
General: We receive and store information that you enter on our Website or give us in any other way, including information that can identify you ("personal information"), for example when you make inquiries about the Website or about Forcepoint partners, products or services (whether via the Website or otherwise). Except to the limited extent that may be necessary in the context of online job applications, we neither request nor collect sensitive personal information (i.e. personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual).
Information that we automatically collect when you use the Website: When you use our Website, we automatically collect the following information:
- Navigation and click-stream data
- HTTP protocol elements
- Search terms
This information is not identifiable to you unless you choose to register yourself on the website.
Personal Information we collect when you register with us online or create an online account: You can browse the Website without registering with us or creating an online account. If you choose not to register with us or create an online account we do not collect your personal information. However, in order to access certain resources or services via the Website (e.g. to download reports or papers, access technical alerts or to join technical forums), you will need to register with us. In order to register and create an online account, we collect certain personal information about you such as:
- Your first and last name;
- Your telephone number;
- Email address;
- Job function;
- Job title;
- Organization name and size; location; and
- Whether or not you are acting on behalf of a current customer.
Personal Information we collect when we obtain online feedback from you: We collect your name, online contact information and any other personal information that you choose to provide in the context of obtaining online feedback from you. At your option, we may also collect your organization's name and physical contact information although we may already hold this information if you have provided it to us for another purpose.
Personal Information that we collect when you do business with Forcepoint: We may collect and process Customer, Vendor or Business Partner Data when you conduct business with Forcepoint on behalf of a Customer or prospective customer, or as, or on behalf of, a vendor, supplier, consultant, professional adviser or other third party. "Customer, Vendor or Business Partner Data" means information relating to an identified or identifiable natural person that Forcepoint receives on behalf of a customer or prospective customer, or from or on behalf of a vendor, supplier, consultant, professional adviser or any other third parties that do business with Forcepoint, whether or not such natural person is also a Website user. Examples of Customer Vendor or Business Partner Data include:
- Contact details of a point of contact for its Customer, Vendor or Business Partners (such as name, business phone numbers, business address);
- Business contact information (such as job title, responsibilities, department and name of organization);
- Financial information (such as financial account information) if needed to take payment or fulfill contractual obligations or for related purposes;
- Information necessary to evaluate Forcepoint's performance and that of Business Partners; and
- If you also hold an online Forcepoint account, we add any purchase information we collect, including details of the purchase and your business address, to your online account information.
Personal Information that we collect when you apply online for employment: You may submit personal information through use of our website to be considered for employment at Forcepoint. Such information includes your name, your address, your phone number, your email address, job preferences, experience, desired salary, relocation preferences, work authorization, security clearance, education, job skills and other information contained on your resume or curriculum vitae (CV). Forcepoint uses such information solely for consideration of your candidacy for employment, to communicate with you and to generate related correspondence, including offer letters and employment agreements. Such information may also be used, subject to applicable local laws, to conduct necessary background checks for compliance and other employment related purposes. Your submission of personal information or a resume through our website constitutes your consent to the collection, storage and use of that information, including in the United States, as described above.
Personal Information received from the use of certain Forcepoint products. Some Forcepoint products enable customers to monitor their networks to protect against cyber threats. Consequently, we may receive personal information of end users of such monitored networks (“End User Personal Information”). The type of End User Personal Information we may receive from the use of such monitored networks includes:
- Forcepoint Subscriber ID information: Customer ID (i.e. the ID used to identify which customer send files to ThreatScope), User ID or Visitor ID (the ID used to identify client IP visiting the file), network user name, first name, last name, company name, country, and email address.
- Communication information: email metadata, including email addresses of sender and recipient, sender email in SMTP transaction and email subject.
- Traffic data: proxy log, web traffic logs, apache browsing logs, browsing and diagnostic logs, IP addresses, URL information, website session data and files submitted by end users of Forcepoint products.
Personal Information we obtain from other sources: We also may periodically obtain both personal and non-personal information about you from Forcepoint subsidiaries, business partners or resellers and other third-party sources and add it to the information we already hold about you, such as:
- Updated business address information;
- Purchase history;
- Demographic information; and
- Credit information about Customers, Vendors or Business Partners from credit reference agencies (for more information see Section 4 below).
3. HOW WE USE YOUR INFORMATION
Personal Information: We use or may use your personal information for the following purposes (or as otherwise described at the point of collection):
- Creating and administering records about your online account (if you have one), including your organization’s purchase history;
- To provide you with information, access to resources or other products or services that you have requested from us on behalf of your organization;
- To send you customer service-related communications, including in relation to administering your organization's online account and providing online services to you on behalf of your organization;
- To provide technical product support to Customers and to enhance Customer technical product support services.
- To deal with communications that you send to Forcepoint;
- To alert you to upgrades and enhancements to our products and to new products and/or services, including by email, in accordance with your communication preferences. Please see the "Your Choices" section below for further information about how you can control these updates;
- To request your feedback;
- To assess financial, credit or insurance risks arising from any relationship or prospective relationship with a Customer, Vendor or Business Partner;
- To complete and support the current activity, Website and system administration, research and development, and to improve the navigation and content of the Website;
- To carry out User analysis, User profiling and decision making**;
- To improve the Website; and
- To improve our products and services.
**In addition to any other options you have with regard to our retention or use of your personal information (See Section 5 of this Policy), you are allowed to opt-out of this usage.
We and our business partners may contact you by mail, telephone, fax, email or other electronic messaging service with offers of goods, services, promotions or other information that may be of interest to you in accordance with your communication preferences. Where required by applicable law, your prior consent will be obtained before sending you direct marketing. To opt out of receiving marketing messages from Forcepoint, please see Section 5 ("Your Choices") below.
Forcepoint does not in any way sell, lease or rent your information to third parties.
Anonymous and Generalized (non-personal) Information: We may generate, use and disclose aggregated (anonymous and generalized) information and statistics about the Website for marketing and strategic purposes. Similarly, we may generate aggregate usage and statistical information related to Customer's and end-users use of the Products in order to facilitate analysis and comparisons. However, no individual will be individually identifiable from these information and statistics.
End User Personal Information: You provide your End User Personal Information when you use networks Forcepoint’s customers are monitoring through the use of certain Forcepoint products. Forcepoint receives such End User Personal Information as a “data processor” on behalf of its customer (the “data controller”) that deployed the Forcepoint products to monitor their networks against cyber threats.
The term “data controller” is defined in (EU) privacy legislation as the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. The term “data processor” is defined as a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller.
Our customer, the “data controller”, retains full responsibility for the End User Personal Data.
We only offer Forcepoint products pursuant to a contract with our customers that (i) defines the obligations of Forcepoint and our customer according to applicable privacy legislation and (ii) requires our customers to comply with relevant privacy legislation.
We use or may use End User Personal Information to manage and administer Forcepoint’s customers’ services such as providing technical support, tailoring network monitoring policies, and developing product improvements.
4. SHARING YOUR PERSONAL INFORMATION
We may share your personal information as follows:
- With Forcepoint affiliates, for the purposes described in Section 2 above;
- With our service providers or agents solely to the extent necessary to enable such service providers or agents to provide services to Forcepoint or on Forcepoint's behalf.
- In response to subpoenas, court orders or other legal process, for reasons relating to national security, to defend against legal claims, to protect the rights, property or safety of Forcepoint, Forcepoint Customers, Vendors or Business Partners, Website users, employees or others, or as may otherwise be required by applicable law;
- To Forcepoint auditors, legal representatives or similar agents;
- To resellers for the purposes of sales and support-related matters;
- To any third party that purchases, or to which a Forcepoint entity transfers, all or substantially all of the Forcepoint assets or business (in which case the relevant Forcepoint entity will use reasonable efforts to ensure that the third party to which it transfers personal information uses it in a manner that is consistent with this Policy);
- To credit reference agencies for the purposes of making periodic searches in the context of managing and taking decisions about Forcepoint's relationship or prospective relationship with a Forcepoint Customer, Vendor or Business Partner. Such information as is provided to credit reference agencies may be used by other credit providers to take decisions about the Forcepoint Customer, Vendor or Business Partner.
Forcepoint’s policy is to maintain contracts with all third parties with whom we share personal information that restrict their access, use and disclosure of personal data in compliance with our Privacy Shield obligations.
5. YOUR CHOICES
If at any time you decide you do not want us to retain any personal information we collected from you when you registered on our website, or otherwise collected about you from others as described in Section 2 of this Policy, you may request we delete your information. Instructions for contacting us are provided in Section 6 of this policy. Of course, once we delete your information you will no longer be registered with us and you will not have access to the services that are only available through registration. As noted above, even if you are not registered with us we collect Navigation and click-stream data, HTTP protocol elements, and search term data, which helps us to optimize the browsing experience. This data is not personally identifiable if you are not registered on the website.
You may opt-out of receiving marketing messages from Forcepoint or its business partners without de-registering with us. To opt out of receiving marketing messages please send an email to email@example.com and requesting to opt out. Please note that, by opting out, you acknowledge and agree that you will not receive emails concerning upgrades and enhancements to Forcepoint products. However, we will continue to send you services-related (non-marketing) communications in connection with the administration of your organization's account and products or services that you have requested from Forcepoint on behalf of your organization.
6. YOUR RIGHTS: ACCESSING AND CHANGING YOUR PERSONAL INFORMATION*
Forcepoint seeks to ensure that your information and preferences are accurate and complete. You have the right to update your information and/or preferences at any time. If you wish to review or change the information we have regarding you or to update your preferences regarding our retention or use of your personal information please let us know by sending an e-mail with your name, full mailing address and e-mail
address to firstname.lastname@example.org together with a description of the changes you request.**
You may also make changes by writing to Forcepoint at:
Attention: Director, Global Compliance & Ethics
10900-A Stonelake Blvd.
Quarry Oaks 1, Suite 350
Austin, TX 78759
You also have a right to receive from us a copy of your personal data in our possession. To obtain a copy of the personal information we hold about you, please write to the above address.
* If you are a resident of the EU and your query relates to personal information that you have provided to us through an online employment application then you may also raise your query with the Data Protection Authority in your home country. The Forcepoint Compliance & Ethics Director will provide contact information for the Data Protection Authority upon request.
QUESTIONS AND COMPLAINTS
We are responsible for our collection, use and disclosure of EU Personal Data in accordance with the Framework. We also are responsible for onward transfers to third party agents that are processing such data on our behalf, unless we prove that we are not responsible for the event giving rise to the damage. In certain situations, we may be required to disclose EU Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
Forcepoint is committed to reply to any questions and resolve any complaints you have about our collection or use of your Personal Data. Anyone with inquiries or complaints regarding our collection or use of his or her Personal Data may contact Forcepoint as specified above.
If you are a resident of the EU and you have an issue with the collection and transfer of your personal data to the United States you may also submit your complaints to Forcepoint’s alternative dispute resolution representative, the
International Centre for Dispute Resolution (ICDR). ICDR can be contacted at http://info.adr.org/safeharbor. If none of the foregoing resolved your concern you may seek binding arbitration through the Privacy Shield Panel. The Privacy Shield arbitration program requirements can be found at this link.
CALIFORNIA’S “SHINE THE LIGHT” LAW
PROTECTING YOUR INFORMATION
Forcepoint acknowledges your trust and is committed to protecting the information you provide to us. To prevent unauthorized access, maintain accuracy, and ensure proper use of information, we have employed physical, technical, and administrative processes to safeguard and secure the information we collect.
Website users can help further protect their personal information by using a secure web browser and by changing any access passwords regularly. Please note that data transmission over the Internet is not 100% secure and any information disclosed online can potentially be collected and used other than by the intended recipient. Please be aware that, by posting information to the technical forum via the Website, you may be making this information available to the public. You should be careful not to reveal any sensitive or other personal details about yourself.
RETENTION OF PERSONAL INFORMATION
Forcepoint will only keep your personal information (i) for as long as is necessary for the purpose or purposes for which it was intended; (ii) for the purposes of performing or fulfilling a contractual obligation with the organization that you represent; (iii) for as long as required by law; or (iv) where applicable, for as long as Forcepoint may be sued.
MONITORING AND COMPLIANCE
We may monitor, store, review and disclose to third parties any information, including your personally identifiable information, obtained on or through the Website as may be necessary to satisfy any applicable governmental law, regulation, investigation or proceeding. Forcepoint may also disclose your personally identifiable information (1) where such disclosure required by law; (2) to protect Forcepoint’s legal rights to the extent authorized or permitted by law; or (3) in an emergency where the health or safety of you or another individual may be endangered, to the extent permitted by law. Additionally, we may use IP addresses to identify a particular user if we believe it is needed to enforce
compliance with these terms or to protect our company, employees, Website, or customers.
Attention: General Counsel
10900 Stonelake Blvd.
Quarry Oak 1, Suite 350
Austin, TX 78759
In your e-mail or letter, state your question or concern as clearly as possible.