Last Updated: November 20, 2017
- When you use http://www.forcepoint.com/ (and any of its sub-domains (the “Website”));
- When you do business with Forcepoint as outlined below;
- When you use Forcepoint products; or
- As otherwise described in this policy.
1. PRIVACY SHIELD PARTICIPATION
Forcepoint is pleased to participate in the Privacy Shield program and to adhere to the Principles (https://www.privacyshield.gov/). The Privacy Shield program was established by the United States (US) government, in consultation with the European Commission and others. Privacy Shield provides a reliable means for transferring personal data from the European Union (EU) to the US, thereby assuring that EU-based data subjects’ personally identifiable information continues to benefit from European data protection laws when their personal data is transferred to Forcepoint offices and Forcepoint’s vendors in the United States.
Forcepoint annually self–certifies its commitment to apply the Principles to all personal data received or collected from the EU. The Department of Commerce reviews the Forcepoint self-certification and includes Forcepoint in the list of Privacy Shield program participant companies if Forcepoint’s Privacy Shield certification is found to be acceptable, The Privacy Shield list can be found by clicking on this link: https://www.privacyshield.gov/. Forcepoint’s compliance with the Privacy Shield principles is subject to the enforcement powers of the US Federal Trade Commission.
Note that Forcepoint may also transfer personal data from the EU to other non-EU countries besides the United States. In those cases, we will implement Standard Contractual Clauses or other measures approved by EU law so as to ensure the transfer is lawful. A copy of the relevant agreements is available to those affected - See Section 6 below.
2. WHAT INFORMATION DO WE COLLECT?
General: We receive and store information, including information that can be used to identify you ("personal information"), entered on our Website or given to us in any other way. This occurs, for example, when you make inquiries about the Website or about Forcepoint partners, products or services (whether via the Website or otherwise). Except to the limited extent that may be necessary in the context of online job applications, we neither request nor collect sensitive personal information (i.e., personal information specifying criminal offences/convictions, medical or health conditions, biometric or genetic data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual).
Information that we automatically collect when you use the Website: When you use our Website, we automatically collect the following information:
- Navigation and click-stream data
- HTTP protocol elements
- Search terms
This information is not identifiable to you unless you choose to register yourself on the website.
Personal Information we collect when you register with us online or create an online account: You can browse the Website without registering with us or creating an online account. If you choose not to register with us or create an online account we do not collect your personal information. However, in order to access certain resources or services via the Website (e.g., to download reports or papers, access technical alerts or to join technical forums), you will need to register with us. If you register and create an online account, we collect certain personal information about you such as:
- Your first and last name;
- Your telephone number;
- Email address;
- Job function;
- Job title;
- Organization name and size; location; and
- Whether or not you are acting on behalf of a current customer.
Personal Information we collect when we obtain online feedback from you: We collect your name, online contact information and any other personal information that you choose to provide in the context of obtaining online feedback from you. At your option, we may also collect your organization's name and physical contact information although we may already hold this information if you have provided it to us for another purpose.
Personal Information that we collect when you do business with Forcepoint: We may collect and process Customer, Vendor or Business Partner Data when you conduct business with Forcepoint on behalf of a Customer or prospective customer, or as, or on behalf of, a vendor, supplier, consultant, professional adviser or other third party. "Customer, Vendor or Business Partner Data" means information relating to an identified or identifiable natural person that Forcepoint receives on behalf of a customer or prospective customer, or from or on behalf of a vendor, supplier, consultant, professional adviser or any other third parties that do business with Forcepoint, whether or not such natural person is also a Website user. Examples of Customer, Vendor or Business Partner Data include:
- Contact details of points of contact for Customers, Vendors or Business Partners (such as name, business phone numbers, business address);
- Business contact information (such as job title, responsibilities, department and name of organization);
- Financial information (such as financial account information) if needed to take payment or fulfill contractual obligations or for related purposes;
- Information necessary to evaluate Forcepoint's performance and that of Business Partners; and
- If you also hold an online Forcepoint account, we add any purchase information we collect, including details of the purchase and your business address, to your online account information.
Personal Information that we collect when you apply online for employment: You may submit personal information through use of our website to be considered for employment at Forcepoint. Such information includes your name, your address, your phone number, your email address, job preferences, experience, desired salary, relocation preferences, work authorization, security clearance, education, job skills and other information contained on your resume or curriculum vitae (CV). Forcepoint uses such information solely for consideration of your candidacy for employment, to communicate with you and to generate related correspondence, including offer letters and employment agreements. Such information may also be used, subject to applicable local laws, to conduct necessary background checks for compliance and other employment related purposes. Finally, Forcepoint only retains such information for as long as is necessary to address your employment application and any questions that may arise regarding your application’s processing. Your submission of personal information or a resume through our website constitutes your consent to the collection, storage and use of that information, including in the United States, as described above.
Personal Information received from the use of certain Forcepoint products. Some Forcepoint products enable customers to monitor their networks to protect against cyber threats. Consequently, we may receive personal information of end users of such monitored networks (“End User Personal Information”). The type of End User Personal Information we may receive from the use of such monitored networks includes:
- Forcepoint Subscriber ID information: Customer ID (i.e., the ID used to identify which customer is sending or receiving files), User ID or Visitor ID (the ID used to identify client IP visiting the file), network user name, first name, last name, company name, country, and email address.
- Communication information: email metadata, including email addresses of sender and recipient, sender email in SMTP transaction and email subject.
- Traffic data: proxy log, web traffic logs, apache browsing logs, browsing and diagnostic logs, IP addresses, URL information, website session data and files submitted by end users of Forcepoint products.
- Such other data as the Forcepoint customer collects in furtherance of its cybersecurity program.
In Section 3 below we explain how the processing of this End User Personal Information is processed in accordance with our customers’ decisions regarding what is necessary to protect the security and other vital interests of the customer and the users of the products. Forcepoint may use End User Personal Information for the legitimate interest purpose of ensuring the products work effectively.
Personal Information we obtain from other sources: We also may periodically obtain both personal and non-personal information about you from Forcepoint subsidiaries, business partners or resellers and other third-party sources and add it to the information we already hold about you, such as:
- Updated business address information;
- Purchase history;
- Demographic information; and
- Credit information about Customers, Vendors or Business Partners from credit reference agencies (for more information see Section 4 below).
3. HOW WE USE YOUR INFORMATION
Personal Information: We use or may use your personal information for the following purposes (or as otherwise described at the point of collection) in line with the “legitimate interests” requirements of data protection laws:
- Creating and administering records about your online account (if you have one), including your organization’s purchase history;
- To provide you with information, access to resources or other products or services that you have requested from us on behalf of your organization;
- To send you customer service-related communications, including in relation to administering your organization's online account and providing online services to you on behalf of your organization;
- To provide technical product support to Customers and to enhance Customer technical product support services.
- To deal with communications that you send to Forcepoint;
- To alert you to upgrades and enhancements to our products and to new products and/or services, including by email, in accordance with your communication preferences. Please see the "Your Choices" section below for further information about how you can control these updates;
- To request your feedback;
- To assess financial, credit or insurance risks arising from any relationship or prospective relationship with a Customer, Vendor or Business Partner;
- To complete and support the current activity, Website and system administration, research and development, and to improve the navigation and content of the Website;
- To carry out User analysis, User profiling and decision making2;
- To improve the Website; and
- To improve our products and services.
Marketing: We and our business partners may contact you by mail, telephone, fax, email or other electronic messaging service with offers of goods, services, promotions or other information that may be of interest to you in accordance with your communication preferences. Where required by applicable law, your prior consent will be obtained before sending you direct marketing and you may opt out of receiving marketing messages from Forcepoint (See Section 5, "Your Choices", below).
Forcepoint does not in any way sell, lease or rent your information to third parties.
Anonymous and Non-personal Information: We may generate, use and disclose aggregated anonymous and non-personal information and statistics about the Website for marketing and strategic purposes. Similarly, we may generate aggregate usage and statistical information related to Customers’ and end-users’ use of the Products in order to facilitate analysis and comparisons.
End User Personal Information: Certain Forcepoint products and services enable our customers to monitor End User Personal Information passing through their networks to protect against cyber threats. In providing these products, Forcepoint acts as a “Processor” on behalf of the customer who acts as the “Controller” under applicable data protection laws.
TAs Controllers of the End User Personal Information, our customers retain full responsibility for ensuring the End User Personal Data collected by their use of Forcepoint products is handled in accordance with applicable privacy laws and regulations.
In its role as Processor, Forcepoint will process the End User Personal Data as required to perform the service including to manage and administer Forcepoint’s customers’ services such as providing technical support, tailoring network monitoring policies, and developing product improvements. As a Processor, Forcepoint undertakes to comply with the laws applicable to Processor activities. We meet our obligations in this regard by ensuring our contracts with customers (i) define the obligations of Forcepoint and the customers according to applicable privacy legislation and (ii) require our customers to comply with relevant privacy legislation.
4. SHARING YOUR PERSONAL INFORMATION
We may share your personal information as follows:
- With Forcepoint affiliates, for the purposes described in Section 3 above;
- With our service providers or agents solely to the extent necessary to enable such service providers or agents to provide services to Forcepoint or on Forcepoint's behalf.
- In response to subpoenas, court orders or other legal process, for reasons relating to national security, to defend against legal claims, to protect the rights, property or safety of Forcepoint, Forcepoint Customers, Vendors or Business Partners, Website users, employees or others, or as may otherwise be required by applicable law;
- To Forcepoint auditors, legal representatives or similar agents;
- To resellers for the purposes of sales and support-related matters;
- To any third party that purchases, or to which a Forcepoint entity transfers, all or substantially all of the Forcepoint assets or business (in which case the relevant Forcepoint entity will use reasonable efforts to ensure that the third party to which it transfers personal information uses it in a manner that is consistent with this Policy);
- To credit reference agencies for the purposes of making periodic searches in the context of managing and taking decisions about Forcepoint's relationship or prospective relationship with a Forcepoint Customer, Vendor or Business Partner. Such information as is provided to credit reference agencies may be used by other credit providers to take decisions about the Forcepoint Customer, Vendor or Business Partner.
Forcepoint’s policy is to maintain contracts with all third parties with whom we share personal information that restrict their access, use and disclosure of personal data in compliance with our legal obligations, including those under the Privacy Shield.
5. YOUR CHOICES
If at any time you decide you do not want us to retain any personal information we collected from you when you registered on our website, or otherwise collected about you from others as described in Section 2 of this Policy, you may request we delete your information. Instructions for contacting us are provided in Section 6 of this policy. Of course, once we delete your information you will no longer be registered with us and you will not have access to the services that are only available through registration. As noted above, even if you are not registered with us we collect Navigation and click-stream data, HTTP protocol elements, and search term data, which helps us to optimize the browsing experience. This data is not personally identifiable if you are not registered on the website.
You may opt-out of receiving marketing messages from Forcepoint or its business partners without de-registering with us. To opt out of receiving marketing messages please send an opt out email to firstname.lastname@example.org. Please note that, by opting out, you acknowledge and agree that you will not receive emails concerning upgrades and enhancements to Forcepoint products. However, we will continue to send you services-related (non-marketing) communications in connection with the administration of your organization's account and products or services that you have requested from Forcepoint on behalf of your organization.
6. YOUR RIGHTS: ACCESSING AND CHANGING YOUR PERSONAL INFORMATION3
Forcepoint seeks to ensure that your information and preferences are accurate and complete. You have the right to update your information and/or preferences at any time. If you wish to review or change the information we have regarding you or to update your preferences regarding our retention or use of your personal information please let us know by sending an e-mail with your name, full mailing address and e-mail address to email@example.com together with a description of the changes you request.4
You may also make changes by writing to Forcepoint at:
Attention: Director, Global Compliance & Ethics/Data Protection Officer
10900-A Stonelake Blvd., Quarry Oaks 1, Suite 350
Austin, TX 78759
In certain circumstances, persons in the EU may have rights of rectification (where data is inaccurate), erasure, restriction, objection or portability. EU persons may also have a right to receive from us a copy of their personal data we have in our possession. To exercise these rights or to obtain a copy of the personal information we hold about you, please write to the above address.
Further, Forcepoint International Technology Limited, an Irish incorporated company with a registered office at Riverside One, Sir John Rogersons Quay, Dublin 2, Ireland, and a wholly-owned subsidiary of Forcepoint LLC, is the place of central administration for Forcepoint in the EU and as such is the “Main Establishment” for Forcepoint in the EU. EU Data subjects seeking to make changes to the information we have regarding you or to update your preferences regarding our retention or use of your personal information can send an e-mail with your name, full mailing address and e-mail address to firstname.lastname@example.org together with a description of the changes you request.
QUESTIONS, OBJECTIONS AND COMPLAINTS
We are responsible for our collection, use and disclosure of EU Personal Data in accordance with the Principles. We also are responsible for onward transfers to third party agents that are processing such data on our behalf, unless we prove that we are not responsible for the event giving rise to the damage. In certain situations, we may be required to disclose EU Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
Where we are relying on our legitimate interests to process your personal data (see section 3 above), you have the right to object to such processing. To exercise your right to object, please contact us as specified above. We will consider your objection and we will comply with it unless we have a compelling legitimate ground as permitted by applicable law.
Forcepoint is committed to reply to any questions and resolve any complaints you have about our collection or use of your Personal Data. Anyone with inquiries or complaints regarding our collection or use of his or her Personal Data may contact Forcepoint as specified above.
If you are a resident of the EU and you have an issue with the collection and transfer of your personal data to the United States you may also submit your complaints to Forcepoint’s alternative dispute resolution representative, the International Centre for Dispute Resolution (ICDR). ICDR can be contacted at http://info.adr.org/safeharbor. If none of the foregoing resolved your concern you may seek binding arbitration through the Privacy Shield Panel. The Privacy Shield arbitration program requirements can be found at this link.
CALIFORNIA’S “SHINE THE LIGHT” LAW
PROTECTING YOUR INFORMATION
Forcepoint acknowledges your trust and is committed to protecting the information you provide to us. To prevent unauthorized access, maintain accuracy, and ensure proper use of information, we have employed physical, technical, and administrative processes to safeguard and secure the information we collect.
Website users can help further protect their personal information by using a secure web browser and by changing any access passwords regularly. Please note that data transmission over the Internet is not 100% secure and any information disclosed online can potentially be collected and used other than by the intended recipient. Please be aware that, by posting information to the technical forum via the Website, you may be making this information available to the public. You should be careful not to reveal any sensitive or other personal details about yourself.
RETENTION OF PERSONAL INFORMATION
Forcepoint will only keep your personal information (i) for as long as is necessary for the purpose or purposes for which it was intended; (ii) for the purposes of performing or fulfilling a contractual obligation with the organization that you represent; (iii) for as long as required by law; or (iv) where applicable, for as long as Forcepoint may be sued.
MONITORING AND COMPLIANCE
We may monitor, store, review and disclose to third parties any information, including your personally identifiable information, obtained on or through the Website as may be necessary to satisfy any applicable governmental law, regulation, investigation or proceeding. Forcepoint may also disclose your personally identifiable information (1) where such disclosure is required by law; (2) to protect Forcepoint’s legal rights to the extent authorized or permitted by law; or (3) in an emergency where the health or safety of you or another individual may be endangered, to the extent permitted by law. Additionally, we may use IP addresses to identify a particular user if we believe it is needed to enforce compliance with these terms or to protect our company, employees, Website, or customers.
Attention: Director, Global Compliance & Ethics/Data Protection Officer
10900 Stonelake Blvd.
Quarry Oak 1, Suite 350
Austin, TX 78759
In your e-mail or letter, state your question or concern as clearly as possible.
1 Carnelian LLC, Forcepoint Federal LLC, New Websense, Inc., PortAuthority Technologies, LLC, Raytheon Oakley Systems, LLC, SurfControl, Inc., Tomahawk Acquisition, Inc., Tomahawk Holdings, Inc., Websense, LLC, Red Owl Analytics, Inc.
2 In addition to any other options you have with regard to our retention or use of your personal information (See Section 5 of this Policy), you are allowed to opt-out of this usage.
3 If you are a resident of the EU and your query relates to personal information that you have provided to us through an online employment application then you may also raise your query with the Data Protection Authority in your home country. The Forcepoint Compliance & Ethics Director will provide contact information for the Data Protection Authority upon request.