Effective and Last Updated March 14, 2023
Personal Data We Collect About You
The personal data we collect about you depends on the particular products and services we provide to you. We may collect and use the following personal data about you:
- Your name and contact information, including email address and telephone number and company details
- Internet Protocol address
- Your billing information, transaction and payment card information
- Information about how you use our Services and websites
- Computer technical and diagnostic information
We collect and use this personal data for the purposes described in the section “How and why we use your personal data” below. If you do not provide personal data we ask for, it may delay or prevent us from providing products and services to you.
How Your Personal Data is Collected
We collect most of this personal data directly from you—through the setup and use of the Services. However, we may also collect information:
- Via our Services, as discussed herein
How and Why We Use Your Personal Data
Under data protection law, we can only use your personal data if we have a proper reason for doing so, such as:
- Where you have given consent
- To comply with our legal and regulatory obligations;
- For the performance of our contract with you or to take steps at your request before entering into a contract –or–
- For our legitimate interests or those of a third party
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
The table below explains how we may use (process) your personal data and our basis for doing so:
|What we may use your personal data for||Our basis|
|To provide products and Services to youUpdate our customer recordsCommunicate with you about changes to our terms or policies or changes to the products or other important notices||To perform our contract with you or to take steps at your request before entering into a contract|
|To prevent and detect fraud against you or HuntressTo enforce legal right or defend or undertake legal proceedingsEnsuring business policies are adhered to, e.g., policies covering security and internet useEnsuring the confidentiality of commercially sensitive informationPreventing unauthorized access and modifications to systemsProtecting the security of systems and data used to provide the goods and servicesOperational reasons, such as improving efficiency, training and quality controlStatistical analysis to help us manage our business, e.g., in relation to providing cybersecurity services and trainingUpdating customer recordsMarketing our services to:Existing and former customersThird parties who have previously expressed an interest in our servicesThird parties with whom we have had no previous dealingsCommunications with you not related to marketing, including about changes to our terms or policies or changes to the products or other important notices (other than those addressed above)Sharing your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring||These activities constitute our legitimate interests. We do not use your personal data for these activities where our interests are overridden by the impact on you (unless you consent or we are otherwise required or permitted to by law). To that end, our interests include such activities that: minimize fraud that could be damaging for you and/or us; protect trade secrets and other commercially sensitive or valuable information; protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us or third-parties; protect our business, interests and rights; help us be as efficient as we can and to make sure we are following our own internal procedures so we can deliver the best service to you at the best price; make sure that we can keep in touch with our customers about existing orders and new products; help us promote our business to existing and former customers; and to protect, realize or grow the value in our business and assets.|
|To prevent and detect fraud against you or HuntressTo enforce legal right or defend or undertake legal proceedingsEnsuring the confidentiality of commercially sensitive informationPreventing unauthorized access and modifications to systemsProtecting the security of systems and data used to provide the goods and services||To comply with our legal and regulatory obligations|
|With your consent||Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or as indicated below or in the Services|
How and Why We Use Your Personal Data—Marketing
We may use your personal data to send you updates (by email, text message, telephone, or mail) about our products and services, including exclusive offers, promotions, or new products and services.
We have a legitimate interest in processing your personal data for promotional purposes (see above “How and Why We Use Your Personal Data”). This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this consent separately and clearly.
You have the right to opt out of receiving marketing communications at any time by:
- Contacting us at [email protected]
- Using the unsubscribe link or following the instructions in communications
We may ask you to confirm or update your marketing preferences if you ask us to provide further products and services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell it to other organizations outside the Huntress Labs Incorporated and subsidiaries group for marketing purposes.
How and Why We Use Your Personal Data—To Create Anonymous, Aggregated, or De-Identified Data
Huntress may create anonymous, aggregated, or de-identified data from your personal data and other individuals whose personal data we collect. We make personal data into anonymous, aggregated, or de-identified data by removing or not utilizing information that makes the data personally identifiable to you. We may use this anonymous, aggregated, or de-identified data and share it with third parties for our lawful business purposes, including to provide the Service, analyze and improve the Service, analyze and report on security risks, and promote our business. For example, in order to promote awareness, detection, and prevention of Internet security risks, Huntress may create and share anonymous, aggregated, or de-identified information (related to, e.g., potential or actual security incidents, malware, security threat data, diagnostic and usage related data, contextual data, threat detections, and indicators of compromise) with research organizations and other security software vendors and professionals via publications, blog posts, or social media, and provided no Customer identifying information is shared without written permission of Customer. Huntress may also make use of statistics derived from the information processed to track and publish reports on security risk trends.
Who We Share Your Personal Data With
We share personal data with:
- Companies within the Huntress Labs Incorporated group
- Third parties we use to help deliver our products and services to you, e.g., payment service providers, warehouses, data analytics, and communication delivery companies
- Other third parties we use to help us run our business, e.g., marketing agencies or website hosts
- Third parties approved by you, e.g., social media sites you choose to link your account to or third party payment providers
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We or the third parties mentioned above occasionally also share personal data with:
- Our external auditors, e.g., in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations
- Our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations
- Law enforcement agencies, courts, tribunals, and regulatory bodies to comply with our legal and regulatory obligations or on-going investigations, or in a good-faith belief that such action is necessary to investigate or protect the health and safety of or against harmful activities to Huntress or its customers, associates, property or to third-parties
- Other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations
We will not share your personal data with any other third party.
Who We Share Your Personal Data With—Subprocessors
More details about who we share your personal data with and why are set out in our Subprocessors List, available at www.huntress.com/legal. If you would like more information about who we share our data with and why, please contact us (see “How to contact us” below).
Where Is Your Personal Data Held
Personal data may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above (see above: “Who We Share Your Personal Data With”). Some of these third parties may be based outside your region. For more information, including on how we safeguard your personal data when this occurs, see below: “Transferring Your Personal Data Out of the UK and EEA”.
How Long Your Personal Data Will Be Kept
We will not keep your personal data for longer than we need it for the purpose for which it is used. Following the end of the relevant retention period, we will delete or anonymise your personal data.
Transferring Your Personal Data Out of the UK and EEA
If you would like further information about data transferred outside the UK/EEA, please contact us (see “How to Contact Us” below).
You have the following rights, which you can exercise free of charge:
|Access||The right to be provided with a copy of your personal data (the right of access)|
|Rectification||The right to require us to correct any mistakes in your personal data|
|Erasure (also known as the right to be forgotten)||The right to require us to delete your personal data—in certain situations|
|Restriction of processing||The right to require us to restrict processing of your personal data—in certain circumstances, e.g., if you contest the accuracy of the data|
|Data portability||The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations|
|To object||The right to object:• at any time to your personal data being processed for direct marketing • in certain other situations to our continued processing of your personal data, e.g., processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defense of legal claims|
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
|Right to withdraw consents||If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time|
You may withdraw consents by contacting Huntress Privacy at [email protected] Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn
If you would like to exercise any of those rights, please:
- Contact Huntress Privacy at [email protected] or at the mailing address below in the “How to Contact Us” section.
- Provide enough information to identify yourself (e.g,, your full name, email address(es), and company name) and any additional identity information we may reasonably request from you
- Let us know what right you want to exercise and the information to which your request relates
Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal data), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions.
Keeping Your Personal Data Secure
We have appropriate security measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorized way. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Huntress is committed to protecting the security of the information it collects and processes. The information is stored on computer servers with limited and controlled access. Huntress operates secure data networks protected by industry-standard firewall and password protection systems. Huntress uses a wide range of security technologies and procedures to protect information from threats such as unauthorized access, use, or disclosure. Our security policies are periodically reviewed and enhanced as necessary, your data is encrypted at rest and in transit, and only authorized individuals have access to the data that we process.
More information about our security practices can be found in our Security Addendum, available at www.huntress.com/legal.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
How to Complain
Please contact us if you have any queries or concerns about our use of your personal data (see below “How to Contact Us”). We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with:
- For users in the European Economic Area – the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en
- For users in the UK – the contact information for the UK data protection regulator is below:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 303 123 1113
- For users in Switzerland – the contact information the Swiss data protection regulator can be found here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
Information for California Residents
This section provides additional details about the personal data, or “personal information,” we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA,” as amended by the California Privacy Rights Act or “CPRA”.
- Identifiers/contact information;
- Commercial information;
- Internet or electronic network activity information;
- Financial information;
- Geolocation information;
- Professional or employment-related information;
- Audio and visual data;
- In limited circumstances where allowed by law, information that may be protected under California or United States law; and
- Inferences drawn from any of the above categories.
We collect this information for the business and commercial purposes described in the “How and Why We Process Your Personal Data” section above. We share this information as described in the “Who We Share Your Personal Data With” section above. Huntress does not sell (as such term is defined in the CCPA or otherwise) the personal information we collect (and will not sell it without providing a right to opt out). We may also share personal information (in the form of identifiers and internet activity information) with third party advertisers for purposes of targeting advertisements on non-Huntress websites, applications, and services. In addition, we may allow third parties to collect personal information from our sites or services if those third parties are authorized service providers who have agreed to our contractual limitations as to their retention, use, and disclosure of such personal information, or if you use our sites or services to interact with third parties or direct us to disclose your personal information to third parties.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use, disclose, or may sell this information), to delete their personal information, to opt out of any “sales”, to know and opt out of sharing of personal information for delivering advertisements on non-Huntress websites, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at [email protected]. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf. Authorized agents must submit proof of authorization.
We may change this privacy notice from time to time – when we do we will inform you via our website.
How to Contact Us
Our contact details are shown below:
Huntress Labs Incorporated
6021 University Blvd, Ste 450
Ellicott City, MD 21043