KA Administration Guide

Last updated: January 25, 2019

Scope of this Privacy Policy

This Privacy Policy describes the types of personal information StrongAuth, Inc. (“StrongKey,” “us,” “we” or “our”) collects through strongkey.com, www.theencryptedweb.com, and www.strongauth.com (the “Site”), and how we collect, use, and share that information. This Privacy Policy does not govern our collection of personal information through any other website or other means, other than through the Site.

Our processing of personal data, such as your name, address, e-mail address, or telephone number, shall be undertaken consistent with the requirements of applicable privacy laws, including, but not limited to, the General Data Protection Regulation (“GDPR”). The purpose of this Privacy Policy is to provide to users and potential users of our website information about the nature, scope, and purpose of the personal data we collect, use and process and to advise data subjects of their rights. Whether we serve as the data controller or processor, StrongKey has implemented numerous technical and organizational measures to ensure the protection of personal data processed through the Site. However, Internet-based data transmissions may in principle have security gaps, so please understand that absolute protection is not assured.

By using the Site, you accept and expressly agree to our practices surrounding the collection, use, and sharing of personal information provided by you in the manner described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, you cannot, and we do not authorize you to, access, browse, or use the Site.

Personal Information We Collect

Information You Give Us

Except for physical location information and tracking technologies (as described below), you do not have to give us any personal information to browse this Site. However, you may be asked to provide personal information to submit or request information from us, or to use the services offered through this Site. Once you provide us with your personal information, you are no longer anonymous to us. This information may include:

  • Registration Information: When you sign up for the Site, you are required to provide information such as your name, organization name, job title, and email address. In addition, you may be asked to provide other information, including location, industry, or personifying statements to enhance the Site experience.
  • Additional Information: Additional information that you provide to us, including through feedback, pictures you upload, messages, emails, posts to public discussion boards, event registrations, answers to surveys or questionnaires that you may submit.
  • Sales Information: Information you provide to us related to furthering a potential sale or partnership
Location Information.

In order to access and use certain areas or features of the Site, you consent to our collection and use of your physical location information if you use the Site on a location-enabled device (including GPS, cellular, and Wi-Fi networks) or from your browser.

Automated Information Collection.

In order to access and use certain areas or features of the Site, you consent to our collection and use of certain information about your use of the Site through the use of tracking technologies or by other passive means. Your consent to our access and use of this “passively collected” information includes, but is not limited to, the domain name of the website that allowed you to navigate to the Site, search engines used, the internet protocol (IP) address used, the length of time spent on the Site, the pages you looked at on the Site, other webpages you visited before and after visiting the Site, the type of internet browser you have, the frequency of your visits to the Site, and other relevant statistics, including the following:

  • Log Information. When you access the Site, you also consent to our servers automatically recording information that your browser sends whenever you visit a website. These server logs may include information such as your web request, IP address, browser type, browser language, the date and time of your request, your computer operating system, mobile device and mobile operating system, name of your internet service provider or your mobile carrier, and one or more cookies (small text files containing a string of characters) that may uniquely identify your browser. Our servers also automatically record what you click on while visiting the Site.
  • Location Information. You consent to our receipt of location data passed to us from location-enabled devices or that you have enabled, from your browser, or from third-party services.
  • Links. The Site may include links in a format that enables us to keep track of the IP addresses from which these links have been followed. You further consent to our collection and use this information to improve the quality of our Site, product(s) and StrongKey business operations
  • URLs. When you visit or access the Site, you consent to our receipt of the URL of the site from which you came and links you click on to leave the site.
  • Cookies. When you visit or access the Site, you consent to our use of one or more cookies (small text files containing a string of characters) to your computer that uniquely identifies your browser. We use cookies to improve the quality of the Site by storing user preferences tracking user trends, and providing personalized content and ads. Most web browsers accept cookies automatically, but can be configured not to do so or to notify the user when a cookie is being sent. If you wish to disable cookies, refer to your browser help menu to learn how to disable cookies. Please note that if you disable cookies, you may not be able to use some customized features available through the Site. For more information on our Cookie Policy, including an opt-out, please visit https://strongkey.com/privacy-policy-terms-of-use/ and click on the Cookies tab.
  • Aggregate Information. We may compile certain personal information and other information collected through the Site on an aggregate basis. This information may include, without limitation, the number of people who have visited the Site and other user demographics. Such aggregate information does not identify you individually.

How We Use Personal Information

StrongKey complies with its obligations under applicable privacy laws by: keeping personal data up to date where needed based on the purposes for which the personal data is being processed; by not collecting or retaining excessive amounts of data; by ensuring that appropriate technical measures are in place that are designed to protect personal data from loss, alteration, misuse, unauthorized access and disclosure as it is transmitted, stored, or otherwise processed, and by using appropriate measures to securely destroy personal data when it is no longer needed by StrongKey.

Personal information collected through the Site may be used by us and our affiliates for purposes of:

  • Responding to your questions and feedback;
  • Providing the services you select through this Site;
  • Contacting you, whether by email, postal mail, or telephone with information about this Site, our products, or our services;
  • For such purposes as you may authorize at the time you submit the information;
  • Auditing, research, and analysis to maintain, protect, and improve this Site and our services;
  • Ensuring the technical functions of our network;
  • Improving and customizing the content and layout of the Site;
  • Developing new products and services; or
  • Compiling personal information and other information collected through the Site on an aggregate basis.

Personal Information We Share

We do not sell, rent, trade, or otherwise share personal information collected through the Site, except as described below:

  • In Connection with our Offerings. The Site involves the sharing of certain personal information collected through the Site with (i) other users of the Site, and (ii) as you otherwise provide your consent. Information which you upload, post, e-mail, submit or otherwise transmit in connection with the Site to a public message board, chat area or other public area of the Site will be made public to users of the Site, including certain metadata related to such activities (such as timestamps). You are solely responsible for any such information you choose to post on or through the Site. All information that is posted to a message board, chat area, or other public area of the Site may be shared by us with (i) other users of the Site, and (ii) as you otherwise provide your consent. Please be aware that anything you share publicly may be further shared by other users of the Site (for example, by emailing a screenshot of your comment to non-users). We are not responsible for any such sharing of information you have shared publicly on the Site.
  • Subsidiaries and Affiliates. We may share personal information with our subsidiaries and affiliates for the purposes for which you provided the information or as reasonably necessary for our internal administrative and business purposes.
  • Service Providers. We work with third parties that provide services on our behalf. Such services may include website hosting, marketing, and website usage analytics. We may share personal information and non-personal information with these third parties for the purpose of enabling them to provide these services.
  • Consent. We may share personal information in accordance with any consent you provide.
  • Required by Law. We may disclose personal information or any information collected through this Site if we are required to do so by law or pursuant to legal process, in response to a request from government officials or law enforcement authorities, or as necessary or appropriate in connection with an investigation of illegal activity.
  • Certain Transactions. We may disclose or transfer personal information or any information collected through this Site to third parties who acquire all or a portion of our business, whether such acquisition is by way of merger, consolidation, or purchase of all or a portion of our assets, or in connection with any bankruptcy or reorganization proceeding brought by or against us.

Aggregate Information

We may compile de-identified personal information and other information collected through the Site on an aggregate basis. This information may include, without limitation, the number of users who have registered for the Site and demographic information about users of the Site. Such aggregate information does not identify you individually. We may use aggregate information and share aggregate information with third parties for any of the purposes specified in this Privacy Policy, and for any other lawful purpose.

Your Choices

Information You Provide

You can always choose whether or not to provide information on the Site. However, if you choose not to disclose certain information, you may not be able to register as a user of the Site, which may limit your access to certain portions of the Site.

Communications From Us

If at any time you decide that you no longer wish to receive notices from us regarding the Site, you may indicate this preference by contacting us at privacy@strongkey.com.

Do Not Track

As described in more in our Cookie Policy located at https://strongkey.com/privacy-policy-terms-of-use/#cookie-policy, you can configure your browser not to accept cookies or to notify you when a cookie is being sent.

Your Rights and Your Personal Data

Unless subject to an exemption under the GDPR, if your personal data is subject to the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which the StrongKey holds about you;
  • The right to request that the StrongKey correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data be erased where it is no longer necessary for StrongKey to retain such data;
  • The right to withdraw your consent to the processing at any time of personal data to which you provided consent for processing;
  • The right to request that StrongKey provide you with a copy of your personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction be placed on further processing;
  • The right to object to the processing of personal data (where applicable); and
  • The right to lodge a complaint with a data supervisory authority.
Transfer of Data Abroad

If your personal data is subject to the GDPR, StrongKey will transfer personal data from the European Economic Area (EEA) to a location outside the EEA only when there has been a documented adequacy determination, or where StrongKey has confirmed adequate privacy protections. If StrongKey transfers personal data to a third party acting as an agent of StrongKey, we will also obligate the third party to have adequate privacy protections in place.

StrongKey may transfer personal data to and on behalf of clients and third parties with whom StrongKey has an existing service agreement or as part of our legal obligations, each of which shall be subject to StrongKey policies, and only to the extent necessary for purposes of legitimate interests pursued by the data controller (or by a third party).

Automated Decision Making

Under the GDPR, data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent. We do not engage in automated decision making.

Further Processing

If we wish to use your personal data for a new purpose, not covered by this Privacy Policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Information Storage and Security

We employ reasonable security precautions to help protect against the loss, misuse, and alteration of personal information provided on or through the Site. These security measures include: Storing all passwords in hashed form, forced SSL encryption of all CMS communications, monitoring deployed on server (monitors critical files for changes as well as any failed user logins, any users added to the system, or any password changes, the starting or certain services and even attempted attacks), and Hubspot’s security protocols. However, no method of transmitting or storing data is completely secure. As a result, although we strive to protect personal information about you, we cannot guarantee the security of any information you transmit to us through or in connection with the Site. If you have reason to believe that personal information is no longer secure, please notify us immediately by contacting us in accordance with the last section below.

A Special Note about Children and California Privacy Rights

Children are not eligible to use the Site, and we ask that minors (children under the age of 16) not submit any personal information to us. If you are a minor, you can use the Site only in conjunction with your parents or guardians.

Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2018 will receive information regarding 2017 sharing activities).

To obtain this information on behalf of StrongKey, please send an email message to privacy@strongkey.com with “Request for California Privacy Information” on the subject line and in the body of your message. We will provide the requested information to you at your e-mail address in response. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.

External Links

The Site may contain links to various websites that we do not control. When you click on one of these links, you will no longer be transacting business through the Site. Third party websites maintain their own privacy policies, and we do not exercise any control over any of the third-party websites that may be linked to the Site. If you visit a website that is linked to the Site, you should consult that website’s privacy policy before providing any personal information. Please be aware that we are not responsible for the privacy practices of such other websites, and we are not liable for their misuse of personal information about you.

Special Admonitions for International Use

The Site is hosted in the United States. All matters relating to the Site are governed exclusively by the laws of the State of California in the United States of America and not the jurisdiction in which you are located. If you are located outside of the United States of America and you contact us, please be advised that any information you provide to us will be transferred to the United States of America and that by submitting information, you explicitly authorize such transfer.

Updates to this Privacy Policy

We may change or update the Site or any of our policies and procedures without prior notice, except that if any changes are likely to have an adverse impact on your rights under data protection law, we will use reasonable efforts to notify you of the changes in advance in writing or by post mail, and, where required, obtain your consent to our activities. We will post a notice on this Site to advise you of any significant changes to this Privacy Policy and indicate via the “Last Updated” legend in this Privacy Policy when it was most recently updated. Except to the extent that your express consent to any change or update is required under data protection law, your continued use of the Site signifies your continued assent to the terms of this Privacy Policy, as updated or amended at that time.

Questions Regarding this Privacy Policy

If you have any questions or comments regarding this Privacy Policy, please send us an email at privacy@strongkey.com

If your personal data is subject to the GDPR, the data controller for the purposes of GDPR or other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

StrongAuth, Inc.

Email: privacy@strongkey.com

Any data subject may, at any time, contact us directly with any questions and suggestions concerning data protection. We encourage interested persons to raise any concerns about the collection, use, or processing of personal data using the contact information provided above. In the event of a privacy related issue or complaint, we will investigate and attempt to promptly resolve any complaints and disputes regarding use and disclosure of personal data.

For complaints that cannot be resolved, if your personal data is subject to the GDPR, we commit to cooperating with the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, and comply with the advice given by the DPAs or FDPIC about personal data transferred from the EU or Switzerland.

In order to facilitate the handling of complaints, individuals in the EU can choose to contact their national DPA or use the form located at this link:

http://ec.europa.eu/newsroom/document.cfm?doc_id=42962

Individuals in Switzerland can contact the Swiss FDPIC by visiting:

https://www.edoeb.admin.ch/edoeb/de/home.html

This independent dispute resolution process is provided at no cost to the individual.