Last Updated: March 2, 2016

Privacy Policy

Network Standard Corporation, doing business as NetDiligence® (“NetDiligence”, “we”, or “us”) values your personal and professional privacy. This Privacy Policy describes the types of personal information we may collect, how we use the information we collect, with whom we share it, and the choices you can make about our use of the information. We also describe the measures we take to help protect the security of the information and how you can contact us about our privacy practices. Your use of any NetDiligence website or service constitutes your consent to be governed by the terms of this Privacy Policy.

We reserve the right to change the terms of this Privacy Policy at any time without prior notice, so please check back to this location frequently for published updates. In the event that our usage of information as detailed herein changes in the future, this Privacy Policy will be updated to reflect such changes. At that time you will have an opportunity to review the changes and we encourage you to regularly visit this Privacy Policy and associated terms applicable to your use of NetDiligence’s websites and services to ensure you have not missed any updates or changes.

Click on one of the links below to jump to the listed section:

INFORMATION WE COLLECT

NetDiligence may collect information about you from various sources. Specifically, we may obtain information about you:

  • On netdiligence.com(e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
  • On quietaudit.com(e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
  • On eriskhub.com(e.g., when you request information on the Site, establish an account, or utilize the Site’s functionality)
  • On breachplanconnect.com(e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
  • When you contact us by telephone or email
  • In the mail (e.g., when you send us documents)
  • When you subscribe to our Cyber Risk News email service
  • Through assessment services and third party services at your request

The types of personal information we may obtain include:

  • Contact details (e.g., name, postal address, email address and telephone number)
  • Professional credentials (e.g., name, organizational title, work telephone and email contact information)
  • Other details about you that you may submit to us (e.g., photographs, profile description information, etc.)

In addition, when users visit our websites, we collect routine Internet traffic statistics provided to us by our Web hosting company. This means we have access to source IP address and referral URL information that you leave with us during your visits. In addition, we document visitors’ searches and clicks within our various websites and Portals covered by this Privacy Policy in order to improve our offerings, better tune the organization of our content, learn which articles and topics are popular, and generate feedback reports from this information.  No use or reporting of an individual’s specific click habits, searches or patterns data is conducted with this data, however, only use of aggregate visitor patterns.

NetDiligence does not collect sensitive personally identifiable information such as Social Security numbers (SSNs), drivers’ license numbers, or financial/credit history data (except in the case of prospective hires as part of a comprehensive pre-employment background check). Nor does NetDiligence collect any form of PHI/ePHI data that falls under the HIPAA regulatory regimen.

HOW WE USE THE INFORMATION WE COLLECT AND HOW WE SHARE IT

Where necessary for the functionality of our websites, we use session cookies, which remain active as long as you are active on our sites and is deleted upon logout or after 60 minutes of inactivity. Additionally, we may use source IP addresses, referral URL information and “web analytics” (see http://en.wikipedia.org/wiki/Web_analytics) to improve out sites, help diagnose problems with our server and to administer our websites. In the event that we offer services that require payment, such payment information submitted at the time of purchase (i.e., credit card information, billing addresses, etc.) will only be utilized to complete and fulfill the purchase requested by you. To better understand how we use the information we collect and how we share it, we think it is most useful to look at the functional components of our business and describe our practices in each case:

  1. Our QuietAudit® Online Survey Services
    Because your organization has either contemplated, or entered into, a contractual relationship with NetDiligence® (or with one of our partners who have called upon us in a “perform” role), we may gather your professional credentials in order to provide your organization with authorized cyber security assessment surveys. Because we may be called upon by your organization or other parties due to our contractual relationship to provide required assessment regarding your organization’s activities and cybersecurity practices, we may retain your professional credentials for a period of at least two years following our most recent interaction with your organization. When you supply us with information as part of your completion of these assessment surveys, we retain your responses for at least two years. Our fulfillment of certain regulatory requirements (e.g., GLBA 501b, HIPAA) for our clients may optionally require a retention period that is substantially longer than our stated two-year minimum.We use the information gathered to prepare contractually required assessment deliverables that are shared with your organization and/or identified third parties in strict adherence with the terms specified in the contractual agreements (statement of work contracts) that define our roles and responsibilities with respect to your organization. We retain the unilateral right to conduct and publish research based on statistical analysis of any/all survey responses without identifying the personal or professional credentials of individual survey participants. If we are asked to provide personal or professional credentials outside of the terms of our contractual relationship, we will only do so upon receipt of your organization’s explicit written approval.We conduct focused marketing of other products/services that we provide, either directly or through our third-party partners under joint marketing agreements. In most cases, these marketing efforts are aimed at providing your organization with service that complements our cybersecurity assessment service such as a remediation or BCP service.
  1. Our eRiskHub®, Breach Coach® and Breach Plan Connect™ Portal Services
    Your organization may have either contracted directly with us for, or obtained through a business relationship with a third party with whom NetDiligence has an ongoing relationship (e.g., an insurance carrier/broker or law firm), access to one of our portal services. Within the context of managing user registrations, NetDiligence’s collection and retention of personally identifiable information will typically include name, organization, title, and telephone/email contact information. In some cases, clients may use the portal service to seek out the professional services of one or more third-party vendors. Based on your specific requests generated while on the site, we may contact the vendor(s) in question in order to ensure that your specific request has been received and acted upon by the vendor’s management and/or customer support team.We conduct focused marketing of other products/services that we provide, either directly or through our third-party partners under joint marketing agreements. In most cases, these marketing efforts are aimed at providing your organization with service that complements our cybersecurity assessment service such as a remediation or BCP service. Additionally, our portal services include an email notification service for registered users.
  1. Our Assessment Services and/or Third Party Partner Services
    Our performance of assessments or any other services we provide are carried out in compliance with the terms stated in the “Our Online Survey Services, such as QuietAudit and NetDiligence® Online” section above, but with a few additional caveats: (a) When services are performed by or in conjunction with our third party partners, the handling of your personal/professional credentials and/or provided responses may be subject to the privacy policies and data retention schedules of both NetDiligence and those of any participating partners, (b) We will inform participating partners of your organization’s opt-out preferences, if any, and will require their conformance with your wishes in this area as a condition of our partnership arrangement.

YOUR CHOICES

We offer you certain choices about what personal information we collect about you, how we use that information, and how we communicate with you.

You may elect not to have a unique cookie identification number assigned to your computer. Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies. Please note, however, that without cookies you may not be able to take full advantage of all of the features on our websites.

You may elect to opt-out of such marketing activities (telephone, mail, email, etc.) by contacting us directly with your stated preferences. Please sent opt-out requests via email to: Dave.Chatfield@NetDiligence.com.

Users wishing to be excluded from the email subscription list associated with eRiskHub services can opt-out by contacting registrar@eriskhub.com

We acknowledge and track all such requests and will respect your stated wishes.

Our Cyber Risk News service is a free opt-IN service offering. You may subscribe online at http://www.netdiligence.com/newsletter_signup.php. You may opt out of receiving Cyber Risk News by clicking on the Unsubscribe link contained in every email.

You may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your personal information by either contacting us at the appropriate email addresses provided here or in the Terms of User or utilizing, if applicable, the automated opt-out mechanisms we have made available. We will apply your preferences going forward in a timely manner. In some circumstances, withdrawing your consent to NetDiligence’s use or disclosure of your personal information will mean that you cannot take advantage of certain NetDiligence products or services.

ACCESS AND CORRECTION

You may obtain a copy of certain personal information we maintain about you, update that information, or correct inaccuracies in that information by accessing any online account you establish on https://eriskhub.comhttps://breachcoach.com, or https://breachplanconnect.com. To help protect privacy and maintain security, we will take steps to verify users’ identity before granting access to personal information. In addition, if you believe that the personal information we maintain about you is inaccurate, you may request that we erase, rectify, complete or amend the information by contacting us as described in the “How to Contact Us” section of this Privacy Policy. If we deny an access request, we will notify you of the reasons for the denial and offer an opportunity to challenge our decision.

DATA TRANSFERS

Our websites are U.S. websites governed by applicable U.S. law. When you provide personal information on any of our websites, we may process the information outside of the country in which you are located, including in the U.S.  By providing any personal information to NetDiligence, all users, including, without limitation, users in Canada and the member states of the European Union, fully understand and unambiguously consent to this Privacy Policy and to the transfer of such personal information across international borders in accordance with NetDiligence’s standard operations, including the collection, storage, and processing of such information in the United States of America.

HOW WE PROTECT PERSONAL INFORMATION

We make use of appropriate protections, such as firewalls, encryption of data in transit during survey sessions and encrypted password-protection of report deliverables containing sensitive information such as your professional credentials and/or your organization’s existing practices. We adhere to industry-acknowledged practices in protecting our production servers, and take reasonable and cost-efficient precautions to ensure that your personal and/or professional credentials and survey responses that highlight organizational practices are safeguarded from accidental or malicious disclosure to unauthorized parties. However, as criminal elements and malevolent parties are increasingly sophisticated, we do not represent or guarantee that the information you provide to us will never under any circumstances be breached.

LINKS TO OTHER WEBSITES

Our websites may provide links to other websites for your convenience and information. These linked websites may operate independently from NetDiligence. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit such websites. To the extent any linked websites you visit are not owned or controlled by NetDiligence, we are not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.

PROTECTING CHILDREN’S ONLINE PRIVACY

NetDiligence encourages protection of children’s information on the Internet. Our websites are not intended for and may not be used by children under the age of 13. We do not knowingly collect information from children under the age of 13 and we do not target our websites to children under the age of 13.

YOUR CALIFORNIA PRIVACY RIGHTS

We do not share information with third parties for their direct marketing purposes unless you affirmatively agree to such disclosure — typically by opting in to receive information from a third party that is participating in some activity describes on our site. If you do ask us to share your information with a third party for its marketing purposes, we will only share information in connection with that specific activity, as we do not share information with any third party on a continual basis other than as detailed herein. If applicable, to prevent disclosure of your personal information for use in direct marketing by a third party, do not opt in to such use when you provide personal information on our site. Please note that whenever you opt in to receive future communications from a third party, your information will be subject to the third party’s privacy policy. If you later decide that you do not want that third party to use your information, you will need to contact the third party directly, as we have no control over how third parties use information. You should always review the privacy policy of any party that collects your information to determine how that entity will handle your information.

California residents and customers may request further information about our compliance with this law by emailing Dave.Chatfield@NetDiligence.com. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address.

HOW TO CONTACT US

We welcome your questions or comments regarding our Privacy Policy or existing practices. If we make a mistake that violates the terms or spirit of this policy, we want to know about it as soon as it comes to your attention so that we can fully address the situation in a timely manner. Please contact Dave Chatfield at 954.684.9190 or via email at: Dave.Chatfield@NetDiligence.com