Network Standard Corporation (d.b.a. NetDiligence®)
Click on one of the links below to jump to the listed section:
- Information We Collect
- How We Use the Information We Collect and How We Share It
- Your Choices
- Access and Correction
- Data Transfers
- How We Protect Personal Information
- Links to Other Websites
- Protecting Children’s Online Privacy
- Your California Privacy Rights
- How to Contact Us
INFORMATION WE COLLECT
NetDiligence may collect information about you from various sources. Specifically, we may obtain information about you:
- On netdiligence.com (e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
- On quietaudit.com (e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
- On eriskhub.com (e.g., when you request information on the Site, establish an account, or utilize the Site’s functionality)
- On breachplanconnect.com (e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
- When you contact us by telephone or email
- In the mail (e.g., when you send us documents)
- When you subscribe to our Cyber Risk News email service
- Through assessment services and third party services at your request
The types of personal information we may obtain include:
- Contact details (e.g., name, postal address, email address and telephone number)
- Professional credentials (e.g., name, organizational title, work telephone and email contact information)
- Other details about you that you may submit to us (e.g., photographs, profile description information, etc.)
NetDiligence does not collect sensitive personally identifiable information such as Social Security numbers (SSNs), drivers’ license numbers, or financial/credit history data (except in the case of prospective hires as part of a comprehensive pre-employment background check). Nor does NetDiligence collect any form of PHI/ePHI data that falls under the HIPAA regulatory regimen.
HOW WE USE THE INFORMATION WE COLLECT AND HOW WE SHARE IT
We may use source IP addresses, referral URL information and “web analytics” (see http://en.wikipedia.org/wiki/Web_analytics) to improve out sites, help diagnose problems with our server and to administer our websites. In the event that we offer services that require payment, such payment information submitted at the time of purchase (i.e., credit card information, billing addresses, etc.) will only be utilized to complete and fulfill the purchase requested by you. To better understand how we use the information we collect and how we share it, we think it is most useful to look at the functional components of our business and describe our practices in each case:
- Our QuietAudit® Online Survey Services
Because your organization has either contemplated, or entered into, a contractual relationship with NetDiligence (or with one of our partners who have called upon us in a “perform” role), we may gather your professional credentials in order to provide your organization with authorized cyber security assessment surveys. Because we may be called upon by your organization or other parties due to our contractual relationship to provide required assessment regarding your organization’s activities and cybersecurity practices, we may retain your professional credentials for a period of at least two years following our most recent interaction with your organization. When you supply us with information as part of your completion of these assessment surveys, we retain your responses for at least two years. Our fulfillment of certain regulatory requirements (e.g., GLBA 501b, HIPAA) for our clients may optionally require a retention period that is substantially longer than our stated two-year minimum.We use the information gathered to prepare contractually required assessment deliverables that are shared with your organization and/or identified third parties in strict adherence with the terms specified in the contractual agreements (statement of work contracts) that define our roles and responsibilities with respect to your organization. We retain the unilateral right to conduct and publish research based on statistical analysis of any/all survey responses without identifying the personal or professional credentials of individual survey participants. If we are asked to provide personal or professional credentials outside of the terms of our contractual relationship, we will only do so upon receipt of your organization’s explicit written approval.We conduct focused marketing of other products/services that we provide, either directly or through our third-party partners under joint marketing agreements. In most cases, these marketing efforts are aimed at providing your organization with services that complement our cybersecurity assessment service.
- Our eRiskHub®, Breach Coach® and Breach Plan Connect® Portal Services
Your organization may have either contracted directly with us for, or obtained through a business relationship with a third party with whom NetDiligence has an ongoing relationship (e.g., an insurance carrier/broker or law firm), access to one of our portal services. Within the context of managing user registrations, NetDiligence’s collection and retention of personally identifiable information will typically include name, organization, title, and telephone/email contact information. In some cases, clients may use the portal service to seek out the professional services of one or more third-party vendors. Based on your specific requests generated while on the site, we may contact the vendor(s) in question in order to ensure that your specific request has been received and acted upon by the vendor’s management and/or customer support team.We conduct focused marketing of other products/services that we provide, either directly or through our third-party partners under joint marketing agreements. In most cases, these marketing efforts are aimed at providing your organization with services that complement our cybersecurity assessment service. Additionally, our portal services include an email notification service for registered users.
- Our Assessment Services and/or Third Party Partner Services
Our performance of assessments or any other services we provide are carried out in compliance with the terms stated in the “Our Online Survey Services, such as QuietAudit and NetDiligence Online” section above, but with a few additional caveats: (a) When services are performed by or in conjunction with our third party partners, the handling of your personal/professional credentials and/or provided responses may be subject to the privacy policies and data retention schedules of both NetDiligence and those of any participating partners, (b) We will inform participating partners of your organization’s opt-out preferences, if any, and will require their conformance with your wishes in this area as a condition of our partnership arrangement.
- Our Conference Registration and/or Event Administration Web Sites/Services
We strive to ensure accurate and complete records associated with our Cyber Risk Summit conference events – and all related tasks associated with our in-person and virtual (e.g. webinar), NetDiligence-sponsored activities. Toward this end, we elicit, collect, store, process, and perform data analytics on Attendee, Guest, and Sponsor personally identifiable information (PII) as part of the event registration and event management process(es) associated with these activities. We strive to collect the minimum amount of PII required to provide effective event administration services, and strongly favor Attendee/Guest provision of organizational contact information (as opposed to personal residential contact information). At all times, we maintain all such records on a continuing/archival basis until such time as they are determined to be no longer relevant for NetDiligence business or legal requirements. Upon such determination, any such records will be destroyed in a secure manner consistent with our records retention policy.
In cases where such collection may involve subsequent distribution to one or more third parties—for example, providing Cyber Risk Summit Attendee lists to Sponsors for the limited purpose of pre- or post-event vendor promotion tasks—notification of these anticipated uses is pre-published on a per-event basis, and we record the Attendee/Guest registrant’s digitally-encoded rights selection to opt-in or opt-out (as appropriate in each event setting) as part of the Attendee registration process.
We offer you certain choices about what personal information we collect about you, how we use that information, and how we communicate with you.
Users wishing to be excluded from the email subscription list associated with eRiskHub services can opt-out by contacting firstname.lastname@example.org
We acknowledge and track all such requests and will respect your stated wishes.
Our Cyber Risk News service is a free opt-IN service offering. You may subscribe online at https://netdiligence.com/category/news/newsletter/. You may opt out of receiving Cyber Risk News by clicking on the Unsubscribe link contained in every email.
Because of their essential value in providing optimal user experiences and ensuring accurate administration of our various Web site properties, NetDiligence makes significant use of “cookie” technology as part of our application development and public-facing platforms. A cookie represents a small piece of code that can record various aspects of your identity and activity/interaction with a given Web site. They may be temporary (deleted once a particular task is completed) or persistent (maintained in an effort to help identify you to a Web site as a repeat visitor).
Most contemporary Web browsers support cookies, but also allow you to play an important role in determining whether cookie placement/management is permitted or denied in all or certain cases. We encourage you to familiarize yourself with these cookie management/control features, and decide how to configure your browser to best meet your data privacy expectations. Please know, however, that disabling the use of some or all cookies for any NetDiligence Web site may negatively impact your experience or, in some cases, prevent us from providing the services you are seeking from us.
That having been said, if you encounter any such difficulties involving cookie management on any of our Web site properties that prevent us from serving you effectively, please contact us directly (at Dave.Chatfield@NetDiligence.com). If it turns out that we are making your online experience difficult or reducing your data privacy protection for little or no good business reason, we want to know about it and will work to resolve the situation promptly.
ACCESS AND CORRECTION
HOW WE PROTECT PERSONAL INFORMATION
We make use of appropriate protections, such as firewalls, encryption of data in transit during survey sessions and encrypted password-protection of report deliverables containing sensitive information such as your professional credentials and/or your organization’s existing practices. We adhere to industry-acknowledged practices in protecting our production servers, and take reasonable and cost-efficient precautions to ensure that your personal and/or professional credentials and survey responses that highlight organizational practices are safeguarded from accidental or malicious disclosure to unauthorized parties. However, as criminal elements and malevolent parties are increasingly sophisticated, we do not represent or guarantee that the information you provide to us will never under any circumstances be breached.
LINKS TO OTHER WEBSITES
Our websites may provide links to other websites for your convenience and information. These linked websites may operate independently from NetDiligence. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit such websites. To the extent any linked websites you visit are not owned or controlled by NetDiligence, we are not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.
PROTECTING CHILDREN’S ONLINE PRIVACY
NetDiligence encourages protection of children’s information on the Internet. Our websites are not intended for and may not be used by children under the age of 13. We do not knowingly collect information from children under the age of 13 and we do not target our websites to children under the age of 13.
YOUR CALIFORNIA PRIVACY RIGHTS
California residents and customers may request further information about our compliance with this law by emailing Dave.Chatfield@NetDiligence.com. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address.
HOW TO CONTACT US