Click on one of the links below to jump to the listed section:
- Information We Collect
- How We Use the Information We Collect and How we share it
- Your Choices
- Access and Correction
- Data Transfers
- How We Protect Personal Information
- Links to Other Websites
- Protecting Children’s Online Privacy
- Your California Privacy Rights
- How to Contact Us
INFORMATION WE COLLECT
NetDiligence may collect information about you from various sources. Specifically, we may obtain information about you:
- On netdiligence.com(e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
- On quietaudit.com(e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
- On eriskhub.com(e.g., when you request information on the Site, establish an account, or utilize the Site’s functionality)
- On breachplanconnect.com(e.g., when you request information on the website, establish an account, or utilize the website’s functionality)
- When you contact us by telephone or email
- In the mail (e.g., when you send us documents)
- When you subscribe to our Cyber Risk News email service
- Through assessment services and third party services at your request
The types of personal information we may obtain include:
- Contact details (e.g., name, postal address, email address and telephone number)
- Professional credentials (e.g., name, organizational title, work telephone and email contact information)
- Other details about you that you may submit to us (e.g., photographs, profile description information, etc.)
NetDiligence does not collect sensitive personally identifiable information such as Social Security numbers (SSNs), drivers’ license numbers, or financial/credit history data (except in the case of prospective hires as part of a comprehensive pre-employment background check). Nor does NetDiligence collect any form of PHI/ePHI data that falls under the HIPAA regulatory regimen.
HOW WE USE THE INFORMATION WE COLLECT AND HOW WE SHARE IT
Where necessary for the functionality of our websites, we use session cookies, which remain active as long as you are active on our sites and is deleted upon logout or after 60 minutes of inactivity. Additionally, we may use source IP addresses, referral URL information and “web analytics” (see http://en.wikipedia.org/wiki/Web_analytics) to improve out sites, help diagnose problems with our server and to administer our websites. In the event that we offer services that require payment, such payment information submitted at the time of purchase (i.e., credit card information, billing addresses, etc.) will only be utilized to complete and fulfill the purchase requested by you. To better understand how we use the information we collect and how we share it, we think it is most useful to look at the functional components of our business and describe our practices in each case:
- Our QuietAudit® Online Survey Services
Because your organization has either contemplated, or entered into, a contractual relationship with NetDiligence® (or with one of our partners who have called upon us in a “perform” role), we may gather your professional credentials in order to provide your organization with authorized cyber security assessment surveys. Because we may be called upon by your organization or other parties due to our contractual relationship to provide required assessment regarding your organization’s activities and cybersecurity practices, we may retain your professional credentials for a period of at least two years following our most recent interaction with your organization. When you supply us with information as part of your completion of these assessment surveys, we retain your responses for at least two years. Our fulfillment of certain regulatory requirements (e.g., GLBA 501b, HIPAA) for our clients may optionally require a retention period that is substantially longer than our stated two-year minimum.We use the information gathered to prepare contractually required assessment deliverables that are shared with your organization and/or identified third parties in strict adherence with the terms specified in the contractual agreements (statement of work contracts) that define our roles and responsibilities with respect to your organization. We retain the unilateral right to conduct and publish research based on statistical analysis of any/all survey responses without identifying the personal or professional credentials of individual survey participants. If we are asked to provide personal or professional credentials outside of the terms of our contractual relationship, we will only do so upon receipt of your organization’s explicit written approval.We conduct focused marketing of other products/services that we provide, either directly or through our third-party partners under joint marketing agreements. In most cases, these marketing efforts are aimed at providing your organization with service that complements our cybersecurity assessment service such as a remediation or BCP service.
- Our eRiskHub®, Breach Coach® and Breach Plan Connect™ Portal Services
Your organization may have either contracted directly with us for, or obtained through a business relationship with a third party with whom NetDiligence has an ongoing relationship (e.g., an insurance carrier/broker or law firm), access to one of our portal services. Within the context of managing user registrations, NetDiligence’s collection and retention of personally identifiable information will typically include name, organization, title, and telephone/email contact information. In some cases, clients may use the portal service to seek out the professional services of one or more third-party vendors. Based on your specific requests generated while on the site, we may contact the vendor(s) in question in order to ensure that your specific request has been received and acted upon by the vendor’s management and/or customer support team.We conduct focused marketing of other products/services that we provide, either directly or through our third-party partners under joint marketing agreements. In most cases, these marketing efforts are aimed at providing your organization with service that complements our cybersecurity assessment service such as a remediation or BCP service. Additionally, our portal services include an email notification service for registered users.
- Our Assessment Services and/or Third Party Partner Services
Our performance of assessments or any other services we provide are carried out in compliance with the terms stated in the “Our Online Survey Services, such as QuietAudit and NetDiligence® Online” section above, but with a few additional caveats: (a) When services are performed by or in conjunction with our third party partners, the handling of your personal/professional credentials and/or provided responses may be subject to the privacy policies and data retention schedules of both NetDiligence and those of any participating partners, (b) We will inform participating partners of your organization’s opt-out preferences, if any, and will require their conformance with your wishes in this area as a condition of our partnership arrangement.
We offer you certain choices about what personal information we collect about you, how we use that information, and how we communicate with you.
You may elect not to have a unique cookie identification number assigned to your computer. Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies. Please note, however, that without cookies you may not be able to take full advantage of all of the features on our websites.
You may elect to opt-out of such marketing activities (telephone, mail, email, etc.) by contacting us directly with your stated preferences. Please sent opt-out requests via email to: Dave.Chatfield@NetDiligence.com.
Users wishing to be excluded from the email subscription list associated with eRiskHub services can opt-out by contacting email@example.com
We acknowledge and track all such requests and will respect your stated wishes.
Our Cyber Risk News service is a free opt-IN service offering. You may subscribe online at http://www.netdiligence.com/newsletter_signup.php. You may opt out of receiving Cyber Risk News by clicking on the Unsubscribe link contained in every email.
ACCESS AND CORRECTION
HOW WE PROTECT PERSONAL INFORMATION
We make use of appropriate protections, such as firewalls, encryption of data in transit during survey sessions and encrypted password-protection of report deliverables containing sensitive information such as your professional credentials and/or your organization’s existing practices. We adhere to industry-acknowledged practices in protecting our production servers, and take reasonable and cost-efficient precautions to ensure that your personal and/or professional credentials and survey responses that highlight organizational practices are safeguarded from accidental or malicious disclosure to unauthorized parties. However, as criminal elements and malevolent parties are increasingly sophisticated, we do not represent or guarantee that the information you provide to us will never under any circumstances be breached.
LINKS TO OTHER WEBSITES
Our websites may provide links to other websites for your convenience and information. These linked websites may operate independently from NetDiligence. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit such websites. To the extent any linked websites you visit are not owned or controlled by NetDiligence, we are not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.
PROTECTING CHILDREN’S ONLINE PRIVACY
NetDiligence encourages protection of children’s information on the Internet. Our websites are not intended for and may not be used by children under the age of 13. We do not knowingly collect information from children under the age of 13 and we do not target our websites to children under the age of 13.
YOUR CALIFORNIA PRIVACY RIGHTS
California residents and customers may request further information about our compliance with this law by emailing Dave.Chatfield@NetDiligence.com. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address.
HOW TO CONTACT US