1. DATA COLLECTION AND USE

    SOCIAL SAFEGUARD, INC. DBA SAFEGUARD CYBER 

    PRIVACY POLICY

    Last updated: April 2020

    Social Safeguard, Inc. (dba SafeGuard Cyber) is a software-as-a-service provider that empowers customers to achieve digital transformation by using social media, mobile messaging and digital collaboration channels, applications and tools, securely, compliantly and at scale.  For more information about SafeGuard Cyber, please visit our website at https://www.safeguardcyber.com. 

    This Privacy Policy (“Policy”) describes the manner in which SafeGuard Cyber collects, uses, maintains and discloses information from visitors to our website (www.safeguardcyber.com) and social media accounts, event participants, prospective customers or job candidates, situations in which SafeGuard Cyber is a data controller, and from the use of our SafeGuard Cyber Platform, the SafeGuardMe mobile application, and the performance of our services products (collectively, our “Offerings”).  For purposes of this Privacy Policy, the terms “user,” “customer,” “you,” and “your” are meant to refer to the individuals about whom we may collect personal information, and at times may be used interchangeably within this Policy.

    If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the end of this Privacy Policy.

    DATA COLLECTION AND USE

    1.1  Why does SafeGuard Cyber Collect Personal Information?

    SafeGuard Cyber processes personal information in the course of running our websites, processing payments, registering visitors to our offices and events, providing support, improving user experience, running our infrastructure, preventing fraud, protecting intellectual property, maintaining network security, protecting customers through the SafeGuard Cyber Platform and SafeGuardMe mobile application, enforcing our legal rights, sending marketing and other communications, processing agreements, complying with our legal obligations, and to achieve other legitimate business interests, as well as situations where you have provided consent.  Personal information, such as contact information, is collected from our websites, web portals, Offerings, events, partners, office visitor registration systems, and where you have otherwise provided it directly to SafeGuard Cyber.

    1.2  Where Does SafeGuard Cyber Obtain Personal Information?

    SafeGuard Cyber’s websites provide Internet-based access for users to learn about SafeGuard Cyber and our Offerings, and also to communicate with SafeGuard Cyber.  Safeguard Cyber web portals that may exist within our Offerings provide customers with Internet-based access to the SafeGuard Cyber Platform and our Offerings.  When an individual uses our Websites, Platform or Offerings, SafeGuard Cyber gathers information, some of which may be considered personal information in your jurisdiction.  Information collected and used by SafeGuard Cyber may include, among other things, the Internet Protocol (IP) address, browser information, the type of device and operating system, the Internet service provider used and other similar information.  For customers and other users who are required to login to gain access to a particular SafeGuard Cyber website, Platform or other Offering, we collect usernames, passwords and other login credentials that are used for the purpose of authentication and verifying user authorization.

    SafeGuard Cyber Platform and Offerings: The information, including personal information, collected and processed during the normal operation of the SafeGuard Cyber Platform and our Offerings is covered in Section 3 of this Privacy Policy.  It includes information provided by customers, individuals, third-party service providers and partners, as well as information from publicly available sources.   

    SafeGuard Cyber Websites and Social Media Accounts: We may use the information, including personal information, that we collect from visitors to our website or our official social media accounts for a number of reasons, including: (i) operating, securing, supporting, personalizing and improving our websites and/or social media accounts, (ii) providing you with requested information and Offerings, (iii) operating our blog and podcast, (iv) communicating through social media and other channels, (v) running surveys, contests or similar activities, (vi) sending periodic emails and other electronic messages, (vii) recruiting new employees, (viii) analyzing trends, and (ix) carrying out digital marketing and advertising.

    Email Communications and Other Information: SafeGuard Cyber collects the email addresses of those who communicate with us via email, contact information of Users that communicate through other channels (such as phone number and physical address), information on what pages Users visit on the SafeGuard Cyber websites, IP addresses of those accessing the SafeGuard Cyber websites, information volunteered by the user (such as survey information), and information collected from users of the Platform and our Offerings.  This also includes information on the senders and recipients of communications sent using SafeGuard Cyber Services (including Mail and Messages), by the User of the Service and the people they are communicating with.

    1.3 Cookies and Similar Technologies

    SafeGuard Cyber may use cookies, web beacons and other tracking technologies (e.g., scripts and tags) on our website, to ensure they function properly, to collect information about how users interact with and use our websites, to personalize or customize the user’s experience of our website, and to gather information about a user’s browsing habits.  A cookie is a small text file that is stored on a user’s computer to remember their web-based actions and preferences over time.  Cookies do not read or modify data on the user’s computer.  Most web browsers support cookies, and users can control the use of cookies by their web browser.  Please note, however, that if you choose to disable cookies, it may limit your use of certain features and functions on our websites.

    A web beacon is a small graphic file that can be placed on a website and is often used to help deliver cookies and gather usage and performance data for the website.  SafeGuard Cyber uses third party service providers to help us implement and utilize cookies, web beacons and other tracking technologies, and to analyze the data collected.  In some cases we link the information gathered by cookies, web beacons and other tracking technologies to a user’s personal information .  We may also use cookies, web beacons and tracking technologies, and the personal information they collect to customize our websites and communications to ensure they are relevant to our customers’ and other users’ interests.

    1.4  With Whom Does SafeGuard Cyber Share My Personal Information?

    Safeguard Cyber does not sell, trade or rent the personal information we collect from our websites or social media accounts to others.  We may share aggregated demographic information regarding visitors and users of our website and social media accounts with our affiliates, business partners and advertisers for the purposes outlined in this Privacy Policy.  When we collect personal information through our Platform and Offerings, it is made available to the SafeGuard Cyber customer who was the source of the information and we use it as described in this Policy, the SafeGuard Cyber Platform Terms of Use, relevant contractual agreements, or as otherwise directed by our customers.  

    SafeGuard Cyber may use third party service providers or partners to help us operate our business; provide, support, maintain or secure our Platform, Offerings and websites; or administer activities on our behalf.  It may be necessary to provide or allow access to your personal information by those third party service providers or partners for those purposes. 

    SafeGuard Cyber provides information regarding our business to our legal counsel and auditors.  In some cases, the information shared may contain personal information, but the legal counsel and auditors may only use it for the limited purpose of providing their professional services to SafeGuard Cyber.

    SafeGuard Cyber may also disclose your personal information as required by law, such as to comply with a subpoena or similar legal process; or when we believe that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to an official government request.  We may transfer information we have about you in the event we sell or transfer all or a portion of our business or assets.

  2. LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA VISITORS ONLY)

    If you are a visitor from the European Economic Area or the United Kingdom, SafeGuard Cyber’s legal basis for collecting and using the personal information collected will depend on the personal information concerned and the specific context in which we collect it.  In most circumstances, we collect personal information: (i) where it is needed for the performance of a contract, (ii) where the processing of personal information is in our legitimate interests and not overridden by your rights, or (iii) where you provide your consent.  In addition, your personal information may be collected in order for us to (iv) comply with a legal obligation, (v) perform a task for the public interest, or (vi) for the protection of your or another’s vital interests. 

    If we collect and use your personal information in reliance on our legitimate interests or those of any third party, we will make clear to you at the relevant time through this Policy, or otherwise, what those legitimate interests are.  In most cases, those legitimate interests involve our normal day-to-day operations, such as operating the SafeGuard Cyber Platform and communicating with you as necessary to provide our Offerings, responding to customer inquiries or conducting marketing activities.  We may transfer personal information to companies that help us provide our services and Offerings.  Transfer to any subsequent third parties are covered by the service agreements and contracts with our customers.

    If you have questions about, or need additional information concerning, the legal basis on which SafeGuard Cyber collects and uses your personal information, please contact us using the contact details provided at the end of this Privacy Policy.

  3. PLATFORM AND OFFERINGS

    SafeGuard Cyber’s customers are primarily companies and other legal entities that give their employees, contractors and agents (collectively referred to as, “End Users”) access to the SafeGuard Cyber Platform or our other Offerings via the Internet for official business purposes.  In addition, the SafeGuardMe mobile application allows End Users to monitor and protect their individual social media accounts. 

    To the extent that SafeGuard Cyber collects personal information through our Platform and Offerings, we generally collect that information under the authority and direction of our customers.  SafeGuard Cyber typically has no direct relationship or contact with an individual whose personal information we may collect or receive from a customer for subsequent analysis and use.  Consequently, any inquiries about the specific processing of your personal information by SafeGuard Cyber should be directed to the customer for which you are an employee, contractor or agent.  Regardless, use of personal information collected by our Platform and Offerings is limited to the primary purpose of providing the services for which our customers have engaged SafeGuard Cyber, or as otherwise outlined in our customer agreements.  SafeGuard Cyber does not use any personal information collected via our Platform or Offerings to contact or market products or services to the affected individuals.  SafeGuard Cyber also does not provide any personal information thus obtained to third parties for the purpose of marketing products or services to the affected individuals.

    SafeGuard Cyber acts as a data processor for customers that use the SafeGuard Cyber Platform and our Offerings.  We process information that our users and/or our customers’ End User contacts provide, or grant us access to, after either: (i) receiving their explicit consent to connect their social media accounts to the Platform or other Offerings, or (ii) submitting their contact information (name, job title, company name, business address, and/or phone number) through the Platform or other Offerings (“Services Data”).  At the direction of customers, the SafeGuard Cyber Platform also has the capability to collect and analyze files.  Safeguard Cyber may use Services Data across multiple products to enable End User contact communications, such as sending and receiving email, sending and receiving text messages, populating website information at the request of the End User’s organization, and other digital communications.  Services Data processed includes the content of any posts End User contacts make to social media sites, in order to enable our customers to monitor the social media activity of its users.  We use the Services Data in order to operate the Platform and our Offerings in accordance with our Terms of Use and any applicable customer contractual agreements.  

    Services Data use includes:

    • - Monitoring: The SafeGuard Cyber Platform monitors content posted to connected social media accounts in accordance with the Terms of Use and any applicable customer agreements.
    • - Multi-Service Use: If an End User purchases or is otherwise granted a license to another SafeGuard Cyber Offering, we may use Services Data derived from the End User’s social media account to populate information within the additional SafeGuard Cyber Offering. When an End User deactivates his or her SafeGuard Cyber account from the SafeGuard Cyber Platform, the token will be deleted from our Platform and our Platform will have no access to such accounts.  We may, however, continue to include Services Data derived from social media within another SafeGuard Cyber Offering for as long as the End User maintains a license for the particular SafeGuard Cyber Offering, unless the End User (or the customer on behalf of the End User) submits a request for deletion of Services Data.
    • - Authentication: Once a registered End User links his or her social media account to our SafeGuard Cyber Platform or other Offerings, we request and subsequently store an End User access token for such account. This will only occur if the End User explicitly grants permission.  Our Platform is then able to access the content of posts and other interactions within that social media account and also write information to the social network account when explicitly instructed to do so by the registered End User.
    • - Analysis: Our Platform and Offerings monitor information posted or sent, and the corresponding responses or engagements (any actions taking on the piece of content that is trackable) to report on, analyze and better understand the expected responses to posting or sending additional content broadly, or to a specific individual.
    • - Disclosure to Customers: Our Platform provides supervision capability for each customer to report on and review the content, posted by their employees, contractors and personnel that have connected their accounts to our Platform.
    • - Platform and Offerings Assessment and Improvement: We also use Services Data to assess and improve the capabilities and functionality of the SafeGuard Cyber Platform and Offerings
  4. HOW WE PROTECT YOUR INFORMATION

    SafeGuard Cyber is dedicated to protecting against digital risks, and the security of our customers’ data and your personal information is not only important to us, it is our primary mission as a business.  We adopt data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of customer data and your personal information.  We follow generally accepted practices to protect customer data and the personal information collected and submitted to us, both during transmission and once we receive it.  We have comprehensive security controls to protect against unauthorized review and use of the personal information that is submitted to or processed by us, including electronic safeguards such as encryption software and firewalls. Access to personal information is restricted to authorized employees only.

  5. RETENTION OF PERSONAL INFORMATION

    SafeGuard Cyber will retain your personal information for as long as needed to fulfill the purpose for which we collected it, and for a reasonable period thereafter, in order to comply with audit, contractual or legal requirements, or where we have a legitimate business interest in doing so.  We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.  We may retain personal information preserved in automatically generated computer back-ups or archival copies generated in the ordinary course of our information technology systems procedures.

  6. INTERNATIONAL DATA TRANSFERS

    SafeGuard Cyber’s mission and business are global, therefore, we may store and process information in the United States and other locations worldwide where we or our service providers have facilities.

    SafeGuard Cyber participates in, and has certified compliance with, the E.U.-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.  SafeGuard Cyber is committed to subjecting personal information received from the European Economic Area (EEA), the United Kingdom and Switzerland to the applicable Principles of the relevant Privacy Shield Framework.  To learn more about the Privacy Shield Frameworks, and to view SafeGuard Cyber’s certification, please visit the  U.S. Commerce Department’s Privacy Shield website.

    SafeGuard Cyber is responsible for the processing of personal information it receives under each Privacy Shield Framework, as well as subsequent transfers of personal information to a third party acting as an agent or on our behalf.  SafeGuard Cyber complies with Privacy Shield Principles for all onward transfers of personal information from the EEA, the United Kingdom and Switzerland, including onward transfer liability provisions.  With respect to all such transfers, SafeGuard Cyber is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  In certain situations, SafeGuard Cyber may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    Under certain conditions more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.  If you have any Privacy Shield related questions or complaints, please contact us using the contact details provided at the end of this Privacy Policy.

  7. YOUR DATA PROTECTION RIGHTS

    7.1  European Economic Area, United Kingdom and Switzerland

    If you are a resident of the European Economic Area, United Kingdom or Switzerland, your data protection right are as follows:

    • - If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting SafeGuard Cyber using the contact details provided at the end of Privacy Policy.
    • - You can object to processing of your personal information, ask SafeGuard Cyber to restrict processing of your personal data, or request portability of your personal information. You can exercise these rights by contacting SafeGuard Cyber using the contact details provided at the end of this Privacy Policy.
    • - You have the right to opt-out of marketing communications SafeGuard Cyber sends to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in any marketing emails we send you.  To opt-out of other forms of marketing, please contact SafeGuard Cyber using the contact details provided at the end of this Privacy Policy.
    • - If SafeGuard Cyber has collected and currently processes your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted based on lawful processing grounds other than consent.
    • - You have the right to complain to a relevant data protection authority about SafeGuard Cyber’s collection and use of your personal information.

    7.2  California Consumer Protection Act

    The California Consumer Protection Act (CCPA) provides consumers who are California residents with specific rights regarding the processing of their personal information.  Section 1 of this Privacy Policy (“Data Collection and Use”) includes the categories of consumer personal information SafeGuard Cyber has processed during the past twelve (12) months.  Subject to allowable exceptions, you may request disclosure or deletion of your personal information at any time by contacting SafeGuard Cyber using the contact details provided at the end of this Privacy Policy.

    SafeGuard Cyber responds to verificable requests received from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws.  When contacting SafeGuard Cyber, please provide us with detailed information about the personal information you are requesting we correct, update, amend or remove, and the timeframe and manner in which you believe we came to collect your personal information.  If we obtained your personal information from a customer or third party acting on your behalf, then you should contact the entity or person you provided your information to.  If you would like to no longer be contacted by one of our customers, or would like to have your personal information held by that other entity corrected, updated, amended or removed, then please contact that entity (“data controller”) directly.

  8. CHANGES TO THIS PRIVACY POLICY

    SafeGuard Cyber may update this Privacy Policy at any time to reflect changes to our privacy practices.  If we make significant changes in how we use your personal information, we will notify you either by email or by a notice on our Website.  We encourage you to periodically review this page for the latest information on SafeGuard Cyber’s privacy practices.

  9. CONTACTING SAFEGUARD CYBER

    Any questions about this Privacy Policy or SafeGuard Cyber’s privacy practices should be addressed to privacy@safeguardcyber.com or by mail at: SafeGuard Cyber, Attn: Legal Department, 410 A East Main Street, Charlottesville, VA 22903 USA.