Privacy Policy
Last Updated: June 2024
- Applicability.
- This privacy policy (“PP“) explains how SafeBreach Inc. (and its subsidiaries and affiliates) (“SafeBreach“) collects, receive, stores, uses, and shares Personal Data of users (“User/s“) in connection with SafeBreach’s website at https://safebreach.com/ (the “Site“) and certain content and services provided on the Site, and in connection with Users’ participation in events or webinars that SafeBreach organize or take part in, (such content, events, services and the Site, collectively, the “Services“). For the purpose of this PP “Personal Data” shall mean personal data or personal information, as applicable in the Applicable Data Protection Law (as defined below).
- The PP is an integral part of SafeBreach’s terms of use at https://safebreach.com/ (“TOU“, together with the PP, the “Terms“).
- This PP is in effect as of the date set forth above.
- Users are not under any legal obligation to submit Personal Data to SafeBreach. If User chooses not to do so, certain Services might not be available to User.
- By attempting to use or access, or by using or accessing the Site, User agrees to be bound by the Terms. If User does not agree with the Terms User must not use or access the Site.
- SafeBreach may change this PP from time to time, therefore User should check back periodically. SafeBreach will post any changed PP on the Site. If SafeBreach makes any changes to this PP that materially affect SafeBreach’s practices with regard to the Personal Data SafeBreach previously collected from User, SafeBreach will endeavor to provide User with notice in advance of such change via the Site. SafeBreach will seek User’s prior consent to any material changes, if and where this is required by Applicable Data Protection Laws.
- For the purposes of this PP “Applicable Data Protection Laws“ any applicable data protection, privacy or information security laws, rules and regulations or other binding restrictions governing the processing of Personal Data, that are applicable to the processing activities contemplated under this PP. For the purposes of this PP, Applicable Data Protection Laws shall be deemed to include, without limitation, to the extent applicable: (i) the General Data Protection Regulation (European Parliament and Council of European Union (2016) Regulation (EU) (2016/679) and corresponding member state implementation laws (“EU GDPR”) (ii) UK Data Protection Act 2018 and the EU GDPR as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419) (“UK GDPR”); (iii) the California Consumer Privacy Act of 2018, Cal. Civ. Code 1798.100 et seq. (“CCPA”) and the California Privacy Rights Act of 2020 (CPRA), (iv) Protection of Privacy Law (Israel); and (v) any rules or regulations that correspond to amend and/or replace any of the aforementioned Applicable Data Protection Laws.
- All capitalized terms used but not defined herein shall have the meaning ascribed to them in the TOU.
- Collection of Personal Data by SafeBreach.
SafeBreach may collect User information (whether directly by itself or by using third party services) when User uses the Site or Services. Such information is collected: (i) directly from the User; (ii) via automatic means; or (iii) via third party services (e.g., via Social Media Sites, User participation in our events and via tracking technologies tools).- Information provided by User.
SafeBreach may collect any data User provides SafeBreach with via the Services, including but not limited to:- Information provided by User voluntarily when using the Services, as made available on the Site and provides information as part of such interaction, or when User submits the User’s business and personal contact details (e.g. name, surname, email address, phone number, job title, workplace/company name and HQ country, free text, etc.) for example, via the “Contact Us” button (or any similar button on the Site/s and/or in connection with the Services provision);
- Any communication or interactions between User and SafeBreach, directly through the Services or indirectly through SafeBreach’s business partners (whether via emails, phone conversations, chat sessions, in-person or virtual events, User’s inquiries, interactions through the Site, social media channels, feedback etc.).
- Information collected automatically.
SafeBreach may automatically collect data when User visits, interacts with, or uses the Services, including but not limited to:- identifiers and information contained in cookies;
- User’s settings preferences, backup information;
- Uniform Resource Locators (URL) clickstream to, through, and from the Site;
- content User viewed or searched for, page response times, and page interaction information (such as scrolling, clicks, and mouse-overs);
- network and connection information, such as the Internet protocol (IP) address and information about User’s Internet service provider;
- computer and device information, such as browser type and version, operating system, or time zone setting; the location of device.
- Information provided by User.
- Cookies & Tracking Technologies.
- SafeBreach may use tracking mechanisms such as cookies on the Site in order to provide and improve the Site and more specifically so that SafeBreach may:
- facilitate analyze, personalize and customize the User’s experience of the Site;
- track User’s use of the Site.
- A cookie is a small text file that is stored on a User’s computer for record-keeping purposes which contains information about that User. Most browsers automatically accept cookies, but User may be able to modify its browser settings to decline cookies. Please note that if User declines or deletes these cookies, some parts of the Site may not work properly.
- Without derogating from the generality of the foregoing, SafeBreach uses the following tracking technologies:
- Google Ads (See here to learn more: https://ads.google.com/home/) and LinkedIn Ads (See here to learn more: https://business.linkedin.com/marketing-solutions/ads) to provide Users with relevant ads tailored for User.
- We also use Google Analytics for marketing purposes and to learn via the information collected how often Users visit the Services, which pages they visit and which other sites they used before reaching our Site. Please click on: https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/privacy in order to find out how Google Analytics collects and processes data. In order to find out about Users’ option to opt-out of Google’s analytics services, please visit: https://tools.google.com/dlpage/gaoptout.
- SafeBreach uses the Lucky Orange analytics system on the Site to help improve usability and the customer experience. Lucky Orange may record mouse clicks, mouse movements and scrolling activity. Lucky Orange may record keystroke information that User voluntarily enters on this website. Lucky Orange does not track this activity on any site that does not use the Lucky Orange system. User can choose to disable the Lucky Orange service at http://www.luckyorange.com/disable.php. Note, that doing so might disable other features of the Lucky Orange system that the Site employs. To learn more about Lucky Orange’s privacy policy please visit: https://www.luckyorange.com/privacy.php.
- To learn more about our cookie practices, please visit the cookie settings on the Site.
- SafeBreach may use tracking mechanisms such as cookies on the Site in order to provide and improve the Site and more specifically so that SafeBreach may:
- Third-Parties Services.
- This PP does not apply any products, services, websites, links or any other content that are offered by third parties. User is advised to check the applicable third party policies. SafeBreach has no control over such third parties’ privacy practices, or the technology used by such third parties. Each User is advised to thoroughly review such third parties’ privacy policies before making any use of such third party’s products and services.
- By clicking on a link to a third-party website or service on the Site, a third party may transmit cookies to User. This PP does not cover the use of cookies by any third parties, and SafeBreach is not responsible for such third parties’ privacy policies and practices.
- Without derogating from the generality of the above, when clicking on certain social media links provided on the Site (e.g. Twitter, Facebook, LinkedIn) User will be transferred to SafeBreach’s sites on such social media (“Social Media Sites“). It shall hereby be clarified that such Social Media Sites are governed by the terms of use and privacy policy of the respective social media and not by SafeBreach.
- SafeBreach’s Use of Collected Information.
- SafeBreach may process User’s Personal Data to operate, provide, and improve the Services, including but not limited to:
- contacting User by SafeBreach and communicating with User with respect to the Services, e.g. by phone call, SMS, email, chat; responding to inquiries from User;
- identifying User’s interests and recommending offers that might be of interest to User;
- marketing and promoting SafeBreach’s services;
- providing assistance and support;
- fulfilling User requests; meeting contractual or legal obligations;
- protecting Users security, e.g. preventing and detecting fraud;
- internal purposes, e.g. trouble shooting, data analysis, testing and statistical purposes.
- SafeBreach does not use any Personal Data other than set forth herein and/or as necessary to provide the Services, or any part thereof and/or subject to User’s prior consent.
- In case User’s Personal Data contains third party personal data, User represents and warrants that it has obtained any consent required under the PP to SafeBreach’s privacy practices set forth in the PP from such third party.
- SafeBreach may process User’s Personal Data to operate, provide, and improve the Services, including but not limited to:
- Sharing User’s Information.
- In the following cases SafeBreach may discloses, without notification, Personal Data, and any other information that SafeBreach has collected and/or was provided with:
- provide User’s with the Services;
- verify the information obtained by SafeBreach;
- where User provide his consent;
- comply with applicable laws or regulations;
- comply with a court order, subpoena or other legal process;
- respond to a lawful request by a government authority, law enforcement agency or similar government body (whether situated in User’s jurisdiction or elsewhere);
- engage with third-party service providers and/or sub-contractors which provide services for SafeBreach’s business operations (e.g., hosting and server location services, data and cyber security services, text analyzing services, fraud detection, analytics, data optimization and marketing services, social and advertising networks, content, lead generating and data enrichment providers) a list of which can be received upon request; Such service providers may have access to personal data, depending on each of their specific roles and purposes in the provision of the Services or other activities, and may only use the data as determined in SafeBreach’s agreements with them)
- SafeBreach believes release is appropriate to comply with the law, enforce or apply SafeBreach’s Terms, or protect the rights, property, or security of SafeBreach, Users, or others. This includes exchanging information with other companies and organizations for fraud prevention and detection and credit risk reduction and any activity that SafeBreach believes may be illegal or may expose SafeBreach to legal liability;
- events involving potential threats to the physical safety of any person or property if Company believes that User’s information in any way relates to that threat;
- disclose to third parties aggregated or de-identified information about Users for marketing, advertising, research, or other purposes;
- disclose to third parties’ websites and services as described under Section 4 above
- disclose to our affiliates, representatives, subcontractors and business partners as described under Section 3 above.
- disclose and/or transfer data to another entity if SafeBreach is acquired by or merged with another entity, if SafeBreach sells or transfer a business unit or assets to another entity, as part of a bankruptcy proceeding, or as part of any other similar business transfer. Personal Data collected hereunder may also be disclosed in connection with a commercial transaction where SafeBreach or any of its businesses are seeking financing, investment, and support or funding.
- When SafeBreach shares User’s Personal Data with third parties as specified above, SafeBreach requires such recipients to agree to only use the Personal Data SafeBreach shares with them in accordance with this PP and SafeBreach’s contractual specifications and for no other purpose than those determined by SafeBreach in line with this PP.
- In the following cases SafeBreach may discloses, without notification, Personal Data, and any other information that SafeBreach has collected and/or was provided with:
- Direct Marketing and Advertisement.
- SafeBreach may provide Users with direct marketing, as such term is defined in the Israeli Privacy Protection Law, 1981.
- SafeBreach may also send Users advertisements, as such term is defined in the Israeli Media Law (Bezeq and Broadcasting), 1982.
- User can opt out of receiving these direct marketing and/or advertisements from SafeBreach at any time by unsubscribing using the unsubscribe link within each communication or emailing SafeBreach at: [email protected], to have User’s contact information removed from SafeBreach ‘s email list.
- Security.
SafeBreach has taken appropriate technical and organizational measures to protect any User Personal Data and any other information collected about User, from loss, misuse, unauthorized access, disclosure, alteration, destruction, and any other form of unauthorized processing. User should be aware, however, that no data security measures can guarantee 100% protection and security of any data stored either with SafeBreach or with any third-parties. - Users in the European Economic Area (EEA).
- “Personal Data” means data that may be used, either alone or together with other information, to identify an individual user, including, without limitation, a user’s name, address, telephone number, username, email address, city and country, geolocation, unique identifiers, picture, or other similar information and includes personal data as defined in EU GDPR.
- Legal Basis for Processing of Personal Data
SafeBreach will only process User’s Personal Data if it has one or more of the following legal bases for doing so:- Contractual Necessity: processing of Personal Data is necessary to enter into a contract with User, to perform SafeBreach’s contractual obligations to User under the TOU, to respond to requests from User, or to provide User with customer support;
- Legitimate Interest: SafeBreach has a legitimate interest to process User’s Personal Data;
- Legal Obligation: processing of User’s Personal Data is necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
- Consent: processing of User’s Personal Data with User’s consent.
- User’s Rights regarding Personal Data
- Subject to applicable law, User has certain rights with respect to User’s Personal Data, including the following:
- User may ask whether SafeBreach holds Personal Data about User and request copies of such Personal Data and information about how it is processed;
- User may request that inaccurate Personal Data is corrected;
- User may request the deletion of certain Personal Data;
- User may request SafeBreach to cease or restrict the processing of Personal Data where the processing is inappropriate;
- When User consents to processing User’s Personal Data for a specified purpose by SafeBreach, User may withdraw User’s consent at any time, and SafeBreach will stop any further processing of User’s data for that purpose.
- In certain circumstances, SafeBreach may not be able to fully comply with User’s request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, however, in those circumstances, SafeBreach will still respond to notify User of such a decision.
- User can exercise User’s rights of access, rectification, erasure, restriction, objection, and data portability by contacting SafeBreach at [email protected]. In some cases, SafeBreach may need User to provide SafeBreach with additional information, which may include Personal Data, if necessary to verify User’s identity and the nature of User’s request.
- Subject to applicable law, User has certain rights with respect to User’s Personal Data, including the following:
- Transfer of User’s Personal Data outside of the EEA
- The data that Safebreach processes in relation to Users may be transferred to, and stored at a destination outside the European Economic Area (“EEA“), e.g. Israel and the USA, that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who works for us or for one of our service providers:
- In order to store it.
- Where we are legally required to do so.
- In order to facilitate the operation of our businesses, where it is in our legitimate interests and we have concluded these are not overridden by User’s rights.
- Where Personal Data is transferred by Safebreach or Safebreach’s affiliates in relation to providing the services Safebreach will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, which may include by entering into European Commission approved standard contractual clauses relevant to transfers of Personal Data and that it is treated securely and in accordance with this Privacy Policy.
- The data that Safebreach processes in relation to Users may be transferred to, and stored at a destination outside the European Economic Area (“EEA“), e.g. Israel and the USA, that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who works for us or for one of our service providers:
- Users in California, USA.
- SafeBreach will at all times comply with all Applicable Data Protection Laws (including the CCPA) and only process Personal Data on User’s behalf.
- SafeBreach will (i) not collect, retain, use, or disclose Personal Data for any purpose other than for the specific purposes set out in SafeBreach terms of use and the Data Processing Agreement between SafeBreach and User; (ii) not sell Personal Data (as defined under the CCPA); and (iii) put in place appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing or accidental destruction, loss or damage.
- International Storage.
Each User is advised to be aware that Personal Data that SafeBreach collects might be transferred to, processed and stored outside of User’s jurisdiction, and that data protection laws in such jurisdiction where the information is collected stored and/or processed may differ from User’s jurisdiction including in Israel, Europe, US and Australia as reasonably necessary for the proper performance and delivery of the SafeBreach Services, or as may be required by law. Each User hereby gives User’s consent to such transfer, processing and storage of User’s Personal Data outside its jurisdiction. - Access to Information.
Depending on Applicable Data Protection Law, User may be entitled to access User’s data held by SafeBreach with respect to such User. If applicable in accordance with the relevant Applicable Data Protection Laws, Users’ can send a request to SafeBreach at [email protected]. Any request for access may be subject to a fee to meet SafeBreach’s costs in providing such User with details of the data SafeBreach holds on User. SafeBreach will take reasonable steps to verify User’s identity before granting User access or enabling User to make corrections. - Data Retention.
SafeBreach may retain the Personal Data of Users for a period of time consistent with the original purpose of collection (see Section 4, “SafeBreach’s Use of Collected Information”). SafeBreach determines the appropriate retention period for Personal Data on the basis of the amount, nature and sensitivity of Users’ Personal Data processed, the potential risk of harm from unauthorized use or disclosure of Users’ Personal Data, and whether SafeBreach can achieve the purposes of the processing through other means, as well as on the basis of Applicable Data Protection Law requirements (such as applicable minimum statutory retention requirements). - Children’s Privacy.
The Services are not directed to children under 13 (and in certain jurisdictions under the age of 16) years of age, and SafeBreach does not knowingly collect Personal Data from children under 13 (and in certain jurisdictions under the age of 16) years of age. If User is under the age of 18, User must have User’s parent’s permission to use the Services. If User’s parents learn that their child has provided SafeBreach with Personal Data without their consent, they may alert SafeBreach at [email protected]. If SafeBreach learns that it has collected any Personal Data from children under 13 (and in certain jurisdictions under the age of 16), SafeBreach will promptly take steps to delete such information. - Questions Regarding User’s Personal Data?
If User has any questions about this PP or SafeBreach’s data practices in general, User may contact SafeBreach using the following information: [email protected].