Privacy Policy

Effective date: March 23, 2024

At BreachLock, Inc. (hereinafter referred to as “BreachLock”), we are committed to protecting and respecting the privacy of visitors to our website and customers of our products and services (collectively referred to as “services”). We take responsibility for complying with the UK Data Protection Act 1998 (DPA), the General Data Protection Regulation, the EU-US Privacy Shield Framework, and other relevant applicable laws. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our services and the choices and rights you have associated with that data. We use your data to provide and improve our services. By using our services, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use.

Scope

This privacy policy applies to individuals visiting our website, whether they reside in the European Union or not. However, rights given under the EU-US Privacy Shield Framework can only be exercised by the individuals residing in the European Union.

Participation in the EU-US Privacy Shield Framework

BreachLock participates in the compliance of the EU-US Privacy Shield framework, and it is committed to subjecting all personal data received from the EU member countries except Switzerland (hereinafter referred to as “the EU”) to the Principles and Supplemental Principles (hereinafter referred to as “the Principles”) given in the Framework. To learn more about the Privacy Shield Program, and to view our certification, please visit https://www.privacyshield.gov

BreachLock complies with the Privacy Shield Principles for onward transfer of personal data from the EU to the US, including the provisions dealing with onward transfer liabilities. Under those provisions of the framework and certain circumstances specified therein, BreachLock is responsible for the processing of personal data received under the Privacy Shield Framework and further transferred to a third party acting as an agent of BreachLock.

With respect to personal data received or transferred from the EU under the Privacy Shield Framework, BreachLock is subject to the regulatory enforcement powers of the US Federal Trade Commission (FTC). As detailed in the Principles, BreachLock may be required to disclose personal information of an individual without taking consent from an individual in response to lawful requests made by the public authorities, including to meet law enforcement or national security requirements.You have a right to invoke binding arbitration under certain circumstances when other dispute resolution mechanisms have been exhausted. These circumstances have been detailed on the framework website.

Information Collection, use and Security

We collect several different types of information for various purposes to provide and improve our services.

Collection of Personally Identifiable Information (PII)

In the course of using our Site, we may request certain Personally Identifiable Information (PII) from you. This information is essential for contact or identification purposes. For the context of GDPR, UK GDPR, and the Swiss Federal Data Protection Act, “Personal Information” encompasses any “personal data” pertaining to an identified or identifiable individual, as defined by these regulations, which BreachLock receives in the United States from the European Union, the UK, or Switzerland, and is recorded in any format. Considering the nature of our services, BreachLock majorly collects business-related data. However, it receives personal information of individuals either representing a business or in their personal capacity which includes –

  • Name
  • Address
  • Company
  • Phone Number
  • Position/Designation
  • Email Address

Who is responsible for your Information?

BreachLock and its affiliates are responsible for your personal information. We may also retain the services of external suppliers to help meet our business needs and may share your data with these suppliers. These suppliers have been selected after a rigorous evaluation process and chosen for their security, reliability, and competence. They will process your data only under our instructions. Some of these suppliers may be based in non-EU countries. Where this is the case, the transfer of your personal information to these countries is carried out in compliance with the guarantees provided by law. Please contact us on the details given in the Contact section if you wish to receive information about these suppliers.

Who is responsible for your Information?

BreachLock and its affiliates are responsible for your personal information. We may also retain the services of external suppliers to help meet our business needs and may share your data with these suppliers. These suppliers have been selected after a rigorous evaluation process and chosen for their security, reliability, and competence. They will process your data only under our instructions. Some of these suppliers may be based in non-EU countries. Where this is the case, the transfer of your personal information to these countries is carried out in compliance with the guarantees provided by law. Please contact us on the details given in the Contact section if you wish to receive information about these suppliers.

Usage Data

We may also collect information on how our services are accessed and used (herein after referred to as “Usage Data”). This usage data may include information such as your computer’s IP address, browser type, browser version, the pages of our services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Sharing of Personal Information

The Personal Information you supply may be disclosed to third-party service providers engaged by us. These entities are contractually obligated to utilize the shared Personal Information solely for the execution of the services commissioned by us.

Aggregation and Use of Information

We may aggregate demographic data, survey responses, and other Personal Information provided by you into a collective, non-personally identifiable format. This aggregated data, devoid of sufficient Personal Information to identify any individual, may be shared with our business partners, affiliates, sponsors, or other third parties. Rest assured, this aggregated information is structured in a manner that prevents personal identification of you or any other Site visitors.

User Content Submitted to other Portions of our Site

When you engage with BreachLock’s blogs or any publicly accessible sections of our website, please be cognizant that any Personally Identifiable Information (PII) you disclose may become public. This PII could include, but is not limited to, your name and may be accessible to anyone who views the blog or the specific URL of the post you comment on. BreachLock is not liable for the use of this information by parties other than BreachLock personnel.

Your provided name will be displayed publicly and will serve as an identifier for your comment or content. While your PII will not be sold, rented, or shared under normal circumstances, it may be disclosed pursuant to a judicial order.

By posting a comment on our blog or submitting content to any public-facing part of our website, you grant BreachLock an irrevocable, perpetual, exclusive license to use, reproduce, publish, modify, perform, and create derivative works from any part of the content you provide, including any PII therein. Please note that all user-generated content, such as posts, articles, and comments, is subject to review and potential modification prior to publication.

Our Customer Testimonials

We post customer testimonials on our website. These testimonials may contain personally identifiable information, such as the customer’s name. We obtain the customer’s explicit consent prior to posting any testimonials.

Children’s Privacy

Protecting the privacy of young children is especially important to us. We advocate for the active involvement of parents and guardians in supervising the online activities of their children.

In compliance with the Children’s Online Privacy Protection Act (COPPA), BreachLock does not collect or maintain information from those we actually know are under the age of 13, nor is any part of our website structured to attract anyone under 13.

Should you believe that we have inadvertently collected Personal Identifiable Information from a child under the age of 13, we urge you to contact us immediately. Upon notification, we will take swift measures to verify and, if necessary, promptly delete such information from our database.

Cookie Policy

We use cookies and similar tracking technologies to track the activity on our services and hold certain information. Cookies are files with small amount of data which may include a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our services.

Below are the examples of cookies we use on our site, and why we use them:

  • Session Cookies: We use session cookies to operate our services.
  • To provide and maintain our services,
  • Preference Cookies: We use preference cookies to remember your preferences and various settings.
  • Security Cookies: We use security cookies to implement security controls on the website.
  • Google Analytics Cookies: We use these cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. We use this information to improve our website and enhance the experience of the visitors.If you have any issues with the cookies being collected, please write to us at the contact details given in the Contact section.

Use of Data

BreachLock uses the collected data for various purposes:

  • To communicate with the prospective clients,
  • To provide and maintain our services,
  • To notify you about changes to our services,
  • To allow you to participate in interactive features of our services when you choose to do so,
  • To provide customer care and support,
  • To monitor the usage of our services,
  • To detect, prevent and address technical issues,
  • To analyze and improve our services and communications
  • To monitor compliance with our policies and standards, and
  • Any other marketing-related activities that fall under legitimate business purposes

We will provide you with marketing-related information (including newsletters and/or promotional materials) only after you have, where legally required to do so, opted-in to receive those communications and have provided the opportunity for you to opt-out at any time.

BreachLock will not use your personal information for taking any automated decisions affecting or creating profiles other than as described above. We will not share your personal information with third parties without your consent, except our service providers or parties acting as an agent of BreachLock under a legally binding contract.

Transfer of Data

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal data, to the United States and process it here.

We transfer personal information to other countries only when it is essential for the services we provide you, or it is required for the verification or proof of legal claims or subject to protect that assure the protection of your personal information, such as European Commission approved standard contractual clauses.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

BreachLock shall take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure of Data

BreachLock may disclose your personal data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of BreachLock
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of our services or the public at large
  • To protect against legal liability
  • if we sell or buy any of our business or assets – we may disclose your Personal Information to the prospective buyer or seller.
  • if we are acquired by a third party, in which case Personal Information held by BreachLock about its customers will be one of the transferred assets.

BreachLock shares the collected data with its affiliates, which process this data on behalf of BreachLock. It also shares data with other third parties to fulfill various obligations and as required or permitted by law.

With respect to marketing emails, you can opt-out of receiving such emails from BreachLock by writing to us at the contact details given in the Contact section or using the ‘’Unsubscribe” option given in all the emails sent from BreachLock. Notwithstanding the contents of this Policy, BreachLock may disclose personal data in the circumstances as specified in the Principles.

Security of Data

Security of your data is important to us, but do remember that no method of transmission over the Internet or method of electronic storage is 100% secure, i.e., absolutely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

Service Providers

We may employ third party companies and individuals to facilitate our services (hereinafter referred to as “Service Providers”), to provide our service on our behalf, to perform service-related services or to assist us in analyzing how our services are used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated under the law to not to disclose or use it for any other purpose.

Analytics

We may use third-party service providers to monitor and analyze the use of our services,

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the services available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.

Hubspot

HubSpot is a full-service tool for marketing, sales, and customer service. BreachLock uses this service to gather actionable marketing insights and provide customer service to our clients. On behalf of and under instructions from BreachLock, HubSpot acts as a processor to collect, receive, use, store, share, transfer, and process your Personal Data. HubSpot does not have any direct control or ownership of the Personal Data they process. For more information on HubSpot’s data processing activities as a processor, you can visit the HubSpot Product Privacy Policy web page.

Links to Other Sites

Our services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.

Rights of EU Residents under the EU-US Privacy Shield Framework

You may have rights under applicable global privacy laws, including GDPR, UK GDPR, CCPA, and the Swiss Federal Data Protection Act. These rights may encompass: accessing your Personal Information we hold, its source, and the purposes of processing, including where this information is shared or sold; correcting any inaccuracies in your Personal Information; requesting the deletion of your Personal Information (‘right to be forgotten’); restricting the processing of your Personal Information; portability of your Personal Information; objecting to our use of your Personal Information; opting out of the sale of your Personal Information; and rights related to automated decision-making and non-discrimination.

An individual residing in the EU has a right to access his personal information stored with BreachLock. An individual may request to update, correct, or delete his/her data. To submit such requests to exercise your right or raise any questions, please contact BreachLock as per the ‘Complaints’ section given below. As per the provisions of the framework, BreachLock reserves the right to authenticate an applicant’s identity, charge a minimum amount of fee, and deny or provide access.

  • 4.1 Access to Your Personal Information You are entitled to request confirmation of whether we process your Personal Information and to access the data we retain about you. This includes receiving details on the types of Personal Information we hold, its origins, and the entities with whom it is shared or sold. We aim to fulfill such requests promptly, within one month under GDPR, UK GDPR, or the Swiss Federal Data Protection Act, and within 45 days under the CCPA. Should additional information be required to fulfill your request, we will inform you accordingly.
  • 4.2 Rectification of Your Personal Information Should you find any Personal Information we possess to be incorrect or incomplete, you have the right to request rectification. We commit to addressing such requests within one month. If we determine that a correction is not feasible, we will provide you with the reasons for this decision and inform you if an extension is necessary to process your request.
  • 4.3 Right to be Forgotten You may request the deletion of your Personal Information under certain conditions: if it is no longer necessary for its original purpose; if you withdraw consent; if you object to processing and we lack overriding legitimate grounds; if the processing is unlawful; or if legal obligations necessitate its removal. We reserve the right to decline such requests under specific circumstances, which will be communicated to you.
  • 4.4 Right to Restrict Processing You may request that we suspend processing of your Personal Information in certain situations: if you contest its accuracy; if you have objected to processing and we are assessing our legitimate grounds; if processing is unlawful; or if we no longer need the data but you require it for legal claims. While processing will halt, we are not obligated to delete the data.
  • 4.5 Data Portability As a Data Controller, Breachlock acknowledges your right to receive your Personal Information in a structured, commonly used, and machine-readable format, enabling you to transfer it to another controller. This right is applicable when processing is consent-based, contractually necessitated, or automated. We strive to respond to such requests within one month and will notify you if an extension is needed.
  • 4.6 Right to Object You have the right to object to the processing of your Personal Information on grounds relating to your particular situation, especially when the processing is based on legitimate interests, public interest, or official authority. This also applies to processing for direct marketing, profiling, and purposes of scientific, historical research, or statistical analysis. We will cease processing upon a valid objection unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.
  • 4.7 Right to Opt-Out of the Sale of Your Personal Information: Breachlock respects your right to control the sale of your Personal Information. While we do not engage in the sale of Personal Information, should any sale occur as part of a business transaction, such as a merger or acquisition, you retain the right to opt-out at any time. We will honor your direction not to sell your Personal Information, and such a directive will remain effective unless you provide express authorization to the contrary. Any objections to the sale or use of your Personal Information for marketing will be acted upon immediately, without undue delay.
  • 4.8 Right to Disclosure of Information Sold: If your Personal Information has been sold or disclosed for business purposes, you may request disclosure of the specific categories of Personal Information collected, sold, and the third parties to whom it was sold, as well as the categories of Personal Information disclosed for business purposes. We are committed to providing transparency and facilitating your access to such information upon request.

Complaints

Breachlock is dedicated to adhering to the principles set forth by the GDPR, UK GDPR, and the Swiss Federal Data Protection Act. We take our responsibility to address any concerns regarding the collection or use of your personal information seriously. Individuals within the European Union, the UK, and Switzerland are encouraged to bring forward any inquiries or complaints related to data protection compliance directly to Breachlock.

Please contact us via email at compliance@breachlock.com or send your correspondence to the following address:

BreachLock, Inc. 3 Germay Drive, Unit 4 #1354 Wilmington, DE 19804 USA We commit to promptly addressing and working towards the resolution of any issues raised.

Compliance and Certification

BreachLock complies with the EU-US Privacy Shield framework and has self-certified to the Department of Commerce that it adheres to the Principles laid down in the Framework. If there is any conflict or vagueness in this Privacy Statement and the Privacy Shield Framework, the Privacy Shield Framework shall govern. To learn more about the framework, please visit the framework website.

Contact

If you have any questions related to this Privacy Policy, your personal data stored with BreachLock, your rights under the Privacy Shield Framework, and any matters related thereof, please contact our Compliance Manager:

Address:
BreachLock, Inc.
3 Germay Drive,
Unit 4 #1354
Wilmington DE 19804
Email: compliance@breachlock.com
Phone: +1-917-779-0009

In case there is an unresolved issue, and we have not answered satisfactorily, please contact our independent dispute resolution provider – The EU DPAs – here. For individuals, this process is free of cost.

Changes to this Policy

This Privacy reflects our information security and data protection practices. If any material changes are made in the contents of this policy, BreachLock will also let you know via email and/or a prominent notice on our services, prior the changes coming into effect and updating the “Effective Date” at the top of this Policy. Changes to this Policy are effective when they are published on this page.

Industry recognitions we have earned

reuters logo csea logo hot150 logo global excellence logo benelux logo cea logo bloomberg logo top-infosec logo

Fill out the form below to let us know your requirements.
We will contact you to determine if BreachLock is right for your business or organization.

background image