Privacy Policy

    (Updated 02/01/2020) Protecting the personal privacy of every customer, vendor, and employee is a crucial part of gaining and keeping your trust in Operation Cyber Aware (the “Company”, “we”, “us”, “Proven Data”). As a global organization, we strive to provide a high level of privacy protection across all of our businesses and services and to deploy consistent, rigorous policies and procedures.

    This Notice does not apply to third-party applications, products, services, websites or social media features that may be accessed through links that we provide on our websites and interfaces. Accessing those links may result in the collection of information about you by a third party. We do not control or endorse those third-party websites or their privacy practices. We encourage you to review the privacy policies of such third parties before interacting with them.

    Your privacy is of utmost importance to us in servicing you. Our products and services are rendered to you on the basis of your understanding of your data privacy rights.

    Please read this Notice carefully. When visiting our website and using our services that link to or reference this Notice, you agree to be bound by the terms and conditions of this policy.

    Your personal data – what is it?

    Personal data relates to a living individual who can be identified from that data. Identification can be by the data alone or in conjunction with any other data in the data controller’s possession or likely to come into such possession. The processing of your personal data is governed by applicable privacy laws.

    What roles do we play in processing your data?

    We are the data controller with respect to processing your data (contact details below). This means that we decide how your personal data is processed and for what purposes. We know that you care how data about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly.

    When are your personal data collected?

    Some of your data can, in particular, be collected by us:

    • whenever you become our customer;
    • whenever you register to use our online services (each time you log in or each time you use them);
    • whenever you fill in forms and contracts that we send to you;
    • whenever you use our services and products.;
    • whenever you opt-in to our online or offline marketing measures and activities, including but not limited to: newsletters, online and live event registrations, and other promotional information and materials;
    • whenever you contact us via the various channels we offer you.

    Our collection of personal data

    The personal data we collect include any and all data you provide to us when you enter into contract with us, register an account with us, enter on our website, provide us information on a web form, update or add information to your account, or give us in any other way. You can choose not to provide data to us, but we may then not be able to service you where such services require processing such data. We use the data that you provide for purposes administering your use of our services, such as communicating with you, responding to your requests, managing your account, customizing your service experience with us, improving our products and services, and personalizing marketing measures and activities. We may communicate with you by mail, email or telephone. We will send you strictly service-related announcements or information on rare occasions when it is necessary to do so.

    • Personal data we collect

      When you register on or log into our services, we may collect and store include: your e-mail address, IP-address, name, address, phone number, login, account name, and your account activity.

      We also receive and store certain types of data whenever you interact with us. For example, we use “cookies,” which are unique identifiers that we transfer to your device to enable our systems to provide features of our services such as personalized advertisements on other websites,, provide remote access for you, allow you to visit our website without re-entering your username and/or password, verify that you have the authorization needed for the services to process your requests, personalize and improve your experience, record your preferences, customize functionalities for your devices, and to improve the functionality and user-friendliness of our services. It also helps us to better understand how you interact with our services and to monitor aggregate usage and web traffic routing on our website. Most of the cookies used by us are so-called “session cookies”. Cookies do not cause any damage on your computer and do not contain any viruses. Most browsers automatically accept cookies as the default setting. You can modify your browser setting by editing your browser options to reject our cookies or to prompt you before accepting a cookie. However, if a browser does not accept cookies or if you reject a cookie, some portions of our services may not function properly.

      We obtain certain types of data when your web browser accesses us or advertisements and other content served by us or on our behalf on other websites, such as the Internet protocol (IP) address used to connect your computer to the internet, device ID or token, unique identifier, device type, ID for advertising, referral URL, computer and connection data such as the type of operating system you use, your device information, your software information, browser type, browser language and version, ad data, access times, your browsing history, and your web log information. Our server automatically receives and records your IP address which your browser sent us on our server when you login to our website. We will store your IP address in our user registration databases. We will use your IP address to provide the most appropriate contents based on your geographic area or information derived from your IP address.

    • Non-Personal information we collect

      We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect your activities on our website, cloud services, software, and hardware. The information is anonymized before being stored to our servers, and it is aggregated and used to help us provide more useful information to our customers and to understand which parts of our website, products, and services are of most interest.

      Our website keeps your account information active in our user registration databases in order to provide immediate access to your personal data each time you visit our website, as noted above.

    Use of Google Analytics

    Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies or IP-address to help the website analyze how users use the site, to monitor and analyze use of our services. The information generated by the cookie or IP-address about your use of the website will be transmitted to and stored by Google on servers. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity, and providing us other services relating to website activity and internet usage. The IP-address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing: https://tools.google.com/dlpage/gaoptout?hl=en.

    Use of Opt-In/Subscribe Personal Data

    You have a choice of whether and how you receive a variety of marketing measures and activities from us related to product solutions, services and helpful business content.

    You can manage your preferences by:

    • Opting-in to newsletter subscription on a web form;
    • Opting-in to marketing measures and activities on a web form; or
    • Unsubscribing newsletter or opting-out of marketing measures and activities, via a link at the bottom of newsletter or emails regarding marketing measures and activities.

    If you no longer wish to receive these communications from us, please follow the opting-out “unsubscribe” instructions provided in the link at the bottom of our marketing communications emails, or update your account settings.

    How do we process your personal data?

    We comply with our obligations under applicable privacy laws by keeping personal data up to date; by storing and destroying it securely; by collecting and retaining only the necessary data that we need to service you; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

    The processing operations we perform on your data cover automated and non-automated means of collecting, recording, organizing, structuring, storing, altering, retrieving, using, transmitting, disseminating or otherwise making available, aligning or combining, restricting, and/or erasing your data.

    We use your personal data for the following purposes:

    • To design and deliver our services and activities to you.
    • To operate our website to provide you access to and use of our services.
    • To design services and activities, inform you of online and offline offers, products, services, and updates.
    • To customize, measure, and improve our services and our marketing communication activities
    • To provide services and products requested by you as described when we collect the information.
    • To contact you to conduct research about your opinions of current services and products or of potential new services and products that may be offered by us.
    • To send you communications regarding marketing measures and activities or conduct webinars informing you of our news, events, new products, business tools and information, and activities.
    • To share your contact details with our affiliate offices around the world within our group companies, for the purposes of internal administration and back-office support, to ensure our network security, and to prevent fraud.
    • To maintain the integrity and safety of our data technology systems which store and process your personal data.
    • To enforce or defend our policies or contract with you.
    • To detect and investigate data breaches, illegal activities, and fraud.

    What is our lawful basis for processing your personal data?

    In general, the lawful bases for us to process your personal data for the various types of processing performed on your data (please refer to “How do we process your personal data?” section of this Notice) is, as applicable, processing as necessary for us to enter into and to perform our contract with you or as necessary to pursue the legitimate interest of our Company or of third parties. .

    We will collect, process and use the personal data supplied by you only for the purposes communicated to you and will not disclose your data to third parties except under the circumstances of data disclosure described in the “Sharing your personal data” section below.

    Where we talk about our legitimate interest or that of third parties, such legitimate interest can include:

    • Implementation and operation of a group-wide organizational structure and group-wide information sharing;
    • Right to freedom of expression or information, including in the media and the arts;
    • Prevention of fraud, misuse of company IT systems, or money laundering;
    • Operation of a whistleblowing scheme;
    • Physical security, IT and network security;
    • Internal Investigations; and
    • Proposed mergers and acquisitions

    Necessity to provide us data

    You are not under any obligation to provide us any personal data. As noted below, the choice is yours. However, please note that without certain data from you, we may not able to undertake some or all of our obligations to you under our service contract with you, or adequately provide you with our full range of services. If you would like to obtain more detail about this, please contact us following the instructions in the “Whom should I contact?” section below.

    Sharing your personal data

    Your personal data will be treated as strictly confidential, and will be shared only with the categories of data recipients listed below. We will only share your data with third parties outside of the Company with your consent, and you will have an opportunity to choose for us not to share your data.

    We may disclose your personal data to:

    • our affiliated entities within our global group of companies worldwide to provide you services such as for internal administration purposes, to detect and deal with data breaches, illegal activities, and fraud, and to maintain the integrity of our information technology systems.
    • third party service providers whom we sub-contract to work on our behalf or for us and therefore may have access to your data only for purposes of performing these tasks on our behalf and under obligations similar to those described in this Notice, who perform functions such as data processing, managing and enhancing customer data, providing customer service, conducting customer research or satisfaction surveys, , marketing support, informational systems technical support, to help us provide, analyze, and improve our services such as data storage, maintenance services, database management, web analytics, and improvement of our service features, and to assist us in detecting and dealing with data breaches, illegal activities, and fraud.
    • Governments and/or government-affiliated institutions, courts, or law enforcement agencies, to comply with our obligations under relevant laws and regulations, enforce or defend our policies or contract with you, respond to claims, or in response to a verified request relating to a government or criminal investigation or suspected fraud or illegal activity that may expose us, you, or any other of our customers to legal liability; provided that, if any law enforcement agency requests your data, we will attempt to redirect the law enforcement agency to request that data directly from you, and in such event, we may provide your basic contact information to the law enforcement agency.
    • third parties involved in a legal proceeding, if they provide us with a court order or substantially similar legal procedure requiring us to do so.

    We may provide you with opportunities to connect with third party applications or services. If you choose to use any such third party applications or services, we may facilitate sharing of your information with your consent. However, we do not control the applications or services of those third parties or how they use your information, and your use of such applications and services is not governed by our privacy policy. Please review the terms and the privacy policies of those third parties before using their applications or services.

    We will display your personal data and account activity in your profile page and elsewhere on our service portals according to the preferences you set in your account. You can review and revise your profile information at any time. Please consider carefully what information you disclose in your profile page and your desired level of anonymity. In your profile page, we will also display your device information as well as provide the network connection information for the devices to the applications that connect to your devices.

    How long do we keep your personal data?

    We keep your personal data for no longer than reasonably necessary for the given purpose for which your data is processed. If you will provide us, or have provided us, consent for us to process your data, we will process your data for no longer than your consent is effective. Notwithstanding the above, we may retain your personal data as required by applicable laws and regulations, as necessary to assist with any government and judicial investigations, to initiate or defend legal claims or for the purpose of civil, criminal or administrative proceedings. If none of the above grounds for us to keep your data apply, we will delete and dispose of your data in a secure manner according to our privacy policy.

    Privacy of data subjects under the age of 16

    Our products and services are not targeted to persons under the age of 16. We do not knowingly collect or process personal data from persons under the age of 16. Please note that if you are under the age of 16, you should not buy or use our product or services and we will not be liable for any lost or damage incurred by the unauthorized disclosure or processing of personal data under the age of 16.

    Your rights and your personal data

    Unless subject to an exemption under applicable privacy laws, you have the following rights with respect to your personal data:

    • The right to request a copy of your personal data which we hold about you.
    • The right to request that we correct any personal data if it is found to be inaccurate or out of date.
    • The right to request to erase your personal data where it is no longer necessary for us to retain such data, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
    • The right to withdraw your consent to the processing at any time, where we rely on your consent to process your data. This includes cases where you wish to opt out from marketing communications that you receive from us.
    • The right to request that we provide you with your data and where possible, to transmit that data directly to another data controller, where the processing is based on your consent or is necessary for the performance of a contract with you, and in either case we process the data by automated means.
    • The right to restrict our processing of your personal data where you believe such data to be inaccurate, our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
    • The right to object to us using your personal data, where the legal justification for our processing of your personal data is our legitimate interest. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of legal claims.
    • The right to lodge a complaint regarding our processing of your data, with the competent authority where you reside or in which your data is processed.

    If you would like to exercise any of the above rights, please do so through by emailing [email protected]

    After receiving your request, we will evaluate your request and inform you how we intend to proceed on your request. Under certain circumstances in accordance with applicable privacy laws and regulations, we may withhold access to your data, or decline to modify, erase, port, or restrict the processing of your data.

    Please be advised that if you exercise the rights to erase data, restrict or object to our processing, or to withdraw your consent, we may not be able to continue our services to you if the necessary data is missing for processing.

    Transfer, Storage, and Processing of Data Abroad

    As noted in the “Sharing your personal data” section of this Notice, as a globally operating company, we may share your information with our affiliate companies or third parties. Please refer to the “Sharing your personal data” section of this Notice for the recipients of your data and the reasons for our provision of your data to them. Where such entities are located in other countries and jurisdictions, we will therefore be transferring your personal data outside of the European Economic Area. In making such data transfers, we make sure to protect your personal data by applying the level of security required by applicable privacy laws. Where we transfer your data to a country or jurisdiction that cannot guarantee the required level of protection as required by applicable privacy laws, we have enhanced our IT security measures and have entered into Standard Contractual Clauses with the transferee to require security obligations on the transferee, both of which are intended to increase the protection of your personal data. Standard Contractual Clauses are one of a number of “appropriate safeguards” under the applicable privacy laws that enable the transfer of personal data concerning data subjects within the European Economic Area to jurisdictions that have not been designated by the European Commission as possessing an adequate level of data protection. You may request a copy of such Standard Contractual Clauses from us, or inquire about transfers of your information, by providing your request to the contact window set forth in the “Whom should I contact?” section.

    Further processing

    If we wish to use your personal data for a new purpose not covered by this Notice, then we will provide you with a new notice explaining this new use prior to commencing such further processing for a new purpose, setting out the relevant new purpose and processing conditions. In such case, we will find a lawful basis for further processing, and whenever necessary we will seek your prior written consent to such further processing.

    Security

    We protect your data using technical measures to minimize the risks of misuse, unauthorized access, unauthorized disclosure, loss or theft, and loss of access. Some of the safeguards we use are data pseudonymization, data encryption, firewalls, and data access authorization controls. We take our data security very seriously. Therefore the security mechanisms used to protect your data are checked and updated regularly to provide effective protection against abuse.

    The server through which we collect your information are usually encoded using the encryption module of your browser, and are certified for international encryption technique. If necessary, we use SSL (Secure Socket Layers) encryption to protect your personal information. Moreover, we have put in place additional and comprehensive state-of-the-art security measures when your data are accessed via the internet. Firewalls prevent unauthorized access. Diverse encryption and identification layers protect your data from intrusion or disclosure to third parties during data transfer. Furthermore, we internally use sophisticated encoding methods in order to prevent de-coding by unauthorized persons. Moreover, an electronic identifier is generated during data transfer to safeguard your information.

    For your confidentiality and security, we use ID and password to secure your personal information. It is important for you to protect your ID, password, or any personal information. Do not disclose your personal information (especially password) to anyone. When you are finished using our services, please do not forget to log out from your account. If you share a computer, whether in a public or private setting, be sure to sign off and close your browsers when finished using a shared computer.

    If you believe that the security of your data has been compromised, or if you like more information on the measures we use to protect your data, please contact us following the instructions in the Whom should I contact? section below.

    What are your choices?

    You have the choice to allow us to collect and process your data. The collection and processing of your personal data is neither a statutory nor a contractual requirement, although as noted above, we will be unable to provide you with certain services without the data necessary for such services purposes.

    If you are dealing with us online, note that most browsers will inform you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and how to disable cookies. Additionally, you can disable or delete data used by browser add-ons, such as Flash cookies, on your browser or on the website of its manufacturer.

    You can always choose not to provide your data to us, although we may need such data to process your requests, in which case we will inform you of our constraints.

    To the extent that you have consented to our processing of your data, you can choose to discontinue our processing at any time.

    You can choose to request from us a copy of the personal data we store and process regarding you.

    You can choose to add or update data that you have provided to us.

    You can choose to erase your data, or you may choose to restrict our processing of your data instead.

    You can choose to port your data to a third party under conditions stated above.

    You can always choose to object to us processing your data.

    Your choice or request on any aspects of data processing listed above can be communicated to us using the channels set forth in the “Whom should I contact?” section of this Notice.

    In summary, what we are allowed to do with your data is, with limited exceptions under applicable privacy laws, up to your choice. However, in the event that you choose for us not to further process your data, such choice may affect the delivery of our obligations or services to you; in this situation, we will inform you of our constraints.

    Your Data Privacy Rights

    You have a number of rights under relevant data privacy laws, which may include the General Data Protection Regulation (EU) 2016/679 and the California Consumer Privacy Act. Depending on where you are based, those rights may include the right to (i) request access or copies of your personal data Proven Data processes, (ii) rectify incorrect personal data, (iii) delete your personal data, (iv) restrict the processing of your personal data, (v) determine the portability of your personal data, (vi) lodge complaints with competent authorities in your country, and/or (vii) request a list with the names and addresses of any potential recipients of your personal data. To exercise one or more of these rights, or to ask questions or relay concerns, please contact Proven Data’s Protection Officer:

    by post to
    Proven Data
    Data Protection Officer
    590 Madison Ave, 21st Floor
    New York, NY 10022

    or

    by e-mail to [email protected]

    In case of disagreements relating to our processing of your personal data, you can submit a request for mediation or other administrative action to the data protection supervisory authority with the competent authority where you reside or in which your data is processed. Please click here for a list of local data protection authorities in EEA countries: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

    This privacy policy and notice for California residents applies solely to visitors, users, and individuals, who reside in the State of California (“consumers” or “you”). We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (CCPA). The terms “business,” “business purpose”, “personal information”, “processing”, and “service provider” have the meanings giving to them in the CCPA.

    Our Role

    Proven Data (and all affiliates and subsidiaries, collectively “Proven Data Recovery” “PDR” PD” “Proven Data” “we” or “us”) may collect and use consumer personal information for its commercial and business purposes and related operational purposes. With respect to these activities, Proven Data may have direct responsibilities as a business subject to the CCPA. For example, for certain activities related to direct interaction with consumers who have a direct relationship with Proven Data, interacting with prospective/current clients, marketing, website and web application use, engaging vendors, and interacting with visitors/users of our Website. In these cases, this privacy policy is applicable.

    Proven Data also collects information in its capacity as a service provider to our clients, providing threat assessment, risk, digital forensic investigations, and threat intelligence. In that case, Proven Data receives personal information from our clients where we have no direct relationship with the individuals whose personal information we process, and information is provided to us solely for the business purpose of providing those services. If you are a customer or other user associated with one of our clients on whose behalf we have collected or processed your information, this privacy policy does not apply to you, and if you have questions or wish to exercise your rights relating to your personal information (such as information, access or deletion), please contact that client directly. 

    Categories of Personal Information We Collect

    The specific personal information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual.

    In the past 12 months, we have collected, used and disclosed to third parties for business purposes, the following categories of personal information relating to California residents covered by this policy:

    Category Examples May Include 
    Identifiers Name, alias, postal address, unique personal identifier, online
    identifier, internet protocol address (IP Address), email address, account name, EIN, or other similar identifiers
    Personal Information categories described in California Customer Records statute (Cal. Civ. Code § 1798.80(e)) Name, signature, SSN, address, telephone number, state identification card number, insurance policy number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information
    Commercial information Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
    Internet/network activity Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement
    Geolocation data Physical location or movements.
    Professional or employment-related information Current or past job history 
    Non-public education information (per the Family Educational Rights and Privacy Act Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student financial information
    Sources of Personal Information We Collect
    • Information directly from you, the consumer, that you choose to provide, when you interact with us, for example, when you communicate with us by phone, email or otherwise, register for an event, subscribe to marketing or other communications, or inquire about or purchase a product or service.
    • Information we automatically collect when you interact with our website, content or emails such as your IP address and the pages you visited, and when you use our services, we may collect information on how you use those services. Please see our Website Use and Cookies Policy for additional information.
    • Information provided by our clients in order for us to provide specific services as a service provider, or information from third parties, acquired at the direction of our clients in order to provide the services.
    • Information from other sources, including service providers or publicly available sources.
    Business Purposes

    We collect personal information to offer and administer our services and products. These include threat intelligence, risk, investigations, incident details. We use personal information for the following business purposes:

    • To provide the products or perform services for clients pursuant to a written agreement, including contacting you in the course of our ordinary commercial relationship, verifying client information, processing payments, or similar activities as needed to provide services for or on behalf of our clients.
    • For marketing purposes. For example, we may use your information to further discuss your interest in the services and to send you information regarding Proven Data such as information about promotions, events, products or services. You may opt-out of receiving marketing communications and updates at any time. 
    • To improve Proven Data’ communications with you. Emails sent to you by Proven Data may include standard tracking, including open and click activities. Proven Data may collect information about your activity as you interact with our email messages and related content in order to verify or maintain the quality of our communications, or improve, upgrade, or enhance the services we provide.
    • For operating and improving Proven Data’ website and web applications and your customer experience, including debugging to identify and repair errors that impair existing intended functionality or to verify or maintain the quality of our website, and to improve, upgrade or enhance the website services. For example, we may collect and analyze data on your use of our website and process it for the purpose of improving our online experience. Please see our Website Use and Cookies Policy for additional information.
    • For security purposes, including detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
    • For other business purposes, which will be disclosed at the time we collect personal information.
    Disclosure/Sharing of Personal Data

    In the preceding 12 months, we have not sold any personal information.

    We share personal information for business purposes with the following categories of third parties:

    • Our affiliates, as needed to operate our business and provide services.
    • Service providers, such as vendors, consultants and other service providers who perform certain services on behalf of Proven Data, in which case we enter a contract that describes the purpose of processing and requires the recipient to not use it for any purpose except performing the contract.
    • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
    Your Rights

    Subject to the CCPA and other applicable laws, you have the following rights concerning your data processed by Proven Data:

    • Access: You have the right to request to access the personal information that Proven Data holds about you, including categories of information collected, categories of sources from which the information is collected, our business purpose for collecting information, and categories of third parties with whom we share your information.
    • Deletion: You can request that Proven Data erase your personal data.
    • Non-discrimination: Proven Data will not discriminate against a consumer because the consumer exercised any of the consumer’s rights under the CCPA.
    Contact Us

    Please contact us if you wish to exercise your rights under CCPA:

    Email: [email protected]

    In Writing:

    Proven Data Compliance and Privacy Office,
    Proven Data
    Data Protection Officer
    590 Madison Ave, 21st Floor
    New York, NY 10022