risk3sixty collects and uses information for the following purposes:
Risk3sixty does not use information for any purpose not described herein. If we process data for additional purposes in the future, such purposes shall be consistent with the purposes for which the data was originally collected. Otherwise, we will notify you of new purposes for processing and provide you the opportunity to opt out.
In addition, risk3sixty does not sell or disclose your data to third parties for marketing purposes. All third parties to whom disclosures may be made are disclosed in the section of this Policy titled “HOW WE SHARE DATA.”TYPES OF DATA PROCESSED
The information we collect from you depends on the nature of your relationship with us, as well as whether we are a controller or processor. The information we collect may include Contact Information, Login Information, Usage Information, or Business-related Information as detailed below. Collectively, these types of information may be referred to as “Personal Data” herein.
Your contact information is also collected when you use Phalanx based on our legitimate interest of personalizing the services and providing accurate logging capabilities.
Login Information. Login information includes your username and password used to access Phalanx. Our legitimate interest in processing this data is to provide the Phalanx platform to our customers.
Usage Information. Usage information is collected from various monitoring and analytics tools to fulfil our legitimate interest of understanding your usage of the Phalanx platform. (See “Analytics and Tracking” below.)
Websites or Events:
We will use the information we collect via our Websites:
Our use of your Personal Information may be based on our legitimate interest to ensure network and information security, and for our direct marketing purposes, or you consenting to it (e.g. when you request a demo).
We may use the information we collect from our customers and their users in connection with the Services we provide for a range of reasons, including to:
We use your Personal Information in this context based on the contract that we have in place with you or our legitimate interest for security purposes (e.g. the prevention and investigation of fraudulent activities). Personal Information will be deleted based on the terms of the contract. You can exercise your rights regarding your personal information by contacting us.
You are not required to share the Personal Data that we request. However, if you choose not to share such information, we will generally be unable to provide the Phalanx platform to you or interact with you regarding our services.risk3sixty will never collect more of your Personal Data than is necessary for the intended purpose of processing that information. If you feel any data collected is not necessary for the intended purpose, please notify our Chief Privacy Officer.
Please see the YOUR PRIVACY RIGHTS section below to learn more about how you can control the information risk3sixty processes about you.
HOW WE SHARE DATA
Any data you provide may be shared with our affiliates in order to fulfil the purposes described herein.
Risk3sixty will not disclose your data to third parties for direct marketing purposes.
Sharing with third party service providers. Risk3sixty engages with the following subprocessors to process Personal Data. Risk3sixty has reviewed subprocessor security policies and appropriate certifications to ensure that the subprocessor protects Personal Data in accordance with risk3sixty’s security standards.
|Amazon Web Services||Cloud Infrastructure||United States|
|Microsoft O365||Electronic Communication||United States|
|Hubspot||Marketing content||United States|
|Google Analytics||Website Analytics||United States|
|Sendgrid||Send Email||United States|
|Appcues||In-App Engagement||United States|
|Heroku||Infrastructure as a Service||United States|
|Spanning||MS365 Backups||United States|
|ZenDesk||Knowledge Base and Support||United States|
|FullStory||Website Analytics||United States|
Analytics and Tracking: On some of our Websites, we also may utilize Google Analytics, a web analysis service provided by Google, to better understand your use of the Website and Services. Google Analytics collects information such as how often users visit the Websites, what pages they visit and what other sites they used prior to visiting. Google uses the data collected to track and examine the use of the Websites, to prepare reports on its activities and share them with other Google services. Google may use the data collected on the Websites to contextualize and personalize the ads of its own advertising network.
Google offers an opt-out mechanism for the web available here.
We use FullStory on the Phalanx platform. If you wish to prevent all websites using the FullStory Services to be able to record activity, you can opt-out of the FullStory Services. Opting out will create a cookie that tells FullStory to turn off recording on any site which uses the FullStory Services. The presence of this cookie is required to continue opting out. That means if you clear your browser cookies, you will have to opt-out again.
Complying with law / protecting legal rights. We may be required to disclose your information to comply with applicable laws (including laws outside of your country of residence), regulations, court orders, government and law enforcement requests, including national security or other law enforcement requirements. Additionally, if we reasonably believe that it is necessary or appropriate, we reserve the right to use or disclose your information to allow us to pursue available claims or remedies and protect our legal rights, property or the safety of our employees, users or others, to the extent allowed by applicable law. This includes exchanging information with companies and organizations for the purposes of fraud detection.
ISO 27001/27701: The security of your personal information is important to us. We have implemented technical, organizational and administrative security measures to protect your information from unauthorized access, disclosure, misuse, alteration, accidental loss or destruction. In addition, we align to the ISO 27001 and ISO 27701 framework.
Risk3sixty has developed a comprehensive Information Security Policy to define security requirements for all personal information and preserve the confidentiality, integrity, and availability of personal information. The Information Security Policy, and all associated policies and procedures, are reviewed at least annually.
Technical measures to protect information include data encryption, access controls, and vulnerability management.
Risk3sixty defines security and privacy obligations for third party service providers, which providers must adhere to. A list of service providers is located above.