PRIVACY POLICY
1. INTRODUCTION
Keepnet Labs LTD (referred to as "we", "us", "our", or "Keepnet" in this policy) values the privacy and data rights of individuals. Keepnet is committed to preserving personal data and being transparent about how it collects data, uses it and discloses personal data. This privacy policy displays how it uses personal data for business objectives. Please read the following thoroughly to learn our practices so you can make knowledgeable choices about your affiliation with us.
We use personal data that relates to three key categories of individuals (or “data subjects”):
People who use our website – keepnetlabs.com Our customers and people we work with (this includes employees of our customers and service providers); and People with personal data relating to them this is available on the Dark Web and other public internet sources that we collect information from for Threat Intelligence. For the purpose of the Data Protection Act, 2018 (the Act) and the General Data Protection Regulation (GDPR), the Data Controller is Keepnet Labs, Unit 6 Queens Yard, White Post Lane, London, England, E9 5EN. Keepnet Labs LTD is registered as a Data Controller with the Information Commissioners’ Office. Our ICO registration number is ZA735330 .
2. DATA COLLECTION PROCESS AT KEEPNET LABS LTD
In line with the stipulations of the General Data Protection Regulation (GDPR), "Personal Data" represents any details connected to a distinguishable individual, often referred to as a 'data subject.' A distinguishable individual can be singled out, directly or indirectly, by attributes such as a name, an identification digit, location information, online identifiers, or multiple factors related to their physical, physiological, genetic, mental, economic, cultural, or social identity.
At Keepnet Labs LTD, we acquire Personal Data from you in these manners:
2.1 Direct Data Gathering
• Contact Specifications: We collect your full name, employer's name, city, state, country, phone number, and email addresses.
• Event Attendance: In case you participate in an event, with your supplementary consent, we may scan your attendee badge to acquire data such as your name, job title, company name, address, country, phone number, and email address.
• Visiting Our Premises: During visits to our offices, we necessitate you to register as a visitor and offer your name, email address, phone number, company name, and timestamps of your arrival and departure.
• Information via Forms: When you willingly submit information through our forms, you give explicit consent for the collection, utilization, and disclosure of your Personal Data following this Website Privacy Notice. Consent can be withdrawn at any time by emailing privacy@keepnetlabs.com. The information intended for display or publication on public areas of the Website or transmitted to other Website users or third parties (User Contributions) is shared at your discretion. Despite limited access to certain pages, bear in mind that no security measures are flawless. We cannot guarantee your User Contributions will not be viewed by unauthorized persons.
2.2 Indirect Data Gathering
• Automated Data Gathering: We accumulate data via cookies and web beacons, including details like IP address, browser type, operating system specifics, domain name, the date and time of your visit, and the pages viewed.
• Third-Party Data: We collect data about you from different sources, inclusive of third parties from whom we've purchased Personal Data, and combine this data with our existing records. This process enhances our records, aids in the identification of new customers, and enables us to deliver advertising and services in line with your preferences. We collect Personal Data from third-party business contact databases, encompassing mailing addresses, job titles, email addresses, phone numbers, user activity data, IP addresses, social media profiles, LinkedIn URLs, and custom profiles, for purposes like targeted advertising, relevant email content delivery, event promotion, sales/marketing, business intelligence, and profiling.
• Cookies: Through common data collection tools, including usage data collection tools, cookies, web beacons, and similar technologies, we automatically collect information, possibly including Personal Data, from your computer or mobile device as you navigate our Site or interact with our emails. For details about the cookies we utilize, kindly review our Cookie Notice.
• Web Beacons: Our Website may include small electronic files known as web beacons (also referred to as clear gifs, pixel tags, single-pixel gifs) enabling us to count users who've visited certain pages or gather other Website-related statistics.
Threat Intelligence: Our modular cyber threat intelligence solution, Threat Intelligence, collects limited information from surface, Deep, and Dark Web sources to identify information security breaches relating to our customers.
3. HANDLING OF YOUR PERSONAL DATA
In our role as the controller of your Personal Data, we at Keepnet Labs LTD utilize the information collected following specific purposes and under precise legal bases as detailed below:
3.1 Personal Data Use with Your Approval
With your explicit consent, we use your Personal Data for the following:
• For promotional endeavors like when you opt for our newsletter subscription.
• For addressing inquiries about our services and products, such as when you ask for a product demonstration or a phone consultation.
• For any additional requests where you've given us express permission to employ your personal data.
3.2 Personal Data Use Within a Contractual Framework
When a contractual agreement exists between us, we utilize your Personal Data for:
• The application of our complimentary tools, phishing and smishing simulators, and other services falling under the terms of service or agreement between your organization, you, and Keepnet Labs LTD.
• Facilitating transactions by managing payments.
• Offering support for our array of products and services. You're always welcome to reach us by phone or email.
• Delivering managed services that we occasionally provide.
• Administering webinars you've chosen to participate in.
• Organizing Keepnet Labs LTD' promotional events or contests.
3.3 Personal Data Use Based on Legitimate Interests
In cases where no contract has been signed with you, or consent hasn't been granted, or another legal basis isn't specified, the following activities are justified by our legitimate interests:
• Logging details of office visitors.
• Analyzing, optimizing, and enriching your experience on our website, such as studying user behavior to improve the overall visitor experience or monitoring website usage and interactions.
• Creating personalized advertisements and content for marketing.
• Investigating potential security threats or compliance-related issues, like potential fraud or abuse of our Website.
• Enhancing our products and services for improved user experience.
Keepnet Labs LTD discloses and processes Personal Data in collaboration with appropriate government and regulatory authorities. When we process Personal Data for these purposes, it is in compliance with a legal obligation that Keepnet Labs LTD must fulfill.
4. DISCLOSURE OF YOUR PERSONAL DATA
In our pursuit to deliver top-notch services, Keepnet Labs LTD occasionally collaborates with third-party entities who aid in providing specialized services or facilitating certain aspects of our operations. Rest assured, the use of your Personal Data by these entities is strictly confined to the agreed upon scope of work.
Here are the various situations where your Personal Data might be shared:
4.1 Collaborative Engagements with Service Providers
For example, we may partner with entities like Amazon Web Services to optimize our services. This type of data sharing is crucial in ensuring seamless service delivery. To uphold data protection standards, we have robust contracts in place with these service providers.
4.2 Event Participation Information
When you register for our webinars or other events, the process is often facilitated by our trusted event management partners.
4.3 Interaction with Keepnet Labs LTD Affiliates
Your Personal Data might be shared with the Keepnet Labs LTD family of companies, or any organizations that may join our corporate family in the future.
4.4 In Event of Corporate Transitions
Should there be significant changes to our corporate structure, like mergers, acquisitions, or reorganizations, your Personal Data may be transferred to the new owners or governing body.
4.5 Sharing on Consent
With your express or implied agreement, we may share your Personal Data for other, specific purposes.
Keepnet Labs LTD also reserves the right to disclose your Personal Data in the following scenarios:
1. When we are obligated or authorized by law to do so.
2. When we are working to prevent potential or actual fraudulent transactions.
3. During the investigation of fraud that has been identified.
5. LEGAL BASIS FOR PROCESSING PERSONAL DATA
We use personal data for administering, developing, and promoting our business. The legal ground for our data use includes the performance of a contract, compliance with legal obligations, and legitimate business interests, subject to your rights and interests.
6. DATA RETENTION
The retention periods for personal data depend on the category:
• Users of Our Website: Data is retained for up to 36 months or as necessary for our business purposes or to comply with legal obligations.
• Customers and Business Associates: Data is typically kept for 36 months from our last relevant contact.
• Threat Intelligence: Data is stored as long as it's publicly available and for an additional 36 months before deletion.
7. INTERNATIONAL DATA TRANSFERS
While we primarily store personal data within the European Economic Area (EEA), transfers to service providers outside the EEA may occur such as the implementation of Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR) or other approved mechanisms by the EU. These measures are in place to ensure that your data is transferred securely and in compliance with applicable data protection laws.
8. THIRD-PARTY PROCESSORS
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
“Digital Marketing Service Providers”
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”
9. YOUR RIGHTS
At Keepnet Labs LTD, we value your privacy and strive to ensure that you have control over your Personal Data. As a data subject, you have certain rights under applicable data protection laws. These rights may include:
1. Right of Access: You have the right to request access to the Personal Data we hold about you and obtain information about how we process it.
2. Right to Rectification: If you believe that any of your Personal Data is inaccurate or incomplete, you have the right to request its correction or amendment.
3. Right to Erasure: In certain circumstances, you have the right to request the erasure of your Personal Data. However, this right is not absolute and may be subject to legal obligations or other legitimate grounds for us to retain the data.
4. Right to Object: You have the right to object to the processing of your Personal Data when it is based on our legitimate interests. We will carefully assess your objection and balance it against our interests.
5. Right to Restriction of Processing: You may have the right to request the restriction of processing of your Personal Data under certain circumstances. This means that we will limit the processing of your data but retain it for specific purposes allowed by law.
6. Right to Data Portability: If we process your Personal Data based on your consent or for the performance of a contract, you may have the right to receive a copy of your data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller.
7. Right to Withdraw Consent: If we rely on your consent as the legal basis for processing your Personal Data, you have the right to withdraw your consent at any time.
Please note that these rights may vary depending on your jurisdiction and the applicable data protection laws. To exercise any of these rights or if you have any questions or concerns regarding the processing of your Personal Data, please contact us using the contact details provided in the "Contact Us" section of this Privacy Policy.
We are committed to handling your requests promptly and in accordance with applicable data protection laws.
10. COMPREHENSIVE PRIVACY NOTICE FOR OUR WEBSITES
Welcome to Keepnet Labs LTD' digital universe, which encompasses keepnetlabs.com and all of our subdomains and alternate online identities (collectively termed as the "Website" or "Site"). At Keepnet Labs LTD, we genuinely value your privacy. This detailed Website Privacy Notice is our pledge towards transparency about how we, at Keepnet Labs LTD Inc. ("Keepnet Labs LTD", "we", "us", or "our"), handle your Personal Data collected through this Site.
Our Website Privacy Notice presents the robust data protection measures Keepnet Labs LTD upholds for our websites. It's worth noting that our Site could provide links to third-party websites, apps, or services. When you venture into these third-party spaces, we encourage you to familiarize yourself with their individual data protection guidelines, as their practices are governed by their own privacy disclosures.
By browsing and interacting with our Site, you're providing a nod to the practices detailed in our Website Privacy Notice. If you find yourself disagreeing with our data management practices as outlined here, kindly steer clear of our Site and other Keepnet Labs LTD-owned web domains. To keep you in the loop about how we collect, process, and share your Personal Data, we advise you to revisit this Website Privacy Notice periodically. If you continue to engage with our Site post any amendments to this notice, we'll take it as your acceptance of the changes.
Unless specified otherwise, Keepnet Labs LTD assumes responsibility as the custodian of your Personal Data, as explained in this Website Privacy Notice.
To clear any ambiguity, this Website Privacy Notice doesn't cover scenarios where we process Personal Data in our role as a data processor for our clients.
10.1 What Our Privacy Notice Covers
Our Website Privacy Notice is applicable to the processing of Personal Data when you:
1. Visit any of our websites that display or connect to this Website Privacy Notice.
2. Engage with our official social media profiles.
3. Drop by our physical office spaces.
4. Communicate with us, be it via emails, phone calls, text messages, or faxes.
5. Use our products and services, wherein we act as the controller of your Personal Data.
6. Register for, attend, or take part in our events, webinars, or contests.
11. COOKIES
Please refer to our cookie policy for details on how we use cookies. https://keepnetlabs.com/cookie-policy
12. Data Use and Privacy
As part of our commitment to enhancing cybersecurity awareness and defenses, Keepnet Labs LTD collects and utilizes data related to the use of our Social Engineering Simulation Services. This initiative is designed to identify and analyze the susceptibility of various industries and departments to social engineering attacks, such as phishing, vishing, smishing, and similar threats. In undertaking this analysis, we adhere to strict data anonymization protocols to ensure the following:
- Anonymization of Data: We guarantee that no employee identification numbers or any personally identifiable information (PII) will be used in the analysis. Our process ensures that individual identities cannot be discerned from the compiled reports.
- Publication of Findings: The insights derived from our analysis may be published to contribute to the broader understanding and awareness of phishing and social engineering vulnerabilities. These reports aim to inform and assist in the development of more effective cybersecurity strategies across industries.
- Privacy and Security Assurance: Keepnet Labs LTD is dedicated to maintaining the highest standards of privacy and security. We ensure that the anonymized data used for these reports will not compromise the privacy or security of our customers or their employees.
13. CHILDREN'S ONLINE PRIVACY PROTECTION
We comply with the Children's Online Privacy Protection Act (COPPA) requirements and do not knowingly collect information from individuals under 13 years of age.
14. MSSPs AND RESELLERS USING OUR PLATFORM
Managed Security Service Providers (MSSPs) and Resellers using our platform are also subject to this policy. It is their responsibility to ensure their compliance with relevant privacy laws and regulations when handling personal data.
14.1 Data Collected
• In addition to the data listed above, MSSPs and Resellers may also provide us with further business-related information.
• This information may include business names, addresses, and contact details of their clients.
14.2 Legal Basis and Use
• The legal basis for processing this data includes performance of a contract, compliance with legal obligations, and legitimate business interests.
• This information is used for provisioning, managing, and supporting the services offered to their clients through our platform.
15. CHANGES TO THIS POLICY
We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page.
16. CONTACT US
Should you have any questions about this privacy policy or our data practices, feel free to contact us at support@keepnetlabs.com
Keepnet Labs LTD is committed to protecting and respecting your privacy. By using our services, you agree to this policy's collection and use of information.
Updated on March 2024