Keepnet Labs has made it its job to protect individuals and their privacy and value their demands. Keepnet is committed to preserving personal data and being transparent about how it collects data, uses it and discloses personal data.
We use personal data that relates to three key categories of individuals (or “data subjects”):
- People who use our website – www.keepnetlabs.com
- Our customers and people we work with (this includes employees of our customers and service providers); and
- People with personal data relating to them this is available on the Dark Web and other public internet sources that we collect information from for Threat Intelligence.
For the purpose of the Data Protection Act, 2018 (the Act) and the General Data Protection Regulation (GDPR), the Data Controller is Keepnet Labs, 17 Green Lanes, Newington Green, London, N16 9BS.
Keepnet Labs is registered as a Data Controller with the Information Commissioners’ Office. Our ICO registration number is ZA735330.
INFORMATION WE COLLECT AND USE:
People who use Our Site
We will collect any personal data provided via the webforms on Our Site. We will also automatically collect the following information, this will always be anonymised and cannot be traced back to you and will only be used for the purposes of improving our website and understanding how users interact with it:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from Our Site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks), methods used to browse away from the page.
Our customers and people we work with
We collect personal data relating to our customers, the employees of our customers and other individuals we work with. This personal data includes:
- Name, address, contact details;
- Position and company;
- Professional social media (for example, LinkedIn and Twitter);
- Order history and payment details;
- Records of contact and correspondence; and
- Applications and CVs.
We receive this information directly from individuals or from their companies or the companies we work with.
As part of our platform, we have a modular cyber threat intelligence solution called Threat Intelligence. Our customers are given access to a copy of previous information security breaches relating to their data.
To identify breaches, Threat Intelligence collects a limited range of information from surface, Deep and Dark Web sources including Tor sites and social and text repository sites like Pastebin.
Threat Intelligence is primarily seeking to identify breached information relating to our customers such as:
- Usernames and obfusticated passwords;
Threat Intelligence does routinely collect data that includes personal data.
This personal data includes personal data relating to the staff of our customers and any other personal data that is included in the public sources Threat Intelligence monitors.
Threat Intelligence can be accessed by our customers to review personal data relating to them that has previously been breached in a consolidated view in the platform. Our customers can then access this personal data or other information and decide how to use it.
OUR PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA:
People who use Our Site
We use personal data relating to people who use Our Site for the purposes of administering, developing and promoting our business.
Our legal ground for using the personal data we collect relating to people who visit Our Site is that doing so is necessary for the legitimate interests of our business. We will not use personal data for the purposes of our legitimate interests where an individual’s interests and rights override our business interests.
Our customers and people we work with
We use personal data relating to our customers and people we work with for the purposes of administering, developing and promoting our business.
If you are an individual who has a contract with us, our primary ground for using personal data relating to you will be for the performance of the contract. If you do not provide the personal data we need to perform the contract, we may not be able to provide services to you. We may also use personal data relating to you separately from the performance of the contract where doing so is necessary for the legitimate interests of our business or the legitimate interests of a third party such as our customers. We will not use personal data for the purposes of our legitimate interests where your interests and rights override the legitimate interests we have identified.
If you are an individual who we work with but do not have a direct contract with (for example, employees of our customers or services providers), our legal ground for using personal data relating to you is that doing so is necessary for legitimate interests of our business or the legitimate interests of a third party such as our customers. We will not use personal data for the purposes of our legitimate interests where your interests and rights override the legitimate interests we have identified.
Threat Intelligence uses personal data for the purposes of identifying breaches and other digital risks.
Our legal ground for using the personal data collected by Threat Intelligence is that doing so is necessary for the legitimate interests of our business or the legitimate interests of a third party such as our customers. We will not use personal data for the purposes of our legitimate interests where your interests and rights override the legitimate interests we have identified.
Where a public body uses Threat Intelligence as a customer, the legal ground may be for the performance of a task carried out in the public interest or official authority.
Separately from the legitimate interests of our business and the performance of contracts we have with individuals, we will also use personal information when we are required to do so by law. Where that is the case, our legal ground is that the use of personal data is necessary to comply with a legal obligation.
We only store personal data collected via Our Site while it is needed for our business purposes up to a maximum of 36 months. We will only keep personal data collected via Our Site for longer where necessary to comply with our legal obligations or to safeguard are legal rights.
Our customers and people we work with
We will generally store personal data that is related to our customers or other people we work with for a maximum of 36 months from our last relevant contact end date. We will only keep personal data relating to customers or other people we work with for longer where necessary to comply with our legal obligations or to safeguard our legal rights.
All personal data collected by Threat Intelligence is stored for as long as it’s still publicly available and for a further 36 months (maximum) before deletion.
Where you request personal data relating to you to be removed from our system, please note it may take up to 28 days for this process to be completed.
DISCLOSURE OF PERSONAL DATA:
To help administer, develop and promote our business, we share personal data with and receive personal data from the following types of service provider –
- Payment processors.
- Advertising partners.
- Analytics service providers.
- IT providers.
- Email database management.
- Consumer relationship management.
- Professional services (for example, accountants and lawyers).
We have contracts in place with these service providers that strictly govern how they may use the personal data we share with them.
We will share personal data with potential buyers, group companies, investors and/or business partners where necessary for a reorganization, restructuring, merger, sale or transfer of assets involving Keepnet Labs and/or the Service.
Where Threat Intelligence identifies information relating to one of our customers, that customer is able to access that information. Customers are strictly limited to only searching for personal data that relates to them and their business domain(s).
WHERE WE STORE PERSONAL DATA:
We store personal data within the European Economic Area. However, the personal data held may be transferred to service providers or others based outside the EEA. Where we transfer personal data outside of the EEA we implement safeguards such as standard contractual clauses approved by the European Commission or the EU-US Privacy Shield.
You have the rights to:
- Information about how we use personal data (which is what this policy is for);
- Access to personal data;
- Object to direct marketing and the use of personal data based on the grounds of legitimate interest;
- Erasure of personal data;
- Portability of personal data;
- Withdraw consent where our use of personal data is based on consent;
- Rectification of personal data;
- Restriction of personal data; and
- Complain to the Information Commissioner’s Office.
Please be aware that these are not absolute and there may be some situations in which they cannot be exercised or they are not relevant. You can find out more detail about these rights on the website of the Information Commissioner’s Office – www.ico.org.uk.
Should we send you information and you no longer wish to be contacted please unsubscribe or contact us by email (firstname.lastname@example.org). Your request will be processed within 28 days. If you are a customer, your preferences can also be managed directly via your account.
OTHER SITES REFERENCED ON WWW.KEEPNETLABS.COM:
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential or where the data is already accessible in the public domain. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Children’s Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
MSSPs and Resellers Using Our Platform
This policy was last modified on March 19, 2021
By post: Keepnet Labs White Collar Factory, 1 Old Street Yard, London, EC1Y 8AF
By email: email@example.com