Privacy Policy

Introduction

IMPORTANT NOTE TO USERS OF OUR SERVICES: BY USING SIXGILL INC’S, SIXGILL LTD.’S OR ANY OF THEIR AFFILIATES’ (“COMPANY” OR “WE“) SOLUTIONS OR SERVICES (COLLECTIVELY, THE SERVICES“) YOU (“YOU“) CONSENT TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND CONSENT THAT ALL PII (DEFINED BELOW) THAT YOU SUBMIT OR THAT IS PROCESSED OR COLLECTED THROUGH OR IN CONNECTION WITH YOUR USE OF THE SERVICES WILL BE PROCESSED BY THE COMPANY AND ITS AFFILIATES IN THE MANNER AND FOR THE PURPOSES DESCRIBED IN THE FOLLOWING PRIVACY POLICY. 

Company is a controller of the PII it processes in connection with management of its engagements with its customers and partners (e.g. contact personnel data, email communications and usage metrics). Company is a joint controller, together with its customers and partners, of PII made available by Company to such customers and partners, from Company’s data-lake (e.g. cyber threat intelligence).  When Company processes PII on behalf of its customers (e.g. the customer submits a search query to Company’s solutions or Company acquires compromised data pursuant to a specific request from a data controller), Company is a data processor of such PII, to the extent applicable, and Company’s customer or Company’s partner’s customer, as the case may be, will be the data controller, and will be responsible to establish the lawful basis for processing and to ensure that data subjects can exercise their rights set forth in Section 9 below.

AS A USER OR OUR SERVICES AND/OR SOLUTIONS, YOU ARE NOT LEGALLY REQUIRED TO PROVIDE US WITH PII, HOWEVER, USE OF THE SERVICES REQUIRES THAT YOU PROVIDE PII. IF YOU CHOOSE TO WITHHOLD ANY PII REQUIRED IN RESPECT THEREOF, IT WILL NOT BE POSSIBLE FOR YOU TO USE THE SERVICES. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS SET FORTH HEREIN PLEASE DO NOT USE THE SERVICES.

PII” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We recognize that privacy is important. This Privacy Policy applies to all of the services, information, tools, features and functionality available on the Services offered by the Company or its subsidiaries or affiliated companies and covers how PII that the Company collects and receives, including in respect of any use of the Services, is treated. If you have any questions about this Privacy Policy, please feel free to contact us at: dpo@cybersixgill.com

2. Information We Collect and How We Use It

Summary: We collect personal data about our customers’ and partners’ representatives who are contact persons or otherwise users of our Services. We also receive your queries on our Services, which may include PII. We use such PII in order to provide the Services, improve our solutions and services and enforce our agreement.

We also collect PII from various sources in the clear-web, deep-web and dark-web and sometimes purchase compromised PII on behalf of data controllers. We use such PII for purposes such as, assisting our customers and partners to mitigate or prevent security breaches, assisting law enforcement or other government agencies in investigation or indictment of suspected cyber-criminals and in cyber-security research and fulfillment of other similar legitimate interests.

In order to provide and operate our Services and provide services in connection therewith, we collect and process PII, including the following types of information: 

  1. Your Contact Information

When you subscribe to use the Services we ask you to provide PII, including: Full name, email address, phone number and the organization for whom you work. 

  1. Usage Information

When you use the Services, we automatically receive and record information from your browser and information related to such usage for analysis of your usage for improving our solutions and services, including without limitation information and statistics about your online/offline status, your  IP address, device identifiers, internet service provider, connection speed, search history, type of browser, your regional and language settings and software and hardware attributes. Our systems automatically record and store technical information regarding the method and nature of your use of the Services, including without limitation your search queries, meta-data of search queries, which pages of the Services you viewed, exit and entrance pages and your use time of the Services. An IP address is a numeric code that identifies your browser on a network, or in this case, the Internet. Your IP address is also used to gather broad demographic information. The Company uses all of the PII identified in this Section in order to understand the usage trends and preferences of our users, including recent visits to our Services and how you move around different sections of our Services for analytics purposes and in order to make our Services more intuitive. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

3. Data From Third Parties

We collect information from the clear-web, dark-web and deep-web and some-times also purchase compromised data on behalf of data controllers, which often includes also PII, in order to assist our customers and partners to mitigate, prevent and remediate cyber security risks and security breaches. We do that by, inter alia: (i) identifying data that may have been breached or leaked online (which often includes PII); (ii) tracking vulnerabilities and exploits targeting our customers; (iii) enabling organizations to remediate compromised credentials; and (iv) assisting organizations in researching security threats. We may also use such PII in order to comply with legal or ethical obligations or with any order of a court or competent authority.

4. User Communications

When you send emails or other communications to the Company, we retain those communications in order to process your inquiries, respond to your requests and improve our Services. We may send customers, partners and other subscribers periodic emails or newsletters and updates from Company’s blog, including promotional materials. Data subjects who wish to unsubscribe from the list may do so at any time by following the detailed instructions found at the bottom of each email they receive from the Company or send us a request here dpo@cybersixgill.com. Please note that even if you opt-out of receiving the newsletters and communications, we may still send you transactional communications such as responses to any of your emails as well as administrative e-mails necessary to facilitate your use of our Services.

5. Aggregate and Analytical Data

In the effort to produce insights regarding use of the Services in order to improve our services and develop and improve new features and automated processes on our Services, we often conduct research on PII arising from use of our Services, including usage data and search queries. This research is compiled and analyzed on an aggregate basis, and we share this aggregate data with Company’s affiliates, agents and business partners and also disclose aggregated information in order to describe our services to current and prospective business partners or investors. This aggregate information does not identify you or your customers or employees personally. 

6. Cookies

Summary: We use cookies and similar technologies on our Services. You can disable cookies but then your online experience on our Services will be limited. 

In order to collect some of the data described herein we use temporary cookies that remain on your browser for a limited period of time. We also use persistent cookies that remain on your browser until the Company’s Services are removed, in order to manage and maintain the Services and record your use of the Services. Cookies by themselves cannot be used to discover the identity of the user. A cookie is a small piece of information which is sent to and stored on your browser. Cookies do not damage your browser. Most browsers allow you to block cookies but you may not be able to use some features on the Services if you block them. You may set most browsers to notify you if you receive a cookie (this enables you to decide if you want to accept it or not). We also use web beacons via the Services to collect information. Web beacons or “gifs”, are electronic images that are used in our Services or in our emails. We use Web beacons to deliver cookies, count visits and to tell if an email has been opened and acted upon.

7. Links

Links to other services, sites and applications are provided by the Company as a convenience to our users (e.g. links to sources). The Company is not responsible for the privacy practices or the content of other sites and applications and you visit them at your own risk. This Privacy Policy applies solely to PII collected by us. 

8Minors

We do not intentionally collect PII of minors. 

9. Information Sharing 

Summary: We transfer your PII to third parties who assist us in providing the Services. We have a contract with those third parties to govern their processing on our behalf. We may also transfer PII to comply with any obligations by which we are bound or to an investor or in connection with a merger or acquisition or similar transaction.

As part of providing the Services our affiliates, agents, representatives and service providers will have access to your PII. We require these parties to process such information in compliance with this Privacy Policy and subject to security and other appropriate confidentiality safeguards.  The Company will also share PII in the following circumstances: (a) as required for providing the Services; (b) for maintenance and improvement of the Services; (c) if we become involved in a reorganization, merger, consolidation, acquisition, or any form of sale of some or all of our assets, with any type of entity, whether public, private, foreign or local; and/or (d) to satisfy applicable law or due to an order or request by any competent authority, prevention of fraud or harm or to enforce applicable agreements and/or their terms, including investigation of potential violations thereof.

The server on which the Services are hosted and/or through which the Services are processed may be outside the country from which you access the Services and may be outside your country of residence. Some of the uses and disclosures mentioned in this Privacy Policy involve the transfer of your PII to various countries around the world that may have different levels of privacy protection than your country and will be transferred outside of the European Economic Area. If there is a transfer of your PII outside the EEA or UK (as the case may be) we will, in the absence of an EC Adequacy decision relevant to the destination country or to the transfer, seek to rely on appropriate safeguards such as entering into appropriate EC approved standard contractual clauses (see:

http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm). 

10. Data Security

We follow generally accepted industry standards to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of PII. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your PII, we cannot guarantee its absolute security. We retain your PII only for as long as reasonably necessary for the purposes for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements. 

11. Data Retention

Summary: We retain PII only for as long as necessary to meet our legal and ethical obligations, which for different types of PII will be different periods. 

  1. Company will retain PII in accordance with its record retention policy. PII associated with our customers and business partners, will be retained for the duration of our engagement, and a period of seven years thereafter.  The company performs periodic reviews of our databases, and have established specific time limits for data retention, based on the criticality of the PII and the purposes of the data processing. We will also retain PII to meet any audit, compliance and business best-practices. 

    • PII with respect to which Company is the processor will be deleted only on instruction of the controller, except where such data must be retained by us due to a legitimate interest such as a legal obligation, protection against legal claims or post engagement customer service. 

    • Personal Data that is no longer retained will be anonymized or deleted. Non-personal, non-identifiable, metadata and statistical information concerning the use of our Services are retained by Company indefinitely. 

    • Data Integrity

The Company processes PII only for the purposes for which it was collected and in accordance with this Privacy Policy or any applicable service agreements. We review our data collection, storage and processing practices to ensure that we only collect, store and process the PII needed to provide or improve our Services. We take reasonable steps to ensure that the PII we process is accurate, complete, and current, but we depend on our users to update or correct their PII whenever necessary. Nothing in this Privacy Policy is interpreted as an obligation to store information, and we may, at our own discretion, delete or avoid from recording and storing any and all information.

13. Rights of Data Subjects

  1. Right of Access and Rectification

Data subjects have the right to know what PII we collect about them and to ensure that such data is accurate and relevant for the purposes for which we collected it. We allow data subjects the option to access and obtain a copy of their PII and to rectify such PII if it is not accurate, complete or updated. However, we may first ask data subjects to provide us certain credentials to permit us to identify their PII. 

  1. Right to Delete PII or Restrict Processing

Data subjects have the right to delete their PII or restrict its processing. We may postpone or deny such requests if the PII is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.  

  1. Right to Withdraw Consent

Data subjects have the right to withdraw their consent to the processing of their PII. Exercising this right will not affect the lawfulness of processing the PII based on consent obtained before its withdrawal.

  1. Right of Data Portability

Where technically feasible, data subjects have the right to ask to transfer their PII in accordance with their right to data portability, if required pursuant to applicable law.

Data subjects may exercise the above rights by sending a request to dpo@cybersixgill.com

  1. Right to Lodge Complaint

Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their PII.  

14. Enforcement

The Company regularly reviews its compliance with this Privacy Policy. Please feel free to direct any questions or concerns regarding this Privacy Policy or our treatment of PII by contacting us as provided above. When we receive formal written complaints it is the Company’s policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of PII that cannot be resolved between the Company and an individual.

15Changes to This Privacy Policy

The Company may update this Privacy Policy. We will notify you about significant changes in the way we treat PII by sending a notice to the email address provided by you or by placing a prominent notice on the Services. We encourage you to periodically review this Privacy Policy for the latest information about our privacy practices. Our customers and business partners will be notified of such changes and are responsible to inform their data subjects.

16. Legal Justification and Consent To Processing

  1. For users of our Services: by providing any PII to us pursuant to this Privacy Policy, all users, including, without limitation, users in the United States, Israel and member states of the European Union, fully understand and unambiguously consent to this Privacy Policy and to the collection and processing of such PII abroad. By submitting your PII through the Services, you consent, acknowledge, and agree that we will collect, use, transfer, and disclose your PII as described in this Privacy Policy.

    • When Company processes PII on behalf of its customers (e.g. Company acquires compromised data on behalf of a controller or Company processes search queries of customers or partners), Company is a data processor. In such case, Company’s customer will be a data controller, and will be responsible to obtain the data subjects’ consent or establish any other applicable lawful basis for processing , and we rely on our contractual relationship with the controller (i.e. our customer or partner). 

    • In respect of PII included in Company’s data-lake (e.g. cyber threat intelligence) we rely on a legitimate interest when collecting and retaining such PII, which is to provide cyber threat intelligence services, assist to prevent or investigate crimes or fraud and assist to protect confidential or personal information and in some cases we rely on basis that processing is necessary for the performance of a task carried out in the public interest (e.g. assistance to the European Union or a Member State or a third party authorized by them). Our customers and partners who search for such PII on our Services are deemed as data controllers as well and are required by us to collect and process such PII only based on a legal justification for processing.

  2. Questions

You may contact our DPO here: dpo@cybersixgill.com. If you have any questions about this Privacy Policy or concerns about the way we process your PII, please contact us at dpo@cybersixgill.com. If you wish to delete all information regarding your use of the Services, please contact us at: dpo@cybersixgill.com

17. Your California Privacy Rights and Do Not Track Notices

California Civil Code Section 1798.83 permits customers of Company who are California residents to request certain information regarding its disclosure of PII to third parties for their direct marketing purposes. To make such a request, please send an email to dpo@cybersixgill.com. Please note that we are only required to respond to one request per customer each year. 

Privacy Notice for Job Candidates ("Privacy Policy״)

This Privacy Policy details how your PII (as defined below) is collected via the Website (as defined below) is used and processed by Sixgill Ltd. ("SIXGILL" OR "WE") IMPORTANT: BY VISITING SIXGILL'S WEBSITE AT https://cybersixgill.com OR any  related website/ platform on beahlf of Sixgill Ltd.] (“WEBSITE”) YOU ("YOU") GIVE YOUR CONSENT TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND CONSENT THAT CERTAIN PII (DEFINED BELOW) THAT YOU SUBMIT OR THAT IS PROCESSED, USED OR COLLECTED THROUGH OR IN CONNECTION WITH THE WEBSITE WILL BE PROCESSED BY SIXGILL AND ITS AFFILIATES IN THE MANNER AND FOR THE PURPOSES DESCRIBED IN THE FOLLOWING PRIVACY POLICY. 

WE DEFINE "PII" TO MEAN ANY INFORMATION RELATING TO AN IDENTIFIED OR IDENTIFIABLE NATURAL PERSON; AN IDENTIFIABLE NATURAL PERSON IS ONE WHO CAN BE IDENTIFIED, DIRECTLY OR INDIRECTLY, IN PARTICULAR BY REFERENCE TO AN IDENTIFIER SUCH AS A NAME, AN IDENTIFICATION NUMBER, LOCATION DATA, AN ONLINE IDENTIFIER OR TO ONE OR MORE FACTORS SPECIFIC TO THE PHYSICAL, PHYSIOLOGICAL, GENETIC, MENTAL, ECONOMIC, CULTURAL OR SOCIAL IDENTITY OF THAT NATURAL PERSON.

YOU ARE NOT LEGALLY REQUIRED TO PROVIDE US WITH PII, HOWEVER, SOME USE OF THE WEBSITE REQUIRES THAT YOU PROVIDE PII. IF YOU CHOOSE TO WITHHOLD OR DELETE ANY PII REQUESTED BY US, IT WILL NOT BE POSSIBLE FOR YOU TO USE THE WEBSITE. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS SET FORTH HEREIN PLEASE DO NOT USE THE WEBSITE.

We recognize that privacy is important. This Privacy Policy applies to all of the software, services, information, tools, features, data and functionality available on the Website and covers how PII that Sixgill collects and receives, including in respect of any use of the Website, is treated. If you have any questions about this Privacy Policy, please feel free to contact us at: dpo@cybersixgill.com.

PII We Collect. In order to provide and improve our Website, we may collect information you provide and other information as detailed below. In addition, we may collect your PII from third parties, your device location data, your user information, communications you send us and aggregate data. We also automatically collect and record PII through your use of the Website, such as your IP address, cookie information, type of browser and technical information regarding the method and nature of your use of the Website. At any time, you may request to opt-out from receiving newsletters and promotional communications from us.

How We Use Your PII. We use your PII for purposes such as providing you with, improving and operating our Website, to learn how to adjust and personalize your use of the Website, to understand the usage trends and preferences of our users, for marketing and customer relations purposes, in order to protect the Website from threatening activities and for potential recruitment activities.

Cookies and Web Beacons. Web beacons, tags and scripts may be used on our Website. These assist us in delivering cookies, counting visits to our Websites, understanding usage and campaign effectiveness. You can disable cookies but then your online experience on our Website will be limited.

Analytics: We collect analytics information when you use the Website to help us improve them. We may also share pseudonymized or aggregated data about your actions.

Links. The Website may contain links to other services, sites and applications that are subject to their own privacy and data protection policies. 

Children. We do not intend to collect PII from anyone we know to be under 16 years old. If you believe that we might have collected such information, please contact us.

PII Sharing. We grant access to your PII to our affiliates, agent representatives, and third party providers. In addition, we may share your PII if required for the provision, maintenance and improvement of the Website; to satisfy applicable law; when permitted by you; to prevent fraud or harm; or in the event of a merger, acquisition or other structural change or form of sale of part or all of our assets. 

PII Security. We follow generally accepted industry standards to protect against unauthorized access, alteration, disclosure or destruction of your PII, however we cannot guarantee its absolute security. We keep your PII only for as long as reasonably necessary to fulfill a legitimate business need or to comply with any applicable legal or ethical reporting or document retention requirements. 

Data Integrity. We process PII only for the purposes for which it was collected and take reasonable steps to ensure that the PII we process is accurate, complete and current. However, we depend on you to rectify your PII when necessary. 

Your Rights. At any time, you may contact us and request to exercise your rights in accordance with applicable law. For more details see Section 8 below.

Enforcement. We will cooperate with the appropriate regulatory authorities to resolve any formal written complaints regarding processing of PII that cannot be resolved between us and the complaining individual. 

Consent to Processing and Transferring of PII. Your PII may be stored and processed in a country outside the country of your residence or from which you access the Website. 

Do Not Track Notices. We do not respond to Do Not Track signals.

  1. PII We Collect and How We Use It. In order to provide and improve our Website, for product development, to understand the usage trends and preferences of our users, for marketing and customer relations purposes, or for our business purposes, we may collect and process PII, including the following types of PII: 

    1. Information You Provide. For some of the features of the Website and for potential job recruitment purposes, we may ask you to provide PII, including: full name, email address, LinkedIn/ social media profiles, phone number, and CV (Curriculum vitae). 

    2. Third Parties. We sometimes supplement the information that you provide with information that is received from third parties. 

    3. User Information. When you use the Website, we may automatically receive and record information from your device, documents and browser, including without limitation technical and behavioral information, information and statistics about your online/offline status, your IP address IP address, geolocation data (including country and city), device identifiers, internet service provider, connection speed, search history, type of browser, browser ID, device ID, cookie information, regional and language settings and software and hardware attributes, network status (WiFi/ cellular carrier), and operating system information. Our systems may automatically record and store technical information regarding the method and nature of your use of the Website, including without limitation which pages or widgets of the Website you viewed, exit and entrance pages, videos you watched, impressions, the number of views they get and any actions you make in the Website, and your use time. We use your IP address to help with server problem diagnosis and to administer the Website. An IP address is a numeric code that identifies your browser on a network, or in this case, the Internet. Your IP address is also used to gather broad demographic information. We may also perform IP lookups to determine which domain you are coming from (i.e.: aol.com, yourcompany.com) to more accurately gauge our users' demographics. We use all of the PII that we collect to understand the usage trends and preferences of our users, including recent visits to our Website and how you move around different sections of our Website for analytics purposes and in order to make our Website more intuitive. 

    4. Job Applicants Data. We collect PII from applicants seeking employment with Sixgill and submitting details through our Websites, including CV and all information therein, contact details (e.g. phone number, e-mail address, address), professional qualifications and previous employment history. Job applicants’ PII is processed for the purpose of organizing and evaluating the hiring procedure during the recruitment of new employees, e.g. to assess applicants’ personal abilities, knowledge and skills prior to entering into an engagement with Sixgill and for HR management.

    5. User Communications. When you send an email or other communication to Sixgill, we may retain those communications in order to process your inquiries, respond to your requests and improve our Website. We may send you push notifications to send you news and updates related emails and notifications in respect of the Website. If you subscribed on the Website to receive our newsletter, we will use your name and e-mail address to send you our newsletters and other promotional communications, you may opt-out of this service at any time by submitting a request at dpo@cybersixgill.com

    6. Aggregate and Analytical Data. In an ongoing effort to better understand and serve the users of the Website, we often conduct research on our customer demographics, interests and behavior, use of the Website, and other statistics, based on the PII, the information submitted on our Website and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregate data with our affiliates, agents and business partners and also disclose aggregated information in order to describe our Website to current and prospective business partners or investors and to other third parties for other lawful purposes. This aggregate information does not identify you or any other individual personally.

  2. Cookies and Web Beacons. In order to collect the data described herein we use temporary cookies that remain on your browser for a limited period of time. We also use persistent cookies that remain on your browser until it is closed, in order to manage and maintain the Website and record your use of the Website. Cookies by themselves cannot be used to discover the identity of the user. A cookie is a small piece of information which is sent to and stored on your browser. Cookies do not damage your browser. Most browsers allow you to block cookies but you may not be able to use some features on the Website if you block them. You may set most browsers to notify you if you receive a cookie (this enables you to decide if you want to accept it or not). We also use web beacons via the Website to collect information. Web beacons or "gifs", are electronic images that may be used in our Website or in our emails. We use Web beacons to deliver cookies, count visits and to tell if an email has been opened and acted upon

  3. Links. Links to third party services, widgets, features, sites and applications may be provided by Sixgill as a convenience to our users. Sixgill is not responsible for the privacy practices or the content of other sites and applications and you visit them at your own risk. This Privacy Policy applies solely to PII collected or used by us. 

  4. Minors. If you are a minor under the age of 16, you must obtain parental consent prior to using our Website. Sixgill will not knowingly contact or engage with children under the age of 16 without said parental consent and do not intentionally gather, collect/use or share PII from minors under the age of 16. If you have reason to believe that a child has provided us with their PII, please contact us at the address given above and we will endeavor to delete that PII from our databases. 

  5. PII Sharing. As part of providing the Website our affiliates, agents, representatives and third party providers may have access to your PII in the following circumstances: (a) when we process PII on behalf of our business customers, we share that information with them, in which event except for de-identified and aggregate information, which we control, we are merely the processors of your PII on behalf of our business customers who collect and process your PII. We require them to do so in accordance with applicable laws, but we do not control their actions and therefore you are advised to review their privacy policies; (b) as required for the provision, maintenance and improvement of the Website; (c) when permitted by you; (d) if we become involved in a reorganization, merger, consolidation, acquisition, or any form of sale of some or all of our assets, with any type of entity, whether public, private, foreign or local; and/or (c) to satisfy applicable law or prevention of fraud or harm, security or technical issues, or to enforce applicable agreements and/or their terms, including investigation of potential violations thereof or in response to a court order, judicial or administrative subpoena or warrant, or to otherwise cooperate with law enforcement investigations; (f) to ensure security and for purposes of debugging; and/or (g) to our affiliates or other trusted businesses or persons, agents, third party service providers, subcontractors and representatives for the purpose of processing PII on our behalf in Israel and/or abroad.

The server on which the Website is hosted may be outside the country from which you access the Website and may be outside your country of residence. Some of the uses and disclosures mentioned in this Privacy Policy involve the transfer of your PII to various countries around the world that may have different levels of privacy protection than your country and will be transferred outside of the European Economic Area. If there is a transfer of your PII outside the EEA or UK or Switzerland (as the case may be) we will, in the absence of an adequacy decision relevant to the destination country or to the transfer, seek to rely on appropriate safeguards such as entering into appropriate EC approved standard contractual clauses.  

  1. PII Security and Retention. We follow generally accepted industry standards. to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of PII. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your PII, we cannot guarantee its absolute security. We retain your PII only for as long as reasonably necessary for the purposes for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.

  2. Data Integrity. Sixgill processes PII only for the purposes for which it was collected or used and in accordance with this Privacy Policy or any applicable service agreements. We review our data collection, usage, storage and processing practices to ensure that we only collect, use, store and process the PII needed to provide or improve our Website. We take reasonable steps to ensure that the PII we process is accurate, complete, and current, but we depend on our users to update or correct their PII whenever necessary. Nothing in this Privacy Policy is interpreted as an obligation to store PII, and we may, at our own discretion, delete or avoid from recording and storing any and all information.

  3. Your Rights. 

  1. Right of Access and Rectification. You have the right to know what PII we collect about you and to ensure that such data is accurate and relevant for the purposes for which we collected it. We allow our users the option to access and obtain a copy of their PII and to rectify such PII if it is not accurate, complete or updated. However we may first ask you to provide us certain credentials to permit us to identify your PII. 

  2. Right to Delete PII or Restrict Processing. You have the right to delete your PII or restrict its processing. We may postpone or deny your request if your PII is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.  

  3. Right to Withdraw Consent. You have the right to withdraw your consent to the processing of your PII. Exercising this right will not affect the lawfulness of processing your PII based on your consent before its withdrawal.

  4. Right of Data Portability. Where technically feasible, you have the right to ask to transfer your PII in accordance with your right to data portability.

You may exercise the above rights by sending a request to dpo@cybersixgill.com

  1. Right to Lodge Complaint. You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your PII.  

  2. Enforcement. Sixgill regularly reviews its compliance with this Privacy Policy. Please feel free to direct any questions or concerns regarding this Privacy Policy or our treatment of PII by contacting us as provided above. When we receive formal written complaints it is Sixgill's policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of PII that cannot be resolved between Sixgill and an individual.

  3. Changes to This Privacy Policy. Sixgill may update this Privacy Policy. We will notify you about significant changes in the way we treat PII by placing a prominent notice on the Website. We encourage you to periodically review this Privacy Policy for the latest information about our privacy practices. 

  4. Legal Justification and Consent To Processing. 

    1. For users of our Website where consent is required under applicable laws: by providing any PII to us pursuant to this Privacy Policy, all users fully understand and unambiguously consent, at their volition, to this Privacy Policy and to the collection and processing of such PII abroad. By submitting your PII through the Services, you consent, acknowledge, and agree that we will collect, use, transfer, and disclose your PII as described in this Privacy Policy.

    2. Where PII is processed under the GDPR, we rely on a legitimate interest when collecting and retaining such PII and if a user became a customer of Sixgill or enters into any other engagement with Sixgill (e.g. employees), then we also rely on a contractual relationship when collecting and retaining such PII. Our legitimate interests are to manage and operate the Website, improve the Website, ensure the security of the Website and undertake marketing activities on the Website.

  5. Consent to Processing. By providing any PII to us pursuant to this Privacy Policy, all users, including, without limitation, users in the United States, UK, Israel and member states of the European Union, fully understand and unambiguously consent to this Privacy Policy and to the collection, usage, and/or processing of such PII abroad. The server on which the Website is hosted and/or through which the Website is processed may be outside the country from which you access the Website and may be outside your country of residence. Some of the uses and disclosures mentioned in this Privacy Policy may involve the transfer of your PII to various countries around the world that may have different levels of privacy protection than your country and may be transferred outside of the European Economic Area (EEA). If there is a transfer of your PII outside the EEA we will, in the absence of an EC Adequacy decision relevant to the destination country or to the transfer, seek to rely on appropriate safeguards such as appropriate EC approved standard contractual clauses (see http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm) or other measures. By submitting your PII through the Website, you consent, acknowledge, and agree that we may collect, use, transfer, and disclose your PII as described in this Privacy Policy. 

  6. Do Not Track Notices. You are also advised that Sixgill does not respond to "Do Not Track" signals.

  7. Questions. You may contact our DPO here: dpo@cybersixgill.com. If you have any questions about this Privacy Policy or concerns about the way we process your PII, please contact us at dpo@cybersixgill.com. If you wish to delete all information regarding your use of the Services, please contact us at: dpo@cybersixgill.com 

Last updated: Jan 2024