Sixgill Privacy Policy

1. Introduction & Overview

1.1 Introduction

Sixgill is a cyber-threat intelligence company that specializes in monitoring the deep and dark Web.

 This Policy defines how Sixgill collects, stores, shares, uses, retains and protects Personal Data (as defined below).  

This policy describes the types of Personal Data collected by Sixgill, the way Sixgill uses and protects this information, and to whom it is disclosed.

In this Policy, “Sixgill” or “we” refers to Sixgill Inc. and its “Affiliates”, which shall mean subsidiaries, parent companies, joint ventures and other corporate entities under common ownership.

YOU ARE NOT LEGALLY REQUIRED TO PROVIDE US WITH PERSONAL DATA, HOWEVER, SOME OF OUR SERVICES REQUIRE YOU TO DO SO PURSUANT TO THIS POLICY. IN THESE CASES, IF YOU CHOOSE TO WITHHOLD OR DELETE ANY PERSONAL DATA REQUESTED BY US, IT MAY NOT BE POSSIBLE FOR YOU TO ACCESS CERTAIN SERVICES. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS SET FORTH HEREIN PLEASE DO NOT USE OUR SERVICES.

1.2   Definitions

1. “Data Subject” – a natural person whose Personal Data is processed by a controller or processor.
2. “Identifiable natural person” – means one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3. “Personal Data” means any information relating to an identified or identifiable natural person.
4. “Cookies” – are small pieces of information that are stored by the user’s browser on the user’s computer hard drive which enables the organization to recognize the user’s computer when the user returns to the site.

1.3 Purpose and Scope

This Policy defines the ways in which Sixgill collects, stores, shares, uses, retains and protects Personal Data.

SUMMARY

What data we collect. In order to provide and improve our services, we may collect information from the web, from you when use or interact with our website and other services and we may collect employees and human resource data. We also automatically collect and record Personal Data through your use of the services such as your IP address, cookie information, type of browser and technical information regarding the method and nature of your use of the services.

How do we use the data. We use your Personal Data for purposes such as, to help our customers to prevent unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of their Personal Data. Sixgill may send periodic emails for newsletters and some update from Sixgill’s blog. At any time, you may opt-out from receiving newsletters and promotional communications from us.

Cross-Border Transfer. Sixgill may transfer Personal Data to its Affiliates from time to time for Sixgill legitimate business purposes. Your Personal Data may be stored and processed in a country outside the country of your residence or from which you access our services. Transfers of your Personal Data outside the European Economic Area will comply with applicable laws.

Sharing Information with Third Parties. Sixgill may share Personal Data with third parties who help Sixgill to maintain, administer or develop its website or manage\handle inquiries from the Data Subject, sending out newsletters, events or surveys. In addition, we may share your Personal Data if required for the provision, maintenance and improvement of our services; to satisfy applicable law; when permitted by you; to prevent fraud or harm; for processing Personal Data on our behalf; or in the event of a merger, acquisition or other structural change or form of sale of part or all of our assets.

Children’s privacy. For those who are under the age of 18, there is an additional consent or authorization requirement from the holder of parental responsibility. If you believe that we might have collected such information, please contact us.

Legal basis for collection. We collect your Personal Data based on one of the following: your consent; it being necessary to comply with a contract; our Legitimate Interest in your information; it being required by law.

Your Rights. At any time, you may contact us and request to exercise your rights in accordance with applicable law. For more details, see Section 2.8 below.

Protecting your information. We follow appropriate data collection, storage and processing practices generally accepted in the industry and suitable security measures in order to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data, and all other data stored on our systems.

Retention. We keep your Personal Data only for as long as reasonably necessary to fulfill a legitimate business need or to comply with any applicable legal or ethical reporting or document retention requirements.

Tracking Technologies. We use cookies to collect the information described in this Privacy Policy, to manage and maintain our services and to track your use of our services.

California Residents. California residents have specific rights under the California Consumer Privacy Act. For more details, see Section 2.12 below.

Do Not Track Notices. We do not respond to Do Not Track signals.

2. Data that we collect.

2.1 What data we collect:

Information collected from the Web

Sixgill platform uses proprietary algorithms and technology to search and store information, publicly available on the Internet and the dark web, in order to check for security risks that might negatively influence our clients.

In order to provide and improve our services, Personal Data captured by us may include data like:

• Name
• Emails and password
• Date of birth
• Zip code
• Data subject picture
• Identification documents pictures and details

The information that we process during the harvesting is only stored for a short period.

We do, however, create indexes in our harvesting process. These indexes are stored for a longer time in accordance with applicable laws to enhance the quality of the services offered.

Interaction with our website visitors

When you engage with our website and other services, we will collect and use any of the following information about you:

• Resource download – Full name, Business email, Phone, Company name, job title, Country.
• Careers – Full name, email, Phone, Free text as you publish in your CV’s documents.
• Sixgills’ Blog – Business email.
• Contact us – Full name, Company email, Phone, Company name, job title, Country.                    
• Newsletters – Full name, Business email, Phone, Company name, job title, Country.

When you use or interact with the Website and services, the following information is created and automatically logged in our systems:

• Log Data: Information that your browser automatically sends whenever you visit the Sites. Log data includes your IP address (so we understand which country you are connecting from when you visit the Sites), browser type and settings, the date and time of your request, and how you interacted with the Site.
• Cookies: Information from cookies stored on your device. Please see the “Cookies” section below (Cookies) to learn more about how we use cookies and other technologies.
• Device Information: Includes type of device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. Information collected may depend on the type of device you use and its settings.
• Usage Information: Information about how you use our Site, such as the type of content that you view or engage with, the features you use, the actions you take, the other users you interact with and the time, frequency and duration of your activities.

When our customers use our Service

Sixgill collects personal information from its customers in order to enable them to access our service through our Web portal.

This information includes:

• First name
• Last name
• Email address
• Phone number.

This information is gathered either independently or through the help of our authorized third-party service providers as detailed below.

When you are using the Service, we may gather, collect and store the information related to such usage for analysis of your usage for improving our portal services. Such information may include without limitation information and statistics about your online or offline status, your IP address, internet service provider, search history, cookie information, type of browser, your regional and language settings and software and hardware attributes. Our systems may automatically record and store technical information regarding the method and nature of your use of the Services, including without limitation which pages of the Services you viewed, exit and entrance pages and your use time of the Services. An IP address is a numeric code that identifies your device on a network, or in this case, the Internet. Your IP address is also used to gather broad demographic information. The Company may also use the Personal Data that it collects to understand the usage trends, interests, behavior and preferences of its users. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

Employees and Human Resource Data

Sixgill collects Personal Data from applicants seeking employment with the company, including contact details (e.g. e-mail, phone number), CV and any Personal Data therein, professional qualifications and previous employment history to inform employment decisions.

Once employed, Sixgill collects information about its staff related to their performance as well as for payroll and tax purposes.

2.2  How do we use the data?

Information collected from the Web

We are collecting information from the web in order to help our customers and to prevent unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of their Personal Data. We do that by:

• Identifying data that may have been breached or leaked online;
• Tracking vulnerabilities and exploits targeting our customers;
• Enabling organizations to remediate compromised credentials;
• Enabling organizations to better research threats.

Interaction with our customers

Sixgill may send periodic emails or Newsletters and updates from Sixgill’s blog as well as updates pertaining to customer orders or to respond to their inquiries, requests or questions.

Data Subjects who decide to opt in to Sixgill’s mailing lists will receive emails that may include company news, updates, research information, etc.

Data subjects who wish to unsubscribe from the list may do so at any time by following the detailed instructions found at the bottom of each email they receive from Sixgill or send a deletion request to the marketing department.

Please note that even if you opt out of receiving the Newsletter and communications, we may still send you a response to any “Contact Us” request as well as administrative e-mails necessary to facilitate your use of our services.

Sixgill may also use Personal Data to comply with our legal obligations or to resolve any disputes we may have with Data Subjects.

2.3   Cross-Border Transfer

As part of its international operations, Sixgill may transfer Personal Data to its Affiliates from time to time.

If there is a transfer of your Personal Data outside the EEA we will, in the absence of an EC Adequacy decision relevant to the destination country or to the transfer, seek to rely on appropriate safeguards such as entering into appropriate EC approved standard contractual clauses (see http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm). By submitting your Personal Data through the services, you consent, acknowledge, and agree that we may collect, use, transfer, and disclose your Personal Data as described in this Policy. In addition, Sixgill transfers Personal Data only if the recipient of the Personal Data has provided appropriate safeguards, and on condition that enforceable Data Subject rights and effective legal remedies for Data Subjects are available.

Personal Data collected may also be processed by Sixgill’s employees operating outside of the European Economic Area or one of its Affiliates or vendors. This staff may be engaged in processing transactions and payment details or provisioning support services. Sixgill vendors are carefully vetted through a vendor assessment procedure and are legally committed to comply with relevant regulations.

2.4   Sharing Information with Third Parties

In all cases of data access and collection, the information provided will not be disclosed, rented, loaned, leased, sold, or otherwise voluntarily distributed to unaffiliated third parties and will be used solely for the purpose stated herein.

Specifically, Sixgill does not share Personal Data with third parties for their direct marketing purposes unless upon specific consent to such disclosure.

Sixgill may share Personal Data with third parties who help Sixgill to maintain, administer or develop its website, to manage\handle inquiries from the Data Subject, or to send out newsletters, events or surveys. Sixgill may share Data Subject information with such third parties, for those limited purposes and for a limited time.

Sixgill discloses Personal Data to third parties only if they have satisfactory measures to protect Personal Data.

Sixgill cooperates with government and law enforcement officials and private parties to enforce and comply with the law.

We may be required to disclose an individual’s Personal Data in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.

Sixgill may share your Personal Data if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your data in accordance with the terms of this Privacy Policy.

2.6   Children’s Privacy

Processing children personal data – for those who are under the age of 18, there is an additional consent or authorization requirement from the holder of parental responsibility. When a service offering is explicitly addressed to adults, it is freed of this rule.

2.5   Legal Basis for Collection

By providing any Personal Data to us pursuant to this Policy, all users, including, without limitation, users in the United States, Israel and member states of the European Union, fully understand and unambiguously consent to this Policy and to the collection and processing of Personal Data as detailed herein.

We normally collect Personal Data only where:

(a) We have your consent to do so;

(b) Where we need your Personal Data to perform a contract with you (e.g. to deliver the Services you have requested);

(c) Where the processing is in our legitimate interests; or

(d) Where we are required to collect, retain or share such information under applicable laws. In some cases, we may need the Personal Data to protect your vital interests or those of another person.

Where we rely on your consent to process your Personal Data, you have the right to withdraw or decline consent at any time. Where we rely on our legitimate interests to process your Personal Data, you have the right to object.

If you have any questions about or need for further information concerning the legal basis on which we collect and use your Personal Data, please contact us through the contact details available below.

2.8   Your Rights

You may exercise the below rights by sending a request to: info@cybersixgill.com  

As an EU resident, you may request to:

• Receive confirmation as to whether or not Personal Data concerning you is being processed, and access your stored Personal Data, together with supplementary information.
• Receive a copy of Personal Data you directly volunteer to us in a structured, commonly used and machine-readable format.
• Request rectification of your Personal Data that is in our control.
• Request erasure of your Personal Data.
• Object to the processing of Personal Data by us.You have the right to withdraw your consent to the processing of your Personal Data. Exercising this right will not affect the lawfulness of processing your Personal Data based on your consent before its withdrawal.
• Request to restrict processing of your Personal Data by us.
• Where technically feasible, you have the right to ask to transfer your Personal Data in accordance with your right to data portability.
• Lodge a complaint with a supervisory authority.

Please note that these rights pertain to EU residents only, are not absolute, and may be subject to our own legitimate interests and regulatory requirements.

California residents shall refer to Section 2.12 below.

Users outside the EU and California – Some of the aforementioned rights are applicable in certain jurisdictions outside the EU and California as well. Users residing outside the EU and California are welcome to contact us for any questions or requests at the details below.

As an Israel resident, you may request to:

• Receive confirmation as to whether or not Personal Data concerning you is being processed, and access your stored Personal Data, together with supplementary information.
• Receive a copy of Personal Data you directly volunteer to us in a structured, commonly used and machine-readable format.
• Request rectification of your Personal Data that is in our control.
• Request erasure of your Personal Data that is being used only for marketing emails.

Please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.

2.9   Protecting your Information                  

Sixgill follows appropriate data collection, storage and processing practices and suitable security measures in order to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data, and all other data stored on our systems.

Exchange of sensitive and private data between Sixgill’s site and its Data Subjects happens over a secured communication channel and is encrypted and protected with digital signatures.

While Sixgill strives to protect your Personal Data, we cannot ensure or warrant the security and privacy of your Personal Data or other content you transmit using the Service, and you do so at your own risk.

2.10   Retention                                            

We keep your Personal Data only for as long as reasonably necessary to fulfill a legitimate business need or to comply with any applicable legal or ethical reporting or document retention requirements. Retention periods are determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.

2.11   Tracking Technologies

When you visit or access our website, we use cookies. Those allow us to automatically collect information about you, your device and your online behavior, in order to enhance your navigation in our website, improve our website’s performance, perform analytics and customize your experience.

In addition, we may merge data we have with data collected through these tracking technologies and data we may obtain from other sources and, as a result, such data may become Personal Data.

Most web browsers enable you to see what cookies are stored on your device, allow you to delete them all or on an individual basis, and enable you to block or allow cookies for all websites or individually selected websites. You can also normally turn off third party cookies separately. 

2.12 California Residents

California residents have specific rights under the California Consumer Privacy Act of 2018 (“CCPA”). For more information and to exercise your rights, please see the Privacy Notice for California Residents at the following link: https://www.cybersixgill.com/ccpa/

2.13 Do Not Track Notices

You are also advised that Sixgill does not respond to “Do Not Track” signals.

2.14 Changes to this privacy policy

Sixgill has the discretion to update this privacy policy at any time.

The most current version will always be posted on our website (as reflected in the “Last Updated” heading).

You are advised to check for updates regularly. By continuing to access or use our Service after any revisions become effective, you agree to be bound by the updated Privacy Policy.

This privacy policy will be updated at least once every 12 months.

2.15 Contact Information

For any questions, comments or concerns about our Privacy Policy or any other issue please contact Sixgill via: 

• Email: info@cybersixgill.com
• Trouble ticket via the Sixgill website: https://www.cybersixgill.com/
• Phone at +972-73-3236855

All notices given by you or required from you under this Privacy Policy shall be in writing and addressed to:

Sixgill, Inc., Global HQ, Derech Menachem Begin 132, Azrieli Tower, Triangle Building, 42nd Floor, Tel Aviv Israel.

Last Updated: October 2020