NopSec.com, inc. (“NopSec.com” or the “Company”) is committed to protecting the privacy of individuals who visit the Company’s websites (“Visitors”), individuals who register to use the Services as defined below (“Customers”), and individuals who register to attend the Company’s corporate events (“Attendees”). This Privacy Statement describes NopSec.com’s privacy practices in relation to the use of the Company’s websites and the related applications and services offered by NopSec.com (the “Services”).

1. Websites covered

This Privacy Statement covers the information practices of Websites that link to this Privacy Statement, including: https://www.NopSec.com (referred to as “NopSec.com’s Websites” or “the Company’s Websites”).

NopSec.com’s Websites may contain links to other Websites. The information practices or the content of such other Websites is governed by the privacy statements of such other Websites. The Company encourages you to review the privacy statements of other Websites to understand their information practices.

2. Information collected

When expressing an interest in obtaining additional information about the Services or registering to use the Services, NopSec.com requires you to provide the Company with personal contact information, such as name, company name, address, phone number, and email address (“Required Contact Information”). When purchasing the Services, NopSec.com may require you to provide the Company with financial qualification and billing information, such as billing name and address, credit card number, and the number of employees within the organization that will be using the Services (“Billing Information”). NopSec.com may also ask you to provide additional information, such as company annual revenues, number of employees, or industry (“Optional Information”). Required Contact Information, Billing Information, and Optional Information about Customers are referred to collectively as “Data About NopSec.com Customers”, or in the case of Attendees, “Data About NopSec.com Attendees”.

As you navigate the Company’s Websites, NopSec.com may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons (“Website Navigational Information”). Website Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Company’s Websites (such as the Web pages viewed and the links clicked).

When you visit our Sites, our server automatically collects certain browser or device generated information, which may in some cases constitute personal data, including but not limited to:

  • your domain;
  • your IP address;
  • your date, time and duration of your visit;
  • your browser type;
  • your operating system;
  • your page visits;
  • information from third parties;
  • other information about your computer or device; or
  • Internet traffic.

Vulnerability Data

NopSec collects, aggregates, and stores vulnerability and audit data for its customers. NopSec in turn will not disclose individual records other than aggregates as described above or for the purposes described below.

3. Use of information collected

The Company uses Data About NopSec.com Customers to perform the services requested. For example, if you fill out a “Contact Me” Web form, the Company will use the information provided to contact you about your interest in the Services.

The Company also uses Data About NopSec.com Attendees to plan and host corporate events, host online forums and social networks in which event attendees may participate, and to populate online profiles for Attendees on the Company’s Websites. Additional information on the Company’s privacy practices with respect to Data About NopSec.com Attendees may be found in additional privacy statements on the event Websites, as the case may be.

The Company may also use Data About NopSec.com Customers and Data About NopSec.com Attendees for marketing purposes. For example, the Company may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding the Company, its affiliates, and its partners, such as information about promotions or events.

NopSec.com uses Web Site Navigational Information to operate and improve the Company’s Websites. The Company may also use Web Site Navigational Information alone or in combination with Data About NopSec.com Customers and Data About NopSec.com Attendees to provide personalized information about the Company.

4. Web Site Navigational Information

Cookies, Web Beacons and IP Addresses

NopSec.com uses commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as you navigate the Company’s Websites (“Web Site Navigational Information”). This section describes the types of Web Site Navigational Information used on the Company’s Websites and how this information may be used.

Cookies

NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company.

NopSec.com uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. Please note that if you disable your Web browser’s ability to accept cookies, you will be able to navigate the Company’s Websites, but you will not be able to successfully use the Services.

The following sets out how NopSec.com uses different categories of cookies and your options for managing cookies’ settings:

Type of CookiesDescriptionManaging Settings
Required cookiesRequired cookies enable you to navigate the Company’s Websites and use its features, such as accessing secure areas of the Websites and using NopSec.com Services.

If you have chosen to identify yourself to NopSec.com, the Company uses cookies containing encrypted information to allow the Company to uniquely identify you. Each time you log into the Services, a cookie containing an encrypted, unique identifier that is tied to your account is placed on your browser. These cookies allow the Company to uniquely identify you when you are logged into the Services and to process your online transactions and requests.

Because required cookies are essential to operate the Company’s Websites and the Services, there is no option to opt out of these cookies.
Performance cookiesThese cookies collect information about how Visitors use our Web site, including which pages visitors go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies a Visitor. All information these cookies collect is aggregated and anonymous. It is only used to improve how the Company’s Web site functions and performs.

From time-to-time, NopSec.com engages third parties to track and analyze usage and volume statistical information from individuals who visit the Company’s Websites. NopSec.com may also utilize Flash cookies for these purposes.

Functionality cookiesFunctionality cookies allow the Company’s Websites to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features. These cookies also enable you to optimize your use of NopSec.com’s Services after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize.

NopSec.com uses local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on our Websites to personalize your visit.

Note that opting out may impact the functionality you receive when visiting NopSec.com.
Targeting or Advertising cookiesFrom time-to-time, NopSec.com engages third parties to track and analyze usage and volume statistical information from individuals who visit the Company’s Websites. NopSec.com sometimes uses cookies delivered by third parties to track the performance of Company advertisements. For example, these cookies remember which browsers have visited the Company’s Websites. The information provided to third parties does not include personal information, but this information may be re-associated with personal information after the Company receives it.

NopSec.com also contracts with third-party advertising networks that collect IP addresses and other information from Web beacons (see below) on the Company’s Websites, from emails, and on third-party Websites. Ad networks follow your online activities over time by collecting Web Site Navigational Information through automated means, including through the use of cookies. They use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other Websites. This process also helps us manage and track the effectiveness of our marketing efforts.

Third parties, with whom the Company partners to provide certain features on our Websites or to display advertising based upon your Web browsing activity, use Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored.

 

Web Beacons

NopSec.com uses Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of the Company’s Websites and interaction with emails from the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, NopSec.com may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to one of the Company’s Websites. NopSec.com uses Web beacons to operate and improve the Company’s Websites and email communications.

IP Addresses

When you visit NopSec.com’s Websites, the Company collects your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, NopSec.com uses IP addresses to monitor the regions from which Customers and Visitors navigate the Company’s Websites.

NopSec.com also collects IP addresses from Customers whey they log into the Services as part of the Company’s “Identity Confirmation” and “IP Range Restrictions” security features.

Social Media Features

The Company’s Websites may use social media features, such as the Facebook ‘like’ button (“Social Media Features”). These features may collect your IP address and which page you are visiting on the Company’s Web site, and may set a cookie to enable the feature to function properly. You may be given the option by such Social Media Features to post information about your activities on the Company’s Web site to a profile page of yours that is provided by a third party Social Media network in order to share with others within your network. Social Media Features are either hosted by a third party or hosted directly on the Company’s Web site. Your interactions with these features are governed by the privacy policy of the company providing the relevant Social Media Features.

Do Not Track

Currently, various browsers – including Internet Explorer, Firefox, and Safari – offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Websites’ visited by the user about the user’s browser DNT preference setting. NopSec.com does not currently commit to responding to browsers’ DNT signals with respect to the Company’s Websites, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. NopSec.com takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.

5. Public forums, refer a friend, and customer testimonials

NopSec.com may provide bulletin boards, blogs, or chat rooms on the Company’s Websites. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. NopSec.com is not responsible for the personal information you choose to submit in these forums.

Customers and Visitors may elect to use the Company’s referral program to inform friends about the Company’s Websites. When using the referral program, the Company requests the friend’s name and email address. NopSec.com will automatically send the friend a one-time email inviting him or her to visit the Company’s Websites. NopSec.com does not store this information.

NopSec.com posts a list of Customers and testimonials on the Company’s Websites that contain information such as Customer names and titles. NopSec.com obtains the consent of each Customer prior to posting any information on such a list or posting testimonials.

6. Sharing of information collected

Service Providers

NopSec.com may share Data About NopSec.com Customers and Data About NopSec.com Attendees with the Company’s contracted service providers so that these service providers can provide services on our behalf. Without limiting the foregoing, NopSec.com may also share Data About NopSec.com Customers and Data About NopSec.com Attendees with the Company’s service providers to ensure the quality of information provided, and with third-party social networking and media Websites, such as Facebook, for marketing and advertising on those Websites. Unless described in this Privacy Statement, NopSec.com does not share, sell, rent, or trade any information with third parties for their promotional purposes.

Retention of Your Personal Data

We apply a general rule of keeping personal data only for as long as required to fulfil the purposes for which it was collected. However, in some circumstances, we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.

In specific circumstances, we may also retain your personal data for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.

NopSec.com Affiliates

The Company may share Data About NopSec.com Customers with other companies in order to work with them, including affiliates of the NopSec.com corporate group. For example, the Company may need to share Data About NopSec.com Customers for customer relationship management purposes.

Business Partners

From time to time, NopSec.com may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly-offered product or service from NopSec.com, the Company may share Data About NopSec.com Customers collected in connection with your purchase or expression of interest with our joint promotion partner(s). NopSec.com does not control our business partners’ use of the Data About NopSec.com Customers we collect, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase or specifically express interest in a jointly offered product or service.

NopSec.com does not share data about NopSec.com attendees with business partners unless: (1) you specifically opt in to such sharing via an event registration form; or (2) you attend a Company event and allow NopSec.com or any of its designees to scan your attendee badge. If you do not wish for your information to be shared in this manner, you may choose not to opt in via event registration forms and elect not to have your badge scanned at Company events. If you choose to share your information with business partners in the manners described above, your information will be subject to the business partners’ respective privacy statements.

Third Parties

This Privacy Statement sets forth the information NopSec.com collects on the Company’s Websites and the information we share with third parties. NopSec.com does not authorize the collection of personal information by third parties through advertising technologies deployed on the Company’s Websites, nor do we share personal information with any third parties collected from the Company’s Websites, except as provided in this Privacy Statement. Section 4 of this Privacy Statement, Website Navigational Information, specifically addresses the information we collect through cookies and web beacons, and how you can control cookies through your Web browsers.

Compelled Disclosure

NopSec.com reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process.

7. International transfer of information collected

The Company primarily stores Data About NopSec.com Customers and Data About NopSec.com Attendees in the United States. To facilitate NopSec.com’s global operations, the Company may transfer and access such information from around the world, including from other countries in which the Company has operations. This Privacy Statement shall apply even if NopSec.com transfers data about NopSec.com customers or data about NopSec.com attendees to other countries.

8. Access and Data Subject Rights

Individuals have the right to access the personal data processed about them, subject to applicable law; individuals may request to access their personal data processed by us by emailing us at dpo@nopsec.com.

Subject to applicable law, you may also have some or all of the following rights available to you in respect of your personal data:

  • to obtain a copy of your personal data together with information about how and on what basis that personal data is processed;
  • to rectify inaccurate personal data (including the right to have incomplete personal data completed);
  • to erase your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed);
  • to restrict processing of your personal data under certain circumstances;
  • to port your data in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of a contract with you;
  • to withdraw your consent to our processing of your personal data (where that processing is based on your consent); and
  • to obtain, or see a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organization.

In addition to the above rights, under EU data protection law, applicable individuals have the right to object, on grounds relating to your particular situation, at any time to any processing of your personal data for which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you. You also have the right to object at any time to any processing of your personal data for direct marketing purposes, including profiling for marketing purposes.

You also have the right to lodge a complaint with your local supervisory authority for data protection.

In relation to all of these rights, please contact us at dpo@nopsec.com. Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, especially if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.

9. Communications preferences

NopSec.com offers Visitors, Customers, and Attendees who provide contact information a means to choose how the Company uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails.

10. Customer Data

NopSec.com Customers may electronically submit data or information to the Services for hosting and processing purposes (“Customer Data”). NopSec.com will not review, share, distribute, or reference any such Customer Data except as provided in the NopSec.com Master Subscription Agreement, or as may be required by law. In accordance with the NopSec.com Master Subscription Agreement, NopSec.com may access Customer Data only for the purpose of providing the Services or preventing or addressing service or technical problems or as may be required by law. To communicate with our Data Protection Officer, please email dpo@nopsec.com.

11. Security

NopSec.com uses robust security measures to protect Data About NopSec.com Customers and Data About NopSec.com Attendees. Because the Company uses the Services to maintain Data About NopSec.com Customers and Data About NopSec.com Attendees, this information, which is stored in the Services, is secured in the same manner.

12. Mobile applications

Without limiting the generality of this Privacy Statement, in addition to information gathered through its Websites or submitted to its Services, NopSec.com may obtain information through applications (“Mobile Applications”) that Customers or their authorized individuals (“Users”) download to, and run on, their mobile devices (“Devices”). Mobile Applications provided by NopSec.com may obtain information from, or access data stored on, Users’ Devices to provide services related to the relevant Mobile Application. For example, a Mobile Application may: access a camera on a User’s Device to enable the User to upload photographs to the Services; access the call history on a User’s Device to enable the User to upload that information to the Services; access calendar information on a User’s Device to enable the User to match meeting attendees with contacts submitted by the User to the Services; access the geographic location of a User’s Device to enable the User to identify contacts submitted by the User to the Services who are nearby; or access contact information on a User’s Device to enable the User to sync contact information between the information that is stored on the User’s Device and the information that is submitted to the Services. Information obtained to provide Mobile Application services may include information obtained in preparation for anticipated updates to those services. Mobile Applications may transmit information to and from Devices to provide the Mobile Application services.

Mobile Applications may provide NopSec.com with information related to Users’ use of the Mobile Application services, information regarding Users’ computer systems, and information regarding Users’ interaction with Mobile Applications, which NopSec.com may use to provide and improve the Mobile Application services. For example, all actions taken in a Mobile Application may be logged, along with associated information (such as the time of day when each action was taken). NopSec.com may also share anonymous data about these actions with third party providers of analytics services. In addition, if a User downloads a NopSec.com Mobile Application after clicking on a third-party mobile advertisement for the Mobile Application or for NopSec.com, the third-party advertiser may provide NopSec.com with certain information, such as the User’s Device identification information, which NopSec.com may use to track the performance of its advertising campaigns.

Customers may configure NopSec.com Mobile Application services, and the information accessed or obtained by the Mobile Application on a User’s Device may be affected by the Customer’s configuration. In addition, if a Customer purchases more than one Service from NopSec.com and its affiliates, a Mobile Application may be designed to interoperate with those Services; for instance, to provide a User with access to information from any or all of those Services or to provide information from a User’s Device to any or all of those Services. Information accessed or obtained by the Mobile Application on a User’s Device may be accessible to the Customer and its organization, depending on the intended functionality of the Mobile Application.

In addition to Mobile Applications offered by NopSec.com, the Company may offer platforms for the creation of third-party Mobile Applications, including but not limited to the NopSec platform. Third parties may obtain information from, or access data stored on, Users’ Devices to provide services associated with any third-party Mobile Applications that Users download, install, use, or otherwise interact with over a NopSec.com platform. NopSec.com’s Mobile Applications may also contain links or integrations to other Mobile Applications provided by third parties. Third parties’ use of information collected through third-party Mobile Applications is governed by the privacy statements of such third parties. The Company encourages you to review the privacy statements of third-party providers of Mobile Applications to understand their information practices.

Notices and contractual terms related to a particular Mobile Application may be found in the End User License Agreement or relevant terms of service for that application. The Company encourages you to review the End User License Agreement or relevant terms of service related to any Mobile Applications you download, install, use, or otherwise interact with to understand that Mobile Application’s information practices. The Mobile Application’s access to information through a User’s Device does not cause that information to be “Customer Data” under NopSec.com’s Master Subscription Agreement with the Customer or under this Privacy Statement, except as follows: To the extent that a User uses a Mobile Application to submit electronic data and information to a Customer account on our Services pursuant to the Customer’s Master Subscription Agreement with NopSec.com (or a similar agreement that governs the Customer’s subscription(s) to NopSec.com’s Services), that information constitutes “Customer Data” as defined in such agreement, and the provisions of that agreement with respect to privacy and security of such data will apply.

13. Changes to this Privacy Statement

NopSec.com reserves the right to change this Privacy Statement. NopSec.com will provide notification of the material changes to this Privacy Statement through the Company’s Websites at least thirty (30) business days prior to the change taking effect.

14. Contacting us

Questions regarding this Privacy Statement or the information practices of the Company’s websites should be directed to NopSec.com Privacy by mailing dpo@nopsec.com.

Privacy, 20 Jay Street Suite 903, Brooklyn, New York 11201.