By using our technology platform(s), you are accepting the practices described in this Notice. If you do not agree with the data practices provided in this Notice, you should not use the products and services provided by PhishDeck. We may make changes to this Notice at our sole discretion at any time. We encourage you to periodically review this Notice to stay informed about our collection, processing, and sharing of your Personal Data. Your continued use after we make changes to the Notice is deemed to be acceptance of those changes.
For the avoidance of doubt, this Notice only applies to the extent we process Personal Data in the role of a processor on behalf of our customers.
The Personal Data that we collect directly from you includes, but is not limited to the following.
- Business contact information — first name, last name, employer, title, city, state, country, phone number, IP address, and business email addresses.
- Automatically collected information — information collected via cookies and web beacons, including IP address, browser name, operating system details, domain name, date visited, time of visit, and pages viewed, or other similar information.
- Console information — simulated phishing results, security awareness testing and training results, security assessment results, and any information uploaded.
How Personal Data is collected
Personal Data is collected by PhishDeck when it is shared by your organization’s account administrator, at the discretion of your organization. Personal Data will also be requested from you through our products and services (i.e. technology platforms) by your administrator at your organization’s discretion. PhishDeck collects the minimum information necessary to provide its products and services to you.
Cookies and other identifiers
We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons and similar technologies to automatically collect information that contain Personal Data from your computer or mobile device as you navigate our Site, use our services, or interact with emails we have sent to you.
Below are the two types of cookies that are used on PhishDeck’s platform for its products and services.
- Session-based tokens — These are only used to determine how long you remain on the platform and immediately expire when you leave our platform or logout.
- Support cookies — These cookies allow us to track onboarding times and other metadata in order to provide better service to our users.
Most browsers are set up to accept cookies. If you choose, you may refuse to accept cookies or set up your browser so that it notifies you when you receive a cookie.
Third Party Technologies
Use of your Personal Data
We will use the information you give to us to:
- Carry out our obligations arising from any contracts entered into between you and us and to provide you with the information that you request from us.
- Ensure that content from our site is presented in the most effective manner for you and for your computer.
We will use the Personal Information that we collect about you to:
- Administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- Improve our site to ensure that content is presented in the most effective manner for you and for your computer
- As part of our efforts to keep our site safe and secure
- For the use of our website including any products and services
- For managing payments in order to complete a transaction with you
- In order to provide support for our products and services (you can reach out to us via email)
- For any managed services that we provide to you from time to time
- For webinars that you have registered to attend
- For PhishDeck contests or promotions
Where We Store Your Data
All Personal Data that you provide to us is stored securley. Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
Although we will do our very best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
Access to Your Information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act by sending an email to firstname.lastname@example.org
Since the products and services provided are at the request of your organization, you can contact your organization’s administrator in order to opt out of the products and services provided. Additionally, you can contact your administrator to make changes to your Personal Data. PhishDeck does not have control over how your organization uses your Personal Data for their purposes. You can also contact us to contact your organization on your behalf.
Data Security and Retention
Your Personal Data is kept secure. Only authorized employees, agents, and contractors (who have agreed to keep information secure and confidential) have access to this information. To provide our products and services, we occasionally use third party businesses (“Third Party” or “Third Parties”) to perform specialized services in regard to data processing. When we provide data to these businesses, they are not permitted to use data outside of the scope for which we contracted them.
We (and our third-party service providers) use a variety of industry standard security measures to prevent unauthorized access, use, or disclosure of your Personal Data. These security measures consist of but are not limited to data encryption and physical security. No method of transmission or method of electronic storage over the internet is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
PhishDeck will retain your Personal Data for the period necessary to fulfill the purpose outlined in this Notice unless a longer retention period is required by applicable data privacy law.
We take reasonable steps to ensure that your Personal Data is accurate, complete, current, and otherwise reliable for its intended use. We will not process Personal Data in a way that is incompatible with the purposes for which it was collected. If your Personal Data has been disclosed to a third party, and it has been deemed incorrect by you, PhishDeck will contact the administrator and will work with third parties (such as our subprocessors) to request a correction to the information.
If PhishDeck obtains knowledge that one of our service providers or employees is in violation of this Notice, PhishDeck will take commercially reasonable steps to prevent or stop the unauthorized use or disclosure of your Personal Data. PhishDeck takes data privacy seriously. Therefore, we agree to take commercially reasonable measures to ensure the proper handling of your Personal Data by our employees and service providers.
Updated 27th January 2020