Privacy Notice
ABNORMAL SECURITY CORPORATION PRIVACY NOTICE
Last Updated May 10, 2024
This Privacy Notice explains how Abnormal Security Corporation (“Abnormal,” “we,” or “us”) collects, uses, shares, and otherwise processes your personal information (also known as personal data) in connection with: (i) the use of the Abnormal websites and applications that link to this Privacy Notice (the “Sites”), (ii) in the usual course of business, such as in connection with our events, sales, and marketing activities (“Corporate Operations”), as well as our products and services (the “Service”) It also contains information about your choices and privacy rights.
This Privacy Notice does not apply to personal information that we collect in connection with our recruitment activities, which is covered under our Applicant Privacy Policy.
We recommend that you read this Privacy Notice in full to ensure that you are informed.
Sites & Corporate Operations
Information We Collect About You
Information that we collect from or about you includes information you provide, information we collect automatically, and information we receive from other sources. The “Service” section below separately covers and applies to personal information submitted by our Customers to our Service or collected through our Service on behalf of or at the direction of our Customers.
Information You Provide To Us
When you contact us by e-mail or through a contact form on the Sites, we may collect information, such as your name, email address, phone number, postal address, job title, and company name. We may also collect other information that you provide such as your interactions with us, for example, if you request information about our Service, interact with our employees, complete a survey, provide feedback or post comments, register for an event, or take part in marketing activities. We may keep a record of your communications with us and other information you share during such communications.
If credit card is the method of payment chosen by you, credit card information will be provided to our third party service providers, including for payment and billing purposes, instead of us.
Information We Collect Automatically
We collect the following information automatically through our Corporate Operations:
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Access status / HTTP status code
- Each transmitted amount of data
- Website from which the request comes
- Browser type
- Operating system and its interface
- Language and version of the browser software
- Information about your computer or device
- Information about your activities within the Sites or Corporate Operations
- City-level geolocation information (in anonymous form)
- Other statistical information relating to your use of the Sites and Corporate Operations
Cookies and Online Identifiers
In addition to the information listed above, we use standard automated data collection tools like cookies (or online identifiers) to collect information about how people use our Sites. When visiting the Sites, you have the option of disabling certain types of cookies through the Osano Cookie Consent pop-up.
Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser. They are widely used to “remember” you and your preferences, either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent cookie”). They provide a consistent and efficient experience for visitors and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the website you are visiting (known as “first party cookies”), or by third parties, for such purposes as serving content or providing advertising or analytics services on the website (“third party cookies”).
Both websites and HTML emails may also contain other tracking technologies such as “web beacons” or “pixels.” These are typically small transparent images that provide us with statistics for similar purposes as cookies. They are often used in conjunction with cookies, though they are not stored on your computer in the same way. As a result, if you disable cookies, web beacons may still load, but their functionality will be restricted.
We use cookies primarily to determine how visitors engage with the Sites (e.g., the page you view, the links you click, how frequently you access the Sites, the number of visits over time, etc.). For example, we may place a pixel in our email that notifies us when you click on a link in the email. We use these technologies to improve our communications.
We may also use the information we collect automatically (for example, IP address, and unique device identifiers) to identify the same unique person across our Corporate Operations to provide a more seamless and personalized experience to you.
Information We Receive From Other Sources
We may obtain information about you from third party sources, including resellers, distributors, business partners, event sponsors, security and fraud detection services, social media platforms, and publicly available sources. We encourage you to read the terms of use and privacy notices of such third party services before sharing your information with them to understand how your information may be collected and used. Examples of information that we receive from third parties include marketing and sales information (such as name, email address, phone number, postal address, job title, company name, and similar contact information), training information (such as courses taken, certificates, etc.), and purchase, support, and other information about your interactions with our Sites, Corporate Operations, and Service. We may combine such information you provide to third parties with the information we receive from other sources.
How We Use Your Information
We use your personal information to provide, maintain, improve, and update our Sites for our Corporate Operations. Our purposes for the collection of your personal information include:
- To provide, maintain, deliver, and update our Corporate Operations
- To send you notifications about the Service, including technical notices, updates, security alerts, administrative messages, and invoices
- For billing, payment, or account management
- To measure your use and improve Corporate Operations, and to develop new products and services
- To personalize your experience when using our Sites
- To generate and analyze statistical information about how our Sites are used in the aggregate
- To respond to your questions, comments, and requests, including to keep in contact with you regarding the products and services you use
- To provide you with customer service and support
- To respond to your responsible disclosure reports
- For sales phone calls for training and coaching purposes, quality assurance, and administration (in accordance with applicable laws), including to analyze sales calls using analytics tools to gain better insights into our interactions with customers
- To tailor and send you newsletters, emails, and other content to promote our products and services (you can always unsubscribe from our marketing emails by following the instructions in the email) and to allow third party partners (like our event sponsors) to send you marketing communications about their services, in accordance with your preferences
- For advertising purposes; for example, to display and measure advertising on third party websites
- To contact you to conduct surveys and for market research purposes
- To register and provide you with training and certification programs
- To investigate security issues, prevent fraud, or combat the illegal, prohibited, or unauthorized uses of our products and services
- To send you notifications about the Service, including technical notices, updates, security alerts, administrative messages, and invoices
- For other legitimate interests or lawful business purposes; for example, customer surveys, collecting feedback, and conducting audits
- To comply with our obligations under applicable law, legal process, or government regulation
- For other purposes, where you have given consent
How We Share Your Information
We may share your personal information with third parties as follows:
- With our affiliates and subsidiaries for the purposes described in this Privacy Notice
- In connection with a merger, sale, financing, or reorganization of all or part of our business
- With our service providers who assist us in providing the Service, such as billing, payment card processing, customer support, sales and marketing, and data analysis, subject to confidentiality obligations and the requirement that those service providers do not sell your personal information
- With our service providers who assist us with detecting and preventing fraud, security threats, or other prohibited, illegal or malicious behavior
- With business partners, such as resellers, distributors, and/or referral partners, who are involved in providing content, products, or services to our prospects or customers
- With event partners who are working with us to organize or sponsor an event to which you have registered to enable them to contact you about the event or their services
- With marketing partners, such as advertising providers that tailor online ads to your interests based on information they collect about your online activity (known as interest-based advertising)
- Where it has been de-identified, including through aggregation or anonymization
- When you instruct us to do so
- Where you have consented to the sharing of your information with third parties
- When necessary to protect the personal safety, property, or other rights of the public, Abnormal, or our customers
- When required to protect and defend the rights or property of Abnormal or our customers, including the security of our Sites, products, and services (including the Service)
- When authorized by law or where necessary to comply with a legal process.
Service
We provide the Service to our customers and users (collectively, “Customers”) under an Agreement with them and solely for their benefit and the benefit of personnel authorized to use the Service. Abnormal processes personal information only as provided in our agreements with the relevant Customer, such as our Cloud Terms of Service. Abnormal also includes for our Customers a Data Processing Addendum (DPA), accompanying our Cloud Terms of Service, which contains the Standard Contractual Clauses, for transfers between us and our Customers (collectively, “Customer Agreements”). Additional information about our privacy and security practices for the Service is available in our Security Hub and the Information Security Policy. Customers may choose to enable integrations or exchange personal data from the Service with third-party platforms. Your use of third-party platforms and how such providers use personal data is governed by the terms of use and privacy notices of such third party platforms.
Notice to Users
Our Service is intended to be used by Customers. Where the Service is made available to you through a Customer (e.g., your employer), the Customer is the administrator of the Service and responsible for the accounts and/or services over which it has control. For example, administrators can access and change information in your account or restrict and terminate your access to the Service. We are not responsible for the privacy or security practices of a Customer, which may be different from this Privacy Notice. Please contact the applicable Customer or refer to your organization’s policies for more information.
Information We Collect About You
To use the Service, an user typically authenticates by means of a Customer’s single-sign-on (SSO) provider, so we do not collect or process any personally identifiable login credentials, however, we do collect the IP address from which the user logs into the Service each time. In addition, as part of its normal functioning, the Service collects personal information contained in message content and file attachments, user information including user names, roles, email, group assignments, and configurations; and personal data contained within activity logs, audit logs, and administrator reports (“Service Information”)
Information We Collect Automatically
When you use our Service, we automatically collect information about how you are using the Service
- Information about your account (such as user ID, email address, or Internet Protocol (IP) address)
- Information about your computer or device (such as browser type and operating system)
- Information about your activities within the Service, such as the pages or features you access or use, the time spent on those pages or features, search terms entered, commands executed
- Information about the types and sizes of files analyzed via the Service
- Other statistical information relating to your use of the Service
- To implement, provide, maintain, improve, and update the Service
- To understand how our Authorized Users and Customers are using the Service
- To develop new features, products and services
- To create and maintain your Service portal account
- To send notifications within the Service
- To provide you with customer service and support
- For billing, payment, or account management; for example, to identify your account and correctly identify your usage of our products and services
- To respond to your responsible disclosure reports
- To measure your use and improve the Service, and to develop new products and services
- To generate and analyze statistical information about how the Service is used in the aggregate
- For other legitimate interests or lawful business purposes; for example, customer surveys, collecting feedback, and conducting audits
- To comply with our obligations under applicable law, legal process, or government regulation
- For other purposes, where you have given consent.
Information About The Sites, Corporate Operations, and the Service
In the event of any conflict or inconsistency between the Privacy Notice and the Customer Agreements, the Customer Agreements will control.
International Transfers
Abnormal may transfer your personal information to countries other than your country of residence. In particular, we may transfer your personal information to the United States and other countries where our affiliates, business partners, and service providers are located. These countries may not have equivalent data protection laws to the country where you reside.
Wherever we process your personal information, we take appropriate steps to ensure it is protected in accordance with this Privacy Notice and applicable data protection laws. These safeguards include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information from the European Economic Area or Switzerland between us and our business partners and service providers, and equivalent measures for transfers of personal information from the United Kingdom.
Data Privacy Framework Notice
Abnormal complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (EU-U.S. DPF, UK Extension, and the Swiss-U.S. DPF, collectively, the “DPF” or “Data Protection Framework”) as set forth by the U.S. Department of Commerce regarding the processing of personal data received from the European Union, the United Kingdom (and Gibraltar), and Switzerland in reliance on the DPF. Abnormal has certified to the U.S. Department of Commerce that it adheres to the DPF Principles with respect to such personal data. If there is any conflict between the terms in this Privacy Notice and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Abnormal’s certification, please visit https://www.dataprivacyframework.gov/. Additional information about our compliance with the DPF principles can be found in our Data Privacy Framework Notice.
Your Choices and Rights
We offer you choices regarding the collection, use, and sharing of your personal information and we will respect the choices you make in accordance with applicable law. You may choose (opt-out) whether your personal information is (i) disclosed with a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized. You may indicate your choice by clicking through the appropriate dialogue box to opt out or by emailing us at privacy@abnormalsecurity.com. Please note that if you decide not to provide us with certain personal information, you may not be able to access certain features of the Abnormal websites and applications that link to this Privacy Notice or use our Service.
When you participate in a call or online meeting that is being recorded, you have the right to request that we not record that call or meeting. Please make those requests to the call organizer before or during the call. During webinars or other events that must be recorded, please do not share personal information that you do not want other attendees to view in the chats, Q&A or similar features.
Opt out of Marketing
We may periodically send you marketing communications that promote our products and services consistent with your choices. You may opt-out of receiving such communications by following the unsubscribe instructions in the communication you receive. Please note that we may still send you important service-related communications regarding our products or services, such as communications about your subscription or account, service announcements, or security information.
Additional Information for Certain Jurisdictions
Depending upon your place of residence, you may have rights in relation to your Personal Data. Please review the jurisdiction-specific sections below, including the disclosures for California residents. Depending on applicable data protection laws, those rights may include asking us to provide certain information about our collection and processing of your Personal Data or requesting access, correction, or deletion of your Personal Data. You also have the right to withdraw your consent, to the extent we rely on consent to process your Personal Data.
This section provides additional information about our privacy practices for certain jurisdictions. In the event of any conflict or inconsistency between the Privacy Notice and the DPA, the DPA will control.
California
If you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to provide you with additional information regarding your rights with respect to your “personal information.”
You may make the following types of requests under the CCPA with respect to personal information that we process on your behalf. Note: if you wish to make a CCPA request concerning Personal Information submitted through or otherwise made available to the Service, please direct your request to the relevant Customer directly, as that data is governed by the terms of our agreement with our Customer.
Request to Know, Correct, and Delete: You may request to
- Access to a copy of the specific pieces of personal information that we have collected about you;
- Correction of personal information that we maintain about you if it is inaccurate; and/or
- Deletion of personal information, subject to certain exceptions.
- We need it to enter into or perform a contract with you, respond to your request, or provide you with customer support
- We need to process your personal information to comply with a legal obligation (such as to comply with applicable legal, tax, and accounting requirements) or to protect the vital interests of you or other individuals
- You give us consent, such as to receive certain marketing communications
- Where we have a legitimate interest, such as to respond to your requests and inquiries, to ensure the security of the Sites and Service, to detect and prevent fraud, to maintain, customize and improve the Sites and Service, to promote Abnormal and our Service, and to defend our interests and rights
- The right to access, correct, update, or request deletion of your personal information;
- The right to object to the processing of your personal information;
- The right to withdraw your personal information at any time, if we collected and processed your personal information with your consent; and
- The right to lodge a complaint with your national data protection authority or equivalent regulatory body.
Changes to Privacy Notice
Abnormal may change this Privacy Notice from time to time. We will post any changes on this page and, if we make material changes, provide a more prominent notice (for example, by adding a statement to the website landing page, providing notice through the Service, or by emailing you). You can see the date on which the latest version of this Privacy Notice was posted above.
How To Contact Us
Please contact us at privacy@abnormalsecurity.com if you have any questions about our privacy practices or this Privacy Notice. You can also write to us at:
Abnormal Security Corporation
185 Clara Street, Suite 100,
San Francisco, CA 94107
Attn: Privacy Counsel
If you interact with Abnormal through or on behalf of a Customer, then your personal information may also be subject to the applicable Customer’s privacy practices and you should direct any questions to that organization.
Abnormal Security Data Privacy Framework Notice