Last Updated: May 24, 2018
Please note our Sites can contain links to third-party websites, applications, and services. Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.
INFORMATION WE COLLECT
Information you provide us. You provide us with information in the following circumstances:
- When you contact us. You provide personal information when contacting us through our Sites. For example, we will collect your first and last name, user name, company name, job title, email address, postal address, and phone number when you ask to download content (such as white papers), register for a webcast or other event, or subscribe to email lists.
- When you create a customer account on our platform. When you create a customer account on our platform you will be required to provide us your first and last name and email address. Customer account holders can provide us with additional information in the course of their use of our platform’s messaging system.
- Recruitment. When you apply for employment or to work as a member of the Synack Red Team through our Sites, our provider of recruiting services will collect your resume and any additional information that you elect to provide to us, including but not limited to employment history and education.
- Events and Social Media. We also receive information about you if you participate in a focus group, activity or event, interact with our social media accounts or otherwise communicate with us.
Automatically collected information. When you visit our Sites, certain information is automatically collected from your computer, mobile phone or other access device. This information includes your location, computer operating system, Internet Protocol (IP) address, access times, browsing history and web log information, browser type and language, and “click stream” data, such as domain names and page views.
The types of cookies we use includes:
- Strictly necessary Cookies. These are cookies that are required for the operation of our Sites. They include, for example, cookies that enable users to log into secure areas of our Sites.
- Analytical/performance Cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our Sites. This helps us to improve the way our Sites work, for example, by ensuring that our users are finding what they are looking for easily.
- Functionality Cookies. These are used to recognize users when users return to our Sites. This enables us to personalize our content for you, greet users by name, remember a user’s preferences (for example, a user’s choice of language or region) and tailor our marketing outreach to our users based on their employment profile and engagement with our Sites.
- Targeting Cookies. These cookies record a user’s visit to our Sites, the pages a user has visited and the links a user have followed. We use this information to make the website more relevant to users.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Sites. You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/.
HOW WE USE INFORMATION WE COLLECT
- personalize our Sites to ensure our content from our Sites is presented in the most effective manner for you and your device;
- monitor and analyze trends, usage and activity in connection with our Sites and services to improve our Sites;
- measure and understand the effectiveness of the content we service to you and others;
- communicate with you;
- if you have opted in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you; or
- provide third parties with statistical information about our users (but those third parties will note be able to identify any individual user from that information).
HOW WE SHARE AND DISCLOSE YOUR INFORMATION
We do not share your information with third parties other than as described above and as follows:
- We share your personal information with service providers who help with parts of our business operation, such as cloud storage provides, IT service providers, and analytics and search engine providers that assist us in the improvement and optimization of our Sites.
- We will disclose or transfer your personal information to a third party if we sell, transfer, divest, or disclose all or a portion of our business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding.
- We will otherwise share your information as directed by you or subject to your consent.
- With respect to those users who have a user name (and personal photo or avatar, if any, associated with your user name), such information will be displayed on our Sites.
- Information you provide through your participation in research projects, community discussions, chats, and any correspondence through our Sites, will be shared with other users, our customers or otherwise displayed on our Sites.
WHERE WE STORE YOUR PERSONAL DATA
SECURITY AND RETENTION OF YOUR INFORMATION
We follow generally accepted industry standards to protect personal information submitted to us from unauthorized access, both during transmission and once we receive it. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through Sites, we cannot and do not guarantee the security of any information you transmit on or through our Sites, and you do so at your own risk.
We will retain your information while your are active on our Sites and then for a period of 26 months following your last use of our Sites. After this 26 month period of inactivity, we will delete the user’s personal information and usage information though such information will be retained in an aggregated and anonymized format. Information relating to customer accounts on our platform we be retained pursuant to the terms of the relevant customer agreement.
We do not knowingly collect personal information from children under 16. If we learn that we have collected the personal information of a child under 16, we will take steps to delete the information as soon as possible.
YOUR DATA PRIVACY RIGHTS
You have a number of rights under relevant data privacy laws, which include the General Data Protection Regulation (EU) 2016/679. Depending on where you are based, those rights can include the right to (i) request access or copies of your personal information Synack processes, (ii) rectify incorrect personal information, (iii) delete your personal information, (iv) restrict the processing of your personal information, (v) request a commonly structured, machine-readable copy of your personal information and that it is transferred to another data controller, (vi) lodge complaints with competent authorities in your country, and/or (vii) request a list with the names and addresses of any potential recipients of your personal information. To exercise one or more of these rights, or to ask questions or relay concerns, please contact us via email at firstname.lastname@example.org, phone at +1 (855) 796-2251 or by mail at: Synack, Inc., Attn: Legal Department, 1600 Seaport Blvd., Suite 170, Redwood City, California 94063, United States of America.
WITHDRAWAL OF CONSENT
Where you have provided your consent to us processing your personal information, you can withdraw your consent at any time by contacting us at email@example.com.
OBJECTION TO MARKETING
You have the right to opt out of receiving promotional emails from Synack by following the instructions in those emails. If you opt out, we could still send you non promotional emails, such as emails about your Synack account or our ongoing business relations. You can also send requests about your contact preferences or changes to your information, including requests to opt out of sharing your personal information with third parties, to our contact information below.
If you have an account, you can choose to either temporarily set your account offline or permanently delete it. In the event you choose to set your account offline, you will not be able to use our Sites until you decide to reactivate your account and your information will remain with Synack. In the event you delete your account, we will delete all personal information.
EU – U.S. PRIVACY SHIELD
Synack is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.
Synack is responsible for the processing of personal information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Synack complies with the Privacy Shield Principles for all onward transfers of personal information from the EU or Switzerland. Synack could be liable for the appropriate transfer of personal information to third parties.
In certain situations, Synack could be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
PRIVACY DISPUTE RESOLUTION
Synack has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Synack, please visit the BBB EU PRIVACY SHIELD website at www.bbb.org/EU-privacy-shield/file-a-complaint for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option could be available before a Privacy Shield Panel.