SecurityMetrics Privacy Policy

Introduction

SecurityMetrics, Inc. is aware of the privacy concerns of its customers. Our policy for collecting and using personal information is detailed below.

EU-US Privacy Shield & Swiss-US Privacy Shield

This Privacy Policy describes how SecurityMetrics collects, uses, and discloses certain personally identifiable information that we receive in the US from the European Economic Area ("EEA Personal Data").

SecurityMetrics recognizes that the EEA has established strict protections regarding the handling of EEA Personal Data, including requirements to provide adequate protection for EEA Personal Data transferred outside of the EEA. To provide adequate protection for certain EEA Personal Data about Customers received in the US, SecurityMetrics has elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce ("Privacy Shield"). SecurityMetrics adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.

SecurityMetrics also complies with the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information Switzerland.

For purposes of enforcing compliance with the Privacy Shield, SecurityMetrics is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce's Privacy Shield website located at: https://www.privacyshield.gov. To review SecurityMetrics’ representation on the Privacy Shield list, see the US Department of Commerce's Privacy Shield self-certification list located at: https://www.privacyshield.gov/list

Information Collected

SecurityMetrics collects information about its Customers from third parties such as acquiring banks, merchant service providers, and independent sales organizations (collectively "MSPs"), with whom the Customer has a contractual relationship and through its website and related eCommerce services at several points. All information collected by SecurityMetrics is provided by the user, which in this case is the Customer.

  • SecurityMetrics may collect information related to user information as part of the services performed for a Customer including name, email address, phone number, address, fax numbers, and other contact information related to the user.
  • Credit card data of the Customer may be collected and stored by SecurityMetrics. This data is stored in accordance with the PCI DSS.
  • SecurityMetrics also collects data related to a Customer’s data security as requested by the Customer when purchasing the services. This data includes answers to self-assessment questionnaires, vulnerability scan data, and which security services the Customer purchases.
  • SecurityMetrics allows customers to add additional users to a Customer’s account. Customer agrees that SecurityMetrics may allow a MSP from whom it received Customer’s information to be added as an additional user on a user’s account with rights to make changes to the account.
  • SecurityMetrics collects information that is not personally identifiable to the user, such as referring URL addresses, time spent in certain areas of SecurityMetrics’ website, actions taken while on SecurityMetrics’ website, and origination of the user.
  • Certain information such as your IP address, browser type, domain names, and access times may also be collected.
  • To receive products and services sold or provided by SecurityMetrics, contact information is required for billing, communicating about the services, and to perform the services.

Information Usage

  • Part of SecurityMetrics services is to report certain Customer compliance with data security standards, and this reporting requires contact information of the Customer.
  • SecurityMetrics must be certified as an Approved Scanning Vendor in order to provide certain scanning services. Part of the agreement with the Payment Card Industry Security Standards Council ("PCI SSC"), the body that certifies Approved Scanning Vendors, requires SecurityMetrics to provide information requested by the PCI SSC.
  • SecurityMetrics may use the information collected to provide notifications regarding the Customer’s services, accounts, fulfillment of transactions, information about SecurityMetrics’ websites, service changes, special offers, legal notices, and newsletters.
  • Customers who provide information may receive email announcements regarding SecurityMetrics’ services from time to time.
  • SecurityMetrics may use the information and data submitted by users and customers for any other purposes related to SecurityMetrics’ business that are compatible with the purposes for which your information was collected by SecurityMetrics, including, but not limited to, conducting market research, improving its products and services, sending surveys, and notifying customers of product upgrades and updates, new products, special offers, seminars and conventions and any other changes within SecurityMetrics that may affect customers and users.

Third parties with whom SecurityMetrics Shares Information

SecurityMetrics' policy in relation to information collected through registration, testing, and/or any other means is to respect and protect the privacy and confidentiality of our users. SecurityMetrics does not disclose, rent, or sell email addresses, security test results, or any other information that we may receive to any third party, unless:

  • specifically requested by the customer;
  • requested or required by applicable credit card associations, acquiring banks, credit card processors, or merchant service providers with which SecurityMetrics has a contractual agreement;
  • in response to duly authorized information requests of governmental authorities or where required by law;
  • in connection with any legal proceedings where disclosure of such data has been requested or required; or
  • to an agent of SecurityMetrics acting on behalf of SecurityMetrics (e.g., for database hosting, data processing or mailing services). In this case, SecurityMetrics will make certain that the agent complies with the Privacy Shield Principles (as defined above) and our commitments in this policy.

Access to Information

SecurityMetrics understands the importance of maintaining accurate information and thus SecurityMetrics allows Customers to update their information on SecurityMetrics websites through those websites. Customers may choose to remove information collected by SecurityMetrics by contacting us in writing at: SecurityMetrics, Inc., 1275 West 1600 North, Orem, UT 84057. SecurityMetrics will respond to the request within thirty (30) days.

SecurityMetrics retains information for as long as an account is active or as needed to provide the services requested by the Customer. SecurityMetrics will also retain information as needed to comply with legal or tax obligations, comply with industry regulations, resolve disputes, and enforce agreements.

Privacy Shield Questions or Complaints

You can direct any questions or complaints about the use or disclosure of your EEA Personal Data to us at privacy@securitymetrics.com. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EEA Personal Data within 45 days of receiving your complaint. For any unresolved complaints, we have agreed to cooperate with our Independent Dispute Resolution Body, JAMS, who will resolve the issue within a reasonable timeframe. JAMS can be reached at: https://www.jamsadr.com/privacy-shield

Data Security

SecurityMetrics maintains reasonable and appropriate security measures to protect EEA Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.

Use of Cookies

SecurityMetrics uses cookies to track how you interact with our website. SecurityMetrics does not sell cookies information to third parties or track you outside of SecurityMetrics website.

Opt Out

Customer who do not wish to receive commercial information from SecurityMetrics may opt out of that email by following the instructions at the bottom of the email. Customers are not usually able to opt out of emails containing information regarding a Customer’s account, services, or transactions.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of the Privacy Shield Principles. We will post any revised policy on this website.

Contact

To access your information, ask questions about our privacy practices, request to limit the disclosure of your personal information, or issue a complaint, contact us at:

SecurityMetrics
1275 W 1600 N
Orem, UT 84057
privacy@securitymetrics.com
801-724-9600

Effective: November 1, 2017


{{e.content}}

{{e.content}}

{{e.content}}

{{e.content}}

{{e.content}}

  1. {{e2.content}}

    {{e2.subcontent}}

  2. {{e2.content}}

    1. {{e3.content}}
      1. {{e4.content}}
    • {{e3.content}}
  • {{e2.content}}
    • {{ e3.content }}

Scanning Abuse

SecurityMetrics, Inc., is a PCI Approved Scanning Vendor under certificate number 3707-01-08 and performs security assessment scans within the guidelines of the PCI data security initiative.

Scanners

It is important to allow SecurityMetrics security scanners to have the same level of network access to your Internet-connected devices that you provide to the rest of the world under normal circumstances. Users of SecurityMetrics scanning services are encouraged to add rules to their firewalls and inform their ISPs or hosting providers that security assessment scans may originate from the scanning locations listed in the table below. Ensuring that traffic from SecurityMetrics scanners does not get blocked ensures maximum accuracy of the security assessments, which leads to better security. If you have any questions, please contact SecurityMetrics Technical Support.


SecurityMetrics Scanners


Abuse

Users of SecurityMetrics scanning services are required to consent to abiding by the Terms of Use before purchasing scanning services from SecurityMetrics. SecurityMetrics takes reports of abuse very seriously and works with ISPs, hosting providers, and other organizations to ensure that any abuse is dealt with in a timely and appropriate manner.

CTA

Do you believe some form of SecurityMetrics scanning service abuse is occurring?
Please email us (abuse@securitymetrics.com)

We are excited to work with you.

*Required

Thank you!

Your request has been submitted.