The Ultimate SaaS Security Posture Management Checklist: 2024 Edition
GET THE CHECKLISTThe Annual SaaS Security Survey Report: 2024 Plans and Priorities
Learn moreThe Annual SaaS Security Survey Report: 2024 Plans and Priorities
GET THE REPORTAdaptive Shield’s SSPM & ITDR Platform Features and Capabilities
DownloadThe Ultimate SaaS Security Posture Management Checklist: 2024 Edition
GET THE CHECKLISTThe Annual SaaS Security Survey Report: 2024 Plans and Priorities
Learn moreThe Annual SaaS Security Survey Report: 2024 Plans and Priorities
GET THE REPORTAdaptive Shield’s SSPM & ITDR Platform Features and Capabilities
DownloadIt is important to us that our customers and their personnel understand how we collect, use, and share their Personal Data and what control they have over their Personal Data. This Privacy Notice is meant to explain these activities. It should be read together with our Terms of Service. If you have any questions or want to contact us for any reason, feel free to reach out to us at the Contact Information below.
When we use the term “you”, we mean the person visiting our website (“Site”), a representative of one of our customers (“Customers”) or potential Customers or anyone using the Adaptive Shield cloud services security solution (“Solution”) on behalf of one of our Customers. “Services” means the services available through the Site and/or Solution. When we use the terms “Adaptive Shield”, “us”, “we”, or “our”, we mean the relevant Adaptive Shield Entity with which you have entered into the Terms of Service. This may be either A.S. Adaptive Shield Ltd. or Adaptive Shield, Inc.
If you are an individual located in the European Union (“EU Individual”), some additional terms and rights may apply to you, as detailed herein. Except as detailed in the section “Processing as a Processor”, A.S. Adaptive Shield Ltd. is the data controller in respect of the processing activities outlined in this Privacy Notice. Our office is at 2 Kremenetski, Tel Aviv, Israel, and our company number is 516067725.
“Personal Data” means any information that refers, is related to, or is associated with an identified or identifiable individual or as otherwise may be defined by applicable law.
Processing as a Processor. We process certain data, including Personal Data relating to personnel of our Customers in the context of providing the Solution and Services to Customers, such as information about logs, audits, security settings and metadata within the Customer’s systems. We process this Personal Data in accordance with the relevant Customer’s instructions and the terms of any agreement and/or terms of service in place with each Customer. This processing includes provision of the Solution and the Services and improvement thereof. The applicable Customer serves as a data controller of such data and Adaptive Shield serves as a data processor on its behalf. Personal Data processed by Adaptive Shield as a processor will be retained by Adaptive Shield in accordance with the relevant Customer’s instructions. If you have any questions about how your Personal Data is being processed, please contact the relevant data controller.
If you don’t want to read through the whole Privacy Notice, below are links to the main sections that may be of interest. You can click on the headers in this section to navigate to the full sections.
1. Personal Data We Collect, Uses and Legal Basis
2. Additional Uses
3. Sharing the Personal Data We Collect
4. International Transfer
5. Security
6. Your Rights
7. Data Retention
8. Cookies and Similar Technologies
9. Children
10. Changes to the Privacy Notice
11. Comments and Questions
We collect a number of different types of Personal Data from and about you and use it for different purposes. The way you use the Site and Solution will impact what types of Personal Data we collect and how we use it. You are not legally required to provide us with any Personal Data, but if you decide not to, we may not be able to provide you with all or part of the Services.
1.1 Contact Information – When you contact us through the Site or otherwise, including to request a demo or request access to materials in the Trust Center, we will collect Personal Data you provide, such as your name, email address, company name, country, and phone number, as well as the content of your inquiry. When you sign up for newsletters or email lists, we collect your email address.
How we use this data: We use this Personal Data to respond to your request or inquiry, evaluate your request for access to materials in the Trust Center, and provide you with newsletters and other material we think may be of interest.
Legal Basis: We process this Personal Data based on performance of a contract when we respond to your inquiry or request to receive newsletters. When we use your Personal Data to send you informational materials or to evaluate your access request, this is based on our legitimate interests.
1.2 Call Recordings – If you are a potential customer, we may record video calls between you and our sales team. You will be notified before any recording takes place and are under no obligation to agree to such recording. If you would not like to be recorded, please let us know.
How we use this data in order to analyze and improve our sales processes.
Legal Basis: We process this data subject to your consent, which may be provided orally during a call. You are free to revoke your consent or ask that recording be stopped at any time.
1.3 Registration Data – We collect information from personnel of our Customers who have registered to use our Solution and receive the Services, including name, email address and the Customer which such personnel are associated.
How we use this data: (1) to provide you and the Customer with the Solution and Services and to respond to inquiries and requests and to contact and communicate with you; and (2) to prevent fraud, protect the security of and address problems with the Solution. We may send you newsletters and materials relating to our Solution and Services. For more information about our direct marketing activities, please see the Direct Marketing section below.
Legal Basis: (1) We process this Personal Data for the purpose of providing the Services to our Customers, which is considered performance of a contract with our Customers, including responding to inquiries and requests and providing customer support. (2) When we process your Personal Data for the purposes of preventing fraud, protecting the security of and/or addressing problems with the Solution and Services, and for the purpose of providing you with newsletters, this is based on our legitimate interests.
1.4 Automatically Collected Data – When you visit the Site and/or use the Solution, we automatically collect information about your computer, including non-Personal Data such as your operating system, and Personal Data such as IP address, as well as your browsing history and any information regarding your use and viewing history on our Site or Solution. For more information and how to adjust your preferences, please see the Cookies and Similar Technologies section below.
How we use this data. (1) To provide you with the functionality of the Site and/or Services, including protecting their security and preventing fraud; (2) to review usage and operations, including in an aggregated non-specific analytical manner, develop new products or services and improve current content, products, and Services; (3) to provide you with additional functionalities through the Site; (4) to provide you with customized content and targeted offers related to our products and Services, including on other third-party sites you may visit and to measure the effectiveness of our advertising campaigns.
Legal Basis: Using your data in order to provide you with the Site and Services and in order to protect their security is in order to perform our contract with you, namely the Terms of Service. We will only use data for purpose of review and analytics, for providing additional functionality, and for advertising purposes if you have consented to these uses and we do so based on your consent. More information about our Direct Marketing activities is found below.
1.5 Geo-location – Subject to your consent, when you use the Site, Solution, or Services we collect your (geo)location.
How we use this data: We use this information in order to provide you with the location-based Services through the Site or Solution.
Legal Basis: We process this Personal Data based on your consent. You may withdraw your consent at any point, including by using the Contact Us link.
2.1 Statistical Information and Analytics – We want to understand how people use our Site and Solution so that we can make improvements, understand user needs, and tailor our Services for users. To do this, we use certain third-party analytics tools that help us gather and compile statistical information. The information we collect is anonymous and aggregated and it can’t be linked to any Personal Data. We may choose to share this anonymous information with our business partners. One of the third-party analytics tools we use is “Google Analytics”. We also use the anonymous and aggregated information to publish research on current trends in the field. For more information about how Google collects information and how you can control such use at https://policies.google.com/technologies/partner-sites.
2.2 Direct Marketing – Emails. As described above, we may use Personal Data to let you know about our products and services that we believe will be of interest to you.
2.2.1 If you are a registered user and/or if you have signed up for our newsletters and/or if you have contacted us regarding our Services, we may send you newsletters or other informational materials. We try to limit direct marketing to a reasonable and proportionate level and only send you communications which we think may be of interest to you.
2.2.2 You can ask us to stop sending promotional emails by following the “unsubscribe” link in any messages. Alternatively, you can Contact Us to request to unsubscribe.
2.2.3 Note that we may need to contact you about administrative or service-related issues as part of providing the Services to you. This is not direct marketing and even if you opt-out of direct marketing, you will continue to receive these messages.
2.3 Direct Marketing – Advertising.
2.3.1 We may use cookies or similar technologies on our Site to deliver and track online advertising. You can change your browser setting in order to manage which cookies are placed.
2.3.2 See below for general information about How to Adjust Your Preferences. You can also change your device’s settings to prevent your device’s ad identifier being used for interest-based advertising, or you can reset your device’s ad identifier. Note that adjusting your settings doesn’t mean that you won’t receive ads, it just means that the ads that you do see will be less relevant to your interests.
2.3.3 We may also use social plugins, such as the LinkedIn plugin, which will allow social media platforms to link Personal Data collected through our Site with Personal Data in your social media profile. This combined data may be used to serve you with advertising or customized content on the applicable social media platform. We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms.
2.4 Legal Uses – We may use your Personal Data as required or permitted by any applicable law, for example, to comply with audit and other legal requirements.
We share your information, including Personal Data, as follows:
3.1 Affiliates – We share your personal data with our affiliated company, Adaptive Shield, Inc. or A.S. Adaptive Shield Ltd., as applicable, where this is necessary to provide you with our products and services and so that we can manage our business, such as to keep updated records of our customers.
3.2 Resellers – If you engage with us through one of our authorized resellers or distributors or managed security services provider, such party may have certain information about you, such as your Contact Data and may share such data with us. Similarly, we may share certain data about you with such party where relevant.
3.3 Customers – If you use our Solution, information about your use of the Solution may be shared with the applicable Customer.
3.4 Service Providers – We disclose information, including Personal Data we collect from and/or about you, to our trusted service providers and subcontractors, who have agreed to confidentiality restrictions. These service providers use this information solely on our behalf in order to (1) help us provide you with the Site, Solution and/or Services, including by providing us with IT and system administration services, data backup, security, storage services, customer support services, as well as data analysis; (2) help us record, track, and analyze our sales processes, and (2) assist us in our direct marketing activities described above.
3.5 Business Transfers – In case of any merger or sale of our company or assets, including in case of liquidation, we may disclose your Personal Data as part of such transaction or during the negotiations leading up to it. In such case, your Personal Data shall continue being subject to this Privacy Notice.
3.6 Law Enforcement Related Disclosure – We may share your Personal Data with third parties: (i) if we believe in good faith that disclosure is appropriate to protect our or a third party’s rights, property or safety (including the enforcement of the Terms of Service or this Privacy Notice); (ii) when required for compliance with any law, regulation, subpoena, court order or other law enforcement related issues, agencies and/or authorities.
When we share Personal Data with third parties as described above, these third parties may be located in countries other than your own. We will ensure that these third parties will be subject to written agreements ensuring the same level of privacy and data protection as set forth in this Privacy Notice. If you are an EU Individual, whenever we transfer your Personal Data to third parties that are not located in the European Economic Area (“EEA”) and when required under applicable law, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
4.1 We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection by the European Commission.
4.2 Where we use certain service providers not located in countries that have not been deemed to have an adequate level of protection, we may use specific contracts approved by the European Commission which are meant to give Personal Data the same protection it has in the EEA.
4.3 If you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA, please Contact Us.
We have implemented and maintain appropriate technical and organization security measures designed to reduce the risk of accidental destruction, loss, disclosure, or access to Personal Data appropriate to the nature of such data.
5.1 Safeguards – We use physical, electronic, and procedural safeguards including secure servers, firewalls, antivirus, and SSL encryption of data both in transit and at rest, as detailed below.
5.2 Access Control – We limit access to Personal Data only to authorized personnel on a need-to-know basis of least privilege rules, we review permissions annually, and we revoke access immediately after employee termination.
5.3 Internal Policies – We maintain and regularly review and update our privacy related and information security policies.
5.4 Personnel – We require new employees and service providers to sign non-disclosure agreements according to applicable law and industry customary practice.
Encryption – We encrypt the data in transit and rest while processed on our systems using secure protocols both in transit and at rest.
5.5 Database Backup – Our databases are backed up on a periodic basis for certain data and are verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity, are tested regularly to ensure availability, and are accessible only by authorized personnel.
5.6 However, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to protect your Personal Data, we cannot guarantee its absolute security.
5.7 You are responsible for the security of the devices you use and for keeping your credentials protected.
How to Access and Limit Our Use of Certain Personal Data. Subject to applicable law and certain exemptions, and in some cases dependent upon the processing activity, you have certain rights in relation to the Personal Data that we hold about you. With respect to data for which we are a processor, please contact the applicable controller (the Customer) directly. We reserve the right to ask for reasonable evidence to verify your identity before we comply with any of your requests.
6.1 Right of Access – You have a right to know what Personal Data we collect about you. Subject to applicable law, we may charge a fee for providing this information. If we are not able to provide you with all of the information you request, we will do our best to explain why.
6.2 Right to Data Portability – If you are an EU Individual and processing is based on your consent or performance of a contract with you and is being carried out by automated means, you may be entitled to (request that we) provide a copy of the Personal Data you provided in a structured, commonly-used, and machine-readable format.
6.3 Right to Correct Personal Data – Subject to certain limitations, you may request that we update, complete, correct, or delete inaccurate, incomplete, or outdated Personal Data.
6.4 Deletion of Personal Data (“Right to Be Forgotten”) – If you are an EU Individual, you have a right to request that we delete your Personal Data if either: (i) it is no longer needed for the purpose for which it was collected, (ii) our processing was based on your consent, which you have withdrawn, (iii) you have exercised your Right to Object (see below), (iv) processing was unlawful, or (iv) deletion is required for compliance with a legal obligation. To ensure that we do not collect any additional Personal Data, you should terminate your account and clear our cookies from devices where you have visited our Site or Solution. We may retain certain Personal Data following such request as permitted by applicable law.
6.5 Right to Restrict Processing – If you are an EU Individual, you can ask us to limit the processing of your Personal Data if either: (i) you contested its accuracy and want us to limit processing until this is verified; (ii) processing is unlawful, but you do not want us to erase the Personal Data; (iii) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend of a legal claim; (iv) you have exercised your Right to Object (below) and we are in the process of verifying our legitimate basis for processing.
6.6 Direct Marketing Opt Out – You can change your mind at any time about your election to receive marketing communications from us and/or having your Personal Data processed for direct marketing purposes. You can do so by Contacting Us. We will process your request as soon as reasonably possible, however it may take a few days before opt out is effective.
6.7 Right to Object – If you are an EU Individual, you can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
6.8 Withdrawal of Consent – You may withdraw your consent in connection with any processing of your Personal Data based on a previously granted consent. This will not affect the lawfulness of any processing prior to such withdrawal.
6.9 Right to Lodge a Complaint with Your Local Supervisory Authority – If you are an EU Individual, you may have the right to submit a complaint to the relevant supervisory data protection authority if you have any concerns about how we are processing your Personal Data, though we ask that as a courtesy you please attempt to resolve any issues with us first.
7.1 Subject to applicable law, we retain Personal Data as necessary for the purposes set forth above. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized access, the purposes for which it was collected, and applicable legal requirements. We may delete information without notice to you once we deem it is no longer necessary for these purposes. Retention by any of our service providers may vary in accordance with their policies.
7.2 In some circumstances, we may store your Personal Data for longer periods of time, such as where we are required to do so according to legal, regulatory, tax, audit, accounting requirements and so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings.
7.3 Please contact us if you would like details regarding the retention periods for different types of your Personal Data.
8.1 What are Cookies? When we use the term “cookie” we are referring to technologies that get stored locally on your browser or device and which help us identify you and collect information about you. These may be traditional cookies, web beacons, pixel tags, or similar.
8.1.1 Some cookies (session cookies) will only be stored until you leave the Site or Solution and some (persistent cookies) will remain for longer periods or until you delete them. For example, persistent cookies may be used to help save your settings across visits.
8.1.2 First-party cookies are placed by us, while third-party cookies may be placed by a third party. We use both first- and third-party cookies.
8.2 Cookie Consent – When visiting this Site, you shall be notified of the use of and placement of cookies and will be asked to agree to placement of cookies.
8.3 How We Use Cookies – We use cookies and similar technologies for the purposes described below. The specific names and types of the cookies we use may change but they generally fall into one of the following categories:
Necessary: These cookies are necessary in order to allow the Site and Solution to work correctly. They enable you to access the Site and Solution, move around, and access different services, features, and tools. These cookies cannot be disabled.
Functionality: These cookies remember your settings and preferences and the choices you make (such as language or regional preferences) in order to help us personalize your experience and offer you enhanced functionality and content.
Security: These cookies can help us identify and prevent security risks. They may be used to store your session information to prevent others from changing your password without your login information.
Performance: These cookies can help us collect information to help us understand how you use our Site and/or Solution, for example whether you have viewed messages or specific pages and how long you spent on each page. This helps us improve the performance of our Site and/or Solution.
Analytics: These cookies collect information regarding your activity on our Site and/or Solution to help us learn more about which features are popular with our users and how our Site and/or Solution can be improved.
8.4 Third Party Cookies:
– Google Analytics / Google Ads / Captcha
– HubSpot
– LinkedIn
– Sentry
– Message Bird (Pusher and Sparkpost)
8.5 How to Adjust Your Preferences – You can adjust your preferences through your browser’s settings. You can configure your settings to refuse all cookies and you can delete existing cookies at any time. Note that some features may not work properly if cookies are disabled or removed.
We do not knowingly collect Personal Data from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has enrolled without parental permission, please advise us immediately.
We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business, and we will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version. If we make material changes to this Privacy Notice, we will seek to inform you by notice on our Site or per email.
If you have any comments or questions if you wish to exercise any of your legal rights, you can contact us as follows:
11.1 By email: The easiest way to contact us is by emailing [email protected].
11.2 Through the Site: You can also contact us through the Contact Us form on the Site.
11.3 Representative: If you are in the EU or UK, you may also contact our EU representative, PrighterGDPR-Rep by Maetzler Rechtsanwalts GmbH & Co KG using the following link: https://prighter.com/q/18998836014 or at the following address: Schellinggasse 3/10, 1010 Vienna, Austria. Please add the following subject to all correspondence: ID-18998836014