Last Updated: September 2019
1. Introduction & Overview
- Skybox Security develops integrated security management solutions for enterprise–scale vulnerability and threat management, security policy and firewall management (the “Service”).
- This Policy defines the ways in which Skybox collects, stores, shares, uses, retains and protects Personal Data (as defined below).
- This policy describes the types of Personal Data collected by Skybox, the way Skybox uses and protects this information, and to whom it is disclosed.
- In this Policy, “Skybox” or "we" refer to Skybox Security, Inc. and its “Affiliates”, which shall mean subsidiaries, parent companies, joint ventures and other corporate entities under common ownership.
- “Data Subject” - a natural person whose Personal Data is processed by a controller or processor
- “Identifiable natural person” - means one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- "Personal Data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.3 Purpose and Scope
- This Policy defines the ways in which Skybox collects, stores, shares, uses, retains and protects Personal Data.
- All Skybox personnel and suppliers are responsible and accountable for adhering to and implementing this policy.
2.1 Collection of Data
We may collect two types of data from our users:
- Personal Data: The type of Personal Data collected in accordance with the Service may vary depending on the activity and may include:
- First and last name (or the name you have associated with your device);
- Telephone number;
- Transaction identifiers for purchases;
- Age and date of birth;
- If applicable, physical geolocation and that of the devices you use to access our Services;
- internet protocol (IP) addresses;
- zip code;
- area code;
- Un-identified and non-identifiable information pertaining to a user(s), which may be made available or gathered via the user's use of the Services (“Non-personal Information”). We are not aware of the identity of the user from which the Non-personal Information was collected. Such information includes the following:
- Skybox may receive public information from third parties in connection with market and demographic studies and/or data that Skybox may use to supplement Personal Data provided directly by the customer.
- Skybox gathers certain non-personal identification information and stores it in log files when you interact with Skybox websites. This information includes browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information.
2.2 Use of Personal Data
- Skybox uses the Personal Data to create accounts, to process transactions, to operate and optimize our Services, to provide you with a safe, smooth, efficient and customized experience, to fulfill specific requests and to send its customers other account-related information.
- In addition, the Personal Data provided to Skybox will allow it to send the users messages regarding, among other things, updates, new products, features, enhancements, special and promotional offers, upgrade opportunities and events of interest.
- Skybox may also use Personal Data to
- Better understand the behavior and preferences of its customers;
- Provide technical support and respond to inquiries;
- Help create a safer and more trusted environment for our customers by preventing fraud or potentially illegal activities;
- Deliver and enforce our Terms of Service,
- Target and serve static and dynamic advertising;
- Solicit input and feedback to improve Skybox products and Services and their content;
- Ensure proper functioning of our products and Services;
- Personalize our services and manage and deliver contextual and behavioral advertising;
- Administer surveys or other promotional activities or events sponsored or managed by us or our business partners;
- Comply with our legal obligations, resolve any disputes we may have with customers;
- Enforce our agreements with third parties and conduct research.
- Skybox may send periodic emails. The email address users provide for order processing will be used only to send them information and updates pertaining to their order or to respond to their inquiries, requests or questions. Users who decide to opt in to Skybox’ mailing list will receive emails that may include company news, updates, related product or service information, etc. Users who wish to unsubscribe from the list may do so at any time by following the detailed instructions found at the bottom of each email they receive from Skybox.
- In addition to the direct Service, Skybox uses Personal Data that people voluntary provide to:
- Reply to users' request of information regarding Skybox products and services;
- Allow candidates to apply for a job through Skybox' site.
2.3 Cross-Border Transfer, Processing and Storage of Personal Data
- As part of its international operations, Skybox may transfer Personal Data to its Affiliates from time to time for our legitimate business purposes.
- Skybox transfers Personal Data only if the recipient of the Personal Data has provided appropriate safeguards, and on condition that enforceable Data Subject rights and effective legal remedies for Data Subjects are available.
- Personal Data collected may also be processed by Skybox' employees operating outside of the European Economic Area or one of its Affiliates or vendors. This staff may be engaged in processing transactions and payment details or provisioning support services. Skybox vendors are carefully vetted through a vendor assessment procedure and are legally committed to comply with relevant regulations.
2.4 Sharing Information With Third Parties
- In all cases of data access and collection, the information provided will not be disclosed, rented, loaned, leased, sold, or otherwise voluntarily distributed to unaffiliated third parties and will be used solely for the purpose stated herein. Specifically, Skybox does not share Personal Data with third parties for their direct marketing purposes unless upon specific consent to such disclosure.
- Skybox has not sold Personal Data in the preceding 12 months.
- Skybox has disclosed the following categories of Personal Data for a "Business Purpose" (as this term is defined under the California Consumer Privacy Act of 2018 ("CCPA"):
- Identifiers (name, email address, IP address, etc.);
- Commercial information (transactional history);
- Geolocation data .
- Skybox may share Personal Data with third parties who help Skybox to maintain, administer or develop its website, such as sending out newsletters or surveys. Skybox may share users’ information with such third parties, for those limited purposes, for a limited time and only subject to Users’ permission.
- Skybox discloses Personal Data to third parties only if they have satisfactory measures to protect Personal Data.
- Skybox cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any Personal Data about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party's property and rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or poses a risk of being, illegal, unethical, inappropriate or legally actionable. We also may be required to disclose an individual’s Personal Data in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.
2.6 Links to Third Parties’ Sites
- Skybox may include or offer links to third party products or services. Skybox does not control the content or links that appear on such other sites and is not responsible for the practices they employ. These parties should have separate and independent privacy policies, and Skybox has no responsibility or liability for the content and activities of these linked sites.
2.7 Children’s Privacy
- Skybox is committed to protecting the privacy needs of children and encourages parents and guardians to take an active role in their children’s online activities and interests. Skybox does not knowingly collect information from children under the age of 18 without their parents' or guardians’ consent. Skybox relies upon the accuracy of information provided by the controller to determine age.
2.8 Legal Basis for Collection
- If you are an individual from the European Economic Area, please note that our legal basis for collecting and using your Personal Data will depend on the Personal Data collected and the specific context in which we collect it.
- We normally collect Personal Data only where: (a) we have your consent to do so, (b) where we need your Personal Data to perform a contract with you (e.g. to deliver the Services you have requested), (c) where the processing is in our legitimate interests; or (d) where we are required to collect, retain or share such information under applicable laws. In some cases, we may need the Personal Data to protect your vital interests or those of another person.
- Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time. Where we rely on our legitimate interests to process your Personal Data, you have the right to object.
- If you have any questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us through the contact details available below
2.9 User Rights
- As an EU resident, you may request to:
- Receive confirmation as to whether or not Personal Data concerning you is being processed, and access your stored Personal Data, together with supplementary information.
- Receive a copy of Personal Data you directly volunteer to us in a structured, commonly used and machine-readable format.
- Request rectification of your Personal Data that is in our control.
- Request erasure of your Personal Data.
- Object to the processing of Personal Data by us.
- Request to restrict processing of your Personal Data by us.
- Lodge a complaint with a supervisory authority.
- Please note that these rights pertain to EU residents only, are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
- As of January 1st 2020, California residents will be granted with the following rights:
- Receive confirmation as to whether or not Personal Data concerning you is being processed, and access your stored Personal Data, which was collected in the 12 months prior to the request, together with supplementary information.
- Receive a copy of Personal Data you directly volunteer to us in the 12 months prior to the request, in a structured, commonly used and machine-readable format.
- Request erasure of your Personal Data by us.
- Not to be discriminated because of the exercise of your rights under the CCPA.
However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
- Users Outside the EU and California - Some of the aforementioned rights are applicable in certain jurisdictions outside the EU and California as well. Users residing outside the EU and California are welcome to contact us for any questions or requests at the details below.
- Data Subjects may send the request to the details bellow of through our support portal.
2.10 Protecting your Information
- Skybox follows appropriate data collection, storage and processing practices and suitable security measures in order to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data, username, password, transaction information, and all other data stored on our Site.
- Sensitive and private data exchange between Skybox's site and its users happens over a secured SSL communication channel and is encrypted and protected with digital signatures.
- While Skybox strives to protect your Personal Data, we cannot ensure or warrant the security and privacy of your Personal Data or other content you transmit using the Service, and you do so at your own risk.
- We will retain your Personal Data for as long as necessary to provide our Service, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client Personal Data, account opening documents, communications and anything else as required by applicable laws and regulations.
2.12 Tracking Technologies
- When you visit or access our Services we use (and authorize third parties to use) pixels, cookies, events and other technologies. Those allow us to automatically collect information about you, your device and your online behavior, in order to enhance your navigation in our Services, improve our Services’ performance, perform analytics and customize your experience. In addition, we may merge data we have with data collected through these tracking technologies and data we may obtain from other sources and, as a result, such data may become Personal Data. "Cookies" - are small pieces of information that are stored by the user’s browser on the user’s computer hard drive which enables the organization to recognize the user’s computer when the user returns to the site. A cookie file can contain information such as a user ID that may be used to track the pages you have visited on our site.
- To learn more about our Tracking Technologies please visit:
- Turning off cookies via your web browser - most web browsers will provide you with some general information about cookies, enable you to see what cookies are stored on your device, allow you to delete them all or on an individual basis, and enable you to block or allow cookies for all websites or individually selected websites. You can also normally turn off third party cookies separately. Please note that the settings offered by a browser or device often only apply to that particular browser or device. Information about cookies is usually found in the "Help" section of the web browser. Below are some links to some commonly used web browsers:
- The most current version will always be posted on our website (as reflected in the "Last Updated" heading).
2.14 Contact Information