Privacy Policy

Skybox Security Privacy Policy

Last Updated: June 2020
  • 1. Introduction & Overview
    • 1.1 Introduction
      • 1Skybox Security develops integrated security management solutions for enterprise–scale vulnerability and threat management, security policy and firewall management (the “Service”).
      • 2This Policy defines the ways in which Skybox collects, stores, shares, uses, retains and protects Personal Information (as defined below).
      • 3This policy describes the types of Personal Data collected by Skybox, the way Skybox uses and protects this information, and to whom it is disclosed.
      • 4In this Policy, “Skybox” or "we" refer to Skybox Security, Inc. and its “Affiliates”, which shall mean subsidiaries, parent companies, joint ventures and other corporate entities under common ownership.
    • 1.2 Definitions
      • 1“Data Subject” - a natural person whose Personal Information is processed by a controller or processor
      • 2“Identifiable natural person” - means one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
      • 3"Personal Data" - means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    • 1.3 Purpose and Scope
      • 1This Policy defines the ways in which Skybox collects, stores, shares, uses, retains and protects Personal Information.
    • 1.4 Applicability
      • 1All Skybox personnel and suppliers are responsible and accountable for adhering to and implementing this policy.
  • 2. Method
    • 2.1 Collection of Data
      We may collect two types of data from our users:
      • 1Personal Data:
        • The type of Personal Data collected in accordance with the Service may vary depending on the activity and may include:
          • First and last name (or the name you have associated with your device);
          • Telephone number;
          • Transaction identifiers for purchases;
          • Age and date of birth;
          • Gender;
          • Country;
          • If applicable, physical geolocation and that of the devices you use to access our Services;
          • Internet protocol (IP) addresses;
          • Zip code;
          • Area code;
        • Personal information collected in connection with your job application may include the following:
          • Name, address, telephone number, e-mail address, and other contact information;
          • Username and password;
          • Work authorization status;
          • CV, resume, cover letter, previous work experience, and education information;
          • Job openings you wish to be considered for;
          • Knowledge, skills, and abilities;
          • Professional and other work-related licenses, permits, and certifications held;
          • Referral names and contact information for referrals;
          • Information relating to character and employment references; and
          • Any other information you elect to provide to us (e.g., employment preferences, willingness to relocate, current salary, desired salary, awards or professional memberships).
      • 2Un-identified and non-identifiable information pertaining to a user(s), which may be made available or gathered via the user's use of the Services (“Non-personal Information”). We are not aware of the identity of the user from which the Non-Personal Information was collected. Such information includes the following:
        • Skybox may receive public information from third parties in connection with market and demographic studies and/or data that Skybox may use to supplement Personal Information provided directly by the customer.
        • Skybox gathers certain non-personal identification information and stores it in log files when you interact with Skybox websites. This information includes browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information.
      • 3Occasionally, we connect Personal Information to Non-personal information gathered in our log files as necessary to improve Skybox services for individual customers. In such a case, we would treat the combined Information as Personal Information in accordance with this privacy policy.
    • 2.2 Use of Personal Information
      • 1Skybox uses the Personal Information to create accounts, to process transactions, to operate and optimize our Services, to provide you with a safe, smooth, efficient and customized experience, to fulfill specific requests and to send its customers other account-related information.
      • 2In addition, the Personal Information provided to Skybox will allow it to send the users messages regarding, among other things, updates, new products, features, enhancements, special and promotional offers, upgrade opportunities and events of interest.
      • 3Skybox may also use Personal Information to
        • Better understand the behavior and preferences of its customers;
        • Provide technical support and respond to inquiries;
        • Help create a safer and more trusted environment for our customers by preventing fraud or potentially illegal activities;
        • Deliver and enforce our Terms of Service,
        • Target and serve static and dynamic advertising;
        • Solicit input and feedback to improve Skybox products and Services and their content;
        • Ensure proper functioning of our products and Services;
        • Personalize our services and manage and deliver contextual and behavioral advertising;
        • Administer surveys or other promotional activities or events sponsored or managed by us or our business partners;
        • Comply with our legal obligations, resolve any disputes we may have with customers;
        • Enforce our agreements with third parties and conduct research.
      • 4Skybox may send periodic emails. The email address users provide for order processing will be used only to send them information and updates pertaining to their order or to respond to their inquiries, requests or questions. Users who decide to opt in to Skybox’ mailing list will receive emails that may include company news, updates, related product or service information, etc. Users who wish to unsubscribe from the list may do so at any time by following the detailed instructions found at the bottom of each email they receive from Skybox.
      • 5Allow candidates to apply for a job through Skybox' site
      • 6In additionto the direct Service, Skybox uses Personal Information that people voluntary provide to reply to users' request of information regarding Skybox products and services
    • 2.3 Cross-Border Transfer, Processing and Storage of Personal Information
      • 1As part of its international operations, Skybox may transfer Personal Information to its Affiliates from time to time for our legitimate business purposes.
      • 2Skybox transfers Personal Information only if the recipient of the Personal Information has provided appropriate safeguards, and on condition that enforceable Data Subject rights and effective legal remedies for Data Subjects are available.
      • 3Personal Data collected may also be processed by Skybox' employees operating outside of the European Economic Area or one of its Affiliates or vendors. This staff may be engaged in processing transactions and payment details or provisioning support services. Skybox vendors are carefully vetted through a vendor assessment procedure and are legally committed to comply with relevant regulations.
    • 2.3.1 Use of Personal Information for job applications and recruitment
      • If you apply for a job with Skybox, your information will undergo some additional processing. We use your personal information to
        • Enable you to express interest in and allow you to apply for employment at Skybox;
        • assess and compare your skills, qualifications, and experience against other candidates and consider your candidacy for employment at Skybox;
        • update and sync with information we may have previously collected about you related to employment at Skybox;
        • communicate with you about the recruitment process, your application, recruitment events, and other potential career opportunities at Skybox;
        • inform our internal analysis and reporting on our hiring practices and make improvements to our application and recruitment process;
        • ensure or enhance the security and functionality of Skybox’s electronic recruitment systems;
        • protect against fraud; conduct internal investigations; or comply with legal obligations.
      • Screening/Interviewing Information:
        • If we decide that you may be a good fit for employment at Skybox, we will contact you to request additional information as part of the screening and interviewing process, which may include:
          • Your desired salary and other terms relating to computation of compensation and benefits packages, willingness to relocate, and other job preferences
          • Your fitness for a particular position, including your skills, qualifications, and experience
          • Any previous applications you submitted to Skybox or any previous employment history with Skybox
        • We use this information to assess and compare your skills, qualifications, and experience against other candidates; consider your candidacy for employment at Skybox; to generate interviewer notes and candidate scores; and to update and sync with information we may have previously collected about you related to employment at Skybox.
      • Verification Information: As part of the recruitment process, we may also request information necessary to verify your information and run background checks, including:
        • Your tax Identification or other government identification number (e.g., a social security number);
        • Your nationality or citizenship;
        • Whether you previously used other names;
        • Whether you previously worked at Skybox and in what capacity;
        • Whether you are legally authorized to work in the country you are applying to work in;
        • Whether you require sponsorship to continue or extend your current work authorization, and what your current immigration status is;
        • Information regarding potential conflicts of interest issues, including whether you or a member of your family have been a Government Official and
        • Your date and place of birth.
      • We will use this information (in addition to your other personal information) to
        • verify your information and identity;
        • conduct background checks;
        • confirm your eligibility and right to work at a particular Skybox office;
        • confirm that there are no potential conflicts of interest issues in hiring you;
        • and populate your employee records with your name and email address in the event you are hired by Skybox.
      • In addition, where requested by you, we will use this information to assist you with obtaining an immigrant visa or work permit, if required.
      • Your information may be shared with the Skybox employee who referred you to inform them about the limited, general status of the referral.
      • In addition, where permitted by local law, we will share your information with employment background check providers to verify your information and to obtain necessary background checks.
      • If you are offered and accept employment with Skybox, the personal information collected during the job application and recruitment process may become part of your employment record.
      • We will use your personal information only in ways that are compatible with the purposes described in this policy.
    • 2.4 Sharing Information With Third Parties
      • 1In all cases of data access and collection, the information provided will not be disclosed, rented, loaned, leased, sold, or otherwise voluntarily distributed to unaffiliated third parties and will be used solely for the purpose stated herein. Specifically, Skybox does not share Personal Information with third parties for their direct marketing purposes unless upon specific consent to such disclosure.
      • 2Skybox has not sold Personal Information in the preceding 12 months.
      • 3Skybox has disclosed the following categories of Personal Information for a "Business Purpose" (as this term is defined under the California Consumer Privacy Act of 2018 ("CCPA"):
        • Identifiers (name, email address, IP address, etc.);
        • Commercial information (transactional history);
        • Geolocation data .
      • 4Skybox may share Personal Information with third parties who help Skybox to maintain, administer or develop its website, such as sending out newsletters or surveys. Skybox may share users’ information with such third parties, for those limited purposes, for a limited time and only subject to Users’ permission.
      • 5Skybox discloses Personal Information to third parties only if they have satisfactory measures to protect Personal Information.
      • 6Skybox cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any Personal Information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party's property and rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or poses a risk of being, illegal, unethical, inappropriate or legally actionable. We also may be required to disclose an individual’s Personal Information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.
      • 7Skybox may share your Personal Information if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your data in accordance with the terms of this Privacy Policy.
    • 2.5 Links to Third Parties’ Sites
      • 1Skybox may include or offer links to third party products or services. Skybox does not control the content or links that appear on such other sites and is not responsible for the practices they employ. These parties should have separate and independent privacy policies, and Skybox has no responsibility or liability for the content and activities of these linked sites.
    • 2.6 Children’s Privacy
      • 1Skybox is committed to protecting the privacy needs of children and encourages parents and guardians to take an active role in their children’s online activities and interests. Skybox does not knowingly collect information from children under the age of 18 without their parents' or guardians’ consent. Skybox relies upon the accuracy of information provided by the controller to determine age.
    • 2.7 Legal Basis for Collection
      • 1If you are an individual from the European Economic Area, please note that our legal basis for collecting and using your Personal Information will depend on the Personal Information collected and the specific context in which we collect it.
      • 2We normally collect Personal Information only where: (a) we have your consent to do so, (b) where we need your Personal Information to perform a contract with you (e.g. to deliver the Services you have requested), (c) where the processing is in our legitimate interests; or (d) where we are required to collect, retain or share such information under applicable laws. In some cases, we may need the Personal Information to protect your vital interests or those of another person.
      • 3Where we rely on your consent to process your Personal Information, you have the right to withdraw or decline consent at any time. Where we rely on our legitimate interests to process your Personal Information, you have the right to object.
      • 4If you are a job applicant, Skybox processes your personal information pursuant to one or more of the following legal bases:
        • The processing is necessary in connection with our legitimate interests in recruitment and hiring candidates.
        • The processing is necessary to take steps, at your request, relating to potentially entering into an employment contract with you.
        • The processing is necessary to comply with our legal obligations, such as retaining records relating to the recruitment process for periods required under applicable laws or regulations.
        • We may also seek your consent to process or retain your personal information in certain, limited circumstances that we clearly identify to you.
      • 5If you have any questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us through the contact details available below
    • 2.8 User Rights
      • 1As an EU resident, you may request to:
        • Receive confirmation as to whether or not Personal Information concerning you is being processed, and access your stored Personal Information, together with supplementary information.
        • Receive a copy of Personal Information you directly volunteer to us in a structured, commonly used and machine-readable format.
        • Request rectification of your Personal Information that is in our control.
        • Request erasure of your Personal Information.
        • Object to the processing of Personal Information by us.
        • Request to restrict processing of your Personal Information by us.
        • Lodge a complaint with a supervisory authority.
        • Please note that these rights pertain to EU residents only, are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
      • 2As of January 1st 2020, California residents will be granted with the following rights:
        • Receive confirmation as to whether or not Personal Information concerning you is being processed, and access your stored Personal Information, which was collected in the 12 months prior to the request, together with supplementary information.
        • Receive a copy of Personal Information you directly volunteer to us in the 12 months prior to the request, in a structured, commonly used and machine-readable format.
        • Request erasure of your Personal Data by us.
        • Not to be discriminated because of the exercise of your rights under the CCPA.
      • However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
        • Users Outside the EU and California - Some of the aforementioned rights are applicable in certain jurisdictions outside the EU and California as well. Users residing outside the EU and California are welcome to contact us for any questions or requests at the details below.
        • Data Subjects may send the request to the details bellow of through our support portal.
    • 2.9 Protecting your Information
      • 1Skybox follows appropriate data collection, storage and processing practices and suitable security measures in order to protect against unauthorized access, alteration, disclosure or destruction of your Personal Information, username, password, transaction information, and all other data stored on our Site.
      • 2Sensitive and private data exchange between Skybox's site and its users happens over a secured SSL communication channel and is encrypted and protected with digital signatures.
      • 3While Skybox strives to protect your Personal Information, we cannot ensure or warrant the security and privacy of your Personal Information or other content you transmit using the Service, and you do so at your own risk.
    • 2.10 Retention
      • 1We will retain your Personal Information for as long as necessary to provide our Service, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client Personal Information, account opening documents, communications and anything else as required by applicable laws and regulations.
      • 2Personal Information related to job applications will generally be retained for 12 months after an unsuccessful application. At the end of that 12-month period, your personal information will be deleted from our recruiting applications. If you decide during the 12-month period that we not keep your personal information for that period to consider you for future employment at Skybox, please contact Skybox to request that your personal information be deleted. Note that we may retain some of your personal information as required by applicable law or Skybox policy.
      • 3If your application for employment is successful, we will transfer some of the Personal Information we have collected about you to your Human Resources file, which is maintained pursuant to Skybox’s internal Human Resources Privacy Policy.
    • 2.11 Tracking Technologies
      • 1When you visit or access our Services we use (and authorize third parties to use) pixels, cookies, events and other technologies. Those allow us to automatically collect information about you, your device and your online behavior, in order to enhance your navigation in our Services, improve our Services’ performance, perform analytics and customize your experience. In addition, we may merge data we have with data collected through these tracking technologies and data we may obtain from other sources and, as a result, such data may become Personal Information. "Cookies" - are small pieces of information that are stored by the user’s browser on the user’s computer hard drive which enables the organization to recognize the user’s computer when the user returns to the site. A cookie file can contain information such as a user ID that may be used to track the pages you have visited on our site.
      • 2To learn more about our Tracking Technologies please visit:
      • 3Turning off cookies via your web browser -  most web browsers will provide you with some general information about cookies, enable you to see what cookies are stored on your device, allow you to delete them all or on an individual basis, and enable you to block or allow cookies for all websites or individually selected websites. You can also normally turn off third party cookies separately. Please note that the settings offered by a browser or device often only apply to that particular browser or device. Information about cookies is usually found in the "Help" section of the web browser. Below are some links to some commonly used web browsers:
    • 2.12 Changes to this privacy policy
      • 1Skybox has the discretion to update this privacy policy at any time.
      • 2The most current version will always be posted on our website (as reflected in the "Last Updated" heading).
      • 3You are advised to check for updates regularly. By continuing to access or use our Service after any revisions become effective, you agree to be bound by the updated Privacy Policy.
      • 4As of January 1st 2020, this privacy policy will be updated at least once every 12 months.
    • 2.13 Contact Information
      • 1For any questions, comments or concerns about our Privacy Policy or any other issue please contact Skybox via:
      • 2All notices given by you or required from you under this Privacy Policy shall be in writing and addressed to: Skybox Security, Inc., 2077 Gateway Place, Suite 200, San Jose, California 95110 USA.