Last Updated: June 3, 2022
This Policy also explains how we collect personal information from other persons, including visitors to our physical premises; investors, vendors, suppliers, business partners, consultants and other service providers and individuals engaged by or providing services to Dragos; applicants for employment with Dragos; prospective and current customers; training and other event participants; and other individuals engaged with Dragos.
We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.
Information You Provide to Us
You may provide us with certain information about you in the course of using our Services, and otherwise interacting with us, such as: when you create an account; use our community tools or otherwise participate in any interactive features of the Services; fill out a form; subscribe to an email list or newsletter; request customer support; request a whitepaper; register for a training course, demonstration, free trial, or webinar; participate in a contest or promotion; provide goods or services to us; apply for employment with us; or otherwise communicate with us.
The types of information that we may collect from you include, but are not limited to, your full name, username, email address, phone number, home or mailing address, payment and other financial information, occupation, educational details, (including academic and other transcripts), job title, employment history, skills, background checks passage information, and signature. We may also collect information you supply to us concerning your preferences and interests expressed in the course of use of our Services.
The circumstances in which we collect information from you outlined above include where we collect information from you in your personal capacity or where you are acting on behalf of a third party whom you represent, (for instance as an employee, contractor or agent).
You may choose to deal with Dragos anonymously or by pseudonym. If you choose not to provide us with information about you, this may prevent us from providing our Services to you or limit our ability to provide the level of service you would normally expect from us.
Automatically Collected Information
When you access or use our Services, we automatically collect information about you, including:
- Log Information: We collect log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Services.
- Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
Information We Collect from Our Customers
We may obtain information about you from our customers in the course of providing Services to those customers, which are often corporate entities. Our customers are obliged to comply with relevant privacy law in your jurisdiction when they collect information about you and disclose that information to us.
Information We Collect from Other Sources
We may obtain information about you from other sources, including publicly available sources and third parties where those parties have indicated that they have your consent or are otherwise legally permitted or required to disclose your personal information to us. We may combine that information with information we collect through our Services.
We may collect information about your devices or network event data as part of a partner integration where you use the Dragos “app” as part of the third party “app store”. Such device or network event data largely consists of non-personal information but does contain certain online identifiers such as IP addresses of your users as well as your users’ device IDs that are capable of identifying an individual or their device.
Third Party Websites
Through the Services, we provide links to websites outside of our website, as well as to third party websites. These linked sites are not under our control, and we do not accept any responsibility or liability for third party websites’ policies or processing, collection, use, disclosure or management of your personal information. Before disclosing your personal information on any other website, we advise you to examine the terms and conditions of using that website and its privacy statement or policy. If you provide us with personal information about any third party who is an individual, you must obtain that person’s permission to give us the information and inform them that you have given the information to us.
Dragos Customer Portal
We collect only the following information about you through your use and access of the Dragos proprietary intelligence portal and associated content, communications, information and services, accessible through or in connection with such portal, including Dragos Threat Intelligence reporting, also known as WorldView (collectively the “Dragos Customer Portal”):
- User information used to create and log into the Dragos Customer Portal, including your email address, first and last name, and password.
- Activity information, including which WorldView reports you download from the Dragos Customer Portal.
- Log information about your use of the Dragos Customer Portal, including the type of browser you use, access times, pages viewed, and IP address.
- Device information about the computer or mobile device you use to access the Dragos Customer Portal, including the operating system and version.
- Information collected by cookies and other tracking technologies as described and limited to above.
Use of Information
Information we collect about you is used to provide, maintain, and improve our Services, such as to administer your use of our Services and to enable you to enjoy and easily navigate the Sites.
We also use the information we collect to:
- Send you technical notices, updates, security alerts, support, and administrative messages, and to respond to your comments, questions and customer service requests;
- Communicate with you about products, services, offers, and events offered by us and others, and provide newsletters, marketing or promotional materials, and information we think will be of interest to you;
- Monitor and analyze trends, usage and activities in connection with our Services;
- Detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of Dragos, our customers, and others;
- Personalize and improve the Services and provide advertisements, content or features that match your interests;
- Facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards;
- Manage our contractual relationships with vendors, suppliers, business partners, consultants and other service providers with whom we do business;
- Carry out internal functions including training;
- Administer and manage your investment in Dragos; and
- Determine if you are eligible for employment with us.
We share information about you as follows or as otherwise described in this Policy:
- With vendors, suppliers, business partners, consultants and other service providers who need access to such information to carry out work on our behalf including to facilitate the general running of our business (including, but not limited to, recruitment and workforce administration), facilitate operation, access and use of our Services, provide Services on our behalf, perform Site-related services (including, but not limited to, data storage, maintenance services, database management, web analytics, customer relationship management vendors, and improvement of the Sites’ features) or assist us in analyzing how our Services are used;
- In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;
- If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of Dragos, our customers, or others;
- In connection with, or during negotiations of, any merger, sale of our assets, financing or acquisition of all or a portion of our business by another company;
- Between and among Dragos and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership; and
- With your consent or at your direction.
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
Advertising and Analytics Services Provided by Others
For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices.
For residents of the European Economic Area, please visit http://www.youronlinechoices.eu/.
For residents of Australia, please visit https://www.oaic.gov.au/privacy/your-privacy-rights/advertising-and-marketing/targeted-advertising/ and http://www.youronlinechoices.com.au/.
We store your personal information in different ways, including in paper and in electronic form, both at our own premises and with the assistance of our service providers.
We maintain reasonable technical and organizational measures to protect the security and the confidentiality of your personal information and require the same of any service providers who may process your information on our behalf. Please keep in mind, however, that no data transmission over the Internet or from a website can be guaranteed to be secure from intrusion. Therefore, while we use reasonable efforts to protect your personal information, we cannot guarantee its absolute security. Any unauthorized access to or use of the Services or the information stored by us should be reported to us immediately by sending an email to: firstname.lastname@example.org.
Transfer of Information to the U.S. and Other Countries
Dragos is based in the United States and we process and store information in the U.S. We also have entities, personnel, and service providers in other countries. Therefore, we and our service providers may transfer your information to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. By providing us with your personal information, you consent to this transfer, storage or access in these jurisdictions.
If you are in the European Economic Area, we provide adequate protection for the transfer of personal data to countries outside of the EEA through a series of intercompany agreements based on the Standard Contractual Clauses authorized under EU law. You are entitled to obtain a copy of these agreements by contacting us using the contact information below.
You may request to access, review, update, correct, or delete the information provided in your registration or that you otherwise provided to us by contacting us at email@example.com. Please note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. Our Cookie List is available at https://www.dragos.com/cookie-policy/.
You may opt-out of receiving promotional emails from us by following the instructions at the bottom of those emails or by contacting us with your request at firstname.lastname@example.org. If you opt-out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
Additional Disclosures for Individuals in Europe
If you are located in the European Economic Area or Switzerland, you have certain rights and protections under the law regarding the processing of your personal data.
Legal Basis for Processing
When we process your personal data, we will only do so in the following situations:
- We need to use your personal data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the Services).
- We have a legitimate interest in processing your personal data. For example, we may process your personal data to send you marketing communications, to communicate with you about changes to our Services, and to provide, secure, and improve our Services.
- We find such processing is necessary to comply with our legal obligations.
- We have your consent to do so. When consent is the legal basis for our processing, you may withdraw such consent at any time.
Data Subject Requests
You have the right to access personal data we hold about you and to ask that your personal data be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may contact us as indicated below and please specify in the subject line of any email “Data Subject Rights Request.”
We store the information we collect about you for as long as is necessary for the purpose(s) for which we originally collected it, or for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.
Questions or Complaints
If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside.
For contact details of your Data Protection Authority, please see:
http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm, or for Swiss residents, see https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
EU or UK Representative
For residents of the United Kingdon (UK) or European Economic Area (“EEA”), our representatives for data protection matters are as follows:
Attn: Dragos, Hopfenstr. 1d,
24114 Kiel, Germany
DP Data Protection Services UK Ltd.,
Attn: Dragos, 16 Great Queen Street,
Covent Garden, London, WC2B 5AH, United Kingdom
Additional Disclosures for Individuals in Australia
Residents of Australia who wish to access, or seek correction of, their personal information, or complain about our handling of their personal information may contact us at email@example.com.
If you have any questions about this Policy, please contact us at firstname.lastname@example.org.