Last Updated: October 5, 2020
This Policy also explains how we collect personal information from other persons, including visitors to our physical premises; investors, vendors, suppliers, business partners, consultants, and other service providers engaged by Dragos; applicants for employment with Dragos and other individuals engaged by or providing services to Dragos.
We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.
Information You Provide to Us
You may provide us with certain information about you in the course of using our Services, and otherwise interacting with us, such as: when you create an account; use our Community Tools or otherwise participate in any interactive features of the Services; fill out a form; subscribe to an email list or newsletter; request customer support; request a whitepaper; register for a training course, demonstration, free trial, or webinar; participate in a contest or promotion; provide goods or services to us; apply for employment with us; or otherwise communicate with us. The types of information that we may collect include, but are not limited to, your full name, username, email address, phone number, home or mailing address, payment and other financial information, occupation, educational details, (including academic and other transcripts), job title, employment history, skills, background checks passage information, and signature. We may also collect information you supply to us concerning your preferences and interests expressed in the course of use of our Services.
The circumstances in which we collect information from you outlined above include where we collect information from you in your personal capacity or where you are acting on behalf of a third party whom you represent, (for instance as an employee, contractor or agent).
You may choose to deal with Dragos anonymously or by pseudonym. If you choose not to provide us with information about you, this may prevent us from providing our Services to you or limit our ability to provide the level of service you would normally expect from us.
Automatically Collected Information
When you access or use our Services, we automatically collect information about you, including:
- Log Information: We collect log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Services.
- Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
Information We Collect from Other Sources
We obtain information from other sources and combine that with information we collect through our Services. For example, we may collect information about you from third parties and publicly available sources, such as LinkedIn.
We may also obtain information about you from our customers in the course of providing Services to those customers. Under the written agreements between us and our customers, we ensure that our customers are obliged to comply with relevant privacy law in your jurisdiction when they collect information about you and disclose that information to us.
Through a partnership with CrowdStrike, Inc. (“CrowdStrike”), we offer a Service called ICS/OT Threat Detection. This integration analyzes device, network, and event data collected as part of your CrowdStrike Falcon deployment to look for indicators of known adversary activity on your IT network. These indicators could reveal that your IT network has been targeted by OT focused actors. As a part of the ICS/OT Threat Detection integration, and with your consent when you download our application from CrowdStrike’s app store, we receive information in the form of event data about your users from CrowdStrike. Such event data largely consists of non-personal information but does contain certain online identifiers such as IP addresses of your users as well as your users’ device IDs that are capable of identifying an individual or their device.
Through the Services, we provide links to websites outside of our website, as well as to third party websites. These linked sites are not under our control, and we do not accept any responsibility or liability for third-party websites’ policies or processing, collection, use, disclosure, or management of your personal information. Before disclosing your personal information on any other website, we advise you to examine the terms and conditions of using that website and its privacy statement or policy. If you provide us with personal information about any third party who is an individual, you must obtain that person’s permission to give us the information and inform them that you have given the information to us.
Use of Information
Information we collect about you is used to provide, maintain, and improve our Services, such as to administer your use of our Services and to enable you to enjoy and easily navigate the Sites.
We also use the information we collect to:
- Send you technical notices, updates, security alerts, support, and administrative messages, and to respond to your comments, questions, and customer service requests;
- Communicate with you about products, services, offers, and events offered by us and others, and provide newsletters, marketing or promotional materials, and information we think will be of interest to you;
- Monitor and analyze trends, usage, and activities in connection with our Services;
- Detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of Dragos, our customers, and others;
- Personalize and improve the Services and provide advertisements, content, or features that match your interests;
- Facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards;
- Manage our contractual relationships with vendors, suppliers, business partners, consultants, and other service providers with whom we do business;
- Carry out internal functions including training;
- Administer and manage your investment in Dragos; and
- Determine if you are eligible for employment with us.
We share information about you as follows or as otherwise described in this Policy:
With vendors, suppliers, business partners, consultants, and other service providers who need access to such information to carry out work on our behalf including to facilitate operation, access, and use of our Services, provide Services on our behalf, perform Site-related services (including, but not limited to, data storage, maintenance services, database management, web analytics, customer relationship management vendors, and improvement of the Sites’ features) or assist us in analyzing how our Services are used;
In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;
If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property, and safety of Dragos, our customers, or others;
In connection with, or during negotiations of, any merger, sale of our assets, financing or acquisition of all or a portion of our business by another company;
Between and among Dragos and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership; and
With your consent or at your direction
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
Advertising and Analytics Services Provided by Others
Transfer of Information to the U.S. and Other Countries
Dragos is based in the United States and we process and store information in the U.S. Therefore, we and our service providers may transfer your information to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. By providing us with your personal information, you consent to this transfer, storage, or access in these jurisdictions.
If you are in the European Economic Area, we provide adequate protection for the transfer of personal data to countries outside of the EEA through a series of intercompany agreements based on the Standard Contractual Clauses authorized under EU law. You are entitled to obtain a copy of these agreements by contacting us using the contact information below.
You may request to access, review, update, correct, or delete the information provided in your registration or that you otherwise provided to us by contacting us at info@Dragos.com. Please note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.
You may opt-out of receiving promotional emails from us by following the instructions at the bottom of those emails or by contacting us with your request at info@Dragos.com. If you opt-out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
Additional Disclosure for Individuals in Europe
If you are located in the European Economic Area or Switzerland, you have certain rights and protections under the law regarding the processing of your personal data.
Legal Basis for Processing
When we process your personal data, we will only do so in the following situations:
- We need to use your personal data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the Services).
- We have a legitimate interest in processing your personal data. For example, we may process your personal data to send you marketing communications, to communicate with you about changes to our Services, and to provide, secure, and improve our Services.
- We find such processing is necessary to comply with our legal obligations.
- We have your consent to do so. When consent is the legal basis for our processing, you may withdraw such consent at any time.
Data Subject Requests
You have the right to access personal data we hold about you and to ask that your personal data be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may contact us as indicated below, and please specify in the subject line of any email “Data Subject Rights Request”.
We store the information we collect about you for as long as is necessary for the purpose(s) for which we originally collected it, or for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.
Questions or Complaints
If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your Data Protection Authority, please see:
http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm, or for Swiss residents, see https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
If you have any questions about this Policy, please contact us at info@Dragos.com.
For residents of the European Economic Area (“EEA”), our EEA Representative for data protection matters within the European Union, pursuant to Art. 27 of Regulation (EU) 2016/679 (the General Data Protection Regulation, or GDPR), is:
Attn: Dragos, Inc.
Additional Data Security Disclosures for Individuals in Australia
We store your personal information in different ways, including in paper and in electronic form, both at our own premises and with the assistance of our service providers.
We maintain reasonable technical and organizational measures to protect the security and the confidentiality of your personal information and require the same of any service providers who may process your information on our behalf. Please keep in mind, however, that no data transmission over the Internet or from a website can be guaranteed to be secure from intrusion. Therefore, while we use reasonable efforts to protect your personal information, we cannot guarantee its absolute security. Any unauthorized access to or use of the Services or the information stored by us should be reported to us immediately by sending an email to: info@Dragos.com.
Residents of Australia who wish to access, or seek correction of, their personal information, or complain about our handling of their personal information, should contact our privacy officer:
Phone: +1 240.583.1633
If you have any questions about this Policy, please contact us at info@Dragos.com.