Effective Date: January 2023
Ironwood Cyber Inc. (“Ironwood,”“we,” “us,” or “our”) is a provider of online cybersecurity products and services(together, the “Services”). This PrivacyPolicy applies to the personal information that we collect and process in relation to our products and services, including via our website located at https://ironwoodcyber.com/ (the “Site”). Please note that if we process your personal information in the context of providing services for our business clients, you should contact our client with questions or for more information, as its privacy policy will apply rather than ours.
- Types of Information We Collect
- Use and Processing of Information
- Sharing of Information
- Your Choices
- How We Protect Personal Information
- Additional Disclosures for Data Subjects in the EEA, the U.K., and Switzerland
- Transfer of Information to Other Countries
- Changes to This Policy
- Contact Us
Types of Information We Collect
We receive personal information from our clients, potential clients, and employees. The following provides examples of the typeof information that we collect and how we use that information.
Primary Purpose for Collection and Use of Data
Information about Clients
We collect the name, and contact information, of our business clients and their employees with whom we interact.
Communicating with ourclients concerning normal business administration such as projects, services,and billing.
Cookies and First Party Tracking
We may use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a web site is viewed. Clear GIFs are near-invisible graphics that allow us to track when a webpage opens and displays.
Making our website operate efficiently and understanding how visitors interact with our websites.
Cookies and Third Party Tracking
We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites.
For analytics, advertising and security purposes.
If you receive email from us, we use certain tools to capture data related to when you open or interact with our messages.
Understanding how you interact with the communications that we send to you.
If you apply for a job posting, or become an employee, we collect information necessary to process your application or to retain you as an employee.
Performing our employment obligations (e.g., to process paychecks) and processing prospective candidates’ applications. In some contexts, we are also required by law to collect information about our employees.
If you provide us feedback or contact us for support we will collect your name and e-mail address, as well as any other content that you send to us, in order to reply.
Receiving and acting uponyour feedback or issues.
We may offer you the ability to sign up for a mailing list. If we do so we will collect your email address or postal address.
Sharing information about our products or services.
We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.
Monitoring our networks and the visitors to our websites.
In addition to the information that we collect from you or from our clients directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.
Use and Processing of Information
In addition to the purposes and uses described above, we use information in the following ways:
- To identify you when you visit our websites or our services.
- To provide products and services.
- To provide products and services to your business or employer.
- To improve our services and product offerings.
- To conduct analytics.
- To respond to inquiries related to support, employment opportunities, or other requests.
- To send marketing and promotional materials, including information relating to our products, services, sales, or promotions.
- For internal administrative purposes, as well as to manage our relationships.
Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you purchase a product from us, we collect your information to fulfill your order, but we also collect your information because we have an interest in understanding who our clients are and what services we perform on their behalf.
Sharing of Information
In addition to the specific situations discussed elsewhere in this policy, we disclose information in the following situations:
- Affiliates and Acquisitions. We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or anticipates acquiring, our company, business, or our assets, we will also share information with that company.
- Other Disclosures with Your Consent. We may ask if you would like us to share your information with unaffiliated third parties who are not described elsewhere in this policy.
- Other Disclosures without Your Consent. We may disclose information in response to subpoenas, warrants, discovery requests, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.
- Public. Some of our websites may provide the opportunity to post comments, or reviews, on a message board or in a public forum. If you decide to submit information on these pages, that information may be publicly available.
- Service Providers. We may share your information with service providers. Among other things service providers may help us to administer our website, perform hosting, provide technical support, process payments, and assist in the fulfillment of cybersecurity service requests.
Your Choices
You can make the following choices regarding your personal information:
- Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send promotional materials to you. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications.
- Access to Your Personal Information. We will grant you, where required by law, reasonable access to the personal information that we have about you. You may request access to your personal information by contacting us at the address described below.
- Changes to Your Personal Information. You can contact us at the address described below in order to request that your information be modified.
- Deletion of Your Personal Information. We typically retain personal information that we collect on our own behalf for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. You may request information about how long we keep a specific type of information, or request that we delete your personal information, by contacting us at the address described below.
- Revocation of Consent or Objections. You may revoke consent to processing (where our processing is based upon consent), or object to our processing (where our processing is not based upon your consent) by contacting us at the address described below. If you revoke your consent / object we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent / object if the law permits or requires us to do so, or if we are unable to adequately verify your identity.
- Do Not Track. Due to the absence of a current “Do Not Track” standard, the Site does not currently respond to “Do Not Track” signals.
How We Protect Personal Information
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. If we are required by law to inform you of any unauthorized access to your personal information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Our website or service may permit you to create an account. When you do you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.
Additional Disclosures for Data Subjects in the EEA, the U.K. and Switzerland
This section provides general information about how Ironwood collects, stores, uses, transfers and otherwise processes personal data in or from certain countries in the European Economic Area, the United Kingdom, and Switzerland (together, for purposes of this section of the Privacy Policy, “EEA”), in accordance with the General Data Protection Regulation (“GDPR”) and its local implementations.
Lawful Bases of Processing – Where Ironwood is acting as a data controller that determines the purposes and means of processing your personal data, such as when we collect, use, and share personal data as described above, we must have a lawful processing basis for doing so. Our lawful bases for processing personal data include:
- to conclude or perform a contract with you, for example to:
- process your purchases of or requests for cybersecurity products and services;
- communicate with you about purchases, professional services, accounts, and programs;
- for our legitimate business purposes, including to:
- respond to your customer service inquiries and requests for information;
- maintain, improve, and analyze our Site, advertisements, and the products and services we offer;
- detect, prevent, or investigate security breaches or fraud; and
- facilitate the functionality of our Services;
- to comply with our legal obligations, for example to maintain appropriate records for internal administrative purposes and as required by applicable law; and
- on the basis of your consent, for example to send you via email and other electronic means personalized promotions and special offers or informing you about our professional services, offerings, events, or other promotional purposes.
You can withdraw your consent at any time by contacting us as described in the “Contact Us” section below.
Your EEA Data Subject Rights – Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
Request correction of the personal information that we hold about you.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party), or where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
Request the transfer of your personal information to another party, when possible.
Not be subject to automated decision-making producing legal or significant effects on an individual, which we do not engage in.
To exercise any of these rights, please contact us as set forth in the “Contact Us” section below and specify which GDPR privacy right(s) you wish to exercise. We must verify your identity in order to honor your request, which we will respond to within 30 days of receipt.
Transfers –When we transfer or receive personal data from the EEA, we do so pursuant to appropriate safeguards or your explicit consent under GDPR Article 49.
Retention – As a general rule, we keep your data for only as long as it is needed to complete the purpose for which it was collected or as required by law. We may need to keep your data for longer than our specified retention periods to honor your requests, including to continue keeping you opted out of marketing emails, or to comply with legal, regulatory, accounting or other obligations.
Complaints – If you have any issues with our compliance, you have the right to lodge a complaint with an EEA supervisory authority (link). We would, however, appreciate the opportunity to first address your concerns and would welcome you directing an inquiry first to us per the “Contact Us” section below.
Transmission of Information to Other Countries
By submitting your personal information to us you agree to the transfer, storage and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction you can contact us using the contact information below.
Changes to This Privacy Policy
We may change our privacy policy and practices over time. To the extent that our policy changes in a material way, the policy that was in place at the time that you submitted personal information to us will generally govern that information unless we receive your consent to the new privacy policy. Our privacy policy includes an “effective” and “last updated” date. The effective date refers to the date that the current version took effect. The last updated date refers to the date that the current version was last substantively modified.
Contact Us
If you have any questions, comments, or complaints concerning our privacy practices please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.
Support@ironwoodcyber.com
301 Commerce Street Suite 2360
Fort Worth, TX 76102
United States