Last updated: January 25, 2019
This Privacy Policy describes the types of personal information StrongAuth, Inc. (“StrongKey,” “us,” “we” or “our”) collects through strongkey.com, www.theencryptedweb.com, and www.strongauth.com (the “Site”), and how we collect, use, and share that information. This Privacy Policy does not govern our collection of personal information through any other website or other means, other than through the Site.
Our processing of personal data, such as your name, address, e-mail address, or telephone number, shall be undertaken consistent with the requirements of applicable privacy laws, including, but not limited to, the General Data Protection Regulation (“GDPR”). The purpose of this Privacy Policy is to provide to users and potential users of our website information about the nature, scope, and purpose of the personal data we collect, use and process and to advise data subjects of their rights. Whether we serve as the data controller or processor, StrongKey has implemented numerous technical and organizational measures to ensure the protection of personal data processed through the Site. However, Internet-based data transmissions may in principle have security gaps, so please understand that absolute protection is not assured.
By using the Site, you accept and expressly agree to our practices surrounding the collection, use, and sharing of personal information provided by you in the manner described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, you cannot, and we do not authorize you to, access, browse, or use the Site.
Except for physical location information and tracking technologies (as described below), you do not have to give us any personal information to browse this Site. However, you may be asked to provide personal information to submit or request information from us, or to use the services offered through this Site. Once you provide us with your personal information, you are no longer anonymous to us. This information may include:
In order to access and use certain areas or features of the Site, you consent to our collection and use of your physical location information if you use the Site on a location-enabled device (including GPS, cellular, and Wi-Fi networks) or from your browser.
In order to access and use certain areas or features of the Site, you consent to our collection and use of certain information about your use of the Site through the use of tracking technologies or by other passive means. Your consent to our access and use of this “passively collected” information includes, but is not limited to, the domain name of the website that allowed you to navigate to the Site, search engines used, the internet protocol (IP) address used, the length of time spent on the Site, the pages you looked at on the Site, other webpages you visited before and after visiting the Site, the type of internet browser you have, the frequency of your visits to the Site, and other relevant statistics, including the following:
StrongKey complies with its obligations under applicable privacy laws by: keeping personal data up to date where needed based on the purposes for which the personal data is being processed; by not collecting or retaining excessive amounts of data; by ensuring that appropriate technical measures are in place that are designed to protect personal data from loss, alteration, misuse, unauthorized access and disclosure as it is transmitted, stored, or otherwise processed, and by using appropriate measures to securely destroy personal data when it is no longer needed by StrongKey.
Personal information collected through the Site may be used by us and our affiliates for purposes of:
We do not sell, rent, trade, or otherwise share personal information collected through the Site, except as described below:
We may compile de-identified personal information and other information collected through the Site on an aggregate basis. This information may include, without limitation, the number of users who have registered for the Site and demographic information about users of the Site. Such aggregate information does not identify you individually. We may use aggregate information and share aggregate information with third parties for any of the purposes specified in this Privacy Policy, and for any other lawful purpose.
You can always choose whether or not to provide information on the Site. However, if you choose not to disclose certain information, you may not be able to register as a user of the Site, which may limit your access to certain portions of the Site.
If at any time you decide that you no longer wish to receive notices from us regarding the Site, you may indicate this preference by contacting us at [email protected].
As described in more in our Cookie Policy located at https://strongkey.com/privacy-policy-terms-of-use/#cookie-policy, you can configure your browser not to accept cookies or to notify you when a cookie is being sent.
Unless subject to an exemption under the GDPR, if your personal data is subject to the GDPR, you have the following rights with respect to your personal data:
If your personal data is subject to the GDPR, StrongKey will transfer personal data from the European Economic Area (EEA) to a location outside the EEA only when there has been a documented adequacy determination, or where StrongKey has confirmed adequate privacy protections. If StrongKey transfers personal data to a third party acting as an agent of StrongKey, we will also obligate the third party to have adequate privacy protections in place.
StrongKey may transfer personal data to and on behalf of clients and third parties with whom StrongKey has an existing service agreement or as part of our legal obligations, each of which shall be subject to StrongKey policies, and only to the extent necessary for purposes of legitimate interests pursued by the data controller (or by a third party).
Under the GDPR, data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent. We do not engage in automated decision making.
If we wish to use your personal data for a new purpose, not covered by this Privacy Policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
We employ reasonable security precautions to help protect against the loss, misuse, and alteration of personal information provided on or through the Site. These security measures include: Storing all passwords in hashed form, forced SSL encryption of all CMS communications, monitoring deployed on server (monitors critical files for changes as well as any failed user logins, any users added to the system, or any password changes, the starting or certain services and even attempted attacks), and Hubspot’s security protocols. However, no method of transmitting or storing data is completely secure. As a result, although we strive to protect personal information about you, we cannot guarantee the security of any information you transmit to us through or in connection with the Site. If you have reason to believe that personal information is no longer secure, please notify us immediately by contacting us in accordance with the last section below.
Children are not eligible to use the Site, and we ask that minors (children under the age of 16) not submit any personal information to us. If you are a minor, you can use the Site only in conjunction with your parents or guardians.
Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2018 will receive information regarding 2017 sharing activities).
To obtain this information on behalf of StrongKey, please send an email message to [email protected] with “Request for California Privacy Information” on the subject line and in the body of your message. We will provide the requested information to you at your e-mail address in response. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.
The Site may contain links to various websites that we do not control. When you click on one of these links, you will no longer be transacting business through the Site. Third party websites maintain their own privacy policies, and we do not exercise any control over any of the third-party websites that may be linked to the Site. If you visit a website that is linked to the Site, you should consult that website’s privacy policy before providing any personal information. Please be aware that we are not responsible for the privacy practices of such other websites, and we are not liable for their misuse of personal information about you.
The Site is hosted in the United States. All matters relating to the Site are governed exclusively by the laws of the State of California in the United States of America and not the jurisdiction in which you are located. If you are located outside of the United States of America and you contact us, please be advised that any information you provide to us will be transferred to the United States of America and that by submitting information, you explicitly authorize such transfer.
We may change or update the Site or any of our policies and procedures without prior notice, except that if any changes are likely to have an adverse impact on your rights under data protection law, we will use reasonable efforts to notify you of the changes in advance in writing or by post mail, and, where required, obtain your consent to our activities. We will post a notice on this Site to advise you of any significant changes to this Privacy Policy and indicate via the “Last Updated” legend in this Privacy Policy when it was most recently updated. Except to the extent that your express consent to any change or update is required under data protection law, your continued use of the Site signifies your continued assent to the terms of this Privacy Policy, as updated or amended at that time.
If you have any questions or comments regarding this Privacy Policy, please send us an email at [email protected]
If your personal data is subject to the GDPR, the data controller for the purposes of GDPR or other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
StrongAuth, Inc.
Email: [email protected]
Any data subject may, at any time, contact us directly with any questions and suggestions concerning data protection. We encourage interested persons to raise any concerns about the collection, use, or processing of personal data using the contact information provided above. In the event of a privacy related issue or complaint, we will investigate and attempt to promptly resolve any complaints and disputes regarding use and disclosure of personal data.
For complaints that cannot be resolved, if your personal data is subject to the GDPR, we commit to cooperating with the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, and comply with the advice given by the DPAs or FDPIC about personal data transferred from the EU or Switzerland.
In order to facilitate the handling of complaints, individuals in the EU can choose to contact their national DPA or use the form located at this link:
http://ec.europa.eu/newsroom/document.cfm?doc_id=42962
Individuals in Switzerland can contact the Swiss FDPIC by visiting:
https://www.edoeb.admin.ch/edoeb/de/home.html
This independent dispute resolution process is provided at no cost to the individual.