Legal Notices

Banyan Security, Inc. Privacy Policy

Banyan Security, Inc. (the “Company,” “we,” or “us”) offers cyber risk management solutions by providing its customers information security services and a cloud-based SaaS platform in order to assess their cyber risk exposure. This Privacy Policy is made available to inform users of our practices regarding the kinds of information we collect, the use, disclosure and your options regarding the collection of information relating to an identified or identifiable natural person (“Personal Information”).

This Privacy Policy applies to Personal Information Processed by us in our business, including on our website at https://www.banyansecurity.io/, social media and blogs (collectively referred to in this Privacy Policy as “Sites”), and our online or offline products and services (the “Services”). All natural persons (“Individuals”) whose responsibilities include Processing Personal Information for us are expected to protect it by following this Privacy Policy. For the purposes of this Privacy Policy, “Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

This Privacy Policy does not apply to any third-party applications or software that integrate with our services through the Company platform or any other third-party products, services, or businesses.

This Privacy Policy may change from time to time (see the Changes section below) and you agree that your continued use of the Sites and the Services after we make such changes will be considered acceptance of those changes, so please periodically check this page for updates.

By accessing our Sites, or purchasing or using our products or Services, you agree to this Privacy Policy in addition to any other agreements we might have with you. In the event that such agreements contain terms that conflict with this Privacy Policy, the terms of those agreements will prevail.

1. Our Collection of Personal Information

Our primary goals in collecting personally identifiable information are to provide you with the services made available through the Sites and the Services, to communicate with you, and to manage your registered user account through which you can take advantage of the services made available through the Sites and the Services. We will also use the information you provide to analyze and improve Banyan Security’s products and services.

Types of Personal Information We Collect
Information You Provide to Us

  • Communications with Us. We may collect Personal Information from you such as login information, email address, phone number, mailing address, company name, country, and job title when you request information about our Services, subscribe to or use our Services, create an account, register for our newsletter, request customer or technical support, or otherwise communicate with us.
  • Social Media Content. We may offer forums, blogs, or social media pages. Any content you provide on these channels will be considered “public” and is not subject to privacy protections.
  • Surveys. We may contact you to participate in online surveys. If you decide to participate, you may be asked to provide certain information which may include Personal Information. All information you submit in our surveys is provided by you voluntarily. We may use such information to improve our products, Sites and/or Services and in any manner consistent with our policies.

Information Collected Automatically or From Others

Automatic Data Collection. When you visit the Sites or when you subscribe to or use our Services, our servers automatically record information that your browser sends whenever you visit a website (“Log Data”). Log Data may include information such as your Internet Protocol (IP) address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, unique identifiers, browser type and language, geo-location information, internet service provider, pages that you visit before and after using the Services, data and time of visit, time spent on pages you visit, information about the links you click, and pages you view within the Services.

Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising Technologies. We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services.

  • Cookies. Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
  • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
  • Social Media Widgets. Our Sites include social media features, such as Twitter, LinkedIn, and Facebook that might include features such as the ‘share this’ button, or interactive mini-programs. These features may collect your IP address, which page you are visiting on our Sites, and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third-party or hosted directly on our Sites. Your interactions with these features are governed by the Privacy Policy of the company providing it.

Analytics. We may also use Google Analytics, Google Ads remarketing tags, Google Ads conversion tracking tags, HubSpot and similar technologies to collect information regarding visitor behavior and visitor demographics on our Services. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout. For more information about HubSpot, please visit https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser.

Information from Other Sources. We may obtain information about you from other sources, including through third party services and organizations to supplement information provided by you. For example, if you access our Services through a third-party application, such as a third-party login service or a social networking site, we may collect information about you from that third-party application that you have made public via your privacy settings. Information we collect through these services may include your name, your user identification number, your username, location, gender, birth date, email, profile picture, and your contacts stored in that service. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business and Services.

2. Our Use of Your Personal Information

Our Company may use information that we collect about you for the following purposes:

    • To Provide Products, Services, or Information Requested. We may use information about you to:
      • Allow you to log in and use our Services;
      • Manage Individual information and accounts;
      • Respond to questions, comments, and other requests;
      • Provide access to certain areas, functionalities, and features of our Services;
      • Answer requests for customer or technical support; and
      • Allow you to register for events.
    • Administrative Purposes. We may use Personal Information about you to:
      • Measure interest and engagement in our Sites and Services and short-term, transient use, such as contextual customization of ads;
      • Develop new products and Services;
      • Undertake research for technological development and demonstration;
      • Improve, upgrade or enhance our Services;
      • Ensure internal quality control;
      • Verify Individual identity;
      • Communicate with you about your account, activities on our Sites and Services and policy changes;
      • Contact you to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance;
      • Process payment for products or Services purchased;
      • Process applications and transactions;
      • Prevent potentially prohibited or illegal activities; and
      • Enforce our Legal Notice.
    • Marketing Our Products and Services. We may use Personal Information to provide you with materials about offers, products, and Services that may be of interest, including new content or Services. We may provide you with these materials by phone, postal mail, facsimile, email, or other electronic communication, as permitted by applicable law. Such uses include:
      • To tailor content, advertisements, and offers;
      • To notify you about offers, products, and services that may be of interest to you;
      • To provide Services to you and our sponsors; and
      • Other purposes you consent to or are disclosed when you provide Personal Information.

      You may contact us at any time to opt out of the use of your Personal Information for marketing purposes as described below.

    • Research and Development. We may use Personal Information to create non-identifiable information that we may use alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our products and Services or develop new products and Services. We may perform research via surveys. We may engage Third-Party service providers to conduct such surveys on our behalf. Survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve Individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Sites and Services, various types of communications, advertising campaigns, and/or promotional activities. If an Individual participates in a survey, the information given will be used along with that of other study participants. We may use de-identified Individual and aggregated data for research and analysis purposes.
    • Direct Mail, Email, and Outbound Telemarketing. Individuals who provide us with Personal Information, or whose Personal Information we obtain from Third Parties, may receive periodic emails, newsletters, mailings, or phone calls from us with information on our or our business partners’ products and services or upcoming special offers/events we believe may be of interest. We offer the option to decline these communications at no cost to the Individual by following the instructions below.
    • Services via Mobile Devices. We may provide Services that are specifically designed to be compatible and used on mobile devices. We will collect certain information that your mobile device sends when you use such Services, like a device identifier, user settings, location information, mobile carrier, and the operating system of your device. Mobile versions of our Services may require that users log in with an account. In such cases, information about use of mobile versions of the Services may be associated with accounts and other devices. In addition, we may enable Individuals to download an application, SDK, widget, or other tool that can be used on mobile or other computing devices. Some of these tools may store information on mobile or other devices. These tools may transmit Personal Information to us and Third Parties to enable you to access your account and Services and to enable us and Third Parties to track use of these tools. Some of these tools may enable users to email reports and other information from the tool. We may use personal or non-identifiable information transmitted to enhance these tools, to develop new tools, for quality improvement and as otherwise described in this Privacy Policy or in other notices we provide.
    • De-identified and Aggregated Information Use. We may use Personal Information and other information about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Sites and Services, or other analyses we create. De-identified and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Sites and Services. De-identified or aggregated information is not Personal Information, and we may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within Banyan Security and with Third Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
    • Other Uses. Banyan Security may use Personal Information for which we have a legitimate interest, such as direct marketing, individual or market research, anti-fraud protection, or any other purpose disclosed to you at the time you provide Personal Information or with your consent.
    • Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising. We, as well as Third Parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, local storage, and other technologies to automatically collect information through the Services. Our uses of such Technologies fall into the following general categories:
    • Operationally Necessary. We may use cookies, web beacons, or other similar technologies that are necessary to the operation of our Sites, Services, applications, and tools. This includes technologies that allow you access to our Sites, Services, applications, and tools; that are required to identify irregular site behavior, prevent fraudulent activity and improve security or similar functions.
    • Performance Related. We may use cookies, web beacons, or other similar technologies to assess the performance of our Sites, applications, Services, and tools, including as part of our analytic practices to help us understand how our visitors use our Sites or Services, determine if you have interacted with our messaging, determine whether you have viewed an item or link, or to improve our Sites’ content, applications, Services, or tools.
    • Functionality Related. We may use cookies, web beacons, or other similar technologies that allow us to offer you enhanced functionality when accessing or using our Sites, Services, applications, or tools. This may include identifying you when you sign into our Sites or Services or keeping track of your specified preferences, interests, or past items viewed so that we may enhance the presentation of content on our Sites or Services.
    • Advertising or Targeting Related. We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our Sites or on third party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement.

If you would like to opt-out of the Technologies we employ on our Sites, Services, applications, or tools, you may do so by blocking, deleting, or disabling them as your browser or device permits.

  • Third Party Websites and Software Development Kits. Our Sites contain links to other websites and media publications. The fact that we link to a website is not an endorsement, authorization, or representation of our affiliation with that third-party. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data, or solicit personal information from you. This Privacy Policy addresses the use and disclosure of information that we collect from you through the Sites and our Services. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
  • We may use third party application programming interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services. APIs and SDKs may allow third parties including analytics and advertising partners to collect your personal information for various purposes including to provide analytics services and content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us as set forth below.

3. Our Disclosure of your Personal Information to Third Parties

Except as set forth in this Privacy Policy, Banyan Security will not share your Personal Information with third parties. For a list of the categories of Personal Information we have disclosed or sold about consumers for a business purpose in the past 12 months, please contact privacy@banyansecurity.io.

Information We Share

  • Resellers and Partners. We will share your Personal Information with our resellers and partners, and such resellers and partners may use your information to market our products and services, as well as their own products and services.
  • Service Providers. We may engage certain trusted third parties to perform functions and provide services to us, including, without limitation, hosting and maintenance services, customer relationship services, and database storage and management services. We will share your personally identifiable information with these third parties, but only to the extent necessary to perform these functions and provide such services, and only pursuant to binding contractual obligations requiring such third parties to comply with obligations consistent with this Policy and maintain appropriate confidentiality and security measures.
  • Compliance with Laws and Law Enforcement. Banyan Security cooperates with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including subpoenas); to protect the property and rights of Banyan Security or a third-party, the safety of the public or any person; to prevent or stop any illegal, unethical, or legally actionable activity; or to comply with the law.
  • Business Transfers. In the event of a sale, merger, liquidation, dissolution, or transfer of part of the business, trade or assets of the Company, all Information collected about you via this Site or our Services may be sold, assigned, or transferred to the party acquiring all or substantially all of the equity or assets or business of the Company.

International Data Transfers

You agree that all Personal Information collected under this Privacy Policy may be transferred, Processed, and stored anywhere in the world, including but not limited to, the United States. Personal Information may be stored in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. By providing information to us, you explicitly consent to the storage of your Personal Information in these locations.

However, we have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Policy. These include implementing the European Commission’s Standard Contractual Clauses for transfers of Personal Information between you and us in order to protect Personal Information Processed from the EEA in accordance with European Union data protection law. Our Standard Contractual Clauses can be provided on request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.

4. Your Choices: Right to Object to Processing

  • General: You have the right to object to and change your preferences or opt out of certain uses and disclosures of your Personal Information. Where you have consented to Banyan Security’s Processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and prevent further Processing by contacting us as described below. Even if you opt out, we may still collect and use non-Personal Information regarding your activities on our Sites, Services and/or information from the advertisements on Third-Party websites for other legal purposes as described above. For the purposes of this Privacy Policy, “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding EU residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the Individual’s sex life; or (8) information relating to the commission of a criminal offense.
  • Email and Telephone Communications: If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. We will process your request within a reasonable time after receipt. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms or this Privacy Policy).
  • We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law: We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.
  • Notifications: We may occasionally send you push notifications or contact you through our mobile applications, Services, Sites, social media or Third-Party services with notices or alerts that may be of interest to you. You may at any time opt out or stop from receiving these types of communications by changing the settings on your mobile device.
  • “Do Not Track”: Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
  • Cookies and Interest-Based Advertising: As noted above, you may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that cookie-based opt-outs are not effective on mobile applications. However, on many mobile devices, application users may limit ad tracking of certain mobile ads via their device settings.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at http://www.networkadvertising.org/managing/opt_out.asp, or http://www.youronlinechoices.eu/ and www.aboutads.info/choices/. You can also visit https://tools.google.com/dlpage/gaoptout to choose not to be included in Google Analytics.

To be clear, these cookie-based opt-outs must be performed on each device and browser that you wish to have opted-out. You must separately opt out in each browser on each device. Advertisements on Third-Party websites that contain the AdChoices link and that link to this Privacy Policy may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.

5. Your Privacy Rights

In accordance with applicable law, if you are a resident of the European Economic Area, you may have the right to:

  • Access your Personal Information consistent with legal requirements. In addition, you may have the right in some cases to receive or have your electronic Personal Information transferred to another party.
  • Request correction of your Personal Information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your Personal Information or we may refer you to the controller of your Personal Information who is able to make the correction.
  • Request deletion of your Personal Information, subject to certain exceptions prescribed by law. If you completely and permanently delete all of your Personal Information, then your user account may become deactivated.
  • Request restriction of or object to processing of your personal information, including the right to opt in or opt out of the sale of your Personal Data to third parties, if applicable, where such requests are permitted by law.

If you would like to exercise any of these rights, please log into your account or contact us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.

6. Retention and Security

Data Retention

Banyan Security will retain Personal Information for as long as needed to provide Services or as otherwise permitted by law.

Security of Your Information

Banyan Security is very concerned about safeguarding the confidentiality of your personally identifiable information. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. However, Banyan Security takes security very seriously. All company employees are contractually obligated to safeguard Banyan Security and user data under confidentiality and privacy agreements. Access to Banyan Security production systems is restricted to authorized Banyan Security team members.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Sites or Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We will disclose any breach of the security, confidentiality, or integrity of your unencrypted electronically stored personal data to you as required by contract in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement, or (ii) any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the data system.

7. Users Outside the United States

Banyan Security is headquartered in the United States and is subject to the applicable state and federal laws of the United States. By using our Sites or Services, you will transfer data to the United States. By choosing to visit our Sites, utilize the Services or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Policy will be governed by the laws of the State of California and the adjudication of any disputes arising in connection with Banyan Security or our Sites will be in accordance with the Legal Notice.

If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. By providing your Personal Information, you consent to any transfer and processing in accordance with this Policy.

8. Our Policy Towards Children

The Sites or Services are not directed to persons under the age of 18 and we do not knowingly request or receive any information from children under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us at privacy@banyansecurity.io. If we become aware that a child under 18 has provided us with personally identifiable information, we will remove such information from our files.

9. Legal Basis for Processing your Personal Data (EEA and Switzerland only)

With respect to personal data collected from individuals from the European Economic Area or Switzerland, our legal basis for collecting and using the Personal Information will depend on the Personal Information concerned and the specific context in which we collect it. Our Company will normally collect Personal Information from you only where: (a) we have your consent to do so, (b) where we need the personal data to perform a contract with you (e.g., to deliver the services you have requested), or (c) where the processing is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms).

10. Additional Rights (EEA and Switzerland only)

You may have the right to make a privacy complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

11. California Privacy Rights

We currently do not share personal data with third parties for their direct marketing purposes without your consent.

Our Sites, products, and Services are not intended to appeal to minors. However, if you are a California resident under the age of 18, and a registered user of our Sites or Services, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to privacy@banyansecurity.io.

Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

12. Changes

This Privacy Policy may be updated from time to time for any reason without any notice to you. Any modifications will be effective immediately as of the date the modified Privacy Policy is posted on our website. Therefore, we suggest that you consult this Privacy Policy regularly for any changes. Continued use of the Sites or Services after we have notified you of any such changes shall constitute your consent to such changes.

13. Legal Notice

This Privacy Policy is incorporated by reference into the Banyan Security Legal Notice.

14. Redress/Compliance and Accountability

If you have any questions about our privacy practices, this Privacy Policy, or how to lodge a complaint with the appropriate authority, please contact us. We will address your concerns and attempt to resolve any privacy issues in a timely manner.

15. Questions and Comments

If you would like to contact us about our privacy practices, or exercise any of your data subject rights, please send a written request to the data controller of your Personal Information or to us at:

Email: privacy@banyansecurity.io

Mail:

Banyan Security, Inc.
Attn: Privacy Officer
333 Bush, 4th Floor, San Francisco, CA 94104
San Francisco, CA 94105
USA

Last Updated: 17 December 2020