Last Updated: May 3rd, 2021
ActiveFence Ltd. provides threat intelligence and proactive detection services to business entities and digital platforms hosting any sort of user-generated content (respectively, “Services” and “Hosting Platforms”). As part of our mission to help our customers eliminate violating and threatening content and online activity, we process from time to time personal data posted by or related to individuals across the web.
Introduction and Scope:
- When you browse or visit our website https://www.activefence.com/ (“Website”) as a visitor (“Visitor”), including, when you contact us (e.g. via our Website, email, or social media pages), or when we process your job application.
- When you interact with a feature, interface or a Software we provide to one or more of our Business Partners to integrate into their own websites or platforms (“End User”).
- When you attend a marketing event and/or provide us with your Personal Data for marketing or business purposes, or if you are a business customer, including a Hosting Platform, a service provider, or a representative of a business entity who is engaged in a business contract with us, or a prospective customer or business partner (“Business Partner”).
- An end-user of a Business Partner who is engaged with us and shares certain Personal Data with us for the purpose of threats detection and prevention, and/or
- Publicly available information that was manifestly published by you or about you and associated with a certain violation or threat we investigate (“Web User” or “Database Information”).
A privacy statement related to the former will be stipulated in a dedicated data processing agreement (DPA) signed with our Business Partners, and a privacy statement related to the latter will be provided upon verifiable request, confidentiality obligation, or regulatory requirement governing GDPR article 14(5)(b), i.e. when disclosing such information is no longer likely to render impossible or seriously impair the achievement of the objectives of that processing.
Table of contents:
- Preliminary Notes
- What Personal Data we collect, why we collect it, and how it is used
- Lawful Bases For Personal Data processing
- How we protect and retain your Personal Data
- How we share your Personal Data
- Interaction with Third Party Service
- International transfers of Personal Data
- Your privacy rights
- Cookies and other web technologies
- Specific provisions applicable under California privacy law
- Contact us
1. Preliminary Notes
1.6 Your personal data. You are not required by law to provide us with any information. You can always avoid providing us certain Personal Information, however, you acknowledge that it may prevent us from providing you certain Services. We sometimes process Personal Data about data subjects that were not provided to us by them; in such cases, we make sure to demonstrate our legal basis for such processing activities. When it is required by law, and subject to special exemptions, we allow data subjects to access their Personal Information, edit, delete or obtain data collected about them. If you wish to exercise any of your rights, use the information in Section 11 below.
2. What Personal Data we collect, why we collect it, and how it is used
|Type of Information||How do we use it and for how long?|
|Online Identifiers: We process certain online identifiers such as IP addresses, cookies, pixel tags, user-agent (namely, in addition to your IP address, your browser’s type, version, language and country from which you access the Website or Service).||We may either directly or indirectly collect our Visitors’ Online Identifiers, used for one or more of the following purposes:|
(a) Extracting analytics and statistical information about the visits of our Website.
(b) Preventing and protecting against spam or fraud.
(c) Necessary cookies will be used as part of our legitimate interest and for purposes of the Website’s functionality.
(d) In certain cases, and upon your consent (if you are an EU/EEA or UK resident), third-party cookies and tags will be used for purposes of marketing our Services.
We retain online identifiers for as long as required to achieve each of these purposes or until deleted by you via your browser’s settings. Cookies’ expiry dates are varied as a dependency of the type and purpose and can be found in our cookies policy.
|Device Information: We may automatically collect certain information about the device from which you access the Website or Services, such as type (mobile/desktop), type, and version of your operating system.||Based on your consent, or in certain cases, our legitimate interest, we may process device information for compatibility purposes.|
|Online activity: We also collect certain technical information related to your use of the Website such as your click stream, type of browser, time and date, and other actions across the site (retained in the form of log files).||We use this technical data in order to operate and manage our Website, this information does not include Personal Information|
|Contact details: In the event you contact us for support, feedback, or other inquiries, request to receive a quote, either through an online form available on the Website, by sending us an email, or by other means of communication we make available (such as submitting a bug report or filling in a survey) you will be requested to provide us with your first and last name, email address, your organization and role within your organization (or other contact detail), and the subject matter of your inquiry.||We will use this information for our legitimate interest and solely for the purpose of responding to your inquiries and providing you with the support or information you have requested. We retain such information for as long as needed to provide you with the inquiry requested or as required under applicable law.|
|Subscription: If you voluntarily subscribe to our email communications, you will be asked to provide us with your email address. You can unsubscribe at any time using the unsubscribe option within the body of the email sent to you or rather by contacting our Data Protection Officer at [email protected]||We will use your email address in order to send you information related to our Services and to keep you up to date regarding new Services, as well as provide you with tips related to our Service, and promotional and marketing emails, all subject to your consent. We retain this information so long as you didn’t instruct us otherwise.|
|Job Application: In the event that you are interested in joining one of our teams, and wish to submit an application, you will be asked to provide us with your first name, last name, email address, phone number and to upload the file of your CV. You may add additional optional information such as your LinkedIn profile URL, or any other information with relevance to your application.||Your provision of personal information in connection with recruiting is voluntary, and you determine the extent of information you provide us. We do not request or require sensitive personal information of any sort. We will use the information you have provided solely to communicate with you, to manage our job application processing, and to comply with corporate governance and legal and regulatory requirements. If you are hired, the information may be used in connection with employment and corporate management.|
2.2. Business Partners
|Type of Information||How Do We Use It?|
Identifiers: depending on the method of communication between you and us, we process the following Personal Information about Business Partners: First and last name, email address, role with the organization, name, and address of the organization, phone number.
We will use this information for the purpose of performing our contract with you, provide you with the Services you have requested, and designate your account. We will use your contact details in order to send you the required information related to the Services and our business engagement.
Account information: depending on the type of our communication or engagement with you, you may choose to add optional details and information to your account.
This information is optional and is fully managed by you. If submitted, we may use your merged email address to provide you with similar updates and notifications as described above.
2.3. End Users interacting with our Software Interface
In addition to the information we process about Visitors, as stated above, we may process data and media items submitted directly by you, as per as the then-current option provided via our interface.
2.4. Web Users (also, Database Information)
In the course of developing our platform and providing our Services, we engage in the processing of information that is publically available and manifestly published on the web. In some cases, such information may be linked to or associated with Personal Data. While we make great efforts to de-associate such information from human individuals, sometimes, doing so may significantly impair the purpose for which we process the information to start with.
Such Personal Data is used for detection, prevention and monitoring of threats, fraud, or other illegal content or activity, to identify and repair errors, conduct audits, and for security purposes. Personal Data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.
A privacy statement relating to our Database Information will be made available by us upon request, regulatory requirement or B2B engagement, provided that such disclosure is not likely to render impossible or seriously impair the achievement of the objectives of that processing.
In certain cases, we may or will anonymize or de-identify your Personal Data. “Anonymous Information” means information that does not enable the identification of an individual user, such as aggregated information about the use of our services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, to improve our services and enhance your experience with them).
3. Lawful Bases for Personal Data Processing
If you are a resident of the EU, EEA, or the UK, refer to the following as the lawful bases for our data processing, as those defined by the General Data Protection Regulations (“GDPR”):
3.1. Website Visitors. We process Visitors information based on: (i) consent when this is explicitly required by law (for example, if we use Visitors information for marketing, advertising and certain analytics purposes, or if we wish to place functional cookies and other web technologies to improve certain functionalities we may offer), or, when you actively contact us, completing a form by us or submit any information or files to us (including your CVs); (ii) legitimate interest in serving the Website, offering the Services, securing and safeguarding them, certain analytics we extract about the general usage of our Website and aby spam or fraud protection.
3.2. Business Partners. We process Personal Data about Business Partners based on our legitimate business interest of preparing for a contract, proposing a business offering, or fulfilling a contractual obligation with them. The latter includes the lawful basis of a contract as well.
3.3. End Users. We may process End User’s Personal Data based on their consent, when actively submitting data to our Software’s UI (user interface), for example, when we validate the data, analyze and investigate it. If the data submitted to us indicate a threat, fraud or malicious behavior we may further process it as per our legitimate interest, other End Users’ interest to browse a protected environment, or, our Business Partner’s legitimate interest to prevent malicious activity or content on their Hosting Platform.
In certain cases and upon our Business Partner’s need, we may process End Users Data to (i) prepare for a legal claim (ii) for the public interest, including the interest of Hosting Platform users to be free from criminal or other abusive behavior (iii) based on the consent they provided to a Hosting Platform, that includes the processing of Personal Data by third parties.
- Fraud and violating behavior: Legitimate interest of a Business Partner or their end-users to protect against criminal or other violating or misleading behavior on their Hosting Platform.
- Security and Safeguard: Legitimate interest of us and our Business Partners to (i) secure and safeguard their platforms, (ii) indicating possible criminal or policy-violating act or threat to public or Web Users’ security.
- Startup and scaling up our Services: our legitimate business interest to start and scale up our Services.
- Data validation and accuracy purposes: Legitimate interest of us and our Business Partners to validate data, ensure its relevance, accuracy, and scores associated with such data.
- In certain cases and upon our Business Partner’s need, we may process Web Users Data to (i) prepare for a legal claim (ii) for the public interest, including the interest of Hosting Platform users to be free from criminal or other abusive behavior (iii) based on the consent they provided to a Hosting Platform, that includes the processing of Personal Data by third parties.
In any other case, we may also process your Personal Data where you have provided us with consent to do so, or, where we have a legitimate interest and are not overridden by your data protection interests or fundamental rights and freedoms, such as when we use the data to provide the core Services, or when used for anti-fraud purposes.
4. How we protect and retain your Personal Data
4.1. Security. We have implemented appropriate technical, organizational and security measures designed to protect Personal Data or prevent unauthorized access to data. As the security of information depends in part on the security of the devices or network you, us or third party use, we cannot guarantee that all communications and Personal Data will be 100% safe at all times, however, we make highly strict efforts to ensure the highest level of protection. Additionally, we maintain and audited on an annual basis, a SOC 2 certificate, guaranteeing the implementation of trust service principles onto our data processing activities and facilities.
4.2. Retention of Personal Data. In addition to the retention criteria mentioned above, in some circumstances we may store Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for our records in the event of any complaints, challenges, legal claim or regulatory action or (iii) if we reasonably believe there is a need (iv) upon a Business Partner’s need and.or request.
5. How we share Personal Data
We share Personal Information with the following categories of third parties or partners, and only in the following circumstances and purposes:
5.1. Third-Party service providers: We may share certain of your information with third parties that perform services for us and process data on our behalf (“Third-Party Services”), such as storage, hosting and data safeguarding (e.g. Amazon Web Service (AWS)), business intelligence and analytics for our online Services (such as Google Analytics and Hotjar), CRM and mailing lists management (e.g. SalesForce, MailChimp), Job application tracking and management system (ATS, Comeet), features providers, customer support and ticketing system, marketing and advertising. These third parties may be located in different jurisdictions than your country of residence and we require each to maintain adequate measures of information and privacy protection as required by applicable law.
5.2. Our auditors, consultants, investors and contractors with whom we may share samples of Personal Data on a need-to-know basis only and under strict confidentiality obligations.
5.3. Business Partners. We may share certain information with our Business Partners and clients that relate to content activity that was manifestly published on their platform, or share information based on Personal Data processing, such as risk level or named violated behavior performed.
5.5. Legal disclosure, policy enforcement, third-party rights. We reserve the right to disclose your Personal Information if required by law and/or to comply with a court order or similar legal process or when we believe in good faith that disclosure is necessary to protect our or third party rights, protect your safety or the safety of others, investigate fraud, criminal act or respond to a government request. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities.
5.6. Business Transitions. If we are involved in a merger, acquisition, or sale of all or a portion of the Company’s assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your personal information.
5.7. Upon your consent. In any other case, where you have provided your consent to us sharing or transferring your Personal Data (e.g., where you provide us with marketing consents or opt-in to optional additional services or functionality).
We may store Non-Personal and Personal Information on our servers or our cloud servers, use or share Non-Personal Information in any of the above circumstances, as well as for the purpose of providing and improving our Service as detailed above. Furthermore, we reserve the right to use, disclose or transfer (for business purposes or otherwise) aggregated and processed data to third parties, including, inter alia, affiliates, for various purposes including commercial use. This information may be collected, processed and analyzed by us and transferred in a combined, collectively and aggregated manner (i.e., your information is immediately aggregated with other users) to third parties.
6. Interaction with Third Party Services
In case we enable you to interact with third-party websites, mobile software applications and products or services that are not owned or controlled by us (Third Party Services), we are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services can collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third-Party Service.
7. International transfers of Personal Data
7.1. Transfers outside the EEA, EU or the UK: In addition to those locations of third parties services, who may have access to your Personal Data, We may store or process your Personal Information in the United States or in other countries, and may access to Personal Data from the United state or Israel. If you visit our Websites or use our Services from locations outside of the United States, or, if a Web User resides in other jurisdictions, their Personal Data may be transferred to and processed in countries other than the country from which you accessed our Websites or Services, or a HOsting Platform, including the United States and Canada, where our central database is operated.
We will take the necessary steps to ensure that international transfers of Personal Information meet all requirements under applicable data protection laws. When personal data collected within the European Economic Area (“EEA”) or the UK is transferred outside the EEA, or the UK, we will take the steps necessary to ensure that the transfer of such data provides sufficient safeguards, and you may exercise your rights, where applicable, to receive information on such transfer mechanisms. Personal Information transferred outside the EEA or the UK is transferred for processing by AWS on its servers in the United States, and among the Company’s affiliates, in both cases pursuant to standard contractual clauses approved by the European Union, backed by measures to safeguard the Personal Data at transfer and rest. If you would like to understand more about these arrangements and your rights in connection therewith, please contact our Data Protection Officer at: [email protected].
7.2. Internal transfers: Transfers within the ActiveFence group of companies will be covered by an intra-group internal code of conduct and required agreements.
8. Your Personal Rights
8.1. Rights: The following rights (which may be subject to certain exemptions or derogations) apply to certain individuals, depending on their country of residence:
- The right for disclosure of the Personal Data we process about you.
- You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however, we reserve the right to charge an appropriate administrative fee where permitted by applicable law.
- You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading.
- You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise, or defense of legal claims.
- You have the right to object, to or to request restriction, of the processing;
- You have the right to data portability in certain contexts. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller.
- You have the right to object to profiling.
- You have the right to withdraw your consent at any time, in circumstances where such consent was given by you. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular, if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality.
- You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place of work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
8.2 You can exercise your rights by contacting us at [email protected] Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
10. Cookies and other web technologies
We may link this automatically-collected data to other information we collect about you. We may also combine this automatically collected log information with other information we collect about the services we offer you.
We also use log files. The information stored in the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, clicked pages and any other information your browser may send to us. We use such information to analyze trends, administer the Website, track users’ movement around the Website.
11. Specific provisions applicable under California privacy law
11.1. CCPA Privacy Notice: If you are a California resident, we recommend you refer to our supplementing CCPA Privacy Statement.
11.2. Do Not Track Notice. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers, but we may allow third parties, such as companies that provide us with analytics tools, to collect Personal Information about Visitors and Web Users online activities over time.
11.3 Deletion of Content from California Residents. If you are a California resident under the age of 18, California Business and Professions Code Section 22581 permits you to remove content or personal information you have publicly posted. If you wish to remove such content or personal information and you specify which content or personal information you wish to be removed, we will do so in accordance with applicable law. Please be aware that after removal you may not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or personal information you have posted and that there may be circumstances in which the law does not require us to enable the removal of content.
12. CONTACT US
If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at [email protected].