EnterpriseGRC Solutions is a small business involved in all aspects of the company. The owner, Robin, "I" create the majority of the content and "I" manage the security. The platform security is overseen by a Security Admin at LoginSecure, operated in the Netherlands. The site is checked daily by both parties. All software patches are applied within 2 days of their availability. Site users are known. Information sources are Google Analytics, LinkedIn and a handful of well-established security news content feeds. It is reasonable to assume we want to do business with our community, however, all communications are handled directly within the company. We don't provide lists to third parties. Before sharing your name, we would seek your approval. We are opposed to using call lists for mass solicitation. We don't do it.
All the rest is recommended legal language for California, so here we go.
What Information About Me Is Collected and Stored?
We collect two basic types of information from you in conjunction with your use of the Service, personal information, and non-personal information. Personal information is information that you may supply to us, as described more fully below, i.e., when you obtain a subscription, complete a survey, register on the Service, upload content, participate in a community or provide your e-mail address. Personal information is any information that can individually identify you and includes, among other things, your name, e-mail address, telephone number, postal address, credit card, billing and contact information. Non-personal information includes information that does not personally identify you, but it may include tracking and usage information about your location, demographics, use of the Service and the Internet.
As a general matter, you can browse the Service without submitting your personal information to us. However, there are a number of circumstances in which you may supply us or our agents with your personal information. The following lists the most common ways in which we may collect your personal information.
- Submission of content or other data and information on any part of the Service that permits it
- Service related communications, e.g. account verification; technical notification
- Sign up to receive alerts or other information via email, text or instant message from "enterprisegrc.com"
- Submitting an application to work at "enterprisegrc.com"
- Uploading Content to the Service
- Registration for an event sponsored by "enterprisegrc.com"
- Registration for an account on the Service
- Profile information that You provide for Your user profile
- Commenting to "enterprisegrc.com" via blog entries
- Participation in surveys
- Request for sales calls, customer service, support requests or other assistance
- Participation in communities, commenting to blog entries and participation in other forums
- Any other place on the Service where you knowingly volunteer personal information
- Non-Personal Information
In addition, when you interact with the Service, we may collect certain information that does not identify you individually and our servers may automatically keep an activity log of your use of our Service (“Non-Personal Information”).
Generally, we collect and store the following categories of Non-Personal Information:
- Non-identifiable demographic data such as age, gender, and five digit zip code as part of collecting personal information
- Device information about your computer, browser, mobile device, or other devices that you use to access the Service. This information may include IP address, geolocation information, unique device identifiers, browser type, browser language, and other transactional information.
- Analytics and usage information about your use of the Service.
- Additional “traffic data” and log files such as time of access, date of access, software crash reports, session identification number, access times, and referring website addresses.
Other information regarding your use of the Service.
- Collection of Your Source IP Address/Location Information
- We may collect and store location information about you on the Service and associated with your account that you volunteer on the Service or enable through the Service or your device. We will not collect any location information that you do not volunteer or enable.
- We will delete any location information that you request is deleted. We do collect and store your device’s source IP address which may disclose the location of your device at the time you access the Service.
- You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but, if you prefer, you can usually modify your browser setting to decline cookies. If you delete your cookies or if you set your web browser to decline cookies, some features of the Sites may not work or may not work as designed. For more information on cookies and how to disable them, you can consult the information provided by the Interactive Advertising Bureau at www.allaboutcookies.org.
- We do not use flash cookies, web storage, web beacons or other technology that tracks your browsing history across multiple websites.
Still, take this to heart in how you provide information to any website.
- These companies may also obtain information from services you use from other companies, including without limitation, other websites, mobile website, mobile downloadable applications, and downloadable applications, and combine that information with information they obtain through these third party technologies on our Services.
- You should be aware that no company has control over these third party technologies or the information contained in them.
- You should be aware that if you choose to opt out through other sites, this does not opt you out of advertising.
- The ads will just not be targeted to you by any party from which you have opted out. You can also opt out of future information collection from our Services by ceasing use of the Service or in the case of an application, uninstalling the application.
How Do We Use Your Information?
- Information can be used to personalize and continually improve your experience on the Service. (BTW, we think that's creepy, so we don't do it.)
Common site services can use your Personal and Non-Personal Information in the following ways:
- To detect, investigate, and prevent activities that may violate our policies or be illegal
- To optimize or improve our products, services, and operations
- To personalize content and experiences on our Service, including providing you reports, recommendations, and feedback based on your preferences
- To communicate with you about changes to our policies
- To permit you to update, edit, and manage your content on our Service
- To upload your content to our Service as you request
- To communicate with you about your account or transactions with us (including service-related announcements) and send you information about features and enhancements on our Service
- To communicate with you about your comment to a blog post
- To disclose anonymized Personal Information to disclose statistics and analytics and other details regarding the use of our Service.
- To automatically update the Service on your device (not gonna happen, but legally the right exists)
- To perform statistical, demographic, and marketing analyses of users of the Service
Use of Your Location Information
- Specifically, we may use your location information to:
- Detect, investigate, and prevent activities that may violate our policies or be illegal
- Personalize content on our Service, including providing you reports, recommendations, and feedback based on your preferences
Optimize or improve our products, services, and operations
- Perform statistical, demographic, and marketing analyses of users of the Service and their purchasing patterns
- Combination of Your Personal Information
- We use the information from one portion of the Sites on other portions of Sites in our network of Sites or in reports and analysis, all of which are owned and operated by "enterprisegrc", and we may combine information gathered from multiple portions of the Sites into a single customer record or analysis or report. We also use and/or combine information that we collect off-line or we collect or receive from third party sources to enhance, expand, and check the accuracy of your customer records.
Who Do We Provide Your Information To?
Business Partners and Third Parties
- We may share your Personal Information with our business partners from time to time. Any communication of this type is guided entirely by the NDA with both client and partners. You may withdraw your consent to our sharing of your Personal Information with business partners and third parties at any time by following the opt-out process included at the bottom of email communications.
- We may elect in the future to have third party agents, subsidiaries, affiliates and partners that perform functions on our behalf, such as hosting, billing, push notifications, storage, bandwidth, content management tools, analytics, customer service, fraud protection, etc. These entities have access to the Personal Information needed to perform their functions and are contractually obligated to maintain the confidentiality and security of that Personal Information. Such partners would be and are restricted from using, selling, distributing or altering this data in any way other than to provide the requested services to the Service.
- We may also use or disclose Personal Information if required to do so by law or in the good-faith belief that such action is necessary to (a) conform to applicable law or comply with legal process served on us or the Service; (b) protect and defend our rights or property, the Service or our users, and (c) act under emergency circumstances to protect the personal safety of us, our affiliates, agents, or the users of the Service or the public. This includes exchanging information with other companies and organizations for fraud protection.
"enterprisegrc dot com" E-mail and Text Communications
- E-mail communications and text messages sent from Us or through Us are designed to make Your experience more efficient. By participating in the Services, You specifically agree to accept and consent to e-mail communications and text messages initiated from Us or through Us, which include, without limitation: message notification e-mails, e-mails or text messages informing You about potential available Tutors or Tutees and e-mails informing You of promotions We run and emails informing You of new and existing features We provide. Standard text messaging charges applied by Your cell phone carrier will apply to text messages We send. If You change Your mobile phone service provider, the notification service may be deactivated for Your phone number and You may need to re-enroll in the notification service. "enterprisegrc" reserves the right to cancel the notification service at any time. If You do not wish to receive any of our e-mail communications or text messages, please do not use the Services. All that said, we would not intentionally add you to a mailing list.
What Steps Are Taken To Keep Personal Information Secure?
- We are concerned about ensuring the security of your Personal Information. We exercise great care in providing secure transmission of your information from your device to our servers. Personal Information collected by our Service are stored in secure operating environments that are not available to the public. Our security procedures mean that we may occasionally request proof of identity before we disclose your Personal Information to you. Please understand, however, that while we try our best to safeguard your Personal Information once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure.
How Can We Transfer Your Personal Information? Note, we have no business reason to transfer or transact any customer information.
How Long Do We Keep Your Information?
- Following termination or deactivation of your account, "enterprisegrc", its Clients, Affiliates, or its service providers may retain information (including your profile information) and user Content for a commercially reasonable time for backup, archival, and/or audit purposes. If you have any questions about termination or deactivation of your account.
- Our platforms are configured to mask any email addresses provided to the system, however, if you feel your information is incorrectly managed, you may contact us a support @ enterprisegrc.com. Please do.
What Happens When I Link To or From Another Website?
Changes to This Policy
How Do I Opt-Out or Correct Information About Me?
- Any application used to communicate news will be selected based on its security features including the "opt-out".
- You may always opt-out of receiving future e-mail messages and newsletters from "enterprisegrc", however, please note we do not use such methods in our business. If you feel you are being targeted by our domain, please report it to "abuse @ enterprisegrc dot com."
- We provide you with the opportunity to opt-out of receiving communications from us by going into your profile settings and choosing the appropriate options. To opt-out, you can also send us a message at "privacy @ enterprisegrc dot com." Please note, however, that you generally cannot opt-out of service related announcements, e.g. if the Service is temporarily suspended or if delivery of a product or service is delayed.
Your California Privacy Rights
- California Civil Code Section 1798.83 permits customers of "enterprisegrc" who are California residents to request certain information regarding its disclosure of their personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to "privacy @ enterprisegrc dot com." These Services will respect your browser’s Do Not Track signals (or other well-established, commercially available mechanisms that provide you with the ability to exercise choice regarding the collection of Personal Information). If we receive a Do Not Track notice, we will stop using any Personal Information for online behavioral advertising purposes.
--- In Conclusion, you should be concerned by the standards for web privacy in California. To the extent that any small business would need to make the statements here in order to operate a simple website, to leverage services with Google, LinkedIn, Twitter, Facebook, Hubspot, BrightTalk, and to advertise events on behalf of our community, you should pay close attention to what you share and with whom you share it.
We certainly do.
Owner, EnterpriseGRC Solutions