This Privacy Policy explains our privacy practices for processing Personal Information on our Website and services. We process Personal Information as described in this Policy.

We are committed to protecting your privacy and processing your Personal Data fairly and lawfully in compliance with applicable data protections laws. You can access our full Privacy Policy below to help you understand better how we collect and use Personal Data pertaining to each of our Users. In it, we explain in more detail the types of Personal Data we collect, how we collect it, what is legal basis of collection, what we may use it for, who we may share it with, what our retention periods are and what are your rights in relation to the Personal Data we collect.

Within the Privacy Policy you will find some specific examples of why and how we use your Personal Data.

Read this policy and make sure you fully understand our practices in relation to your Personal Data, before you access or use the Website. If you read and fully understand this Privacy Policy, and remain opposed to our practices, you must immediately leave this Website, application or service, and avoid or discontinue all use of the Website. If you have further questions or concerns regarding this policy please contact us at [email protected].

FULL PRIVACY POLICY

Pentera Security Ltd. (“Pentera”, “we”, “our” or “us”) provides this Privacy Policy, as will be updated from time to time (our “Policy” or “Privacy Policy”) to inform the visitors of our Website (“you” or “User”) of our policies and procedures regarding the collection, use and disclosure of information we receive when you use the Website.

1. Definitions:

“Personal Data” means individually identifiable information, namely information that identifies an individual or may with reasonable efforts cause the identification of an individual.

“Non Personal Data” means information that does not personally identify you and does not reveal your specific identity as an individual, such as anonymized information.

“Visitor” or “User” or “you” means visitors of our Website.

“GDPR” means the General Data Protection Regulation (EU) 2016/679, as amended from time to time.

“Website” means our public website available at www.pentera.io.

This Policy was originally written in English. If you are reading a translation and it conflicts with the English version, please note that the English version prevails.

2.WHEN DOES THIS PRIVACY POLICY APPLY

This Privacy Policy applies to Personal Data about you that we collect, use or otherwise process regarding your relationship with us as a visitor of our site.

This Privacy Policy does not apply to services that may have separate privacy policies that do not incorporate this Policy.

3.THE TYPES OF PERSONAL DATA THAT WE COLLECT

PERSONAL DATA THAT YOU PROVIDE TO US

While browsing our Website, you will not be providing us Personal Data.

THE PERSONAL DATA THAT WE COLLECT OR GENERATE

If you browse our Website, we may collect Personal Data. This includes (by way of a non-exhaustive list): your computer’s Internet Protocol address and your Geo location through the use of “cookies”. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use cookies to enable certain features of the Website, to better understand how you interact with the Website and to monitor web traffic routing and aggregate usage of the Website. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit. If you do not accept cookies, however, you may not be able to use all portions or all functionality of the Website.

4.NON PERSONAL DATA

In addition to the categories of Personal Data described above, we will also process further anonymized information and data that is not processed by reference to a specific individual. We may collect this Non-Personal Data through the Website in the following ways:

a) Information that your browser sends (“Log Data”). This Log Data may include, but is not limited to, non-identifying information regarding the User’s device, operating system, internet browser type, screen resolution, language and keyboard settings, internet service provider, referring/exit pages, date/time stamps, the web page you were visiting and information you search, etc.
b) We may use automated devices and applications to evaluate usage of our Service. We use these tools to help us improve our Website, performance and user experience. We may also engage third parties to track and analyze data or provide other services on our behalf. Such third parties may combine the information that we provide about you with other information that they have collected from other sources. This Policy does not cover such third parties’ use of the data and such use is governed by such third parties’ privacy policies.
c) Other websites and applications may also place or read cookies on your computer’s browser. Please see below the Section “SHARING INFORMATION WITH OTHERS” below.

5.HOW WE USE PERSONAL DATA

Personal Data is used for the following primary purposes (as may be updated from time to time): to (i) provide and operate the Website; (ii) monitor and analyze use of the Website and study and analyze the functionality of the Website; (iii) to provide ongoing customer assistance, technical support and maintain the Website; (iv) provide service announcements and notices, promotional messages and market the our services; (v) enforce our Terms of Use, policies and other contractual arrangements, to comply with court orders and warrants, and prevent misuse of the Website, and to take any action in any legal dispute and proceeding.; (iv) better understand your needs, both on an aggregated and individualized basis, in order to further develop, customize and improve our Website based on Users’ preferences, experiences and difficulties; (vi) communicate with you and contact you to obtain feedback from you regarding the Website; (vii) disclose to third party vendors, service providers, contractors or agents who perform functions on our behalf with respect to the Website; (viii) to create aggregated statistical data and other aggregated and/or inferred Non-Personal Data, which we or our business partners may use to provide and improve our Website; and (x) as otherwise authorized by you.

We may use your email address to contact you when necessary, including in order to send you reminders, offers and to provide you information and notices about the Website. At any time, you may choose (opt out) whether your Personal Data is to be used for sending such marketing materials which are not an essential part of the services on the Website. You may exercise your choice by contacting us at [email protected].

6.HOW WE USE NON PERSONAL DATA

We may use information that is Non Personal Data for the same purposes we use Personal Data (where applicable) and in addition in order to (i) compile anonymous or aggregate information, (ii) disclose to third party vendors, service providers, contractors or agents who perform tasks on our behalf in connection with the services provided through the Website, (iii) monitor and analyze use of the Website and for the technical administration and troubleshooting of the use of the Website, and (iv) provide us with statistical data.

We may use analytics tools. These tools help us understand users’ behaviour on our Website, including by tracking page content, and click/touch, movements, scrolls and keystroke activities. The privacy practices of these tools are subject to their own policies and they may use their own cookies to provide their services. For further information about cookies, please see the ‘THE TYPES OF PERSONAL DATA THAT WE COLLECT’ section in this Policy.

From time to time, we may use additional or alternative analytics services. We will provide a notice of these changes on our Website.

We use anonymous, statistical or aggregated information, which may be based on extracts of your Personal Data, for legitimate business purposes including for testing, development, improvement, control and operation of the Website. We may share such information with our third party providers. It has no effect on your privacy, because there is no reasonable way to extract data from the aggregated information that can be associated with you. We will share your Personal Data only subject to the terms of this Policy, or subject to your prior informed consent.

7.THE LEGAL BASIS FOR USE OF PERSONAL DATA

We will only process your Personal Data where we have a legal basis to do so. The legal basis will depend on the reason or reasons we collected and need to use your Personal Data. In almost all cases the legal basis will be:

a) To provide content of the Website and otherwise provide our Website services.
b) To fulfill a legitimate interest that we have as a business.
c) Because you consented to us using the Personal Data for a particular purpose.
More information on each legal basis is provided below.

More information on the basis of processing:

a) Processing the Personal Data is required for rendering the services available on our Website or in order to take steps at your request before entering an agreement, for example: We must process your IP address including information about your preferences in order to provide you with more targeted content that you are interested in.
b) Processing the Personal Data is required for fulfilling our or a third party’s legitimate interests, for example: (1) we collect information about use of our Website in order to identify and prevent its abuse; (2) we use Personal Data maintain and improve our Website by identifying user trends and technical issues.
c) You consent to the processing of Personal Data for one or more specific purposes, for example: to the extent that you consent, we will send you targeted information about our services.
It is hereby clarified that the legal bases detailed above are the legal bases for actions to process Personal Data, carried out by us in accordance with the GDPR. If processing of Personal Data is subject to other applicable laws, then the legal basis for processing Personal Data may differ according to those applicable laws.

For more information, see Section “YOUR RIGHTS” below.

8.SHARING INFORMATION WITH OTHERS

We do not sell, rent or lease your Personal Data. We may share your Personal Data with service providers and other third parties, if necessary to fulfil the purposes for collecting the information, such as cloud vendors, subcontractors providing us processing services, etc., provided that any such third party will commit to protect your privacy as required under the applicable laws and this Policy.

We may also share Personal Data with companies or organizations affiliated with us, such as subsidiaries and parent companies, with the express provision that their use of such Personal Data must comply with this Policy.

Additionally, a merger, acquisition or any other structural change may require us to transfer your Personal Data to another entity, provided that the receiving entity will comply with this Policy.

9.SHARING INFORMATION WITH AUTHORITIES

We may need to disclose Personal Data in response to lawful requests by public authorities or law enforcement officials, including meeting national security or law enforcement requirements. We cooperate with government and law enforcement officials to enforce and comply with the law.

10.TRANSFER OF DATA OUTSIDE YOUR TERRITORY

We may store, process or maintain information in various sites worldwide, including through cloud based service providers worldwide. Where the GDPR applies and we transfer Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of the EEA, for example, this may be done in one of the following ways:

a) the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data (Israel is an approved country);
b) the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data;
c) where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
d) in other circumstances the law may permit us to otherwise transfer your Personal Data outside the EEA.
You can obtain more details of the protection given to your Personal Data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as described the Section “CONTACT US” below.

If you are located in a jurisdiction where transfer of your Personal Data to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer or the storage, processing or maintenance of the information in other jurisdictions by using the Website.

11.YOUR RIGHTS

In all of the above cases in which we collect, use or store your Personal Information, you may have the following rights and, in most cases, you can exercise them free of charge.

At any time, you may contact us at: [email protected] and request to know what Personal Data we keep about you. We will make good-faith efforts to locate the data that you request to access.

Under your right of access, you may obtain confirmation from us of whether we are processing Personal Data related to you, receive a copy of that data, so that you could verify its accuracy and the lawfulness of its processing, request the correction, amendment or deletion of the data if it is inaccurate, incomplete, outdated or processed in violation of applicable law.

However, we may retain certain information as deemed required by us in accordance with applicable laws, or for legitimate business reasons, for the duration as required under applicable laws.

In addition, we may delete any Personal Data pursuant to our policies, as in effect from time to time.

12.RESPONSE TO REQUESTS

When you ask us to exercise any of your rights under this Policy and the applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of Personal Data related to others and to ask you questions to better understand the nature and scope of data that you request to access.

We may redact from the data which we will make available to you, any Personal Data related to others.

13.DATA SECURITY

We take the safeguarding of the Personal and Non Personal Data very seriously, and use a variety of systems, applications and procedures to protect the information from loss, theft, damage or unauthorized use or access when it is in our possession or control, including reasonable physical, technical and organizational measures which restrict access to the information. These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that the Website will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and for further enhancing the security of our Website and protection of our Users’ privacy.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. In addition, you should take steps to protect against unauthorized access to Personal Data stored on your premises as well as defining limited access rights to such information on a need to know basis.

If you receive an e-mail asking you to update your information with respect to the Website, do not reply and please contact us at [email protected].

14.DATA RETENTION

We retain different types of information for different periods, depending on the purposes for processing the data, our legitimate business purposes as well as pursuant to legal requirements under the applicable law. We may retain Personal Data for as long as necessary to support the collection and the use purposes under this Policy and for other legitimate business purposes, for example, for storing data, for documentation, for cyber-security management purposes, legal proceedings and tax issues. We may store aggregated Non Personal Data without time limit. In any case, as long as you use the Website, we will keep information about you, unless we are legally required to delete it, or if you exercise your rights to delete the information.

15.OUR POLICY TOWARD CHILDREN

Our Website is not meant to be used by or for persons under 18, as such, we do not knowingly collect Personal Data from minors younger than 18. Insofar as Personal Data may be collected based on your consent, the data subject must be above the age of 16 (or above the age of 13 if this is the legal requirement in your country). If these age requirements are not met, you are required to obtain the consent of the parent or guardian to provide and process information in accordance with this Policy; lacking such consent, please do not use the Website.

16.CHANGES TO THIS PRIVACY POLICY

We may change the terms of this Privacy Policy from time to time by posting notice on our Website, with a seven (7) day advance notice. However, substantial changes will be effective thirty (30) days after the notice was initially posted. We will make an effort to inform you of substantial changes through the channels of communication generally used in such circumstances, and subject to the requirements of applicable laws – to obtain your consent.

If we need to adapt the Policy to legal requirements, the amended Policy will become effective immediately or as required.

Your continued use of the Website following such notice shall constitute your consent to any changes made and a waiver of any claim or demand in relation to such changes. If you do not agree to the new or different terms, you should not use and are free to discontinue using the Website.

17.APPLICABLE LAW AND DISPUTE RESOLUTION

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Israel, without regard to its conflict of law provisions.

The courts of the Tel Aviv – Jaffa district shall have exclusive jurisdiction in all disputes and proceedings arising from this Privacy Policy.

18.CONTACT US

For further information about this Policy, please contact us at [email protected]

We work hard to handle your information responsibly. If you are unhappy about the way we do this, please contact us and we will make good-faith efforts to address your concerns. We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.

Copyright © 2021, Pentera Security Ltd. All rights reserved.

Last Updated: December 2, 2021