Welcome to the web site (the "Site") of Menlo Security, Inc. ("Menlo Security", "we", "us" and/or "our"). This Site is operated by Menlo Security and has been created to provide information about our company and our services (together with the Site, the "Services") to our Service visitors and users ("you", "your"). When we talk about an “Organization” or “Customer” in this Notice, we are generally referring to the entity of which you are an employee, contractor, member, or other participant, that has engaged us to provide the services under the terms of a contract.
Notice to End Users
In general, our Services are intended for use by Organizations, administered to you by your Organization, and subject to your Organization’s policies, if any. This means that in most cases we are collecting and processing your personal information on behalf of your Organization. In these cases, we are generally acting as a processor of your personal information, processing the information according to your Organization’s instructions, because your Organization is the controller. It is primarily your Organization, as the controller, that controls what personal information about you we collect and how we use it. If you have privacy related questions or concerns about your Organization’s privacy practices or the choices your Organization has made to share your information with us or any other third party, you should reach out to your Organization’s administrator or see your Organization’s privacy policies. Menlo Security is not responsible for the privacy or security practices of our Customers, which may differ from those set forth in this Policy.
Information We Collect:
When you interact with us through the Services, we may collect Personal Data and other information from you, as further described below:
Inquiries and Requests – We may provide you with the opportunity to contact us via e-mail or chat to ask questions, request information and materials, register or sign up for guides, seminars, or training classes, or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our Services. To facilitate this request, we may request additional Personal Data from you, such as your name, telephone number, and other contact information, to help us satisfy your request.
Service Enrollment – If you choose to enroll for one of our Services, we may require, without limitation, your name, address (including country, city and state), telephone number, email address, credit card number, bank account information, Internet Protocol (IP) address, IP range, domain name(s), or web application URL(s). The types of information required to fulfill a Service request depend on the types of Services being requested.
Statistical Information about Your Visit – We may collect certain information automatically through our Services or other methods of web analysis, such as your IP address, cookie identifiers, mobile advertising identifiers, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferences.
Human Resources Data – Menlo Security collects Personal Data from current, prospective, and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number, financial information related to credit checks, bank details for payroll, information that may be recorded on a curriculum vitae (CV) or application form, language abilities, contact information of third parties in case of an emergency, and beneficiaries under any insurance policy.
We may also collect Human Resources Data such as the need for a leave of absence due to a disability, including mental health, medical leave, and maternity leave; information about national origin or immigration status; and optional demographic information such as race, which helps us achieve our diversity goals. We acquire, hold, use, and process Human Resources-related Personal Data for a variety of business purposes that may include, but are not limited to the following:
Workflow management, including assigning, managing and administering projects;
Human Resources administration and communication;
Payroll and the provision of benefits;
Compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
Job grading activities;
Performance and employee development management;
Organizational development and succession planning;
Benefits and personnel administration;
Helpdesk and IT support services;
Internal and/or external or governmental compliance investigations;
Internal or external audits;
Litigation evaluation, prosecution, and defense;
Diversity and inclusion initiatives;
Restructuring and relocation;
Emergency contacts and services;
Compliance with statutory requirements;
Processing of Employee expenses and travel charges; and
Acquisitions, divestitures, and integrations.
Surveys: From time to time we may request information from customers via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for improving our customer service and service offerings.
Non-Identifiable Data: When you interact with Menlo Security through the Services, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. Menlo Security may store such information itself or such information may be shared with Menlo Security affiliates, agents, partners or service providers. We may use such information and pool it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors' Internet service providers. It is important to note that no Personal Data is available or used in this process.
Aggregated Personal Data: In an ongoing effort to better understand and serve the users of the Services, Menlo Security often conducts analysis and research on its customer demographics, interests and behavior based on the Personal Data and other information we collect or receive in connection with the Services or otherwise. This research may be compiled and analyzed on an aggregate basis, and Menlo Security may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally. Menlo Security may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
Our Use of Personal Data and Other Information:
Generally, we use the Personal Data we receive to:
Provide the Services, respond to inquiries or send you administrative messages regarding the operation and use of the Services;
Personalize and improve the Services;
Monitor and analyze usage and trends of the Services;
Send communications related to the Services;
Provide you with relevant advertisements;
Process any transactions initiated by you;
For any other purpose for which the information was collected;
To meet our legal obligations, for example:
For audit and reporting purposes;
To perform accounting and administrative tasks;
To respond to requests for information by competent public bodies and judicial authorities;
To respond to inquiries we receive from you or your company or organization;
To enforce or manage legal claims;
To deliver advertising and promotional and other communications, including periodically contacting you with offers and information about our products, services, features, and events and sending you newsletters or other information about topics that we believe may be of interest; conducting online surveys; and otherwise promoting our products, services, features, and events; and
To deliver targeted advertisements to you, both on and off the Services, including by using cookies, web beacons, and other Internet technologies, as explained in this Policy.
Human Resources Information
With regard to Personal Data we receive in connection with the employment relationship:
we will use such Personal Data only for employment-related purposes as more fully described in this Policy; and
When you apply for a role with Menlo Security through our website or otherwise, please see our Candidate Privacy Notice (forthcoming as of May 25, 2018).
Additional uses aligned with our legitimate interests
In addition, we may use your Personal Data for the following purposes for which we have a legitimate interest:
Processing for research purposes (including marketing research)
Disclosure to affiliated organizations
Network and information security (e.g., server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.)
Exercise of the right to freedom of expression or information, including in the media and the arts
Enforcement of legal claims including debt collection via out-of-court procedures
Prevention of fraud, misuse of services or money laundering
Employee monitoring for safety or management purposes
Processing for historical, scientific or statistical purposes
If you provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the Personal Data you provide to answer your question or resolve your problem. Also, if you provide Personal Data in order to obtain access to the Services, we will use your Personal Data to provide you with access to such services and to monitor your use of such services. Menlo Security and its subsidiaries and affiliates (the "Related Companies") may also use your Personal Data and other personally non-identifiable information collected through the Services to help us improve the features and functionality of the Services, to better understand our users and to enhance the Services.
Menlo Security and its affiliates may use this information to contact you in the future to tell you about services we believe will be of interest to you. If we do so, each marketing communication we send you will contain instructions permitting you to "opt-out" of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below.
Our Disclosure of Your Personal Data and Other Information:
Menlo Security is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:
Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, asset sale, dissolution or similar event, Personal Data may be part of the transferred assets.
Agents, Consultants and Related Third Parties: Menlo Security, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
Legal Requirements: Menlo Security may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Menlo Security or its customers or business partners, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.
Testimonials: We may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact the Menlo Security Privacy Contact as described below.
Public Profiles: The profile you create on our website will be publicly accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.
Data Transfers: All Personal Data collected via or by Menlo Security may be stored anywhere in the world, including but not limited to, in the United States, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Your Personal Data may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to Menlo Security, you consent to the storage of your Personal Data in these locations.
Specifically, our Website servers are located in the United States, and our third party service providers, including Amazon Web Services (“AWS”), Google Cloud Platform (“GCP”) and partners, operate in the United States and in other countries around the world. This means that when we collect your personal information we may process it in any number of places around the world. Therefore, your personal information may be processed outside the European Economic Area, and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection in the European Economic Area. In this event, we will ensure that such recipient offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.
If you would like a copy of our standard contractual clauses or more information on the appropriate safeguards we have implemented with our third party service providers and partners, please reach out to us using the details provided under the “Contact Us” section of this Policy.
You can visit the Site without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain Services. Even if you opt out, we may still collect and use non-Personal Data regarding your activities on our websites and/or information from the advertisements on Third-Party websites for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.
If you would like to discontinue receiving promotional communications from us, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you.
Note that even if you opt out, you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain communications regarding Menlo Security and our Services and you will not be able to opt out of those communications (e.g., communications regarding updates to our Terms of Service or this Policy, information regarding the security, initial use, expiration, product enhancement or migration of our products or services from this site).
We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within sixty (60) days after receipt, or such shorter time as may be required by law.
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Menlo Security does not recognize or respond to browser-initiated DNT signals. For information about “do-not-track”, please visit http://www.allaboutdnt.org/ .
You may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that cookie-based opt-outs are not effective on mobile applications. However, on many mobile devices, application users may opt out of certain mobile ads via their device settings.
The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs.
To be clear, whether you are using our opt-out or an online industry opt-out, these cookie-based opt-outs must be performed on each device and browser that you wish to have opted out. For example, if you have opted out on your computer browser, that opt-out will not be effective on your mobile device. You must separately opt out on each device.
Our website may contain links to other websites for news and other information. Our Policy only applies to the Menlo Security website and we are not responsible for the privacy practices or the content of other websites. You should check the privacy policies of those sites before providing your Personal Data to them.
RIGHTS OF ACCESS, RECTIFICATION, ERASURE, AND RESTRICTION
You may inquire as to whether Menlo Security is processing Personal Data about you, request access to your Personal Data, and ask that we correct, amend, or delete your Personal Data where it is inaccurate. Where otherwise permitted by applicable law, you may send an email to email@example.com or use any of the methods set out in this Policy to request access to, receive (port), restrict processing, seek rectification, or request erasure of Personal Data held about you by Menlo Security. Such requests will be processed in line with local laws.
Although Menlo Security makes good faith efforts to provide Individuals with access to their Personal Data, there may be circumstances in which Menlo Security is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary.
If Menlo Security determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, Menlo Security will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Data.
Links to Other Web Sites:
Menlo Security takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission or digital storage mechanism is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to Menlo Security via the Internet.
Other Terms and Conditions:
Your access to and use of the Services is subject to the Terms of Service at www.MenloSecurity.com/eula.
Access to Informaton; Contact Us:
To keep your Personal Data accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct Personal Data in our possession that you have previously submitted via the Services.
You may update your Menlo Security email subscriptions on the Menlo Security Subscription Center.
You may contact us as follows: firstname.lastname@example.org