Privacy and Cookies Policy
Version: October 2020
This Privacy and Cookies Policy applies to:
- this website (www.group-ib.com), operated by GROUP-IB GLOBAL PRIVATE LIMITED
- the services offered on this website
- Group-IB events (conferences, webinars, etc.)
This Policy may be amended at any time and the respective latest version found at www.group-ib.com/policy.html shall apply at any given time. Group-IB will not alter your rights under this Privacy Policy without your explicit consent. Data subjects will be informed in advance about any significant changes to the Policy by email or through banners on the website.
The data controller is GROUP-IB GLOBAL PRIVATE LIMITED, with its head office at 456 Alexandra Road #17-03 Fragrance Empire Building, Singapore, 119962.
Group-IB takes data security extremely seriously and is committed to processing data responsibly and in accordance with applicable data protection laws, namely the EU’s GDPR and Singapore’s PDPA. In this Policy, we explain how we process your personal information while making every effort to comply with the highest standards.
Data processed, purpose, legal basis, and storage time
1
- Purpose
Conducting webinars and events, sending newsletters and/or other marketing materials
- Legal basis
- Contract performance
- Data processed
- Name, email address, company name and other information relevant to the offers, such as technology-related interests.
- Storage time
- 3 years
2
- Purpose
Sending email notifications and/or newsletters
- Legal basis
- Contract performance
- Data processed
- Email address
- Storage time
- Until you unsubscribe
3
- Purpose
Processing information security incident reports
- Legal basis
- Contract performance
- Data processed
- First name, last name, email address, phone number, personal information that you send us
- Storage time
- 5 years
4
- Purpose
Providing software, services, or information
- Legal basis
- Contract performance
- Data processed
- First name, last name, business email, company, job title, phone number
- Storage time
- 5 years
5
- Purpose
Using feedback to promote and market Group-IB products
- Legal basis
- Consent
- Data processed
- First name, last name, business email, company, job title, phone number
- Storage time
- 5 years
6
- Purpose
Keeping the website secure and preventing fraud
- Legal basis
- Legitimate interest to prevent fraud
- Data processed
- Information about your computer and about your visits to and use of this website (including IP address, geographic location, browser type and version, operating system, referral source, length of visit, page views, and website navigation paths)
- Storage time
- 5 years
7
- Purpose
Improving user experience
- Legal basis
- Consent
- Data processed
- Information about your computer and about your visits to and use of this website (including IP address, geographic location, browser type and version, operating system, referral source, length of visit, page views, and website navigation paths)
- Storage time
- 14 months
8
- Purpose
Recruitment
- Legal basis
- Contract performance
- Data processed
- Personal information that you send us
- Storage time
- Until a decision regarding employment is made
| No. | Purpose | Legal basis | Data processed | Storage time |
|---|---|---|---|---|
| 1 | Conducting webinars and events, sending newsletters and/or other marketing materials | Contract performance | Name, email address, company name and other information relevant to the offers, such as technology-related interests. | 3 years |
| 2 | Sending email notifications and/or newsletters | Contract performance | Email address | Until you unsubscribe |
| 3 | Processing information security incident reports | Contract performance | First name, last name, email address, phone number, personal information that you send us | 5 years |
| 4 | Providing software, services, or information | Contract performance | First name, last name, business email, company, job title, phone number | 5 years |
| 5 | Using feedback to promote and market Group-IB products | Consent | First name, last name, business email, company, job title, phone number | 5 years |
| 6 | Keeping the website secure and preventing fraud | Legitimate interest to prevent fraud | Information about your computer and about your visits to and use of this website (including IP address, geographic location, browser type and version, operating system, referral source, length of visit, page views, and website navigation paths) | 5 years |
| 7 | Improving user experience | Consent | Information about your computer and about your visits to and use of this website (including IP address, geographic location, browser type and version, operating system, referral source, length of visit, page views, and website navigation paths) | 14 months |
| 8 | Recruitment | Contract performance | Personal information that you send us | Until a decision regarding employment is made |
How do we obtain your data?
Information may come:
- directly from you (from correspondence between us or forms that you fill in)
- from cookies stored in your browser
Who do we share your personal data with?
We use third-party data processors who provide certain services to us and we have a contract in place with each one. This means that they cannot do anything with your personal information unless we have instructed them to do so. They will not share your personal information with any other entity. They will store it securely and retain it for the period we specify.
We may share your personal information with any member of our company group (i.e. our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this Policy.
We share cookies with Google Inc (USA) when using Google Analytics to improve our website. Information about Google Inc (USA): Address: Google, Google Data Protection Office, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA. Google’s Privacy Policy and page about Google Analytics information privacy.
In some circumstances, we may be legally obliged to share your personal data. For example:
- under a court order
- in order to establish, exercise, or defend our legal rights (including providing information to third parties for the purposes of fraud prevention)
- when cooperating with supervisory authorities to handle complaints or investigations
We will share personal data only in cases where both we and the competent authority have a legal basis to share the information.
Without your express consent, we will not share your personal data with a third party for the purpose of their or any other third party’s direct marketing. Group-IB may share anonymized or aggregated data containing your personal data to third parties in order to improve our services and internal practices. However, in any case involving a third party, that third party will only have access to anonymized data and will not be able to identify you as an individual.
Security measures
We take all reasonable technical and organizational precautions to prevent your personal data from being leaked, lost, misused, or altered. We have implemented the following measures:
- Access control mechanisms at each layer of the stack, dividing our infrastructure into zones, environments, and services;
- Proactive intelligence-based security controls that help prevent most threats to the Company’s infrastructure;
- Risk and information security management for all assets and business processes;
- Network security controls: network segmentation, encrypted protocols, firewalls, etc.;
- 24/7 security incident management with holistic threat hunting capabilities;
- Vulnerability/patch management across all systems.
Cookies
Personal information submitted to us through our website will be used for the purposes specified in this Policy.
Our website uses cookies. A cookie is a small piece of data that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login details, language, font size and other display preferences) over a period of time so that you do not need to keep re-entering them whenever you return to the site or browse different pages.
Cookies fall under two types: persistent cookies and session cookies. Persistent cookies are stored by a web browser and remain valid until the expiry date set, unless the user deletes them before the expiry date. Session cookies, on the other hand, expire at the end of the session, when the user closes the web browser.
Cookies also vary depending on the website’s domain: first-party cookies, which are set by the web server of the visited page and share the same domain, and third-party cookies, which are stored by a domain different to the visited page’s domain. This happens when the webpage references a file (e.g. JavaScript) located outside its domain.
Cookies do not usually contain any information that identifies a user personally, but the personal data that we store may be linked to the information stored in and obtained from cookies. Cookies can be used by web servers to identify and track users as they browse different pages on a website and identify users returning to a website.
Before you continue to use our Website, you can accept or reject cookies placed on your computer by us and by our third-party service providers. You may withdraw your consent at any time.
Most browsers allow you to refuse all cookies. Find out how to manage cookies on popular browsers:
Blocking all cookies will have a negative impact on the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
To find out more about cookies, including how to check what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
We may also use web beacons or other technologies to tailor sites more effectively and provide better customer service. These technologies may be used on a number of pages across our website. When a visitor accesses any of these pages, a non-identifiable notice of that visit is generated and may be processed by us or our suppliers. These web beacons usually work in conjunction with cookies. If you do not want your cookie information to be associated with your visits to these pages or use of these products, you can turn off cookies in your browser settings or turn off cookies in the product itself, respectively. If you turn off cookies, web beacon and other technologies will still detect visits to these pages, but they will not be associated with information otherwise stored in cookies. Some of our business partners set web beacons and cookies on our site. In addition, third-party social media buttons may log certain information such as your IP address, browser type and language, access time, and referring website addresses, and if you are logged in to those social media sites they may also link such collected information with your profile information on that site.
Your data protection rights
Under data protection law, you have the following rights:
- Right of access. You have the right to ask us for copies of your personal data.
- Right to rectification. You have the right to ask us to rectify information that you think is inaccurate. You also have the right to ask us to complete information that you think is incomplete.
- Right to erasure. You have the right to ask us to erase your personal data.
- Right to restriction of processing. You have the right to ask us to restrict the processing of your personal data.
- Right to object to processing. You have the right to object to processing if we are able to process your information because the process forms part of our legitimate interests.
- Right to data portability. This only applies to information you have given us. You have the right to ask that we transfer any such information to another organization or give it to you. This right only applies if we are processing information obtained with your consent, as part of discussions about entering into a contract, and if the processing is automated.
- Right to withdraw consent. If we process your data based on your consent, you have the right to withdraw your consent at any time. If you would like to exercise your right to withdraw your consent, please contact us.
- Right to be informed. You have the right to obtain information about the processing of your personal data processing and any third parties involved.
- Right to lodge a complaint with a supervisory authority or lodge a complaint with us. If you have any questions about your rights or the Policy or would like to exercise any of your rights, including the right to withdraw consent, please contact us by sending an email to law@group-ib.com.
You can exercise any of the rights mentioned above or ask questions about your rights or the Policy by sending an email to law@group-ib.com or through our website contact form.
Children’s personal data
Our products and services are not intended for children. We do not wish to receive or unknowingly collect personal data relating to children.
Third-party websites
Our website includes hyperlinks to third-party websites and details about them.
We have no control over the privacy policies and practices of third parties and cannot be held responsible for them.
Updating information
Please let us know if the personal data that we hold about you needs to be corrected or updated.
Controller contact details
This website is owned and operated by GROUP-IB GLOBAL PRIVATE LIMITED. Our business address is: 456 Alexandra Road #17-03 Fragrance Empire Building, Singapore, 119962.
If you would like to contact us regarding our privacy practices, please use our website contact form or send an email to law@group ib.com.