Last Updated July 2022
Please read this policy carefully before using our website or the Services (as defined under the Terms of Service).
This Policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you. It applies to those visiting our website www.ox.security or using the Services (together, the “Platform”).
For the purpose of the relevant data protection legislation, the data controller is OX Appsec Security Ltd. (“OX”, “us”, “our” or “we”).
Please note that this Policy does not apply to, or limit, our use or disclosure of non-personal information (i.e. information which is not relevant to you or able to identify you) we may collect from you via your use of the Platform.
Information you give us
You may give us information about you by filling in forms on our Platform, when you log in to the Platform, or by corresponding with us by phone, e-mail, chat, or otherwise. This includes (but is not limited to) information you provide when you use our service and when you report a problem with our Platform or the services available on it. The information you give us will depend on the circumstances but, as you are giving it to us, you will always know what information we are receiving. We may keep a record of that correspondence or information in case we need to contact you in relation to the issue for which you contacted us, for operational performance improvement and/or nuisance caller management, or otherwise as may be required by law.
Information we collect about you
We may collect the following information about you:
- your contact details (phone number, address, email address).
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone
- setting, browser plug-in types and versions, operating system and platform; and
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Platform (including date and time); what you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), and methods used to browse away from the page and any phone number used to call our customer service number.
- Any other information you directly provide us.
Information we receive from other sources
We may receive information from the third-party authentication provider about you, including your GitHub, Bitbucket, Google, or Docker username and your email address. We are also working closely with other third parties and may receive information about you from them.
Uses made of the information
We use information held about you in the following ways:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide customer support;
- to personalize your experience;
- to contact you about your account;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to provide you with our newsletter, security best practices and updates about our Platform;
- to provide you with information about goods or services we feel may interest you;
- to notify you about changes to our Platform;
- to administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Services and our services and to ensure that content is presented in the most effective manner for you and for your computer or mobile device;
- as part of our efforts to keep our Platform safe and secure; and
- In certain cases, we may or will anonymize or de-identify your Information and further use it for internal and external purposes, including, without limitation, to analyze and improve OX services (including through the use of artificial intelligence) and for research purposes. We may use this anonymous or de-identified information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them and/or to develop new product features and improve existing offerings).
If you no longer wish to receive our newsletters, product updates, or other marketing communications, you may unsubscribe from them at any time by going to email@example.com.
Legal basis for processing your personal data
We rely on our legitimate business interests, and those of our customers, to process your personal data. For example, we have a legitimate interest in providing and improving the Services; maintaining and improving the security and integrity of our Platform; minimizing claims and financial losses of us, and our customers; promoting the Platform and our services and brand; research and analytics; and sharing information with our service providers who help power our operations.
In some cases where we send you promotional material by email we obtain your consent as a legal basis to processing your personal data.
Disclosure of your information
We may share your information with the following, selected third parties:
- business partners, service providers and subcontractors for the performance of any contract we enter into with them or you;
- service providers acting as processors who provide IT, customer management, recruitment administration and system administration services;
- analytics and search engine providers that assist us in the improvement and optimization of our Platform.
We may disclose your personal data to certain third parties in the following circumstances:
- if we have your permission to do so;
- third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may access and use your personal data;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms applicable to the OX service and any other documents referred to in them; or to protect the rights, property, or safety of OX, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Where we store your personal data
All information you provide to us is stored on our secure servers or those of our service providers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. Do not share a password with anyone.
We cannot guarantee the security of your data transmitted to our Platform; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorized access.
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of a dispute in respect to our relationship with you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
If you wish to exercise any of the rights set out below, please contact us at firstname.lastname@example.org.
You have the right to:
- Request access to your personal data.
- Request correction of the personal data that we hold about you.
- Request erasure of your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data on the ground that you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data.
- Request the transfer of your personal data to you or to a third party.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
No fee usually required
You will not have to pay a fee to access your personal data or to exercise any of the other rights, provided that such requests are not clearly unfounded, repetitive or excessive.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights.
Time limit to respond
We generally respond to all legitimate requests within one month. In the event could take longer, we will notify you and keep you updated.
Third party platforms
Our Platform may, from time to time, contain links to and from the websites operated by third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Use by children
We do not offer our products or Services for use by children and, therefore, we do not knowingly collect information from, and/or about children under the age of 18. If you are under the age of 18, do not provide any information to us without the involvement of a parent or a guardian. In the event that we become aware that you provide information in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at email@example.com.
- Hubspot. Some personal data may be used on Hubspot, such as support tickets and contact details.
- We reserve the right to remove or add new analytic tools, cookies, pixels and other tracking technologies.