Data Protection & Privacy Policy

Cybercrime Support Network – cybercrimesupport.org

Data Protection & Privacy Policy Statement

Purpose

We have developed this Data Protection & Privacy Policy Statement (“Policy”) to inform our users (“user(s)”, “you”, or “your”) about how Cybercrime Support Network (“CSN”, “we”, “us” or “our”) a 501(c)(3) company that oversees cybercrimesupport.org (“Website”, “Site”) collects data through the Site, how we use the collected data, and your rights with respect to the collected data.  This Policy identifies the personally identifiable information (“PII”) and other anonymous information (“AI”) gathered and used by us when you interact with the Site.

Acceptance of the Policy

You accept this Policy by using any part of the Site, completing a form, or submitting a request to us.

Changes to Policy

If we make any significant changes to this Policy, we will notify you by email, post a notice of such within the Site, or flag this Policy on the Site as updated.  You agree to our use of electronic communications with you for purposes of this Policy.  If you do not agree to the changes to this Policy, we will continue to maintain and use PII previously collected in accordance with the Policy in force as of that date.

Data Collection

You do not have to provide personal information to use any of our websites. However, particular services provided through cybercrimesupport.org may require that you furnish personal information.  When you contact us to help you with a problem, we may collect personal information about you. We collect and use only the information necessary to respond to your inquiries.

We may also use your information to provide you with newsletters or our own marketing materials. We use information in the aggregate for our business purposes, and other than as specified in this Policy, we do not use AI in a manner that allows identification of an individual user.

You may request access or updates to your PII or request a correction be made to an inaccuracy in your PII by contacting us as set out below.  You may request that we delete PII, and we shall attempt to accommodate such requests. However, we may retain and use PII for such periods of time as required by law.

Legal Uses of PII

We may use PII as required or permitted by law, including in response to service of legal process (court order, summons, subpoena, and the like).  We may disclose PII to law enforcement or regulatory authorities as part of an investigation into activity on the Site or in connection with your account.  We shall use reasonable measures to limit disclosure and use of such PII.  We may use PII in connection with the establishment or defense of legal claims.

Security 
We have security measures in place to protect against the loss, misuse, and alteration of the information under our control.  Any time we ask for a sensitive personal information, we transmit that information in an encrypted format. We use industry-standard, SSL (secure socket layer) encryption.  Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk.

Aggregated Information 

We collect information through our Websites relating to traffic levels on our websites.  AI is helpful to us for improving the services we offer and for marketing purposes. We use this information to measure the number of visitors to the different sections of our site, and to help make our Site more useful to future visitors.  We may share AI, which does not personally identify you, with our threat intelligence business partners, government agencies, or other companies.

Third-Party Sites 

Our websites contain links to third-party websites for your convenience.  The linked sites are not under the control of Cybercrime Support Network, and we are not responsible for the privacy practices or the contents of any linked site, or any link contained in a linked site.

We contract with third parties to assist us in administering the site and hosting the information.  This may require you or us to share information in order to make the site available for your use. Such third parties agree with us to maintain your privacy at least with the level of protection set forth in this policy.  For security purposes, and to ensure that this service remains available to all visitors, all network traffic is monitored in order to identify unauthorized attempts to upload or change information, or otherwise cause damage or conduct criminal activity.  We may send to your device a “cookie” or “pixel tag” that contains an identification number that is unique to the device you are using. You may decline, through your browser or machine settings, to provide such cookies or other information to us, however some of the Site’s features or services may not function properly as a result, and some services may not be available at all.  We may use this information to operate the Site, to enhance the Site, to understand how our Site is used, to investigate and verify proper use of the Site, and to monitor the security and integrity of the Site.

Effective Date

The effective date of this policy is November 1, 2018, and will be reviewed annually.  If you have questions about our policy, please contact at info@cybercrimesupport.org.

 

Our Compliance with the EU General Data Protection Regulation 2016/679 (“GDPR Section”).

If you are a Data Subject within the EEA, the following terms apply to you:

We collect information about your use of our Site, including, but not limited to, your Internet connections, computer equipment, web browsers, sites visited before using or accessing our Site, sites visited after leaving our Site, and other similar information about traffic and usage, as you navigate to, through, and away from our Site.  This is called “Non-Personal Data” because it does not identify you, but provides insights to us regarding your use of the Site.

We also use automated data collection tools, such as Cookies and Web Beacons, to collect certain types of Non-Personal Data.  You can set your browser to reject Cookies, but that may limit your use of some convenience features on the Site. For more information on Cookies and how the Site uses Cookies, please see our Cookie Notification [Cookie Notification hyperlink].

Web Beacons are tiny graphics with a unique identifier that may be included on our Site for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Site, and to monitor how many visitors view our Site.  Unlike Cookies, which are stored on the device, Web Beacons are typically embedded invisibly on web pages or in an e-mail.

Log Data refers to certain information about how a user (including both account holders and non-Account holders) uses our Site.  Log Data may include information such as a user’s Internet Protocol address, browser type, operating system, the pages or features of our Site to which a User browsed and the time spent on those pages or features, search terms, the links on our Site that a user clicked on, and other statistics.

You may be given the option to receive push notifications while using our Site.  In order to serve push notifications, we may need to collect your IP address and a persistent identifier from your device. You can turn off push notifications in your device settings.

When you fill out a form on our Site, respond to communications from us (e.g., surveys, requests for feedback), contact us via phone, e-mail, or postal mail, and so on, we will collect certain types of Personal Data that you provide to us.  “Personal Data” is information that can be used to identify you, either alone or in combination with other information.

Collectively in this GDPR Section of our Privacy Policy, Personal Data and Non-Personal Data is referenced as “Data.”

Use of Data

For Legitimate Interests.  We do not sell or rent your to any third parties.  We use information collected by clickstream data collection, web pixels, and cookies to store your preferences, improve website navigation, make personalized features and other services available to you, to generate statistical information, monitor and analyze user traffic and usage patterns, monitor and prevent fraud, investigate complaints and potential violations of our policies, to improve the our content and the products, services, materials, and other content that we describe or make available through the Site, and otherwise help administer and improve the Site.

We may identify you from your Personal Data and merge or co-mingle Personal Data and Non-Personal Data, for any lawful business purpose.  Where you provide registration information, cookies can also be used to identify you when you log onto the Site or portions of the Site. Except as otherwise stated, we may use information we collect from you for the legitimate business purpose of providing our Site to you, including, but not limited to:

  • to respond to your requests and provide user support;
  • to evaluate and improve the content of our Site;
  • to customize the Site to your preferences;
  • to communicate information and promotional materials to you (where you have not expressed a preference otherwise);
  • to maintain a record of activities in connection with your use of the Site;
  • to notify you of any changes to relevant agreements or policies;
  • for research analysis;
  • to enforce our agreements, terms, conditions, and policies;
  • to work with our service providers who perform certain business functions or services on our behalf and who are bound by contractual obligations consistent with this Privacy Policy;
  • to prevent or investigate fraud (or for risk management purposes), or to comply with a legal obligation, court order, or in order to exercise  our legal claims or to defend against legal claims;
  • to conduct aggregate analysis and develop business intelligence that helps us to enhance, operate, protect, make informed decisions and report on the performances of our Site;
  • to describe our Site to current and prospective business partners and to other third parties for other lawful purposes; and
  • for other purposes identified to you and as requested by you (please note that you have the right to withdraw your consent to such use at any time by contacting us via the contact information below).

With the Consent of a Data Subject within the EEA; or without consent, if a citizen of any other jurisdiction.  If you are a Data Subject within the EEA and we have obtained your consent, we may also use your information in the following ways; and, if you are a citizen of any other jurisdiction, you acknowledge that we may use your information in the following ways:

  • to share your information with our corporate parents, subsidiaries, other affiliated entities, and associated entities for the purposes described in this Privacy Policy;
  • to send e-mail and postal mail to provide you with updates and news;
  • to process any request you make;
  • to process any commercial transaction, including, but not limited to, fulfilling an order request; and
  • to process your Personal Data as described throughout this Policy.

Performance of a Contract.  If you have agreed to our Terms of Use, or other terms of service, and you have created an account, purchased merchandise, signed up for a subscription, we may also use your information:

  • to respond to your requests;
  • to provide you with products you have requested;
  • to fulfill your purchase order(s);
  • to send you e-mail and postal mail supplying you with the most recent service information or to send you information about your order (e.g., order confirmations, shipment notifications, etc.);
  • to notify you of any changes to relevant agreements or policies; and
  • to process your Non-Personal Data as outlined as described throughout this Privacy Policy.

We may use third‐party e‐mail providers to deliver these communications to you. If you no longer want to receive these e-mail communications, you may opt-out of receiving e-mail communications, as further discussed below.

We may, from time to time, invite you to participate in online surveys. The information requested in these surveys may include, but is not limited to, your opinions, beliefs, insights, ideas, activities, experience, purchase history, and purchase intent regarding products, events, and our Site. The information collected by these surveys is used to research market trends, company growth, etc. Your input will help us to improve customer experience and shape development of our products and Site.

We may anonymize or aggregate Data that we collect from the use of the Site, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access the Site, market trends, and other analysis that we create based on the information we receive from you and other users.  If you provide Personal Data through our Site, we may aggregate that Data with other active Data, unless we specify otherwise at the point of collection.

How We Share Data

We do not sell or rent Personal Data to marketers or unaffiliated third parties.  We do have relationships with trusted third parties, but we will not share any Personal Data that we have collected from or regarding you except as described below:

  • Service providers that help us administer and provide the Site (for example, a web hosting company whose services we use to host our platform).  These third-party services providers have access to your Personal Data only for the purpose of performing services on our behalf. We have entered into contractual relationships with these service providers and require them to comply with all applicable data privacy laws and regulations and to use the Data only for the purposes for which it was disclosed. We require that any third-party service providers limit their use of your Data solely to providing services to us and that they maintain the confidentiality, security, and integrity of your Data and not make unauthorized use or disclosure of the Data;
  • Authorized third parties, who are parties directly authorized by you to receive the applicable Data, such as when you authorize a third-party application provider to access your account. The use of your Data by an authorized third party is subject to the third party’s privacy policy;
  • Third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings), in which case we will require the recipient to use such information in accordance with this Policy;
  • As we believe necessary: (i) under applicable law; (ii) to enforce applicable terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; (iv) to detect, prevent, or otherwise address fraud, security or technical issues; (v) to respond to claims that contact information (e.g. name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment; and (vi) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence;
  • Pursuant to your explicit approval prior to the disclosure; and
  • We may share aggregated, de-identified Data with our sponsors and business partners to let them know how many users viewed and interacted with their materials.  This information does not identify any individual or corporate entity.

Third-Party Service Providers

We use third-party service providers to help us operate our Site, who may collect, store, and/or process the information detailed herein.  We allow access to our database by third parties that provide us with services, such as technical maintenance, market research, customer relations management, and purchase functionality, but only for the purpose of and to the extent necessary to provide those services.

If you choose to complete a subscription transaction on or through features on the Site, we may forward your information to third parties for services such as credit card or other payment processing, order fulfillment, credit pre-authorization, and address verification.  There are also times when you provide information about yourself to us in areas of the Site that may be managed or participated in by third parties. In such cases, the information may be used by us and by such third party(ies), each pursuant to its own policies. We may also provide your information to our advertisers so that they can serve ads to you that meet your needs or match your interests.

We use commercially reasonable efforts to engage with third parties that post a privacy policy governing their collection, processing, and use of Non-Personal Data and Personal Data.  While we may seek to require that such third parties follow appropriate privacy policies and we will not authorize them to use your information except for the express purpose for which it is provided, you agree that we do not bear any responsibility for any actions or policies of third parties.

Your Choices, Access, and Rights to Your Personal Data

You may change, edit, update, or delete the information you provided, when you set up your account through our Site, through your account settings.  You may also request the deletion of this information by sending an e-mail to info@cybercrimesupport.org.

If you reside in certain jurisdictions, such as the EEA, you may also have the following rights and options with regard to accessing, reviewing, correcting, and updating your Personal Data, as well as how we use and disclose your Personal Data:

Right to Access.  We respect your right to access and control your information and we will respond to requests for information and, where applicable, will correct, amend, or delete your Personal Data.

  • How to Access Your Personally Identifiable Information. You may choose to access or update your Personal Data as it exists in our records by logging into the account you have created.
  • Access to Personal Data.  You may choose to access your Personal Data by contacting us and requesting access, a process which shall include our identity verification procedures.  Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may also charge you a fee for providing you with a copy of your data (except where this is not permissible under local law).

Updating Communications Preferences (Opt-Out Policy).  We do send e-mails to users with information about our Site that we believe may be of interest. Users may opt out of receiving e-mail messages by contacting us via e-mail at [e-mail] or by clicking on the “unsubscribe” link found at the bottom of every e-mail that we send. Please note that if you opt-out of receiving marketing-related e-mails from us, we may still send you important administrative messages that are required to provide you with our Site, as applicable. If you do not opt-out using the link at the bottom of an e-mail, you will continue to receive electronic communications until you choose to click on the link that will be provided in each e-mail you receive from us.

Right to Rectify — Correction and Deletion.  Citizens of some jurisdictions, including the EEA, have the right to correct or amend their Personal Data if it is inaccurate or requires updating.  You may also have the right to request deletion of your Personal Data; however, this is not always possible due to legal requirements and other obligations and factors.  Remember that you can update your account information by contacting us at  info@cybercrimesupport.org.

Right to Erasure /  Be Forgotten. Data Subjects of the EEA may have the right to request that we delete your Personal Data in certain circumstances, such as if holding the Personal Data is no longer necessary or as part of your Right to Object (below).  

Right to Object.   Data Subjects of the EEA may have the right to object to the use of Personal Data for direct marketing uses, scientific uses, or historical research.  If you do not wish to have your Personal Data shared with third parties, contact our Data Protection Officer as described at the end of this document. If you do not wish to receive future commercial messages from us, simply follow the unsubscribe instructions contained within the message you receive. (But note that you may continue to receive certain communications from us, such as transactional or relationship messages, and/or messages about your account/profile).

Right to Restrict Processing.  Citizens of some jurisdictions, including the EEA, have the right to request that we stop processing their Personal Data.

Right to Data Portability.  Data Subjects of the EEA have the right to request that we provide your Personal Data for the purpose of sharing it with another service provider (through a secure process).

Filing a Complaint. If you are not satisfied with how we manage your Personal Data, you have the right to make a complaint to a data protection regulator. A list of National Data Protection Authorities can be found here.

Data Retention

Unless otherwise described or requested by you, we will retain your Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

For more information on our retention of user Data, please see our Data Retention Policy [Insert Data Retention Policy hyperlink].

At any time, users may request deletion of their accounts by e-mailing [e-mail]. When you delete your account, it cannot be recovered.

Please note that we do retain Non-Personal Data, including aggregated, de-identified data for the purposes described in the section above titled “How We Use Data.”

Data Protection Officer

Our appointed Data Protection Officer is Keith Tresh.  If you have an inquiry regarding your Personal Data, pursuant to the rights listed above, please send your message to the following:

Keith Tresh

keith@cybercrimesupport.org