Privacy and Confidentiality Policy
Aspen is strongly committed to protecting your privacy. Your privacy is important to us. In a commitment to protecting your privacy we have implemented the measures below to protect the personal data we process about you.
Types of Information We Collect
We receive personal information from our clients, potential clients, and employees. The following provides examples of the type of information that we collect and how we use that information.
|Context||Types of Data||Primary Purpose for Collection
and Use of Data
|Information about Clients||We collect the name, and contact information, of our business clients and their employees with whom we interact.||Communicating with our clients concerning normal business administration such as projects, services, and billing.|
|Cookies and Third Party Tracking||We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites.||For analytics, advertising and security purposes.|
|Email Interconnectivity||If you receive email from us, we use certain tools to capture data related to when you open or interact with our messages.||Understanding how you interact with the communications that we send to you.|
|Employment||If you apply for a job posting, or become an employee, we collect information necessary to process your application or to retain you as an employee.||Performing our employment obligations (e.g., to process paychecks) and processing prospective candidates’ applications. In some contexts, we are also required by law to collect information about our employees.|
|Feedback/Support||If you provide us feedback or contact us for support we will collect your name and e-mail address, as well as any other content that you send to us, in order to reply.||Receiving and acting upon your feedback or issues.|
|Mailing List||We may offer you the ability to sign up for a mailing list. If we do so we will collect your email address or postal address.||Sharing information about our products or services.|
|Web logs||We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.||Monitoring our networks and the visitors to our websites.|
In addition to the information that we collect from you or from our clients directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.
Use and Processing of Information
In addition to the purposes and uses described above, we use information in the following ways:
- To identify you when you visit our websites or our services.
- To provide products and services.
- To provide products and services to your business or employer.
- To improve our services and product offerings.
- To conduct analytics.
- To respond to inquiries related to support, employment opportunities, or other requests.
- To send marketing and promotional materials, including information relating to our products, services, sales, or promotions.
- For internal administrative purposes, as well as to manage our relationships.
Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you purchase a product from us, we collect your information to fulfill your order, but we also collect your information because we have an interest in understanding who our clients are and what services we perform on their behalf.
In addition to the specific situations discussed elsewhere in this policy, we disclose information in the following situations:
- Affiliates and Acquisitions. We may share information with our corporate affiliates (g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or anticipates acquiring, our company, business, or our assets, we will also share information with that company.
- Other Disclosures with Your Consent. We may ask if you would like us to share your information with unaffiliated third parties who are not described elsewhere in this policy.
- Other Disclosures without Your Consent. We may disclose information in response to subpoenas, warrants, discovery requests, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.
- Public. Some of our websites may provide the opportunity to post comments, or reviews, on a message board or in a public forum. If you decide to submit information on these pages, that information may be publicly available.
- Service Providers. We may share your information with service providers. Among other things service providers may help us to administer our website, perform hosting, provide technical support, process payments, and assist in the fulfillment of cybersecurity service requests.
You can make the following choices regarding your personal information:
- Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send promotional materials to you. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications.
- Access to Your Personal Information. We will grant you, where required by law, reasonable access to the personal information that we have about you. You may request access to your personal information by contacting us at the address described below.
- Changes to Your Personal Information. You can contact us at the address described below in order to request that your information be modified.
- Deletion of Your Personal Information. We typically retain personal information that we collect on our own behalf for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. You may request information about how long we keep a specific type of information, or request that we delete your personal information, by contacting us at the address described below.
- Revocation of Consent or Objections. You may revoke consent to processing (where our processing is based upon consent), or object to our processing (where our processing is not based upon your consent) by contacting us at the address described below. If you revoke your consent / object we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent / object if the law permits or requires us to do so, or if we are unable to adequately verify your identity.
- Do Not Track. Due to the absence of a current “Do Not Track” standard, the Site does not currently respond to “Do Not Track” signals.
How We Protect Personal Information
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. If we are required by law to inform you of any unauthorized access to your personal information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Our website or service may permit you to create an account. When you do you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.
We do not knowingly collect any personal information from children under 16. If we become aware that an individual under the age of 16 is submitting information without consent from their parent or legal guardian or as permitted under applicable law, we will delete the information as soon as possible from our database. If you believe we are collecting information about an individual under 16, please notify us immediately so that we can take appropriate action.
Notice to California Residents
This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018, as amended (“CCPA”), below is a summary for the last twelve (12) months of the “Personal Information” categories, as identified and defined by the CCPA (see California Civil Code section 1798.140(o)), that we collect, the reason we collect the Personal Information, where we obtain the Personal Information, and the other entities with whom we may share the Personal Information. Under the CCPA, Personal Information is defined as any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”).
We generally collect the following categories of Personal Information in providing our Services:
- identifiers such as a name, address, unique personal identifier, email, phone number, your device’s IP address, software, and identification numbers associated with your devices;
- characteristics of protected classifications under California or federal law, such as gender;
- commercial information such as records of products or services purchased, obtained, or considered by you;
- Internet or other electronic information regarding you browsing history, search history, the webpage visited before you came to our website, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, date and time stamps associated with transactions, and system configuration information;
- professional or employment-related information;
- your geolocation, to the extent you have configured your device to permit us to collect such information; and
- inferences about your preferences, characteristics, behavior and attitudes.
For more information about the Personal Information we collect and how we collect it, please refer to Types of Information We Collect above.
We collect Personal Information for the business purposes described above. The CCPA defines a “business purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected.
The categories of other individuals or entities with whom we may share your Personal Information are listed in Sharing of Information section above.
If you are a California resident, you have rights in relation to your Personal Information; however, your rights are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us, or the security of our network systems.
To assert your right to know, to access, or to delete your Personal Information, please contact us by email at firstname.lastname@example.org or contact us at 1-817.223.3270. To confirm your identity, we may ask you to verify Personal Information we already have on file for you. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes.
- Right Against Discrimination. You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your right to know, delete or opt-out of sales.
- Right to Know. You have the right to request in writing: (i) a list of the categories of Personal Information, such as name, address, email address, that a business has disclosed to third parties during the immediately preceding calendar year for the third parties’ direct marketing purposes, and (ii) the names and addresses of all such third parties. In addition, you have the right to request: (i) the categories of Personal Information we have collected about you, (ii) the categories of sources from which Personal Information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared Personal Information, and (v) the specific pieces of Personal Information we hold about an individual.
- Right to Access. You have the right to request a copy of the specific Personal Information we collected about you during the 12 months before your request.
- Right to Delete. You have the right to request us delete any Personal Information we have collected from you or maintain about you, subject to certain exceptions.
- Right to Opt-Out of Selling. California residents have the right to opt-out of having their Personal Information sold. We do not sell your Personal Information.
Under the CCPA, a California customer may use an authorized agent to make a CCPA privacy request on the consumer’s behalf. To make a request on behalf of a California consumer whose personal information has been collected by Aspen, the authorized agent must first provide a copy of either (a) a letter signed by the customer authorizing the agent to submit a CCPA request on his or her behalf, or (b) a valid power of attorney issued pursuant to California Probate Code sections 4000 to 4465. An authorized agent must email one of these documents to email@example.com and include a phone number where the agent may be reached during regular business hours.
Additional Disclosures for Data Subjects in the EEA, the U.K. and Switzerland
Lawful Bases of Processing – Where Ironwood is acting as a data controller that determines the purposes and means of processing your personal data, such as when we collect, use, and share personal data as described above, we must have a lawful processing basis for doing so. Our lawful bases for processing personal data include:
- to conclude or perform a contract with you, for example to:
- process your purchases of or requests for cybersecurity products and services;
- communicate with you about purchases, professional services, accounts, and programs;
- for our legitimate business purposes, including to:
- respond to your customer service inquiries and requests for information;
- maintain, improve, and analyze our Site, advertisements, and the products and services we offer;
- detect, prevent, or investigate security breaches or fraud; and
- facilitate the functionality of our Services;
- to comply with our legal obligations, for example to maintain appropriate records for internal administrative purposes and as required by applicable law; and
- on the basis of your consent, for example to send you via email and other electronic means personalized promotions and special offers or informing you about our professional services, offerings, events, or other promotional purposes.
You can withdraw your consent at any time by contacting us as described in the “Contact Us” section below.
Your EEA Data Subject Rights – Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
Request correction of the personal information that we hold about you.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party), or where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
Request the transfer of your personal information to another party, when possible.
Not be subject to automated decision-making producing legal or significant effects on an individual, which we do not engage in.
To exercise any of these rights, please contact us as set forth in the “Contact Us” section below and specify which GDPR privacy right(s) you wish to exercise. We must verify your identity in order to honor your request, which we will respond to within 30 days of receipt.
Transfers –When we transfer or receive personal data from the EEA, we do so pursuant to appropriate safeguards or your explicit consent under GDPR Article 49.
Retention – As a general rule, we keep your data for only as long as it is needed to complete the purpose for which it was collected or as required by law. We may need to keep your data for longer than our specified retention periods to honor your requests, including to continue keeping you opted out of marketing emails, or to comply with legal, regulatory, accounting or other obligations.
Complaints – If you have any issues with our compliance, you have the right to lodge a complaint with an EEA supervisory authority (link). We would, however, appreciate the opportunity to first address your concerns and would welcome you directing an inquiry first to us per the “Contact Us” section below.
Transmission of Information to Other Countries
By submitting your personal information to us you agree to the transfer, storage and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction you can contact us using the contact information below.
If you have any questions, comments, or complaints concerning our privacy practices please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.
6000 Western Place, #510
Fort Worth, TX 76107