Our Commitment to Your Privacy
Secure Digital Solutions, Inc. (“SDS”, “we”, “us” or “our”), developer of the TrustMAPP® Cybersecurity Performance Management platform, recognizes the importance of data privacy. We believe that privacy is a matter of trust, and we are committed to managing personal data lawfully, fairly, and transparently. We want our website visitors, customers, distributors, employees, and other business partners (collectively, “you” or “your”) to understand the ways we collect and use personal data about you.
This Privacy Statement describes:
- Ways we collect your personal data.
- Ways we use your personal data.
- Ways we share your personal data.
- Ways we retain and safeguard your personal data.
- Your rights and choices about how we collect, use, and share your personal data.
We collect only personal data that you provide to us voluntarily and with your consent. Secure Digital Solutions takes measures to ensure that we collect personal data for specified, explicit and legitimate reasons only – namely, to provide products and services to you and meet our legal obligations. We also take steps to limit the personal data we collect to only the minimum necessary to carry out our mission.
We may collect your personal data when you:
- Contact us by phone, fax, or online
- Interact with our social media pages
- Request white papers or similar resources
- Sign up for our newsletters or alerts
- View our educational videos or listen to our podcasts
- When you apply for a job with SDS; and
- Communicate with us via e-mail or other channels, such as our Contact form.
In these instances, we may collect personal data such as: your name, e-mail address, postal address, phone and fax number, company name and job title.
If you apply for a job with SDS and/or receive an offer of employment, we may collect special categories of personal data, such as: your birthdate, Social Security number, and other information necessary to facilitate the employment process.
We may use log files to record data about each users’ visit to our Sites. When you visit the Sites, we collect the IP (Internet Protocol) address connected to your computer (or the proxy server you use to access the World Wide Web), your computer operating system, the type of browser you are using, mobile device operating system (if you are accessing the Sites using a mobile device), as well as the name of your ISP (“Internet Service Provider”) or your mobile carrier. We use this information to analyze overall trends to help improve the Sites. We do not share log data with third-parties unless required by law to do so.
We may use another type of cookie, called a “session” cookie, to identify your last visit to the Sites. Session cookies used by the Sites expire after you close your web browser.
We may also use web “beacons” to allow us to know if you visited a certain page, opened an email from us or to determine the effectiveness of ad banners on our Sites.
Third-Party Cookies and Other Tracking Technologies
We may use the ShareThis plug-in for enhanced website functionality. You may review your ShareThis opt-out choices here.
We may use the Gravitar plug in for enhanced website functionality. You may review your Gravitar opt-out choices here.
From time to time, we may collect information from you via an online survey. Participation in these surveys is completely voluntary. Information requested may include personal and demographic information. Secure Digital Solutions may use survey information for purposes of monitoring and improving the Sites and/or SDS products and services.
Your Consent to Our Collection and Subsequent Use
By using our Sites or otherwise communicating with SDS electronically, you consent to our collection and subsequent use of your personal data for our legitimate business uses. If you do not consent to such collection or subsequent use of your personal data, you may not be able to communicate electronically with SDS.
We may use your personal data to communicate with you and provide you our products and services. For example, we may use your personal data to:
- Send you newsworthy updates
- Send you invitations to events and conferences
- Answer questions you submit to us
- Administer our business processes; and
- Comply with our legal and contractual obligations.
If you apply for a job SDS, we may also use your personal data to process your employment application, conduct background screening, check references. Once hired, we may use your personal data to facilitate payroll and employee benefits administration.
Opting-Out of Uses of Your Personal Data
If you wish to request that SDS refrains from using your personal data to communicate with you, please submit your request to SDS by using the information in the How to Contact Us section below.
We have not and will not sell or lease your personal data to third-parties. In the context of the uses of personal data mentioned in the Ways We Use Your Personal Data section above, we may share your personal data with third-parties we engage to help provide products and services to you. These third-parties include, but are not limited to, organizations that provide the following:
- Software development and support
- Customer relationship management (CRM) platform
- Business resilience and disaster recovery services
- User authentication tools and services
- Auditing platforms and accounting services
- Collections services
- Legal services
- Mailing services
- E-mail and direct marketing tools and services; and
- Recruitment tools, background checks, and other pre-employment related services.
Other Sharing Circumstances
We may also share your personal data in other circumstances, such as:
- As required to by law or in response to a subpoena or other government information request
- If we believe that the disclosure is in the interest of your security or the security of SDS (including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction)
- If we merge with or are acquired by another company, or
- If we go out of business, enter bankruptcy, or go through some other change of control.
Sharing Aggregate Information
When SDS requests demographic information collected during an information request or registration, you have the option not to provide this information. We encourage you to do so that we may gain a better understanding of your needs, and so that we may serve you in a more personalized manner.
We may share aggregate non-personal information with strategic partners. For these circumstances, we do not disclose information that can uniquely identify you.
Opting-Out of Sharing Your Personal Data
You have choices regarding the ways we share your personal data with third-parties. If you wish to opt-out, please submit your request to SDS by using the information in the How to Contact Us section below.
Personal Data Retention
We may retain your personal data for as long as you are a business contact to us or as needed to provide you products and services. For those individuals in the EU, you have the right to request that we delete your personal data under GDPR. However, SDS may retain and use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Special Notice for Individuals in the European Economic Area (EEA)
If you are in the European Union (EU), please be aware that we operate the United States. As such, we may transfer your personal data from the European Economic Area (EEA) to the US to provide you products and services, or otherwise communicate with you. SDS takes measures to ensure that your personal data is adequately safeguarded when transferred, processed, and stored in the United States or elsewhere. In doing so, we aim to comply with applicable EU data privacy laws and regulations.
By using SDS’ Sites or otherwise communicating with us electronically, you acknowledge that we may transfer, process or store your personal data outside the EEA, and that we may share your personal data as described in the How We Share Your Personal Data section above.
Privacy Rights for Individuals Under the General Data Protection Regulation (GDPR)
If you are in the EU, you have certain data privacy rights under the General Data Protection Regulation (GDPR). These rights include:
- Access: You have the right to access your personal data held by SDS.
- Correction, Amendment and Removal: You have the right to correct or amend your personal data held by SDS. You also have a right to request that SDS deletes certain personal data about you.
- Restriction: You have the right to restrict processing of your personal data held by SDS if you contest the accuracy of your personal data held by SDS or the lawfulness of SDS’ processing of your personal data.
- Portability: You have the right to receive your personal data held by SDS in a structured, commonly-used and machine-readable format. You also have the right to transmit your personal data to another organization without hindrance from SDS.
- Objection: You have the right to object, on grounds relating to your particular situation, to SDS’ processing of personal data about you, unless SDS demonstrates compelling legitimate grounds for continuing such processing. You also have the right to object to any automated decision-making (such as user profiling) used by SDS.
- Complaints: You have the right to lodge a complaint or concern about our data privacy practices with SDS directly and/or with an appropriate supervisory authority, as defined by GDPR.
If you wish to exercise any of your rights under GDPR, as described above, please submit your request by using the information in the How to Contact Us section below.
Privacy Rights for Individuals Under the California Consumer Privacy Act (CCPA)
If you are a resident of the state of California, you have certain data privacy rights under the California Consumer Privacy Act of 2018 (CCPA). These rights include:
- Access: You have the right to request that we provide you access to a copy of your personal information held by SDS, covering the twelve(12) calendar months preceding your request.
- Portability: You have the right to receive your personal information held by SDS in a structured, commonly-used and machine-readable format. You also have the right to transmit your personal information to another organization without hindrance from SDS.
- Correction, Amendment and Deletion: You have the right to request a correction or amendment of your personal information held by SDS. You also have a right to request that SDS deletes certain personal information about you.
- Opt-Out of Sharing: You have the right to request that we do not sell (where applicable) your personal information to third parties.
- Prohibition on Discrimination: You have the right to exercise your rights under CCPA without fear of discrimination by SDS.
If you wish to exercise any of your rights, as described above, please submit your request to SDS by using the information in the How to Contact Us section below.
Prohibition on Sales of Personal Information About California Residents
Secure Digital Solutions does not “sell” personal information about residents of California to third parties, per the meaning of this term defined in the California Consumer Privacy Act (Cal. Civ. Code §1798.140(t)). As such, SDS does not make available a clear and conspicuous link entitled, “Do Not Sell My Personal Information,” per CCPA requirements for those businesses that sell personal information. Should our business practices change, SDS may implement such a link on one or both of its Sites.
Other California Privacy Rights
California Civil Code Section §1798.83 permits users of our Sites that are California residents to request certain information regarding our disclosure of personal information to third-parties for their direct marketing purposes. If you wish to exercise your rights under California law, as described above, please submit your request to SDS by using the information in the How to Contact Us section below.
Individuals Under the Age of 18
Secure Digital Solutions does not intend this Sites for use by individuals under 18 years of age. Individuals under age 18 should avoid providing any personal data to the Sites without verifiable parental consent.
We constantly strive to align our data security practices with industry standards for securely handling, transmitting, and storing personal data. To prevent unauthorized access, maintain data accuracy and the correct use of information, SDS implements administrative, physical, and technical measures to safeguard and secure the information we collect on the Sites. We utilize industry-accepted encryption technologies and strengths to reduce the risk that others can view information passing between our Sites and your browser.
Since the Internet is not a completely secure environment, we cannot ensure or warrant the security of any information you transmit to us. SDS offers no guarantees that information cannot or will not be accessed, disclosed, altered, or destroyed by a breach of any of our administrative, physical, or technical measures.
Notification in Event of a Data Breach
International, federal, and state laws and regulations require SDS to notify individuals in the event of a breach of personal data. In such an unfortunate event, we will promptly notify data breach victims, in accordance with notification procedures defined in our internal policies, and as required by applicable law.
Our Sites may contain links to and from other third-party sites. Please be aware that SDS is not responsible for the privacy practices of these third-party sites. We encourage you to be aware when you leave our Sites, and to read the privacy statements of each website that collects your personal data.
You may contact us directly via post, phone, or e-mail:
Secure Digital Solutions, Inc.
c/o Privacy Official
5353 Gamble Drive Suite 300
Minneapolis, MN 55416
Privacy | at | trustsds | dot | com
If you request to opt-out, there may be a 30-day period before such opt-out will take effect.
Updates to this Privacy Statement
Secure Digital Solutions reviewed and updated this Privacy Statement on 23 September 2020. We reserve the right, at our discretion, to change, modify, add, or remove portions of this Privacy Statement at any time. Your continued use of the Site following reasonable notice of such modifications constitutes your acceptance of any changes to this Privacy Statement.