When communicating with Difenda or using the Difenda Website, clients or interested individuals may, for example, disclose Personal Information to receive feedback about the Services or to personalize their client or user experience. Accordingly, this policy explains how under such circumstances Difenda complies with applicable data protection laws, respects individual privacy, and follows strong data governance practices.
For ease of understanding, this policy is divided into the following parts:
- Collecting and using your data
- Sharing, disclosing, and retaining your data
- Cross-border data transfers
- Web data relating to you
- Safeguarding your data
- Your data privacy rights
- Privacy Officer and accountability
Difenda may update this policy occasionally and will notify you by electronic means if the update is materially relevant to you, such as through the Difenda Website or directly by email. If you have any questions about this policy or a privacy-related matter, please see Part G (“Privacy Officer and accountability”).
- Collecting and using your data
- Difenda collects Personal Information by fair and lawful means and with the knowledge and/or consent of the individual, as appropriate. Depending on the type of Personal Information and accounting for reasonable expectations, Difenda may rely on express or implied consent.
- Before or at the time of collecting Personal Information, we identify the purposes for which such information is being collected and will only collect and use Personal Information to support and/or fulfill those purposes (defined in Section 4). Difenda may also collect and use Personal Information for new or additional purposes subject to obtaining appropriate consent or as permitted or required by applicable law.
- The following describes the types of Personal Information that Difenda may collect from you and the methods of collection:
- Difenda collects Personal Information from you through the Difenda Website including your name, email address, and phone number when you request or apply to receive information related to the Services, such as scheduling a demo; receiving threat intelligence reports, whitepapers or e-books; subscribing to our newsletter; registering for a webinar; or seeking cybersecurity workshop opportunities relevant to your business.
- Difenda collects Personal Information about you that you voluntarily provide to our representatives or business partners or from third-party data sources or aggregators who lawfully collect and share such information, which may include your name, email address, and phone number.
- Difenda may collect Personal Information about you from third party service providers, such as sales or business lead vendors and data aggregators.
- Difenda also automatically collects Personal Information from visitors of the Difenda Website, such as Internet protocol (IP) addresses, pages on the Difenda Website you requested, and cookie information. For more information, please see Part D (“Web data relating to you”).
- Difenda may use Personal Information collected for the following purposes (collectively, “Identified Purposes”):
- Fulfilling a request for the Services
- Responding to inquiries or feedback in relation to the Services
- Carrying out marketing and promotional activities
- Managing client relationships, including providing account or transaction-related updates
- Addressing concerns or complaints pertaining to data privacy
- Additional or new purposes identified to individuals from time to time
- Difenda only collects Personal Information that is relevant and/or required to fulfill Identified Purposes and, to the extent necessary for such purposes, Difenda takes reasonable steps to ensure the Personal Information is current, accurate, and complete.
- Sharing, disclosing, and retaining your data
- Difenda will not sell, trade, or rent Personal Information, but may share or disclose such information to third parties to the extent necessary to fulfill Identified Purposes. For clarity, third party recipients of Personal Information may include affiliates, partners, distributors, resellers, or those who otherwise work for or on behalf of Difenda. Where appropriate, such third parties are contractually bound to confidentiality and agree to adequately safeguard Personal Information; to use it only to help Difenda fulfill Identified Purposes; and to otherwise comply with this policy and applicable data protection laws.
- Difenda may, without your knowledge or consent and only to the extent necessary, disclose Personal Information in response to a lawful request or investigation by public authorities and agencies; to satisfy obligations under applicable laws or regulations (including national security or law enforcement requirements); or to protect Difenda’s assets, as permitted by law.
- Difenda will only retain Personal Information for as long as necessary to fulfill Identified Purposes and, in any case, no longer than stipulated in Difenda’s Information Classification and Retention Policy.
- Cross-border data transfers
- Personal Information is used, disclosed, and retained by Difenda in Canada or the United States. In some situations, however, Difenda may transfer Personal Information to other jurisdictions to achieve Identified Purposes or to comply with a legal request. Since Personal Information in another jurisdiction may be accessed there by the courts, law enforcement and/or national security authorities, and can be subject to different privacy standards, Difenda endeavours to limit such transfers. Where disclosure is required, we seek to ensure there is a comparable level of protection over Personal Information.
- Web data relating to you
- Difenda receives Personal Information in the form of Internet Protocol (IP) addresses from users of the Difenda Website. Specifically, an IP address is automatically reported by a computer’s web browser each time a web page is requested by a user for viewing and this IP address is logged on Difenda’s servers. IP addresses may be used for various purposes such as estimating the total number of users visiting the Difenda Website from specific countries or regions of the world.
- Through the Difenda Website, Difenda may use cookies for the purposes outlined below. A “cookie” is a small amount of data, including an anonymous unique identifier, sent from the visited website to a user’s computer (subject to browser preference settings). The visited website may access only cookies it has sent. Difenda uses “first-party cookies” (i.e., cookies directly from Difenda) for several purposes, including to:
- Provide users with customized content
- Keep track of user preferences specified while using the Difenda Website
- Estimate and report the total audience size and traffic
- Conduct research to improve Services and content on the Difenda Website
- Difenda may, from time to time, use external services that set “third-party cookies” (i.e., cookies sent from third party service providers) to:
- Enable information sharing across social media services
- Provide users targeted advertising in relevant contexts on external sites
- Keep track of preferences that users specify while using third-party services
- Enable third parties to aggregate anonymous user behavior data and provide such research data to Difenda
- Query third-party services such as Twitter for recently changed information
- Difenda may, from time to time, use web beacons (i.e., “clear GIFs”, “1×1” pixels) and coded URLs:
- In online advertising to determine which advertisements users have viewed
- In promotional emails to track whether an email has been viewed and subsequent clicks on hyperlinks
- To support remarketing for online ads on third party networks. Remarketing technology serves you ads across multiple websites based on your browsing interest and behavior
- You may limit third-party use of web data through your web browser settings or actions, such as disabling or not accepting cookies. You may also simply choose not to click on hyperlinks embedded in marketing emails you receive.
- Safeguarding your data
- Difenda protects Personal Information collected using physical, technological, organizational, and contractual safeguard measures that are commensurate with the information’s level of sensitivity. Examples include:
- Physical measures like locks on property that store data assets
- Technological measures like passwords and encryption on digital devices
- Organizational measures like background checks and identity verification
- Contractual measures like data protection terms that hold third parties legally responsible for how they handle Personal Information
These safeguard measures are designed to limit the risk of unauthorized access or disclosure, misuse, accidental loss, theft, destruction, and alteration of any Personal Information shared with Difenda.
- When you submit information to Difenda, including Personal Information, a copy of that information is routinely made for back-up purposes. While such copies may remain in back-up storage after an opt-out or deletion request is processed, the information is appropriately safeguarded during this time and deleted in accordance with Difenda’s Information Classification and Retention Policy.
- Difenda protects Personal Information collected using physical, technological, organizational, and contractual safeguard measures that are commensurate with the information’s level of sensitivity. Examples include:
- Your data privacy rights
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) applies to the collection, use, disclosure, and retention of Personal Information. You may also have rights under other privacy and data protection laws depending on where you reside.
- Your rights concerning Personal Information may include, among other things, the right to: (a) request access or copies of your data; (b) rectify incorrect data, and/or (c) withdraw consent to our use of your data. The above data privacy rights may vary depending on where you reside and do not represent an exhaustive list.
- With respect to email, Difenda complies with applicable anti-spam laws and, in addition to any right to withdraw consent or request deletion of Personal Information, including your email address, you may also opt-out of certain types of email you receive from us using the unsubscribe link within the email or by following our written directions.
- You may request clarification concerning this policy at any time. You also have the right to receive additional information about Difenda’s policies and practices relating to the management of Personal Information.
- Privacy Officer and accountability
- To exercise your data privacy rights, or to ask questions or relay concerns about Personal Information in Difenda’s care, custody, or control, you may contact Difenda’s Privacy Officer at compliance@difenda.com. If you believe, for example, that your Personal Information has been used in a way that is not consistent with this policy, please contact us and we will use reasonable efforts to resolve your concern in a timely and appropriate manner.
- Difenda remains accountable to you for your Personal Information and that means we are also responsible for any third parties with whom we have shared your Personal Information. Difenda is committed to conducting business in accordance with all applicable privacy principles to ensure that the integrity of Personal Information and your trust in us is upheld.