Last updated January 06, 2023
- Your use of the website, shostack.org, where you can learn more about our services, and request information and content.
- Your use of the "courses" section of our site collects additional data which we use to deliver the courses, and which is covered by additional terms of service which you must agree to take our courses. Those terms are at https://courses.shostack.org/pages/terms
- Our service providers who operate mailing lists, sell goods, and other things each have their own privacy policies which we encourage you to review.
Our Collection of Your Personal Data
Shostack + Associates collects and uses information that, alone or in combination with other information, could be used to identify you ("Personal Data") in order to deliver our services, deliver training or other services, inform you of various opportunities, and provide support, as described below (please also see the "How We Use Information" section below).
Personal Data That You Voluntarily Provide To Us. Shostack + Associates primarily collects Personal Data provided to us by people when they interact with our services. For example, you may voluntarily provide us with Personal Data when you sign up to participate in our blogs, sign up for a webinar, ask to download content (such as a white paper or a brochure), submit a web form, call or email us directly, request an overview of our services, or submit your business card.
The types of Personal Data that we collect vary based on the services offered on the Websites, but generally include your name, address, telephone number, company name, job title, e-mail address, and other information that you voluntarily submit to us.
You should carefully consider whether you wish to submit Personal Data. You should also review any additional terms and conditions that may govern your use of our services.
Automatically Collected Data. As you interact on our website, we may collect information about your computer or device and visits to our Website ("Automatically Collected Data") through cookies, web beacons and other technologies, Internet Protocol (IP) address tracking/URL tracking, and other tools (collectively, "Tracking Technologies"). The types of Automatically Collected Data collected on our Website through the use of these and other tools that we may add from time to time may include: the search terms you used, new or returning user information, browser information, computer or device type, operating system, internet service provider, website usage, referring/exit pages, platform type, date/time stamp, and number of clicks. Please see the "Tracking Technologies" section below to learn more about how we use Tracking Technologies.
How We Use Information
Provide our services and respond to requests. We use the Personal Data we collect from you (unless otherwise restricted by law) to:
- Provide you support or other services you have ordered from us and other similar operational communications. For EU Data Subjects, such use is necessary for the performance of the contract between you and us.
- Respond directly to your information requests (including registrations or other specific requests) or other inquiries. For EU Data Subjects, such use is necessary to respond to or implement your request prior to entering into a contract with us.
Marketing. We also use your contact information to contact you by email regarding information that we think may be of interest to you. If you do not wish to receive marketing materials, brochures, or emails from Shostack + Associates, you may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails.
Where required by the applicable law (for example, if you are an EU Data Subject), we will send you marketing information or notifications only with your consent, which was given at the time you provided us with the Personal Data. In such case, if you do not provide us with your consent to the processing of your Personal Data for this purpose, we will not send you this information, (please refer to the "EU Data Subjects" section below for information on your rights). For California residents, please consult the "Your Privacy Rights" section below for additional considerations.
Correspondence. If you correspond with us via email, the postal service, our web forms, or other form of communication, we may retain the correspondence and the information it contains. We may use the information for business purposes, including responding to your inquiry, notifying you of Shostack + Associates-related opportunities, and other marketing purposes (please read the Marketing section above for more information on our marketing practices and how to opt out or unsubscribe).
URL and IP Address. Shostack + Associates collects information about users’ IP addresses, including users’ utilization of our Website, to help us design our Website to better suit our Website users’ needs. We may use information about your IP address to help diagnose problems with our server, administer our Website, analyze trends, track visitor movements, and gather information that assists us in identifying visitor preferences. We also may use your IP address to enhance our security and investigate an actual or potential security incident. For EU Data Subjects, this use of your information is necessary for our legitimate interests in understanding how the Website and our services are being used by you, to improve your experience on it and ensuring network and information security. For more information about what we mean by legitimate interests, and when we may process Personal Data for our legitimate interests, please see the "EU Data Subjects" section below.
Disclosure of Information
Shostack + Associates discloses Personal Data that we collect (described above) in accordance with the terms set forth in this section.
We share your Personal Data with third parties who provide certain services to us to assist us in meeting business operation needs. These parties are authorized to process your Personal Data, on our behalf and pursuant to our instructions, only as necessary to provide these services to us. We share your Personal Data with the following service providers:
- Providers of payment processing and accounting, as necessary to process payment from our Clients
- Providers helping us fulfill subscription services (such as Thinkific or Mailchimp)
- Providers of research and analytics services, including Google Analytics
- Providers of customer and prospect tracking such as Hubspot
- Providers of cloud computing services
We may also disclose Personal Data to third parties in the following circumstances: (1) if you request or authorize (when required by the law, we will inform you in advance of the third parties to which we may provide your data and the purpose for doing so, and we will obtain your prior consent for such use); (2) the information is provided (a) to comply with the law (for example, to comply with a search warrant, subpoena or other legal process), (b) to enforce an agreement we have with you, (c) to protect our rights, property or safety, or the rights, property or safety of our employees or others, (d) to investigate fraud, or (e) to respond to a government request or to lawful requests by public authorities, including to meet national security or law enforcement requirements; (3) to address emergencies or acts of God; (4) to address disputes, claims, or to persons holding a legal or beneficial interest; (5) if we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, in which case your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.
How You Can Access and Change Information
Shostack + Associates acknowledges that you have the right to access your Personal Data. In case you request us to remove data, we will respond within a reasonable timeframe. Upon request, Shostack + Associates will provide you with information about whether we hold any of your Personal Data. You can update or correct your Personal Data or remove it from our system by making a request to us at the contact information provided below. Requests typically receive a response within thirty (30) days. If access cannot be provided within that time frame, we will provide the requesting party with an estimated date by which the information will be provided. If for some reason access is denied, we will provide an explanation of why access has been denied. If you are an EU Data Subject, please see the "EU Data Subject" section below for information on your rights in relation to the Personal Data we hold about you.
EU Data Subjects
Scope. This section applies if you are an individual located in the European Union or European Economic Area (collectively, "EU") ("EU Data Subject"). For these purposes, reference to the EU also includes the European Economic Area.
Data Controller. Shostack + Associates is the data controller for the processing of your Personal Data.
Your Rights. Subject to applicable law, you have the following rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to have it rectified or completed.
- Right to erasure: You may ask us to delete or remove your Personal Data and we will do so in some circumstances, such as where we no longer need it. We may not delete your data when other interests outweigh your right to deletion.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or object to us processing it. We will tell you before we lift any restriction on processing.
- Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Data in a machine-readable format.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
- If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing; or
- If we are processing your Personal Data for direct marketing.
- Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, that affect you, unless such processing is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent to such processing.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
For applicable rights, if you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
You may exercise your rights by contacting us as indicated under "Contact Us" section below.
Retention Of Personal Data. Personal data that we process will not be retained for longer than is necessary for the purpose(s) for which it has been obtained. In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on customary business practice.
Notwithstanding any contrary provisions in this Policy, however, we may retain your Personal Data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Our Security Measures to Protect Your Personal Data
We take reasonable efforts to secure the information that you choose to provide us, and we use a variety of security procedures to help protect against unauthorized access to or alteration, disclosure, or destruction of Personal Data. We restrict access to Personal Data to our employees, contractors and service providers (described in the "Disclosure of Information" section above) who need to know the information to operate, develop, or improve our services.
We retain your Personal Data for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.
What Are Cookies?
Cookies are pieces of data sent to your browser when you visit a website and stored on your computer’s hard drive. Cookies may store user preferences and other information. For example, cookies can store your session information for easy log-in to a website or platform, or your language or user interface customization preferences or may allow websites to record your browsing activities (for example, number of page views, number of visitors, and time spent on each page). We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for a set period or until you delete it.
|Categories of Use||Purpose||Notes|
|Strictly Necessary||These cookies allow us to link the actions of a user during a browser session to allow navigation around web pages, access to secure areas of the Websites or Platforms and help make the services available through our Websites and Platforms work. Without these cookies, basic functions of the Website would not work.||You can block or delete these cookies by changing the browser settings as explained below|
These cookies allow us to recognize and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way our Website works, for example by making sure visitors are finding what they need easily. The information collected through these cookies include anonymous traffic statistics, like number of page views, number of visitors, and time spent on each page.
You can block or delete these cookies by changing the browser settings as explained below.
You can also prevent your data from being collected by Google Analytics on the Website by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
We encourage you to use of privacy-protecting technology, and invest to deliver services that work when you make that choice. However, some services may be limited when you do so. For example, if you reject cookies or disable cookies, your use of certain features or functions on our Website may be limited.
Inapplicability of Privacy Policies of Any Linked Websites or Other Third Parties
California Privacy Rights
The Website and Apps are not intended for use by or targeted at children under 13, and we do not knowingly or intentionally collect information about children under 13. Children under 13 should not use the Website or Apps.
Conditions of Use
Address: 1122 E Pike St #1299 Seattle WA 98122
[06Jan2023] - Updates to formatting; Include Hubspot as additional Service Provider
[14Jul2021] - Published with launch of new site