Privacy Policy for Shostack + Associates

 

Last updated January 06, 2023

Shostack + Associates Privacy Policy

We are committed to protecting your privacy. This Privacy Policy explains our data practices regarding Personal Data (as defined below) and other information that we collect in connection with:

  1. Your use of the website, shostack.org, where you can learn more about our services, and request information and content.
  2. Your use of the "courses" section of our site collects additional data which we use to deliver the courses, and which is covered by additional terms of service which you must agree to take our courses. Those terms are at https://courses.shostack.org/pages/terms
  3. Our service providers who operate mailing lists, sell goods, and other things each have their own privacy policies which we encourage you to review.

By using our Website or services, you consent to policies and practices described in this Privacy Policy. If you do not agree with the data practices described in this Privacy Policy, you should not use our Website.

Our Collection of Your Personal Data

Shostack + Associates collects and uses information that, alone or in combination with other information, could be used to identify you ("Personal Data") in order to deliver our services, deliver training or other services, inform you of various opportunities, and provide support, as described below (please also see the "How We Use Information" section below).

Personal Data That You Voluntarily Provide To Us. Shostack + Associates primarily collects Personal Data provided to us by people when they interact with our services. For example, you may voluntarily provide us with Personal Data when you sign up to participate in our blogs, sign up for a webinar, ask to download content (such as a white paper or a brochure), submit a web form, call or email us directly, request an overview of our services, or submit your business card.

The types of Personal Data that we collect vary based on the services offered on the Websites, but generally include your name, address, telephone number, company name, job title, e-mail address, and other information that you voluntarily submit to us.

You should carefully consider whether you wish to submit Personal Data. You should also review any additional terms and conditions that may govern your use of our services.

Automatically Collected Data. As you interact on our website, we may collect information about your computer or device and visits to our Website ("Automatically Collected Data") through cookies, web beacons and other technologies, Internet Protocol (IP) address tracking/URL tracking, and other tools (collectively, "Tracking Technologies"). The types of Automatically Collected Data collected on our Website through the use of these and other tools that we may add from time to time may include: the search terms you used, new or returning user information, browser information, computer or device type, operating system, internet service provider, website usage, referring/exit pages, platform type, date/time stamp, and number of clicks. Please see the "Tracking Technologies" section below to learn more about how we use Tracking Technologies.

How We Use Information

Provide our services and respond to requests. We use the Personal Data we collect from you (unless otherwise restricted by law) to:

Marketing. We also use your contact information to contact you by email regarding information that we think may be of interest to you. If you do not wish to receive marketing materials, brochures, or emails from Shostack + Associates, you may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails.

Where required by the applicable law (for example, if you are an EU Data Subject), we will send you marketing information or notifications only with your consent, which was given at the time you provided us with the Personal Data. In such case, if you do not provide us with your consent to the processing of your Personal Data for this purpose, we will not send you this information, (please refer to the "EU Data Subjects" section below for information on your rights). For California residents, please consult the "Your Privacy Rights" section below for additional considerations.

Correspondence. If you correspond with us via email, the postal service, our web forms, or other form of communication, we may retain the correspondence and the information it contains. We may use the information for business purposes, including responding to your inquiry, notifying you of Shostack + Associates-related opportunities, and other marketing purposes (please read the Marketing section above for more information on our marketing practices and how to opt out or unsubscribe).

URL and IP Address. Shostack + Associates collects information about users’ IP addresses, including users’ utilization of our Website, to help us design our Website to better suit our Website users’ needs. We may use information about your IP address to help diagnose problems with our server, administer our Website, analyze trends, track visitor movements, and gather information that assists us in identifying visitor preferences. We also may use your IP address to enhance our security and investigate an actual or potential security incident. For EU Data Subjects, this use of your information is necessary for our legitimate interests in understanding how the Website and our services are being used by you, to improve your experience on it and ensuring network and information security. For more information about what we mean by legitimate interests, and when we may process Personal Data for our legitimate interests, please see the "EU Data Subjects" section below.

Aggregated Data. We may also compile, anonymize and/or aggregate Personal Data and other information collected about Websites’ visitors, as described in this Privacy Policy, and use such anonymized and/or aggregated data for our business purposes, including disclosing such data to our partners, service providers, and/or other third parties for marketing or promotional purposes. This aggregate information does not identify you. For EU Data Subjects, this use of your Personal Data is necessary for our legitimate interests in understanding how the Websites and our products and services are being used by you and to improve your experience on it. For more information about what we mean by legitimate interests, and when we may process Personal Data for our legitimate interests, please see the "EU Data Subjects" section below.

Disclosure of Information

Shostack + Associates discloses Personal Data that we collect (described above) in accordance with the terms set forth in this section.

We share your Personal Data with third parties who provide certain services to us to assist us in meeting business operation needs. These parties are authorized to process your Personal Data, on our behalf and pursuant to our instructions, only as necessary to provide these services to us. We share your Personal Data with the following service providers:

We may also disclose Personal Data to third parties in the following circumstances: (1) if you request or authorize (when required by the law, we will inform you in advance of the third parties to which we may provide your data and the purpose for doing so, and we will obtain your prior consent for such use); (2) the information is provided (a) to comply with the law (for example, to comply with a search warrant, subpoena or other legal process), (b) to enforce an agreement we have with you, (c) to protect our rights, property or safety, or the rights, property or safety of our employees or others, (d) to investigate fraud, or (e) to respond to a government request or to lawful requests by public authorities, including to meet national security or law enforcement requirements; (3) to address emergencies or acts of God; (4) to address disputes, claims, or to persons holding a legal or beneficial interest; (5) if we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, in which case your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.

We collect, store and process the information from our Websites and Apps in the U.S. If you are using our learning management site (courses.shostack.org), we will also transfer your information to Canada. If you are outside the U.S., then your Personal Data and other information will be transferred to the U.S. The data privacy and data protection laws outside your country may offer less protection than the laws in your country. By using our services, the Website and/or Apps or otherwise providing us with your Personal Data, you agree to the transfer of your Personal Data as described in this Privacy Policy. If you do not agree to such cross-border transfers of your Personal Data, please do not submit it through the Website and/or Apps.

The Website uses interfaces with social media websites or platforms that are owned and/or controlled by third parties, such as Facebook, LinkedIn, Twitter and others (“Social Media Sites”). If you choose to “like” or share information from a Website through any Social Media Sites, if you are a member of a Social Media Site the interfaces on our Websites may allow the Social Media Site to connect your website visit to your Personal Data. The information that you share with the Social Media Sites will be governed by the specific privacy policies and terms of service of the Social Media Sites and not by this Privacy Policy. You should review the privacy policy of that Social Media Site before choosing to access and use any Social Media Sites, including interacting with our pages on those sites.

How You Can Access and Change Information

Shostack + Associates acknowledges that you have the right to access your Personal Data. In case you request us to remove data, we will respond within a reasonable timeframe. Upon request, Shostack + Associates will provide you with information about whether we hold any of your Personal Data. You can update or correct your Personal Data or remove it from our system by making a request to us at the contact information provided below. Requests typically receive a response within thirty (30) days. If access cannot be provided within that time frame, we will provide the requesting party with an estimated date by which the information will be provided. If for some reason access is denied, we will provide an explanation of why access has been denied. If you are an EU Data Subject, please see the "EU Data Subject" section below for information on your rights in relation to the Personal Data we hold about you.

EU Data Subjects

Scope. This section applies if you are an individual located in the European Union or European Economic Area (collectively, "EU") ("EU Data Subject"). For these purposes, reference to the EU also includes the European Economic Area.

Data Controller. Shostack + Associates is the data controller for the processing of your Personal Data.

Your Rights. Subject to applicable law, you have the following rights in relation to your Personal Data:

For applicable rights, if you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.

You may exercise your rights by contacting us as indicated under "Contact Us" section below.

Retention Of Personal Data. Personal data that we process will not be retained for longer than is necessary for the purpose(s) for which it has been obtained. In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on customary business practice.

Notwithstanding any contrary provisions in this Policy, however, we may retain your Personal Data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Our Security Measures to Protect Your Personal Data

We take reasonable efforts to secure the information that you choose to provide us, and we use a variety of security procedures to help protect against unauthorized access to or alteration, disclosure, or destruction of Personal Data. We restrict access to Personal Data to our employees, contractors and service providers (described in the "Disclosure of Information" section above) who need to know the information to operate, develop, or improve our services.

Unfortunately, no transmission of Personal Data over the Internet can be guaranteed to be 100% secure. Accordingly, and despite our efforts, Shostack + Associates cannot guarantee or warrant the security of any information you transmit to us, or to or from our online services. Shostack + Associates has no responsibility or liability for the security of information transmitted via the Internet. If you have questions about this Privacy Policy or the security of your Personal Data, please contact us as indicated under the "Contact Us" section below.

We retain your Personal Data for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.

Tracking Technologies

Shostack + Associates uses cookies and other technologies to analyze trends, administer the Website, track users’ movements around the Website, to gather demographic information about our user base and to collect information about your browsing habits to make advertising relevant to you and your interests, as described below.

When you first visit the Website, you will be asked to consent to the use of cookies and similar technologies on the Website in accordance with this Policy, and if you accept we will store cookies and similar technologies on your computer.

What Are Cookies?

Cookies are pieces of data sent to your browser when you visit a website and stored on your computer’s hard drive. Cookies may store user preferences and other information. For example, cookies can store your session information for easy log-in to a website or platform, or your language or user interface customization preferences or may allow websites to record your browsing activities (for example, number of page views, number of visitors, and time spent on each page). We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for a set period or until you delete it.

Categories of Use Purpose Notes
Strictly Necessary These cookies allow us to link the actions of a user during a browser session to allow navigation around web pages, access to secure areas of the Websites or Platforms and help make the services available through our Websites and Platforms work. Without these cookies, basic functions of the Website would not work. You can block or delete these cookies by changing the browser settings as explained below
Analytics

These cookies allow us to recognize and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way our Website works, for example by making sure visitors are finding what they need easily. The information collected through these cookies include anonymous traffic statistics, like number of page views, number of visitors, and time spent on each page.

We use cookies from various analytics services, including Google Analytics, a web analytics service provided by Google Inc. ("Google""). The information collected by Google (including your internet protocol (IP) address) will be transmitted to and stored by Google on servers in the United States. Google will use this information on our behalf for evaluating your use of the Website, compiling reports on the Website’s activity and providing further services to us relating to the Websites usage. Learn more about Google Analytics’ privacy practices, and see a copy of Google’s privacy policy, at the following link: https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631.

You can block or delete these cookies by changing the browser settings as explained below.

You can also prevent your data from being collected by Google Analytics on the Website by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Your Choices

We encourage you to use of privacy-protecting technology, and invest to deliver services that work when you make that choice. However, some services may be limited when you do so. For example, if you reject cookies or disable cookies, your use of certain features or functions on our Website may be limited.

Inapplicability of Privacy Policies of Any Linked Websites or Other Third Parties

This Privacy Policy only addresses our use and disclosure of your Personal Data on this website. The Websites and Apps may contain links to other websites, so please be aware that we are not responsible for the privacy practices of other websites, and we are not liable for their misuse of Personal Data. We encourage you to read other site’s privacy policies.

California Privacy Rights

In addition to the information provided in this Privacy Policy, under California’s "Shine the Light" law, California residents who provide "personal information" (as defined in the statute) in obtaining products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year. To obtain this information, please contact us by sending a letter or calling us at the contact information below. You may also submit a contact form electronically through the Websites.

Children

The Website and Apps are not intended for use by or targeted at children under 13, and we do not knowingly or intentionally collect information about children under 13. Children under 13 should not use the Website or Apps.

Conditions of Use

By using the Website and our services, you agree to the terms and conditions contained in this Privacy Policy and Conditions of Use and/or any other agreement that we might have with you. If you do not agree to any of these terms and conditions, you should not use the Website and/or any Shostack + Associates benefits or services. You agree that any dispute over privacy or the terms contained in this Privacy Policy and Conditions of Use and any other agreement we have with you will be governed by the laws of Washington. You also agree to arbitrate any such dispute in Seattle, Washington, and to abide by any limitation on damages contained in any agreement we may have with you.

Changes to the Privacy Policy

As Shostack + Associates and its services change from time to time, we may update this Privacy Policy to reflect changes to our information practices. We reserve the right to amend the Privacy Policy at any time, for any reason, and may do so by posting a new version online. Your continued use of the Website and/or continued provision of Personal Data to us will be subject to the terms of the then-current Privacy Policy. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Us

If you have any questions about this Privacy Policy or our treatment of the information you provide us, please contact us at:

Address: 1122 E Pike St #1299 Seattle WA 98122

Phone: 917-391-2168

Email: info@shostack.org

 

Changelog

[06Jan2023] - Updates to formatting; Include Hubspot as additional Service Provider
[14Jul2021] - Published with launch of new site