Rapid7 LLC and the EU-U.S. Privacy Shield

Last Updated: March 12, 2019

Rapid7, Inc. and its subsidiary and affiliate companies (Rapid7 LLC (US), tCell.IO, Inc. (US)) (collectively, “Rapid7”) participate in and have certified compliance with the EU-U.S. Privacy Shield Framework (the “Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Economic Area (“EEA”) to the United States. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/.

Rapid7 is responsible for the processing of personal data it receives, under the Framework, and subsequent transfers to a third-party acting as an agent on its behalf. Rapid7 complies with the Privacy Shield Principles for all transfers of personal data from the EEA, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Framework, Rapid7 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Rapid7 may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Rapid7 commits to resolve complaints about our collection or use of your personal information.  EEA individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at privacy@rapid7.com

Rapid7 commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to unresolved Privacy Shield complaints concerning data transferred from the EEA.

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.