Rapid7 LLC and the EU-U.S. Privacy Shield

Last Updated: May 25, 2018

 Rapid7 LLC and its parent, subsidiary and affiliate companies (Rapid7, Inc. (US), Komand Inc. (US), Rapid7 Ireland Limited, Rapid7 International Limited (UK), Rapid7  International Group Limited (UK), Rapid7 International Holdings Limited (UK), Rapid7 Netherlands B.V., Rapid7 Singapore Pte. Ltd., Rapid7 Germany GmbH, Rapid7 Canada, Inc., Rapid7 Australia Pty Ltd. and Rapid7 Japan KK) (collectively, “Rapid7”) participate in and have certified compliance with the EU-U.S. Privacy Shield Framework (the “Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Economic Area (“EEA”) to the United States. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/

Rapid7 is responsible for the processing of personal data it receives, under the Framework, and subsequent transfers to a third-party acting as an agent on its behalf. Rapid7 complies with the Privacy Shield Principles for all transfers of personal data from the EEA, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Framework, Rapid7 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Rapid7 may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Rapid7 commits to resolve complaints about our collection or use of your personal information.  EEA individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at privacy@rapid7.com

Rapid7 commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to unresolved Privacy Shield complaints concerning data transferred from the EEA.

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.