INCIDENT DETECTION & RESPONSE
EFFECTIVE AS OF SEPTEMBER 30, 2016
EU-U.S. Privacy Shield
Rapid7 LLC and its parent and subsidiary companies (Rapid7, Inc., Rapid7 Ireland Ltd., Rapid7 International Ltd., Rapid7 Netherlands B.V., Rapid7 Singapore Pte. Ltd., Rapid7 Germany GmbH, Rapid7 Canada, Inc., and Rapid7 Australia Pty Ltd.) participate in and have certified its compliance with the EU-U.S. Privacy Shield Framework. Rapid7 LLC is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework's applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield List. https://www.privacyshield.gov/list
Rapid7 LLC is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Rapid7 LLC complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Rapid7 LLC is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Rapid7 LLC may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Rapid7 participates in the U.S.-Swiss Safe Harbor and U.S.-EU Safe Harbor Privacy Frameworks as set forth by the United States Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Rapid7 has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. As part of our participation in the safe harbor, we have agreed to TRUSTe dispute resolution for disputes relating to our compliance with the Safe Harbor Privacy Framework. To learn more about the Safe Harbor program, and to view Rapid7's certification, please visit http://www.export.gov/safeharbor/.
Collection and Use of Personal Information
We collect the following personal information from you
- Contact Information such as name, email address, mailing address, phone number
- State Tax Reference Number
- Unique Identifiers such as user name, account number, password
We use this information to
- Fulfill your order
- Send you an order confirmation
- Send you requested product or service information
- Send product updates or warranty information
- Respond to customer service requests
- Administer your account
- Send you a newsletter
- Send you marketing communications
We may use the information described above to send you a newsletter or other marketing communications. You may choose to stop receiving our newsletter or marketing communications at any time by following the unsubscribe instructions included in the newsletters or communications. Alternatively, you can opt-out of receiving such newsletters and communications by contacting us at email@example.com.
We may provide your personal information to companies that provide services to help us with our business activities such as shipping your order or offering customer service. These companies are authorized to use your personal information only as necessary to provide these services to us. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Clients.
We may also disclose your personal information
- as required by law such as to comply with a subpoena, or similar legal process
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request,
- if Rapid7 is involved in a merger, acquisition, or sale of all or a portion of its assets, provided, however, that you will subsequently be notified via email and/or via a prominent notice on our Sites of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information,
- to any other third party with your prior consent to do so.
Third Party E-Commerce Solutions Provider
Our shopping cart is hosted by our e-commerce solutions provider. They host our ordering system, and collect your billing information directly from you for the purpose of processing your order. This company does not use this information for any other purpose.
Cookies and Other Tracking Technologies
Technologies such as: cookies, beacons, tags and scripts are used by Rapid7 and our affiliates, or analytics or service providers, such as our online customer support provider. These technologies are used in analyzing trends, administering the site, tracking users' movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you.
We use Local Storage (LS) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use LS such as HTML 5 and Flash cookies to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage Flash cookies, please click here.
We partner with third party sites to either display advertising on our Web site or to manage our advertising on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking http://preferences-mgr.truste.com/ (or if located in the European Union click http://www.youronlinechoices.eu/) Please note this does not opt you out of being served ads. You will continue to receive generic ads.
Links to Other Web Sites
Our Site includes links to other Web sites whose privacy practices may differ from those of Rapid7. If you submit personal information to any of those sites, your information is governed by their privacy statements and Rapid7 disclaims any and all liability or responsibility for the use of your information by these sites. Accordingly, we encourage you to carefully read the privacy statement of any Web site you visit.
In order to make a purchase from us, you must use our shopping cart provider to finalize and pay for your order. Its privacy statement and security practices will also apply to your information. We encourage you to read that privacy statement before providing your information.
The security of your personal information is important to us. When you enter sensitive information (such as the State Tax Reference Number) on our partnership forms, we encrypt the transmission of that information using secure socket layer technology (SSL).
When we collect personal information directly from you, we follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore we cannot guarantee its absolute security. If you have any questions about security on our Site, you can contact us at firstname.lastname@example.org.
Our Site is a general audience site, and we do not intend to market to or collect, nor do we knowingly collect, personal information from children under the age of 13. Unfortunately, we cannot always determine the age of a visitor to our Site or the sender of an email.
Additional Policy Information
Our Site may also offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. All such information is offered by Rapid7 on an "as is" basis and Rapid7 does not guaranty the accuracy, completeness, timeliness, reliability, suitability or usefulness of such information. To request removal of your personal information from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
We post customer testimonials/comments/reviews on our website which may contain Personal Information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
If you choose to use our referral service to tell a friend about our website, we will ask you for your friend's name and email address. We will automatically send your friend a one-time email inviting him or her to visit the website. Rapid7 stores this information via our hosting provider for the sole purpose of sending this one-time email and tracking the success of our referral program.
Your friend may contact us at email@example.com to request that we have this information removed from our provider's database
Correcting and Updating Your Personal Information
Upon request RAPID7 will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by emailing us at firstname.lastname@example.org or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request within a reasonable timeframe.
We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services contact us at email@example.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Notification of Privacy Statement Changes
You can contact us by writing or email us at the address below:
100 Summer Street
Boston, MA 02110-2131