MetaDefender Privacy Policy

Last Update: 25 May 2018

Version: 2.0

Summary

This privacy policy explains what information OPSWAT, Inc. and all of its subsidiaries worldwide (referred to as “OPSWAT,” “we,” “us,” and “our”) gather about individuals who provide us with personal information. It outlines what we use that information for and who we give that information to. It also sets out your privacy rights in relation to your own personal information, and it tells you who to contact for more information about this policy.

In this privacy policy, your personal information is sometimes called “personal data.” We collectively refer to collecting, handling, using, protecting, or storing your personal information as “processing.”

Although you do not have to provide any of your personal information to us, if we ask you to do so and you refuse, we may be unable to provide you with the information, goods, or services you want from us.

IMPORTANT

Please do not provide us with your personal information unless we ask you for it.

Scope

We take data protection very seriously, and we are fully committed to protecting your personal information. This privacy policy describes how we handle the personal information we collect and process through MetaDefender.

It is our policy to collect only the minimum information required from you. If you believe that we have gone beyond that, please contact us to raise any concerns you may have. A list of contact methods is provided at the bottom of this privacy policy.

OPSWAT complies with the EU-U.S and Swiss-U.S. Privacy Shield Frameworks which were designed by the US Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce and with REGULATION (EU) 2016/679 of the European parliament and of the council (GDPR).

OPSWAT has certified that it adheres to the Privacy Shield. To learn more about Privacy Shield please visit www.privacyshield.gov and to view our certification, please visit https://www.privacyshield.gov/.

Personal information (personal data) is anything that enables you to be identified or identifiable including but not limited to:

  • First and last name

  • Email address, postal and IP addresses

  • Telephone numbers

  • National identification/social security and national insurance numbers

  • Job titles and occupation

  • Bank accounts

  • Any contact information

IMPORTANT

We only collect personal information through MetaDefender that we believe to be relevant and required to provide you with requested information and services and to conduct our business.

As you use MetaDefender, you may link to third-party sites not controlled by us and which do not operate under our privacy practices. When you link to third-party sites, our privacy practices no longer apply. We encourage you to review each third-party site's privacy policy before disclosing any personally identifiable information.

We do not intend to collect special category (also known as sensitive) personal information through our website(s) (unless we are legally required to do so). Examples of special category information are: race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and criminal records.

We ask that you do not provide us with special category personal information when using MetaDefender.

Cookies and similar technologies

With respect to your use of an Internet browser to interact with MetaDefender you should be aware that like many businesses with websites and cloud services, we may also use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. You can control our use of cookies with respect to your device by changing options in the Internet browser you use. We will display notices to you about cookies and prompt you to accept or reject a cookie from us. If you do not accept cookies, however, you may not be able to use all portions or features of MetaDefender. For more information about our use of cookies, please visit OPSWAT Cookies Policy.

Rights in relation to your information

You have the following rights regarding your Personal Data:

1 Right of Access.

You have the right to access your Personal Data that we hold about you, i.e. the right to require free of charge:

  • information whether your Personal Data is retained,

  • access to duplicates of the Personal Data retained,

Upon your request, along with a duplicate of the data we retained, will provide you information related to – purpose of the processing, personal data we collect, entities to which we transferred them, time we keep your Personal Data, if possible and the criteria we used to decide the period, your rights as European Union Citizen, unless the data was collected directly from you, the source of the data, whether there is an automated decisional process,

You can use the right to access to your Personal Data through your account. You may also request what other information we may hold. One request is free of charge, for the other we may charge a reasonable fee. If the effort of identifying data may be too much, or it may infringe with other people rights, we have the right to refuse it.

2 Right to Rectification.

When we process your Personal Data, we shall try to ensure that your Personal Data is accurate and up-to-date for the purposes for which it was collected. If your Personal Data is inaccurate or incomplete, you can change the information you provided by going to https://go.opswat.com/myuserright and following the steps as described.

  1. Right to suspend the processing

You have the right to request the termination of the processing with or without deletion of the data we have collected where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

  • the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

  1. Right to data portability

You have the right to receive the Personal Data concerning you, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance us.

  1. Right to delete.

You have the right to obtain deletion by us of Personal Data concerning you by deleting your User Account or by by going to https://go.opswat.com/myuserright and following the steps as described.

Because of deleting your User Account, you will lose access to services provided to you by MetaDefender

We allow you to restore your User Account during a grace period of 30 (thirty) days from the moment you request deletion of your User Account. This functionality allows you not to lose your account by mistake, because of your loss of your account credentials or due to hacking. During the suspension period, we will be able to finalize financial and other activities that you may have initiated before sending the User Account deletion request. After the grace period, Personal Data associated with your account will be deleted.

In some cases, deletion of your User Account, and therefore Personal Data deletion, is complicated. Namely, if your account has a business relationship with US, you will only be able to delete your User Account after you have dissolved the business relationship. In some cases, considering the complexity and number of the requests, the period for Personal Data erasure may be extended, but for no longer than two further months.

5 Right to Object.

When our processing of your Personal Data is based on legitimate interests according to Article 6(1)(f) of the GDPR, you have the right to object to this processing. If you object we will no longer process your Personal Data unless there are compelling and prevailing legitimate grounds for the processing as described in Article 21 of the GDPR; in particular if the data is necessary for the establishment, exercise or defence of legal requirements.

You also have the right to lodge a complaint at a supervisory authority.

Contact Information:

Our lead supervisory authority is the Romanian Data Protection Agency which may be contacted at:

Autorității Naționale de Supraveghere a Datelor cu Caracter Personal

B-dul G-ral. Gheorghe Magheru 28-30, sector 1, 010336, București,

anspdcp@dataprotection.ro,

Phones: +40.318.059.211, +40.318.059.212

www.dataprotection.ro

You can also contact our data protection officer at the address below. Our European representative for data protection questions is:

Opswat Romania SRL

Timișoara, România

If you would like to exercise these rights or determine what, if any, personal information we have about you, please go to https://go.opswat.com/myuserright and follow the steps as described.

Automated decision making

We will not use your personal information for automated decision making or profiling.

Children

We understand the importance of protecting children's privacy and we never knowingly collect personal information about individuals under the age of 16. We adhere to laws regarding marketing to children.

IMPORTANT

If you are under 16 years of age, we ask that you do not use MetaDefender.

Data We Collect / How We Use Your Data / Sharing of Your Data With Service Providers / Your Choices / Data Retention Policies With Respect To MetaDefender

If you activate the MetaDefender license key:

Data We Collect

How We Use Your Data

Your Choices

Service Providers with Which We Share Data

Retention Policy

  • email address provided by your administrator performing the activation.

  • IP address of the device on which the license key was activated.

  • a unique identifier of the device on which the license key was activated by the activation process.

  • To record in our license server that you activated a specific license key provided to you by us on a unique device. This data enables us to know whether or not you are entitled to further activate this key additional times on additional devices.

  • To investigate license activation issues you report to us.

Refer to User Rights section for your choices with respect to:

  • Do not activate the license key. Please note that MetaDefender will not operate unless you activate the key.

  • Deleting your Portal account

  • Restricting our use of your data

  • Correcting or updating data in your account

  • Accessing your data

  • Restrict access to your account (or later restore access)

  • Obtain a new password if you forget your current Portal password

Mirage Computer Systems which provides the platform which we use to license v3 versions of MetaDefender.

Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your user rights.

If you configure MetaDefender to monitor our update server for the purpose of fetching and installing MetaDefender product updates as we release them ("automatic updating"):

Data We Collect

How We Use Your Data

Your Choices

Service Providers with Which We Share Data

Retention Policy

  • IP address of the device on which the automatic updating was configured.

  • a unique identifier of the device on which automatic updating was configured.

To investigate automatic updating issues you report to us.

Refer to User Rights section for your choices with respect to:

  • Do not configure automatic updating of MetaDefender.

  • Deleting your Portal account

  • Restricting our use of your data

  • Correcting or updating data in your account

  • Accessing your data

  • Restrict access to your account (or later restore access)

  • Obtain a new password if you forget your current Portal password

  • Zendesk which provides the platform through which you submit requests for support (including "mdemailsecurity db" files) and how we respond to your support requests.

  • Jira which provides the platform through which our support team can share the submitted information with our engineering team for investigation.

Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your user rights.

If you use MetaDefender Email Security:

Data We Collect

How We Use Your Data

Your Choices

Service Providers with Which We Share Data

Retention Policy

If you use our support tool to generate and send us a support package:

  • The support tool generates a support package which includes a copy of the MetaDefender "mdemailsecurity db" file from the instance MetaDefender Email Security on which you run the tool. The "mdemailsecurity db" file contains the email history processed by that instance and includes the following information:

  • Senders

  • Recipients

  • Subject lines

To investigate issues you report to us concerning an instance of MetaDefender Email Security on which you have run the support tool and sent us the resulting "mdemailsecurity db" file.

Refer to User Rights section for your choices with respect to:

  • Do not use or do not send us the copy of of "mdemailsecurity db" generated by the support tool. Please note that this may make it more difficult for us to investigate issues You report to us and resolve them.

  • Review and parse the output of the file to remove Personal Data prior to sending us the copy of "mdemailsecurity db" generated by the support tool.

  • Deleting your Portal account

  • Restricting our use of your data

  • Correcting or updating data in your account

  • Accessing your data

  • Restrict access to your account (or later restore access)

  • Obtain a new password if you forget your current Portal password

  • Zendesk which provides the platform through which you submit requests for support (including "mdemailsecurity db" files) and how we respond to your support requests.

  • Jira which provides the platform through which our support team can share the submitted information with our engineering team for investigation.

Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your user rights.

If you use MetaDefender Web Security with ICAP:

Data We Collect

How We Use Your Data

Your Choices

Service Providers with Which We Share Data

Retention Policy

  • The support tool generates a support package including a copy of the "mdicapsrv db" file from the instance of MetaDefender Web Security with ICAP on which you run the tool. Depending on how you configure the tool to run, the file generated contains either:

    • Raw HTTP traffic snippets for badly formatted ICAP requests

    • Information related to browsing history of:

      • IP of the proxy device using ICAP to send requests to MetaDefender

      • URLs visited by devices using the proxy device which is sending requests to MetaDefender

To investigate issues You report to us concerning an instance of MetaDefender Web Security with ICAP on which you have run the support tool and sent us the resulting support package.

Refer to User Rights section for your choices with respect to:

  • Do not use or do not send us the copy of of "mdicapsrv db" generated by the support tool. Please note that this may make it more difficult for us to investigate issues You report to us and resolve them.

  • Review and parse the output of the file to remove Personal Data prior to sending us the copy of "mdicapsrv db" generated by the support tool.

  • Deleting Portal your account

  • Restricting our use of your data

  • Correcting or updating data in your account

  • Accessing your data

  • Restrict access to your account (or later restore access)

  • Obtain a new password if you forget your current Portal password

  • Zendesk which provides the platform through which you submit requests for support (including "mdemailsecurity db" files) and how we respond to your support requests.

  • Jira which provides the platform through which our support team can share the submitted information with our engineering team for investigation.

Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your user rights.

If you use MetaDefender Vault:

Data We Collect

How We Use Your Data

Your Choices

Service Providers with Which We Share Data

Retention Policy

The support tool generates a support package called "metadefender-vault-support-package-20180515.zip" file

If you integrate your instance of MetaDefender Vault to your Microsoft Active Directory, MetaDefender Vault will regularly synchronize with Active Directory to collect the information of your users you collect and store in Active Directory. If you run the MetaDefender Vault support tool under these circumstances the support tool will collect your user information from Active Directory which will likely include the following:

  • First Name

  • Lase Name

  • Company

  • Nickname

  • Username

  • Email address

To investigate issues you wish to report to us concerning an instance of MetaDefender Vault on which You have run the support tool and sent us the resulting "metadefender-vault-support-package-20180515.zip" file .

Refer to User Rightssection for your choices with respect to:

  • Do not use or do not send us the copy of of metadefender-vault-support-package-20180515.zip" generated by the support tool. Please note that this may make it more difficult for us to investigate issues You report to us and resolve them.

  • Review and parse the output of the file to remove Personal Data prior to sending Us the copy of "metadefender-vault-support-package-20180515.zip" generated by the support tool.

  • Deleting Portal your account

  • Restricting our use of your data

  • Correcting or updating data in your account

  • Accessing your data

  • Restrict access to your account (or later restore access)

  • Obtain a new password if you forget your current Portal password

  • Zendesk which provides the platform through which you submit requests for support (including "metadefender-vault-support-package-20180515.zip" files) and how we respond to your support requests.

  • Jira which provides the platform through which our support team can share the submitted information with our engineering team for investigation.

Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your user rights.

If You use Central Management support tool to create and send Us a support package:

Data We Collect

How We Use Your Data

Your Choices

Service Providers with Which We Share Data

Retention Policy

The support tool generates a support package called "metadefender-vault-support-package-20180515.zip" file which includes

  • the configuration files of Central Management found on the device on which you installed Central Management

  • the log files of Central Management found on the device.

  • operating system information of the device

  • hardware information of the device

  • network information

  • Central Management directory information

  • Central Management configuration database without user data

  • To investigate issues You wish to report to us concerning an instance of MetaDefender Central Management on which you have run the support tool and sent us the resulting "mdcentralmgmt-support-<TIMESTAMP>.tar.gz" file for Linux and "mdcentralmgmt-support-<TIMESTAMP>.zip" for Windows

Refer to User Rightssection for your choices with respect to:

  • Do not use or do not send us the copy of of "mdcentralmgmt-support-<TIMESTAMP>.tar.gz" or generated by the support tool. Please note that this may make it more difficult for us to investigate issues You report to us and resolve them.

  • Review and parse the output of the file to remove Personal Data prior to sending us the copy of "mdcentralmgmt-support-<TIMESTAMP>.tar.gz" or mdcentralmgmt-support-<TIMESTAMP>.zip generated by the support tool.

  • Deleting Portal your account

  • Restricting our use of your data

  • Correcting or updating data in your account

  • Accessing your data

  • Restrict access to your account (or later restore access)

  • Obtain a new password if you forget your current Portal password

  • Zendesk which provides the platform through which you submit requests for support (including the "mdcentralmgmt-support-<TIMESTAMP>.tar.gz" or "mdcentralmgmt-support-<TIMESTAMP>.zip" or files) and how we respond to your support requests.

  • Jira which provides the platform through which our support team can share the submitted information with our engineering team for investigation.

Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your user rights.

The third-party service providers identified above may use their own third-party subcontractors who have access to personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors.

IMPORTANT

We do not collect personally identifying information for sale to third parties.

Other disclosures

OPSWAT may disclose personal information to third parties under the following circumstances:

  • When explicitly requested by you

  • As otherwise set out in this MetaDefender Privacy Policy

We may also disclose your personal information to law enforcement, regulatory and other government agencies, and to professional bodies and other third parties as required by and/or in accordance with applicable laws or regulations. This includes disclosures outside the country where you are located.

Finally, we will disclose personal information if required in urgent circumstances, to protect the personal safety of individuals or the general public, or to maintain the uptime or stability of MetaDefender.

Security of personal information

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing your personal information, we have implemented technical and organizational measures to ensure a level of security appropriate to the risk of unauthorized or unlawful processing of personal data. These measures also help us guard against accidental loss, destruction of, or damage to personal data.

Only authorized persons are provided access to the personally identifiable information we have collected, and such individuals have agreed to maintain the confidentiality of this information.

We safeguard the security of the personal information provided to us with physical, electronic, and managerial procedures. Inside OPSWAT, data is stored in secure and controlled servers with limited access.

Where we share your personal information with third-party providers, they may use subcontractors that have access to your personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors.

Note that your information may be stored and processed in the United States or any other country where OPSWAT, its subsidiaries, or service providers are located.

IMPORTANT

While we strive to protect personal data, we cannot guarantee the security of the personal information provided to us. Although we use appropriate security measures, once we have received your personal information, the transmission of data over the Internet (including via email) is never completely secure. We urge you to protect your personal information when using the Internet by, for example, changing passwords often, using a combination of letters, numbers, and special characters (for example, % and $ and +) , and making sure to use a secure browser.

Data retention

If you create an account to use services associated with MetaDefender, we will retain your personal information while the account you’ve created remains active. We will also retain your information for as long as we have a legitimate business purpose to do so, and thereafter, for no longer than is required or permitted by law. This includes data you or others have provided to us, as well as data generated or inferred from your use of MetaDefender .

MetaDefender privacy policy updates

Our privacy policy may be updated from time to time, and we will notify you of any material changes by posting the new policy at MetaDefender privacy policy and revising the “Effective starting” date at the top of the policy.

Contacting OPSWAT and Privacy Shield dispute resolution

In compliance with the Privacy Shield Principles, OPSWAT, Inc. commits to resolve complaints about our collection, use, or sharing of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact OPSWAT, Inc. by either going to https://go.opswat.com/myuserright or sending postal mail to: OPSWAT, P.O. Box 77878, San Francisco, CA, 94103.

OPSWAT, Inc. has further committed to refer unresolved Privacy Shield complaints to JAMs, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/ or https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMs are provided at no cost to you.

Further, OPSWAT, Inc. is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).

And importantly, OPSWAT remains responsible for any onward transfer of your personal information to third parties including, for example, third parties performing external processing your personal information on our behalf, as identified in the “Sharing of Your Data with Service Providers” section.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily by any of the above described methods, please contact:

In UK: The Information Commissioner Office (ICO). The ICO can be contacted by the following means:

  • Form: www.ico.org.uk/global/contact-us/email/

  • Telephone: 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers).

  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire
    SK9 5AF

In Romania: The National Supervisory Authority for Personal Data Processing of Romania (http://www.dataprotection.ro/)

In Switzerland: The Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html).

IMPORTANT

Under certain conditions, more fully described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.