Effective June 1, 2018
Echotrail provides security software and related services to its clients and other third parties (our “Clients”). This Policy reflects how we process the Personal Data processed through our Platform and our Site. However, this Policy does not apply to our Clients’ own uses of any Personal Data we provide those Clients, or that they Collect independently through our Platform (for example, in raw log files). This Policy also does not apply to information processed by other third parties, for example, when you visit a third-party website or interact with third-party services, unless and until we receive your information from those parties. Please review any third-party privacy policies before disclosing your Personal Data to them.
Personal Data We Collect
We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):
Identity Data: Personal Data about you and your identity, such as your name, ID number, username, and other Personal Data you may provide on registration or purchase forms or as part of an account profile.
Contact Data: Personal Data used to contact you, e.g. email address(es), physical address(es), phone number(s), or social media or communications platform usernames/handles, as well as a name or other salutation.
Device Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application or device IDs, identifiers from cookies, session history, site-referral, and other data generated through applications and browsers, including cookies and similar technologies.
Use Data: Personal Data relating to your use of our Platform or our Site, such as when you visited or used our Platform, information about electronic communications you receive from us, such as whether that communication has been opened or if you have clicked on any links within that communication, session history, site-referral, and other data generated through applications and browsers, including cookies and similar technologies.
Log Data: Any Personal Data included in our log files of processes, network activity, or other events that occur on your device or system, for example, active-process identifiers, destination IP addresses, user hardware identifiers, or other unique or identifying data captured or revealed in logs.
Note: we may, in our discretion or at the request of a Client, limit or block logging or events in certain applications to minimize the collection of Personal Data. Please see our documentation or contact us or your administrator for more information about Log Data in specific contexts.
Data: On behalf of the Client, we process Log Data and Device Data collected through the Platform, for example, events and processes that occur on each device using our endpoint client.
Uses: On behalf of the Client, we use this data to detect, identify and analyze security events or abnormalities, and we may share this data (including in raw or aggregate form) with the Client and its administrative users. Subject to Your Rights and Choices, we may also use this information as part of our legitimate interests in improving the design, functionality, and performance of our Platform, and for ensuring the security and stability of the Platform and its users.
Data: Our Client’s administrative users may be able to register and create an account on our Platform. If you register, we will process the Identity Data and Contact Data you provide as part of the registration process. We may also collect certain Use Data when these users access the dashboard or areas of the Platform through the internet.
Uses: We use the Identity Data and Contact Data as necessary to operate the Platform, fulfill your requests, and create, maintain, and provide you with important information about your account. Subject to Your Rights and Choices, we may also use this information, as well as Use Data as part of our legitimate interests in improving the design, functionality, and performance of our Platform, and for ensuring the security and stability of the Platform and its users.
Data: If you register for a Client account, choose to enroll to receive marketing communications, or when you open or interact with our marketing communication, we may process Identity Data and Contact Data you provide us in order to personalize and send email marketing communications.
Uses: We use Identity Data and Contact Data as necessary to provide marketing communications, and consistent with our legitimate business interests, we may send you marketing and promotional communications if you sign up for those communications or register for our Service. See Your Rights and Choices for information about how you can limit or opt out of this processing.
Cookies and Similar Tracking Technologies
Data: We, and certain third parties, may process Identity Data, Use Data and Device Data when you interact with cookies and similar technologies on our Site. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.
Uses: Subject to Your Rights and Choices, we use this information as follows:
Note: Some analytics technologies can be used by us and/or our third-party partners to identify you or your devices across platforms, devices, sites, and services.
We will collect and aggregate on an anonymous basis information about you, including with information about other users of the Platform or Site in order to identify trends, security anomalies, process maps, or other proprietary data (“Aggregated Data”). We may share Aggregated Data with the third parties referred to in the section below, including Clients, to improve the functionality and effectiveness of the Platform or Site. Aggregated Data will not contain information from which you may be personally identified.
If we process Personal Data in connection with our Platform or Site in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to Your Rights and Choices) unless otherwise stated when you provide it.
Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the Data Sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:
Clients: We process data on behalf of Clients, and may share any Personal Data collected through our Platform with Clients to the extent such information was provided to us for processing on the Client’s behalf. For example, analytics, device data, and any Personal Data included in our log files may be available to the Client and its users. These parties may engage in activities that are outside our control.
Service Providers: In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf. For example, we may use hosting services such as Amazon Web Services to host our Platform or Site.
Affiliates: In order to streamline certain business operations and develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
Corporate Events: Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
Legal Disclosures: In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Service, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.
Applicable law may grant you some or all of the following rights in your Personal Data. You may exercise these rights by contacting us at the address below. We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. Note: While we may notify Clients of your request, we are able to fulfill rights requests regarding Personal Data we control or process, and we may not have access to or control over Personal Data controlled by Clients. Please contact the Client directly to exercise your rights in Client-controlled information, and we will assist the Client as appropriate in the fulfillment of your request to the extent relating to data we process on their behalf.
Access: You may receive a list of your Personal Data that we process to the extent required and permitted by law.
Rectification: You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly via the Service via your account settings menu. Erasure: To the extent required by applicable law, you may request that we delete your Personal Data from our systems.
Data Export: To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
Object: In cases we process Personal Data for our legitimate interests, you can object to our processing, to the extent required by applicable law, and we may limit processing of your Personal Data to the extent necessary or appropriate.
Regulator Contact: You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact the Federal Trade Commission or your local data protection or consumer protection authority.
California Rights: Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. This request must be written, signed, and mailed to us.
You have the following choices regarding the Personal Data we process:
Consent: If you consent to processing, you may withdraw your consent at any time, to the extent required by law.
Direct Marketing: You have the choice to opt-out of or withdraw your consent to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.
Location Data: You may control or limit Location Data that we collect using our Mobile App by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use.
Other Processing: You may have the right under applicable law to object to our processing of your Personal Data for certain purposes. You may do so by contacting us re: data rights requests. Note that we may not be required to cease processing based solely on an objection.
We follow and implement reasonable security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and we do not have control over third parties’ security processes. Please note, we do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.
We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.
Our Platform and Site are neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Platform or Site if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.
We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S.
Feel free to contact us with questions or concerns using the appropriate address below.
General inquires: firstname.lastname@example.org
Data rights requests: email@example.com
Physical address: 2679 W Main St. Suite 300-353, Littleton, CO 80120