This Acceptable Use Policy (this “Policy”) describes prohibited uses of the hosted application as well as other services (the “Service”) offered by Information Security Xperts, Inc. (“ISX”) and the related website located at https://www.isxconsulting.com/ (the “Site”).
If you violate this Policy, ISX may suspend or terminate your use of the Service or access to the Site. ISX’s right to suspend or terminate your use of the Service or Site applies even if a breach is committed unintentionally or without your authorization if ISX believes that suspension or termination is necessary to ensure compliance with laws or to protect the rights, safety, privacy, security or property of ISX, its customers or third parties.
ISX may modify this Policy at any time by posting a revised version on the Site. By using the Service or accessing the Site, you agree to the latest version of this Policy.
You may not use the Service or Site in any manner that would result in an infringement, dilution, misappropriation or any other violation of intellectual property or proprietary rights of others, including but not limited to copyrights and rights arising from patents, trademarks, and trade secrets.
You are solely responsible for any content published or made available by you through the Service or Site. You may not use the Service or Site to transmit, store, display, distribute or otherwise make available content that is defamatory, libelous, threatening, harassing, abusive, hateful, deceptive, fraudulent, obscene, pornographic, indecent, harmful to minors, or otherwise objectionable, including without limitation content that constitutes child pornography.
You may not use the Service or Site transmit, store, display, distribute or otherwise make available content or technology that may damage, interfere with, surreptitiously intercept, or expropriate any system, program or data, including without limitation viruses, Trojan horses, bots, worms, scripting exploits, time bombs or other malicious code.
No Framing or Scraping
You may not frame or mirror the Site without ISX’s express prior written consent. You may not use any robot, spider, site search/retrieval application or other manual or automatic device to retrieve, index, “scrape,” “data mine,” or in any way gather any messages, text, files, images, photos, video, sounds, profiles, works of authorship, or any other content from the Service or Site or reproduce or circumvent the navigational structure or presentation of the Service or Site without ISX’s express prior written consent. Notwithstanding the foregoing, ISX grants to the operators of public search engines the permission to use spiders to copy material from the Site for the sole purpose of, and solely to the extent necessary for, creating publicly available searchable indices of such material, but not caches or archives of such material. ISX reserves the right to revoke these exceptions either generally or in specific cases.
Email and Unsolicited Messages
You may not use the Service or Site to transmit unsolicited email or other messages, including without limitation unsolicited bulk email (“spam”), or email or messages that are excessive and/or intended to harass or annoy others. You may not continue to send email or other messages to a recipient who has indicated that he/she does not wish to receive them. You may not alter or obscure email or message headers or assume a sender’s identity (including without limitation by engaging “spoofing”, “phishing” or similar attacks) without the sender’s explicit permission.
You may not use the Service or Site to violate the security or integrity of any network, computer or communications system, software application or computing device (each, a “System”), including without limitation by attempting to: (a) probe, scan or test the vulnerability of a System or breach or circumvent security or authentication measures without authorization; (b) make network connections to, or otherwise access, a System without authorization; (c) monitor data or traffic on a System without authorization; (d) tamper, reverse-engineer, hack, interfere with, disrupt or disable a System, including without limitation by means of overloading, “flooding,” “mailbombing,” “crashing,” or denial of service attacks; (e) forge any TCP/IP packet header or any part of the header information in any e-mail or newsgroup posting; (f) use another party’s account name or persona without authorization; or (g) take any action in order to obtain a Service to which you are not entitled.
You may not use the Service or Site to violate the privacy or confidentiality of others, including by transmitting, storing, displaying, distributing or otherwise making available others’ private or confidential information (including without limitation their account names or personal data associated with their Service or Site account) without authorization.
Compliance with Laws
Without limiting the foregoing prohibitions, you may not use the Service or Site for any illegal purpose or in violation of any laws (including without limitation data, privacy, consumer protection, and export control laws).
No High-Risk Use
You may not use the Service in any situation where failure or fault of the Service could lead to death or serious bodily injury of any person, or to physical or environmental damage. For example, you may not use, or permit any other person to use, the Service in connection with aircraft or other modes of human mass transportation or nuclear or chemical facilities.
Responsibility for End Users
You are responsible for violations of this Policy by anyone using the Service or Site with your permission or using your account on an unauthorized basis. Your use of the Service or Site to assist another person in an activity that would violate this Policy if performed by you is a violation of this Policy. This Policy applies to anyone accessing or using the Service or the Site; however, each prohibition included in this Policy shall be interpreted to include, and apply to, any action directly or indirectly taken, authorized, facilitated, promoted, encouraged or permitted by a user of the Service or Site, even if such person did not themselves violate the prohibition.
Monitoring and Enforcement
ISX reserves the right, but does not assume the obligation, to investigate any violation of this Policy or misuse of the Service or Site. ISX has the right in its sole discretion to edit, refuse to post or remove any material submitted to or posted on the Service or the Site that ISX finds to be in violation of this Policy. ISX may report any activity that it suspects violates any law or regulation to appropriate law enforcement officials, regulators, or other appropriate third parties. Such reporting may include disclosing appropriate customer data. ISX also may cooperate with appropriate law enforcement agencies, regulators, or other appropriate third parties to help with the investigation and prosecution of illegal conduct by providing network and systems information related to alleged violations of this Policy.
If you become aware of any violation of this Policy, you must immediately notify ISX by email at [email protected] and provide ISX with assistance, as requested, to stop or remedy the violation.
This Website is owned and operated by, or on behalf of, ISX Inc. (“we”, “our” or “us”). We are the data controller in respect of personal information of our users based in the European Union.
- Information You Provide to Us On through the Services Website
- Information We Collect Automatically When You Use the Services
- Information We Collect from Other Sources
- Use of Information
- Sharing of Information
- Lawful Basis For Processing Your Information
- Social Sharing Features
- Log-in Features
- Advertising and Analytics Services Provided by Others
- Information Collected on Behalf of Customers in providing our Platform
- Transfer of Information to the U.S. and Other Countries
- Your Rights
- Your Choices
- Contact Us
INFORMATION WE COLLECT AUTOMATICALLY WHEN YOU USE THE SERVICES
When you access or use the Services we automatically collect information about you, including:
Log Files: We gather certain information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to the Services, and store it in log files. We do not monitor, or log data collected from your servers when using the Services, but we may log or monitor information about your access to our Services.
INFORMATION WE COLLECT FROM OTHER SOURCES
We may also obtain information from other sources and combine that with information we collect through our Services for purposes of advertising and user authentication. For example, if you create or log into your ISX account using your Google Apps credentials via single sign-on, we will have access to certain information such as your name and email address as authorized in your Google Apps profile settings.
USE OF INFORMATION
We may use information about you to:
- Enable you to have full access to the Services;
- Provide, maintain and improve the Services;
- Provide and deliver the products and services you request, process transactions and send you related information, including confirmations and invoices,;
- Send you technical notices, updates, security alerts, and support and administrative messages;
- Respond to your comments, questions and requests, and provide customer support;
- Create your ISX account and identify you when you sign-in to your account in accordance with your agreement with us;
- Communicate with you about products, services, offers, promotions, rewards, and events offered by ISX and others, and provide news and information we think will be of interest to you;
- Monitor and analyze trends, usage and activities in connection with the Services;
- Detect, investigate and prevent fraud and other illegal activities and protect the rights and property of ISX and others;
- Personalize and improve the Services and provide advertisements, content or features that match user profiles or interests;
- Facilitate contests, sweepstakes and promotions and process and deliver entries and rewards;
- Link or combine with information we get from others to help understand your needs and provide you with better service;
- Consider you for possible employment at ISX in connection with an application that you submit; and
- Carry out any other purpose described to you at the time the information was collected.
SHARING OF INFORMATION
- With vendors, consultants and other service providers we have vetted and approved who need access to such information to carry out work on our behalf only to the extent necessary for the performance of any contract we enter into with you. This includes companies providing the following services for our Website and/or Platform: hosting services, authentication services, cyber security and anti-fraud services, and advertising;
- In response to a request for information if we believe disclosure is permitted by, in accordance with, or required by, any applicable law, regulation or legal process such as to comply with a subpoena or applicable court order;
- In connection with, or during negotiations of, any merger, sale of ISX assets, financing or acquisition of all or a portion of our business by another company;
- with analytics and search engine providers that assist us in the improvement and optimization of our Website, subject to our Cookies Policy; and
- With your consent or at your direction.
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
LAWFUL BASIS FOR PROCESSING YOUR INFORMATION
We are required to state the lawful basis under which we process the personal data of our users from the European Union. Accordingly, the lawful bases upon which we process your personal information are as follows:
Where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it, for instance in relation to direct marketing, we will obtain and rely on your consent in relation to the processing concerned.
Otherwise, we will process your personal data only where the processing is necessary for compliance with a legal obligation to which we are a subject; or
For the purposes of the legitimate interests pursued by us in promoting our business, providing the Platform to our business customers pursuant to or legal agreements with them, and in ensuring the security, accessibility and improvement of our Website and Platform and the development of new technology and services.
The Website may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. We are not responsible for the privacy policies or the content of such sites.
SOCIAL SHARING FEATURES
ADVERTISING AND ANALYTICS SERVICES PROVIDED BY OTHERS
INFORMATION COLLECTED ON BEHALF OF CUSTOMERS IN PROVIDING OUR PLATFORM
In the case of personal information we handle or receive on behalf of a customer in connection with their access to, and use of, our Platform (“Customer PI”), we have no direct relationship with the customer’s employees or other individuals with whom that customer may interact with respect to the Platform. If you are such an employee or individual and are seeking access to, or would like to correct, amend or delete, Customer PI, you should direct your query to the applicable customer. We will respond within a reasonable timeframe to a customer’s request to remove Customer PI. Please note that the foregoing will not limit EU individuals from making certain requests relating to their personal data as provided in Your Rights below.
We will not use Customer PI except for the purpose of providing and supporting the Services for the applicable customer. Customer PI will be retained for as long as needed for that purpose and as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
We take reasonable steps, including physical, technical and organizational measures, to protect your personal information from unauthorized access and against unlawful processing, accidental loss, destruction and damage. Unfortunately, transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information submitted to us.
Your personal information will be retained by ISX for the duration of your account and may be retained for a period after this time as necessary and relevant to our legitimate interests, our terms of agreement with you and in accordance with applicable legal obligations. This may include retention necessary to meet our tax reporting requirements as well as time required to enforce the relevant terms of agreement or to identify, issue or resolve legal proceedings.
We may retain a record of your stated objection to the processing of your data, including in respect of an objection to receiving marketing communications, for the sole legitimate purpose of ensuring that we can continue to respect your wishes and not contact you further, during the term of your objection.
TRANSFER OF INFORMATION TO THE U.S. AND OTHER COUNTRIES
ISX is based in the United States. By accessing or using the Services or otherwise providing information to us, you understand that your information will be subject to processing, transfer and storage in and to the U.S. where you may not have the same rights and protections as you do under local law.
Without limiting the above, ISX adheres to the Principle of Accountability for Onward Transfer. As noted in Sharing of Information above, we may transfer personal information (including EU Data) to our vendors, consultants and other service providers who need access to such EU Data to carry out work on our behalf. This personal data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) that may not be subject to equivalent data protection law.
Please direct any inquiries or complaints regarding our compliance with the Principles to the point of contact listed in the Contact Us section below. If ISX does not resolve your complaint, you may submit your complaint free of charge to ISX’s U.S.-based third party dispute resolution provider and designated Privacy Shield dispute resolution provider here: https://feedback-form.truste.com/watchdog/request. Under certain conditions specified by the Principles and more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may also be able to invoke binding arbitration to resolve your complaint.
EU individuals have rights in relation to their personal data which is processed by ISX. If you are an EU data subject, you may, by emailing us at [email protected] :
- Request access to the personal data concerned.
- Request that any incorrect personal data about you that we are processing be rectified.
- Request that we erase the personal data concerned.
- Withdraw your consent at any time where we are processing personal data relating to you on the basis of your prior consent to that processing, after which we shall stop the processing concerned.
- Lodge a formal compliant with the Information Commissioner in Ireland (or your local EU supervisory authority if you live outside the UK) if you have a complaint about any processing of your personal data being conducted by us.
If the requested EU Data is Customer PI, please include the name of the applicable customer in your request; we will refer the request to that customer to respond directly to you and will support them as needed to respond to your request.
Our customers may access, update or change personal information they have provided by logging into the Services or emailing us at [email protected]
Subject to the terms of their agreements with us, Customers may deactivate their accounts by emailing us at [email protected], but note that we may retain certain personal information as necessary to comply with our legal obligations or for legitimate business purposes, such as to resolve disputes or enforce our agreements. We may also retain cached or archived copies of personal information for a certain period-of-time.
If you are an individual with whom one of our customers interacts with respect to the Services (e.g., an employee of a customer), as noted above, you should direct any requests regarding access, modification or deletion of personal information to the applicable customer.
You may opt out of receiving promotional emails from ISX by following the instructions in those emails or by emailing [email protected] If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.