ReversingLabs, February 2022
3. Collection of Information. Here are the types of information that we collect about you and how we collect it from you:
3.3. Device Identifies; Logs; Tags. We may automatically collect certain information from you, including certain technical information from your computer or mobile device when you use certain Services, such as your Internet Protocol address, your web browser type and version, the name and version of your operating system, the pages you view on the Website, the pages you view immediately before and after you access the Website, and the search terms you enter on the Website (if any). This information allows ReversingLabs to provide the Website to you, and to otherwise improve the Business Operations, the Website, and the Services.
3.6. Web Beacons and Tags. The Services may use certain data collection technologies that rely on: (i) beacons; (ii) pixel tags and object hyperlinking tags; and (iii) other means to link an object to an Internet address, a remote software application, a remote database, or other remote means of receiving or processing information. We may use these technologies to tell us what portions of the Services have been visited or to measure the effectiveness of searches that users perform via the Services. We will always ask for your consent before we use these technologies to collect data that is stored on your device.
3.7. User-Generated Content. We may provide you with the ability (either directly or through a third-party service that may include social media channels) to engage with us and others in public exchanges, and these may include opportunities for you to provide comments, reviews, recommendations, information related to the Services, and other input (collectively, “User-Generated Content”). Please understand that anything you supply as User-Generated Content will be accessible to others to read, collect, re-publish, and otherwise freely use. We are not responsible for anything you decide to include in User-Generated Content, and we will only take down, remove, or edit User-Generated Content in our sole discretion, except as required by applicable law. If you include any information relating to others in your User-Generated Content, then you represent that you have full permission and authority to do so.
3.9. Anonymous Information. We may also collect, process, and use information that does not identify you or your devices, and which is neither stored on your device or already present on your device, including information that has been made anonymous by: (i) removing identifying fields and aggregating the information with other information so that individuals cannot be re-identified, or (ii) anonymizing the information with techniques that remove or modify the identifying data so as to prevent re-identification of the anonymized information (collectively, “Anonymous Information”). Information that meets these criteria might include, for example, demographic information, statistical information (e.g., page views and hit counts), and general tracking information.
4. Analysis of Files. Our systems for analyzing the files that you submit to us, including malware files, are not designed to process Personal Information, and we do not give our users permission to submit such files to us for analysis. We are not responsible, and you will be solely responsible for any processing, if you submit such files to us for analysis. In addition, we do not give our users permission to submit files that contain illegal content, such as child pornography. If we determine that a file contains illegal content (other than malware or other illegal software for which our systems are designed), we will take action in accordance with applicable law.
5. Use of Information. The Section describes how and for which purposes we use the information that we have collected about you.
5.1. Business Operations and Services. We use your Personal Information for Business Operations. This includes, providing you with the Services you request or access, such as accessing or using the Services, creating and managing your account, and communicating with you about our Services.
5.2. Analysis and Improvement. We may use your Personal Information and Anonymous Information to perform internal administration, auditing, operation, and troubleshooting in connection with Business Operations, including to evaluate and improve our Services, and to develop and test Services.
5.3. Information and Notices. If you submit your information to us, we may provide you with information about Business Operations and the Services or provide you with required notices. ReversingLabs does not sell or share your Personal Information with other companies for purposes of their marketing goods or services to you that are unrelated to ReversingLabs. In some jurisdictions, you have the explicit right to request that we do not share your Personal Information with, or sell your Personal Information to, certain third-parties, and we will honor such requests in accordance with applicable law.
5.4. Security. We may use your Personal Information for safety and security purposes, including sharing of your information for such purposes, when it is necessary to pursue our legitimate interests in ensuring the security of Business Operations and the Services, including detecting, preventing and responding to fraud, intellectual property infringement, violations of agreements with ReversingLabs or its service providers, violations of law or other misuse of the Services. We may also share your Personal Information when we believe, in good faith, that disclosure is necessary to protect our rights, the rights of other users of the Services, the integrity of the Services, your safety, or the safety of others.
5.5. Comply with Legal Obligations. We may have a legal obligations to collect, use, retain, or process your Person Information. If those obligations exists, then we will use your Personal Information to satisfy such obligations.
5.6. Communicating with You. We use your Personal Information to respond to your requests and to communicate with you about Business Operations through various channels (which may include in person, email, phone, and chatbots, or chat).
5.7. Other Purposes for Which we Seek Your Consent. We may seek for your consent to use your Personal Information for additional purposes that we communicate to you.
6.1. Third-Party Service Providers. We may engage third-party service providers to perform functions on our behalf, and these may include maintaining or enhancing the Services, responding to and sending email or other messages, data analysis, and other functions useful to Business Operations or the Services (such as our use of Hotjar described in Section 3.4 (Other Third-Party Technology)). Such third-party service providers will have access to Personal Information to the extent needed to perform their function, but will not be permitted to use Personal Information for other purposes.
6.2. Consultants. We may engage attorneys, accountants, and other consultants and subject matter experts to advise and assist it in connection with the Services. We will provide such consultants with access to Personal Information to the extent needed to perform their function, but will not permit them to use your Personal Information for purposes unrelated to their engagement with us.
6.5. Other Disclosure. We may disclose Personal Information about you to others: (i) if we have your valid consent to do so; (ii) to comply with a valid subpoena, legal order, court order, legal process, or other legal obligation; (iii) to enforce any of our terms and conditions or policies; or (iv) as necessary to pursue available legal remedies or defend legal claims.
7. Storage. Securing and storing your information is important to us and the ReversingLabs community. In this Section, we describe how we store and secure your information.
7.1. Security. We have implemented reasonable measures to protect your information from unauthorized access, use or disclosure. ReversingLabs maintains administrative, technical and physical safeguards designed to protect the collected information that are appropriate to the nature, size, and complexity of our Business Operations. However, no information or communication system can be 100% secure, so ReversingLabs cannot guarantee the absolute security of your information. In addition, ReversingLabs is not responsible for the security of information that you transmit over networks that ReversingLabs does not control, including the Internet and wireless networks.
7.2. Retention. ReversingLabs retains information (including associated Personal Information) in accordance with applicable law and accepted retention practices. We will keep your Personal Information for as long as necessary to fulfill the purposes for which we collected it, including any legal, accounting or reporting requirements. In particular:
- Personal Information that we use to provide our Website to you will generally be deleted or anonymized immediately after you leave our Website. In case of actual or suspected security incidents, we may keep some the relevant information for up to seven days in order to investigate said incidents.
- Personal Information processed in for the purpose of performing a contract will generally be kept during the term of the contract and the subsequent statute of limitation period for claims arising out of the contract.
- If there is a legal obligation to retain Personal Information, in particular for tax purposes, will be kept for as long as required by the applicable laws.
7.3. Reviewing, Deleting, or Correcting Information. ReversingLabs is committed to providing you with transparency about the information we collect about you. In addition to any additional legal rights you may have that are described in Section 8.2 (United States State-Specific Notices Regarding Your Privacy Rights) and Section 8.3 (EEA-Specific [and UK-Specific] Notices Regarding Your Privacy Rights), if you wish to review, correct, or request that we delete information about you (including incorrect Personal Information), you may send a written request to ReversingLabs using the contact information provided in Section 13 (Contact Information). Please understand that we may not be able to change or delete information all of your information including if the information is necessary for our Business Operations or necessary for compliance with applicable law.
8. Your Choices Regarding Your Personal Information.
8.1. Opt-Out of Marketing Communications. If we choose to send to you, or you have elected to receive, bulletins, updates, or other marketing-related materials, we will provide you with the ability to decline – or “opt out” – of receiving such communications. instructions for opting-out will be provided if and when we determine to send you such a communication. For example, if you no longer wish to receive email messages from us, you can opt out of this Service by either (i) following the “unsubscribe” instructions located near the bottom of each email message, or (ii) contacting us as provided in Section 13 (Contact Information). Opt outs will be free of charge; however, your telecommunications provider or the postal service may charge you normal rates for sending us your opt out request. Please understand that we may continue to communicate with you in connection with administrative notices concerning any transactions, operation of the Services and legal notices.
8.2. United States State-Specific Notices Regarding Your Privacy Rights.
8.2.1. Shine the Light Law. California law requires certain businesses to respond to requests from California users who ask about business practices related to disclosing Personal Information to third-parties for direct marketing purposes. The California “Shine the Light” law further requires us to allow California residents to opt out of certain disclosures of Personal Information to third-parties for their direct marketing purposes.
8.2.2. California Consumer Privacy Act Disclosure. The California Consumer Privacy Act (the “CCPA”) provides various rights to individuals and households with respect to the collection and use of Personal Information that we have collected about California residents. We use the term “resident” to refer to a California resident to whom the CCPA applies. Among other rights under the CCPA, as further set out in this Section, a resident has the right to request that we (i) disclose to the resident Personal Information that we have about such resident (including Personal Information about such resident that is sold), and (ii) subject to certain exceptions, delete Personal Information that we have about such resident. A resident may request a copy of the following using the mechanism set out in Section 8.2.3 (Submission of a Consumer Request): (a) the categories of Personal Information we collected about such resident; (b) the categories of sources from which the Personal Information is collected; (c) the business or commercial purpose for collecting or selling the Personal Information; (d) the categories of third-parties with whom we share Personal Information; and (e) the specific pieces of Personal Information we have collected about such resident. A resident may submit a request for such information no more than twice in any twelve (12) month period, and our disclosure of such requested information shall only cover the twelve (12) month period preceding our receipt of such request. Additionally, a resident may request that we delete such resident’s Personal Information using the mechanism set out in Section 8.2.3 (Submission of a Consumer Request). A resident’s rights as to such deletion requests are set out in Section 7.2 (Retention; Reviewing, Deleting, or Correcting Information).
8.2.3. Submission of a Consumer Request. We are in the process of implementing methods for residents to submit requests to us to access or delete their Personal Information. In the interim, please submit such requests to the email address provided in Section 13 (Contact Information). We will respond to your request within forty-five (45) days or as permitted by applicable law.
8.2.4. Other California Disclosures. We do not provide a financial incentive or a price or service difference to customers in exchange for the retention or sale of their Personal Information. We may send promotions and other offers to those individuals subscribing to our marketing communications and, unless an individual has opted out of such communications, the individual will continue to receive such communications irrespective of whether a disclosure, deletion, or “Do Not Sell” request has been submitted. We do not offer financial incentives to deter customers from making such requests.
We do not illegally discriminate against any customer for exercising their privacy rights.
If you are a job applicant submitting Personal Information to us in connection with an application for employment, you will be provided with a privacy notice regarding how we handle such information as part of the application process.
If you have any questions about our privacy practices in connection with the California Consumer Privacy Act, please contact Us as directed in Section 13 (Contact Information).
8.2.5. Nevada Disclosures. For Nevada residents, please note that We do not sell personal information as defined by Nevada law. You can submit a request to Us as set out in in Section 13 (Contact Information).
8.2.6. Further Resources. If you wish further information concerning privacy policies in general, you should visit the following site: http://www.ftc.gov/privacy/index.html.
8.3. EEA-Specific [and UK-Specific] Notices Regarding Your Privacy Rights.
8.3.1. GDPR. Regulation (EU) 2016/679 (General Data Protection Regulation) (“EU GDPR”) applies when you are located in the European Economic Area (“EEA”), i.e., the European Union, Iceland, Liechtenstein and Norway when accessing our website or being offered products or services by us. It also applies where your data is processed by one of our Affiliates or other establishments in the EEA.
Likewise, the UK General Data Protection Regulation tailored by the Data Protection Act 2018 (“UK GDPR”) applies when you are located in the United Kingdom of Great Britain and Northern Ireland (“UK”) under the same circumstances.
In this Section 8.3 (EEA-Specific [and UK-Specific] Notices Regarding Your Privacy Rights), we refer to both the EU GDPR and the UK GDPR as “GDPR”. References to Articles of the GDPR are references to the articles with the same number in both the EU GDPR and the UK GDPR.
8.3.2. Representative[s]. The representative of ReversingLabs in the EEA is ReversingLabs International, GmbH, (Seefeldstrasse 283, 8008 Zurich, Switzerland).
[The representative of ReversingLabs in the UK is ReversingLabs International, GmbH.
8.3.3. Legal Basis for Processing. For purposes of the GDPR, the legal basis for the processing of your Personal Information is as follows:
- Where we use your Personal Information for Business Operations (Section 5.1 – Business Operations and Services), the processing is generally necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR). Where you are not our actual customer but a contact person of our customer, the legal basis our legitimate interest (Article 6(1)(f) of the GDPR) to communicate with our customer through you.
- For the use of your Personal Data to provide you with information about Business Operations and the Services (Section 5.3 – Information and Notices), the legal basis is generally our legitimate interest (Article 6(1)(f) of the GDPR) to promote our business. Notwithstanding, if you request more concrete information, the processing may also be necessary to take steps prior to entering into a contract (Article 6(1)(b) of the GDPR). For notices required by law, the processing of your personal data is necessary for compliance with such legal obligation (Article 6(1)(c) of the GDPR).
- The use of your Personal Information for safety and security purposes (Section 5.4 – Security) is generally based on our legitimate interest (Article 6(1)(b) of the GDPR) in ensuring said safety and security. In some situations, there may also be a legal obligation to implement such measures (Article 6(1)(c) of the GDPR).
- In other cases where we need to comply with a legal obligation (Section 5.5 – Comply with Legal Obligations), the processing is based on the necessity to comply with such obligation (Article 6(1)(c) of the GDPR).
- Where we use your Personal Information to communicate with you (Section 5.6 – Communicating with You), the legal basis will be one of the above depending on the purpose of such communication.
- Where we seek your consent for other purposes (Section 5.7 – Other Purposes for Which we Seek Your Consent), the legal basis is, naturally, consent (Article 6(1)(a) of the GDPR).
8.3.4. Transfers to Third Countries. We may process your Personal Information in countries outside the EEA or, respectively, the UK (“Third Countries”), including in the United States. We may also disclose your Personal Data to Affiliates and third parties (cf. Section 6 – Sharing Information) in Third Countries.
If we disclose Personal Information to recipients in Third Countries, we may rely on an adequacy decision of the European Commission that confirms that the laws of the Third Country in question provide for an adequate protection of Personal Information.
For other Third Countries, we will take steps to protect your privacy and fundamental rights in accordance the GDPR, and arrange for additional safeguards. Such safeguards will typically be based on a contract that binds the recipient in the Third Country to adhere to data protection standards similar to those under the GDPR. We will usually rely on the standard contractual clauses pre-approved by the European Commission or on other clauses approved by a competent data protection authority. If available, we may also rely on so-called binding corporate rules of the recipient approved by a competent data protection authority. These safeguards will generally include you as a third-party beneficiary, allowing you to enforce the data protection standards directly against the recipient. In order to obtain a copy of the safeguards used for a recipient, you may contact us using the contact information provided in Section 13 (Contact Information)
8.3.5. Your GDPR Rights. Under the GDPR, you have the following rights in relation to your Personal Information:
- The right to request access to information regarding our processing of your Personal Information (Article 16 of the GDPR);
- The right to obtain rectification of any Personal Information that is inaccurate (Article 17 of the GDPR);
- Under certain circumstances, the right to obtain the deletion of Personal Information (Article 18 of the GDPR), or the restriction the processing of Personal Information (Article 19 of the GDPR);
- Under certain circumstances, the right to receive a copy in a structured, commonly used and machine-readable format (data portability) (Article 20 of the GDPR);
- Where processing is based on your consent (cf. Section 8.3.3 – Legal Basis for Processing), the right to withdraw consent at any time, without affecting the lawfulness of processing based on such consent before such withdrawal;
- Where processing for the purpose of direct marketing is based on legitimate interest, the right to object to the use of your Personal Information (Article 21(2) of the GDPR);
- Where processing is otherwise based on our legitimate interest (cf. Section 8.3.3 – Legal Basis for Processing), the right to object to the use of your Personal Information on grounds relating to your particular situation (Article 21(1) of the GDPR); we may, however, continue the processing if (i) we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or (ii) for the establishment, exercise or defense of legal claims.
If you wish to exercise any of your rights above, please contact us using the contact information provided in Section 13 (Contact Information). You also have the right to lodge a complaint with your local competent supervisory authority or any authority that applies to ReversingLabs.
9. Feedback. We encourage your feedback. If you have a suggestion or concerns you would like us to address, please contact us using the contact information provided in Section 13 (Contact Information). Additionally, please check with your jurisdiction’s consumer protection authority as they may also provide you with additional avenues for lodging complaints.
10. Third-Party Websites and Platforms. The Services and our communications may contain links to websites and platforms operated by third-parties. You acknowledge and agree that ReversingLabs is not responsible for the collection and use of your information by such websites or platforms that are not under ReversingLabs’ control. We encourage you to review the privacy policies of each website and platform you visit or access so you understand such website operator’s privacy practices.
11. Children’s Information. The Services are not directed to, nor does ReversingLabs knowingly collect information from, children under the age of 13 in connection with its Services or Business Operations. If you become aware that your child or any child under your care has provided information without your consent, please contact ReversingLabs immediately using the contact information provided in Section 13 (Contact Information).
15. Do Not Track Notice. Our Website does not change its behavior when receiving “Do Not Track” signals from browser software. We will instead ask for your explicit consent before we place Cookies that are not necessary for Website features requested by you.
16. Automated Decision-Making. We do not generally make decisions which will have a legal effect for you or otherwise affect you in a significant way on the sole basis of automated processing, including profiling.
18. Copyright and Legal Notice. © 2022 ReversingLabs U.S. Inc. All rights reserved. No part of this content may be reproduced, stored in any form without written permission from ReversingLabs.