This Privacy Policy (the “Policy”) is provided by the following Corero companies:
(we refer to Corero US and Corero UK collectively in this policy as “Corero” or “we”).
Corero is a leader in real-time, high-performance DDoS defense solutions. Service providers, Cloud/hosting providers and digital enterprises rely on Corero’s award winning SmartWall technology to eliminate the DDoS threat to their environment through automatic attack detection and mitigation, coupled with complete network visibility, analytics and reporting.
From time to time, as part of running our business, we collect and use certain personal information about individuals who we interact with, in relation to the provision of our software products and services (we refer to such individuals in this Policy as “contacts” or “individuals” or “you”).
This Policy applies to individuals whose personal information we collect. You may be located in the UK, Europe, America, or indeed worldwide. Depending on your geographical location and which of our Corero entities handle your personal information, certain parts of this Policy apply.
In particular:
If you are based in a country in Europe (other than the UK) and your personal information is used by Corero US, then your personal information is likely to be protected by the EU General Data Protection Regulation (GDPR). This Policy has been drafted to be GDPR compliant from a UK perspective, but the information in part B of this Policy is likely to also be relevant for such European citizens too (subject to minor variations for the specific European country in which you are located, for instance the identity of the data protection regulator). Corero may change this Policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This Policy is effective from May 1, 2018.
This Policy explains our privacy practices and covers the following:
Part A – General information (applicable to individuals worldwide whose personal information we collect)
Part B – UK data protection law specific information (only applicable to individuals whose personal information is protected under UK data protection law)
Part A – General information (applicable to individuals worldwide whose personal information we collect)
We collect and use personal information relating to the following types of individuals:
As we outline above, the personal information that we collect and use about individuals is not sensitive personal information (such as details of someone’s health, ethnicity, race or religion), and it is mostly business contact details.
We collect personal information from a number of sources, including:
Our customers – As a supplier of DDoS defence solutions, we need to communicate effectively and efficiently with our customers, in order to facilitate our provision of high quality and timely communications and services and to manage relationships. Therefore, our main use of your personal information will be in the context of performing our contractual obligations to your business, for example provision of support services, responding to queries and managing the financial aspects of the relationship. However, we also use personal information of individuals who work at our customer organisations for the following purposes:
Our suppliers and partners – we need to use certain personal information in order to provide and receive services, for communicating effectively and efficiently with various parties in the supply chain. Where your organisation provides services to us, we will need to know which individuals at your organisation we have to communicate with and keep details of their personal information. Therefore, our main use of your personal information will be in relation to projects which we are involved in and services which we provide and receive, to enable us to liaise effectively with our suppliers, partners and other third parties.
Prospective customers – as a business, we want to make organisations in the industry aware of the range of products and services which we can offer, including trends reports. We keep lists of contacts on our Salesforce client relationship management (CRM) system and from time to time we may send marketing information to you by email, or we may also contact you by telephone.
Users of our website – users of our website (who may be contacts at existing customers, suppliers, partners or potential customers) may provide us with their contact details if they have a particular query. We will use this information to get in touch with you by email or telephone and seek to assist with your query. Please also see paragraph 5 below regarding how we collect the IP address of visitors to our website, in relation to cookies.
Corero UK shares all personal information that it collects with Corero US.
Furthermore, Corero UK and Corero US may share your personal information with our other Corero group companies, namely Corero Group Services Limited, a company which is based in the UK.
External sharing:
We store and process your personal information using Salesforce’s CRM solution, which means that Salesforce store your personal information in the cloud and can access the personal information from time to time, for instance where they provide support and maintenance services to us.
We are committed to ensuring that your personal information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information we collect. However, please note that no transfer of personal information over the internet is ever completely secure. Consequently, we cannot guarantee the security of any personal information which you transfer to us, or which we transfer to you, over the internet.
How we use cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual as they recognise your IP address. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than your IP address and the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy policy applicable to the website in question.
Ensuring that your personal information is accurate and up to date
If you believe that any personal information we are holding on you is incorrect or incomplete, please write to us or email us as soon as possible, at the below address. We will promptly correct any information found to be inaccurate.
Your right to object to receiving direct marketing communications from Corero
You have the right to object to receiving direct marketing communications from us (which we will promptly comply with) and where any other use of your personal information is based on consent, to withdraw that consent at any time.
How to contact us
If you have questions about this Policy, please contact: The Chief Financial Officer, Corero Network Security plc, Salisbury House, 29 Finsbury Circus, London, EC2M 5QQ, UK.
The length of time that we retain your personal information for varies, according to the type of individual whose personal information we have collected, and what this is being used for:
Type of individual | Applicable retention period |
Contacts at existing customers: | For the duration of the contract between us and the customer plus 6 years.
|
Contacts at existing suppliers and partners: | For the duration of the contract between us and the supplier / partner plus 6 years.
|
Contacts at potential customers: | 24 months (unless you object to receiving any more marketing information before then).
|
Users of our website: | As above, depending on whether the website user is a contact of an existing customer, supplier or partner; or a contact at a potential customer. |
Under UK data protection law, when personal information is being transferred outside the European Economic Area (EEA), Corero UK as data controller, are under an obligation to ensure that such transfer is performed in a manner that ensures that your personal information is adequately protected. Details of the transfers, and how the data is protected, are set out below:
Transfers to Salesforce – as mentioned above, we use a third-party IT provider, called Salesforce, to provide a cloud based CRM solution. Salesforce store personal information on servers based in the United States, which involves us transferring personal information outside of the EEA, to the US. In these circumstances the personal information will be transferred to and stored by Salesforce in accordance with the EU-US Privacy Shield, which has been approved by the European Commission as offering adequate levels of protection for personal information and therefore complies with UK data protection law. You can find more information about Salesforce’s certification with Privacy Shield at: https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active
Transfers to Corero US – if your personal information is collected by Corero UK, it will be transferred to Corero US.
Corero US manages the Corero group’s marketing activities. We have put in place the EU approved standard contract clauses between Corero UK and Corero US. The EU standard contract clauses are an approved method of ensuring that any personal information of yours transferred to the USA is adequately protected in accordance with UK data protection law. If you would like to receive a copy of the signed standard contract clauses in place between Corero UK and Corero US, please contact us using the contact details set out at paragraph 5 above.
Every use that we make of your personal information must meet a legal ground in the list set out by UK data protection law. The grounds which we rely upon are as follows:
Marketing – in relation to marketing activity which we perform using your personal information, we rely on the following conditions:
For any marketing activity, you have the right to object to receiving further direct marketing information and if you do so, we will cease sending you any more marketing information. However, we will keep minimal personal information about you on a screening list, to ensure that we do not accidentally send you marketing information against your wishes in the future.
Day to day communications and managing existing relationships – the legal ground which is relevant to us processing your personal information for such purposes (for customers, suppliers, partners and website users) is that such processing is necessary for us to achieve our legitimate interests, and where your rights and freedoms are not jeopardised so as to override this legitimate interest. Our legitimate interests are ensuring that we can communicate effectively with the relevant personnel at such parties, in order for us to provide our products and services in a timely and professional manner, and to honour our contractual and other obligations to the parties who we work with.
Sharing personal information with Corero US – the legal ground which is relevant to us sharing your personal information with Corero US is that such sharing is necessary for us to achieve our legitimate interests, and where your rights and freedoms are not jeopardised so as to override this legitimate interest. The particular legitimate interests in this case is that Corero US controls our marketing activities and therefore require access to contact details of individuals who work at organisations to whom we wish to market our products and services.
If you have any questions in relation to our use of your personal information, you should first contact us using the contact details in paragraph 5 above. Under certain conditions, you may have the right to require us to:
You also have the right to object to receiving direct marketing communications from us (which we will promptly comply with) and where any other use of your personal information is based on consent, to withdraw that consent at any time.
Your exercise of most of these rights is subject to certain conditions and exemptions, for example to safeguard the public interest in investigating crimes, or protecting legal privilege. If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
If you are not satisfied with our use of your personal information or our response to you, you can complain to the contact listed at paragraph 5 above. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at any time.