Privacy
Policy

Who are we?

This Privacy Policy (the “Policy”) is provided by the following Corero companies:

  • Corero Network Security (UK) Limited, a company registered in England and Wales with company number 04047090, whose registered address is Salisbury House, 29 Finsbury Circus, London, EC2M 5QQ, UK (Corero UK); and
  • Corero Network Security Inc. whose address is: 293 Boston Post Road West, Suite 310, Marlborough, MA 01752 (Corero US),

(we refer to Corero US and Corero UK collectively in this policy as “Corero” or “we”).

Corero is a leader in real-time, high-performance DDoS defense solutions. Service providers, Cloud/hosting providers and digital enterprises rely on Corero’s award winning SmartWall technology to eliminate the DDoS threat to their environment through automatic attack detection and mitigation, coupled with complete network visibility, analytics and reporting.

 

Who this Policy applies to

From time to time, as part of running our business, we collect and use certain personal information about individuals who we interact with, in relation to the provision of our software products and services (we refer to such individuals in this Policy as “contacts” or “individuals” or “you”).

This Policy applies to individuals whose personal information we collect. You may be located in the UK, Europe, America, or indeed worldwide. Depending on your geographical location and which of our Corero entities handle your personal information, certain parts of this Policy apply.

In particular:

  • Part A of this Policy is provided for individuals, wherever they are located in the world and regardless of whether Corero UK or Corero US handles their personal
  • Part B of this Policy only applies to individuals whose personal information is protected by UK data protection law. Your personal information is protected under UK data protection law if:
    • you are located in the UK and your personal information is used by Corero UK and/or Corero US; and/or
    • if you are located outside of the UK (any other country in the world), but your personal information is used by Corero UK.

If you are based in a country in Europe (other than the UK) and your personal information is used by Corero US, then your personal information is likely to be protected by the EU General Data Protection Regulation (GDPR). This Policy has been drafted to be GDPR compliant from a UK perspective, but the information in part B of this Policy is likely to also be relevant for such European citizens too (subject to minor variations for the specific European country in which you are located, for instance the identity of the data protection regulator). Corero may change this Policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This Policy is effective from May 1, 2018.

This Policy explains our privacy practices and covers the following:

 

Part A – General information (applicable to individuals worldwide whose personal information we collect)

  1. Details of personal information that we collect (including types of individuals whose data we collect)
  2. Where we get your personal information from
  3. What we do with the personal information that we gather
  4. Who we share your personal information with
  5. Other relevant information, including how to contact us
  6. How long we retain your personal information for

Part B – UK data protection law specific information (only applicable to individuals whose personal information is protected under UK data protection law)

  1. Any transfers involving your personal information
  2. How we legally justify using your personal information
  3. Your legal rights in relation to your personal information

Part A – General information (applicable to individuals worldwide whose personal information we collect)

1. Details of personal information that we collect

We collect and use personal information relating to the following types of individuals:

  • Contacts at our existing customers – we collect contact details about certain individuals who work at our existing customers (their name, email address, place of work, job title and telephone number). We also send out customer surveys from time to time to such individuals, which you can complete and these may contain additional personal information such as your opinions and preferences;
  • Contacts at our existing suppliers and partners – we also collect contact details about certain individuals who work at our existing suppliers and partner organisations (their name, email address, place of work, job title and telephone number);
  • Contacts at potential customers and other prospects – we collect contact details of individuals who work at potential customers, to whom we wish to market our products and services (their name, email address, place of work, job title and phone number);
  • Users of our website – we collect the IP addresses of individuals who use our website and possibly also your basic contact details (name, email address, phone number) if you provide details to us via a website chat tool etc. Such website users could be existing customers, suppliers, partners of ours or potential

As we outline above, the personal information that we collect and use about individuals is not sensitive personal information (such as details of someone’s health, ethnicity, race or religion), and it is mostly business contact details.

2. Where we get your personal information from

We collect personal information from a number of sources, including:

  • From you directly – we receive personal information directly from some individuals, for instance, if you contact us via our website, register for marketing information, by email, telephone or give us your business card at a networking event;
  • From your employer – if you work at a customer, supplier or partner of ours, your employer may pass your contact details to us, for instance if you are appointed to act as a point of contact for a particular project;
  • From social media – we obtain personal information about contacts (particularly for contacts at potential customers) using platforms such as LinkedIn or via your business’ website;
  • Trade shows and other events – we gather business contact details of certain individuals who work for customers, suppliers, partners and for potential customers, from events such as trade shows, webinars and other industry events that we organise or are otherwise involved
  • From third party marketing companies – we use third party marketing services suppliers to provide us with lists of contact details of leads for potential

3. What we do with the personal information we gather

Our customers – As a supplier of DDoS defence solutions, we need to communicate effectively and efficiently with our customers, in order to facilitate our provision of high quality and timely communications and services and to manage relationships. Therefore, our main use of your personal information will be in the context of performing our contractual obligations to your business, for example provision of support services, responding to queries and managing the financial aspects of the relationship. However, we also use personal information of individuals who work at our customer organisations for the following purposes:

  • from time to time, we may also use your personal information to contact you for market research purposes and to send you surveys. We may contact you by email, phone, fax or by mail. We use such information to try and constantly improve our products and services and where possible, tailor these to suit the particular needs and preferences of you and your business; and
  • to provide our existing customers with certain marketing information from time to time, for instance, trends reports and details of new products, special offers or other information which we think you and your business may find interesting.

Our suppliers and partners – we need to use certain personal information in order to provide and receive services, for communicating effectively and efficiently with various parties in the supply chain. Where your organisation provides services to us, we will need to know which individuals at your organisation we have to communicate with and keep details of their personal information. Therefore, our main use of your personal information will be in relation to projects which we are involved in and services which we provide and receive, to enable us to liaise effectively with our suppliers, partners and other third parties.

Prospective customers – as a business, we want to make organisations in the industry aware of the range of products and services which we can offer, including trends reports. We keep lists of contacts on our Salesforce client relationship management (CRM) system and from time to time we may send marketing information to you by email, or we may also contact you by telephone.

Users of our website – users of our website (who may be contacts at existing customers, suppliers, partners or potential customers) may provide us with their contact details if they have a particular query. We will use this information to get in touch with you by email or telephone and seek to assist with your query. Please also see paragraph 5 below regarding how we collect the IP address of visitors to our website, in relation to cookies.

4. Who we share your personal information with Internal sharing:

Corero UK shares all personal information that it collects with Corero US.

Furthermore, Corero UK and Corero US may share your personal information with our other Corero group companies, namely Corero Group Services Limited, a company which is based in the UK.

External sharing:

We store and process your personal information using Salesforce’s CRM solution, which means that Salesforce store your personal information in the cloud and can access the personal information from time to time, for instance where they provide support and maintenance services to us.

5. Other relevant information, including how to contact us Security

We are committed to ensuring that your personal information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information we collect. However, please note that no transfer of personal information over the internet is ever completely secure. Consequently, we cannot guarantee the security of any personal information which you transfer to us, or which we transfer to you, over the internet.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual as they recognise your IP address. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than your IP address and the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy policy applicable to the website in question.

Ensuring that your personal information is accurate and up to date

If you believe that any personal information we are holding on you is incorrect or incomplete, please write to us or email us as soon as possible, at the below address. We will promptly correct any information found to be inaccurate.

Your right to object to receiving direct marketing communications from Corero

You have the right to object to receiving direct marketing communications from us (which we will promptly comply with) and where any other use of your personal information is based on consent, to withdraw that consent at any time.

How to contact us

If you have questions about this Policy, please contact: The Chief Financial Officer, Corero Network Security plc, Salisbury House, 29 Finsbury Circus, London, EC2M 5QQ, UK.

6. How long we retain your personal information for

The length of time that we retain your personal information for varies, according to the type of individual whose personal information we have collected, and what this is being used for:

Type of individual Applicable retention period
Contacts at existing customers: For the duration of the contract between us and the customer plus 6 years.


Contacts at existing suppliers and partners: For the duration of the contract between us and the supplier / partner plus 6 years.


Contacts at potential customers: 24 months (unless you object to receiving any more marketing information before then).


Users of our website: As above, depending on whether the website user is a contact of an existing customer, supplier or partner; or a contact at a potential customer.

Part B – UK data protection law specific information (only applicable to individuals whose personal information is protected under UK data protection law)

7. Any transfers involving your personal information

Under UK data protection law, when personal information is being transferred outside the European Economic Area (EEA), Corero UK as data controller, are under an obligation to ensure that such transfer is performed in a manner that ensures that your personal information is adequately protected. Details of the transfers, and how the data is protected, are set out below:

Transfers to Salesforce – as mentioned above, we use a third-party IT provider, called Salesforce, to provide a cloud based CRM solution. Salesforce store personal information on servers based in the United States, which involves us transferring personal information outside of the EEA, to the US. In these circumstances the personal information will be transferred to and stored by Salesforce in accordance with the EU-US Privacy Shield, which has been approved by the European Commission as offering adequate levels of protection for personal information and therefore complies with UK data protection law. You can find more information about Salesforce’s certification with Privacy Shield at: https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active

Transfers to Corero US – if your personal information is collected by Corero UK, it will be transferred to Corero US.

Corero US manages the Corero group’s marketing activities. We have put in place the EU approved standard contract clauses between Corero UK and Corero US. The EU standard contract clauses are an approved method of ensuring that any personal information of yours transferred to the USA is adequately protected in accordance with UK data protection law. If you would like to receive a copy of the signed standard contract clauses in place between Corero UK and Corero US, please contact us using the contact details set out at paragraph 5 above.

8. How we legally justify using your personal information

Every use that we make of your personal information must meet a legal ground in the list set out by UK data protection law. The grounds which we rely upon are as follows:

Marketing – in relation to marketing activity which we perform using your personal information, we rely on the following conditions:

  • For marketing to corporate subscriber customers / potential customers – the vast majority of the marketing activity which we undertake is to customers/potential customers who are corporate bodies or companies. For marketing to people who work for such customers, we rely on the condition that such marketing is necessary for us to achieve our legitimate interests, where your rights and freedoms are not jeopardised so as to override this legitimate interest. Our legitimate interests are to inform organisations about the products and services which we can offer, enhancements to the same and informing organisations about forthcoming events and special
  • For marketing to customers / potential customers who are sole traders or partnerships – on very rare occasions we may also market to people who work for sole traders or partnerships. In such circumstances, we will only send you marketing communications where we have received your prior consent to our doing so. If you withdraw your consent to receive marketing information at any time we will cease sending you any more marketing

For any marketing activity, you have the right to object to receiving further direct marketing information and if you do so, we will cease sending you any more marketing information. However, we will keep minimal personal information about you on a screening list, to ensure that we do not accidentally send you marketing information against your wishes in the future.

Day to day communications and managing existing relationships – the legal ground which is relevant to us processing your personal information for such purposes (for customers, suppliers, partners and website users) is that such processing is necessary for us to achieve our legitimate interests, and where your rights and freedoms are not jeopardised so as to override this legitimate interest. Our legitimate interests are ensuring that we can communicate effectively with the relevant personnel at such parties, in order for us to provide our products and services in a timely and professional manner, and to honour our contractual and other obligations to the parties who we work with.

Sharing personal information with Corero US – the legal ground which is relevant to us sharing your personal information with Corero US is that such sharing is necessary for us to achieve our legitimate interests, and where your rights and freedoms are not jeopardised so as to override this legitimate interest. The particular legitimate interests in this case is that Corero US controls our marketing activities and therefore require access to contact details of individuals who work at organisations to whom we wish to market our products and services.

9. Your legal rights in relation to your personal information

If you have any questions in relation to our use of your personal information, you should first contact us using the contact details in paragraph 5 above. Under certain conditions, you may have the right to require us to:

  • provide you with further details on the use we make of your personal information and/or transfer a copy of your personal information to another data controller;
  • provide you with an electronic copy of personal information that we hold;
  • update any inaccuracies in the personal information we hold and/or restrict processing of your personal information;
  • delete any personal information that we no longer have a lawful ground to use;
  • object to our use of your personal information which is based on the ‘legitimate interests’ legal ground. If our use of your personal information based only on this legal ground is causing you undue harm, then we must cease using your personal information for that

You also have the right to object to receiving direct marketing communications from us (which we will promptly comply with) and where any other use of your personal information is based on consent, to withdraw that consent at any time.

Your exercise of most of these rights is subject to certain conditions and exemptions, for example to safeguard the public interest in investigating crimes, or protecting legal privilege. If you exercise any of these rights we will check your entitlement and respond in most cases within a month.

If you are not satisfied with our use of your personal information or our response to you, you can complain to the contact listed at paragraph 5 above. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at any time.