Privacy and Information Security Policy

I. Scope of Policy

This Plumbytes Privacy and Information Security Policy applies to Plumbytes Ptd. ("Plumbytes"), and all of its contractors, representatives, agents, and resellers while they are working on behalf of Plumbytes (collectively “we” or “us”). Plumbytes Ptd. is a data controller of personal data processed in accordance with this policy. This policy applies to the following situations and activities that we engage in.

Online activities

This means situations in which you or the users of your device or computer (collectively “you”) visit a website that we own or operate including https://plumbytes.com/, or other websites under our direct control. This also includes circumstances where you download a Plumbytes product or program or use a Plumbytes services online, regardless of the site where you downloaded or use it, or who owns or operates that site. It also refers to interactions between your computer and us such as automatic updates, and our Plumbytes WebRep, Plumbytes FileRep, and Plumbytes CommunityIQ features.

Phone contacts

This includes calls for sales, service, or customer support. This policy will apply to any information that is collected from you when you call us.

Offline contacts

Sometimes we may appear at a "live" or in-person event such as a trade show or promotion. If we collect any personally identifiable information in such a case, this policy will apply.

HR data

This refers to data concerning Plumbytes employees. In general, human resources (HR) data is handled in a manner consistent with the provision of this policy, except that such data is never used or shared with anybody for any direct marketing purposes, and the provisions of this policy relating to in-product messaging do not apply.

Reseller information

This refers to information that is collected from prospective Plumbytes resellers at the time they apply to join the Plumbytes reseller program. Certain information may be collected regarding the reseller or its individual representative(s), including contact information such as telephone number and email address. Similar information may be obtained regarding sub-resellers, where applicable.

Other circumstances where you contact us

This includes contact by email, by clicking the "report a virus" link on our website, through our media contact or news subscription services, by requesting online service or support or opening a support ticket, and any other time that you contact us.

When we refer to "personally identifiable information," "personal data," or "personal information," we mean information that can identify you such as name, identification number, email address, phone number, or other information that refers specifically to you. We generally do not mean information that only refers to a business or organization but does not describe any specific individual. We also generally do not mean information that has been "anonymized," or stripped of all identifiers that refer to you specifically.

II. Information We Collect When You Visit Our Website

Use of "cookies" and other similar technologies

Cookies: When you visit our website, our server may place a small data file called a "cookie" (sometimes called "web cookie" or "browser cookie") on your hard drive. Most commercial websites use cookies. By using our site, you agree to the use of cookies as described in this privacy policy. The data we acquire from cookies is processed by various analytics tools and may be used to determine your geographic location (via your IP address and automated geolocation techniques), or to acquire basic information about the computer, tablet, or phone that you use to visit us. Geolocation data helps us to deliver content in the correct language, offer region- or country-specific products, and identify your local currency in the event of purchase. Cookies can help you log in by remembering your user credentials (depending on which options you select in your profile settings). We may also use cookies to record your shopping cart contents and user registration information. Cookies can help us identify your preferences, including language and currency, for future use. Cookies usually expire within 30-60 days.

Through our cookies, we may at times collect anonymized information in order to improve the accuracy of our services. We may also use cookies to collect anonymous information regarding downloads of our products from download site(s); this information is used only for statistical purposes, and no personal information is collected or stored. If you wish, you can disable cookies on your web browsing software. Click the "Help" tab in your browser window for more information.

Remarketing: In addition to preceding we may employ 3rd party remarketing services. Remarketing is a way for us to reconnect with users, based upon your past interactions with the Plumbytes website. Third-party marketing vendors may be hired by Plumbytes to perform remarketing services. As a result, third-party vendors, including Google, may show Plumbytes ads on sites on the Internet. Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to Plumbytes website. To opt out of customized Google Display Network ads visit the Ads Preferences Manager. Alternatively, you can opt out of third-party vendors’ use of cookies by visiting the Network Advertising Initiative opt-out page. Any information collected is used only for remarketing purposes and will not be used by third-party marketing vendors for any other purpose.

Google Analytics and Adobe SiteCatalyst: In addition to the preceding, we currently use two website analytics tools: Google Analytics and Adobe SiteCatalyst. These tools help us understand the use of our site by our visitors. Because Google Analytics and Adobe SiteCatalyst both require cookies to function, users who wish to avoid tracking by Google Analytics and Adobe SiteCatalyst while on our site can disable cookies on their web browsing software (see above).

Google Analytics is a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies” to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

"Contact us"

There are several opportunities to contact us via our website. There are links that allow you to reach us by email or using contact phone. In general, the amount of information that we collect when you contact us will be in proportion to the nature of the contact. For example, if you contact us by email, we will require your email address in order to reply.

Third-party content and sites

There may be times when we offer links to third-party sites such as Twitter, Facebook, or others. Third-party links are provided for convenience only, and should not be construed as an endorsement, approval, or guarantee of any such third-party sites or the content they offer. We may also offer links to join us on Facebook, Twitter, or other third-party sites. If you click on such a link and navigate away from our site, your use of the third-party site will be governed by the terms and conditions, privacy policy, and information security policy of the third-party site.

III. Information We Collect When You Download or Use our Programs, Request Service or Support, or Pay for Products and Services

Free product downloads generally

Online product registration: To register our products online, you are generally required to provide your email address and select a password. We use this information to validate our users and verify the number of current licenses in existence. We may also use it to verify that copies of our product are legitimate, and not counterfeit. We will not use this information for direct marketing purposes unless you "opt in" to receive such communications from us, except that we may notify you of similar products or services that we offer to the extent that we are permitted to do so by law. We may send you an email if your license expires to ask if you want to renew. We may also request additional information such as your name, demographic information, or other information. This information generally is not required, but you may provide it if you wish.

Data collected by specific products

Some of our product offerings are required to collect additional information in order to deliver full product functionality, such as information about websites that you have visited and files on your computers. In general, we collect no more information than is required in order to provide full functionality of these products. Specific products, and the types of information that they collect when you use them are as follows:

  • URLs of visited websites, together with the information on the nature of identified threats (e.g., viruses, Trojans, tracking cookies, and any other forms of malware) and URLs of several sites had visited before the infection was identified. This information is collected to ascertain the source of the infection.
  • Information and files (including executable files) on your computer identified by the Plumbytes software as potentially infected, together with the information about the nature of identified threats.
  • Information about the sender (not including personal information) and the subject of emails identified by the Plumbytes software as potentially infected, together with the information on the nature of identified threats.

In-product messaging

We sometimes communicate with our users using a technique known as "in-product messaging." In-product messaging may be used in the following scenarios:

  1. When a user's license is about to expire;
  2. When a user chooses to update or upgrade a Plumbytes program;
  3. When a virus database is updated;
  4. When a user visits an infected webpage;
  5. When a monthly security report is prepared for the user;
  6. In other cases, where user communication is necessary.

We may also sometimes use in-product messaging to notify users of new products or upgrades to existing products and services. The Plumbytes program on the user's machine initiates a secured request to the Plumbytes server using https protocol. The Plumbytes server takes the appropriate action and sends a return message to the Plumbytes program, which displays a corresponding message to the user (for example, a message that the virus database has been updated). Personal information is generally not exchanged using this process except to the extent necessary to perform a transaction. In-product messaging also permits the computers or devices of our users to transmit information to our servers including technical data, virus definitions, security, and technical information about the users' hardware. This information is used for statistical purposes, product updates, quality control, and in product and feature design; this information is stored in a way that is not associated with a particular user. In the future, Plumbytes Account information may be exchanged using this procedure.

When you use our services or request support

We may at times collect personally identifiable information from you in the course of providing our services or support. This information may be collected from you verbally, from your computer, or via electronic communication (including communications between your computer and us, or other automated communications). If you request our support, we may offer you the option of accepting a remote session in which we take control of your device or computer; in such a case we may acquire information via communication between your computer and ours.

This information is collected to help us provide the service or support that you have requested

We may at times request personal information such as name, home or work address, email address, telephone or phone number(s), or other information by which we may identify you. This information is collected for identification purposes, and to confirm that transactions with you are legitimate and not with an imposter. We will not use this information for direct marketing purposes unless you "opt in" to receive such communications, except that we may notify you of similar products or services that we offer to the extent that we are permitted to do so by law. If you contact us for support or initiate a transaction with us, we may suggest that you upgrade or update products or services. We may also contact you if your product license has expired or is about to expire.

In cases where you request individual support or assistance, we may also ask you to provide information about your device or computer, your means of accessing the Internet, or your Internet service provider. This information may include, without limitation, your email address, IP address, information about your hardware and software, the URLs of sites you have visited, files stored on your computer (including potentially dangerous or infected files), email messages (whether stored on your computer or elsewhere), information regarding senders and receivers of email messages, and the like.

This information is collected to help us to provide services and support, to identify and remove computer viruses, and to help us solve your technology problem(s). For purposes of this section, we will use any such information only when providing individual support or assistance at your request, and will not retain such information any longer than necessary for this purpose. This information will not be stored in a way that identifies you personally in any record that we keep of your request for assistance.

When you pay for products or services

When you purchase "premium" (or paid) products or services from us, the billing is generally handled by a third-party service provider. In most cases the service provider is acting as our reseller; thus, you will be making your purchase from the service provider directly, and not from Plumbytes. The handling of your personal information will be governed by any privacy policy or terms of service published by the service provider.

In all cases where your payment data is processed by a third-party service provider, we have determined that the service provider follows data privacy and security procedures that we deem adequate. Some of these third-party service providers are subject to the enhanced data privacy rules of the European Union. Others have registered for, and certified compliance with, the so-called "Safe Harbor" framework of the U.S. Department of Commerce for the handling of personal information. In all cases, such third-party service providers have executed agreements with us promising not to use personal information of our users for their marketing purposes, and not to share this information with other parties.

IV. Special Types of Personal Information

HR data

In general, human resources (HR) data is handled in a manner consistent with this policy. However, such data is never used or shared with anybody for direct marketing purposes, and the provisions of this policy relating to in-product messaging and product downloads do not apply (except in the case where an employee uses our products in his or her personal capacity, in which case the employee's information is subject to the same policies as any other user).

In addition, HR data may be subject to different retention requirements than the data of our users; we store and maintain data in compliance with the local law governing employment information. In the case of employees who have children, we may collect and store the names of the children, their personal IDs, birthdates, copies of their birth certificates, academic status, and other information that relates to the taxation status of the employees. The purpose of collecting this information is to calculate the employees' tax rates and to comply otherwise with the law.

"Sensitive" information

We never collect "sensitive" personal data such as sexual preference, religion, political views, or health. We do not wish to receive any such data and will not request it from you.

Data on children

Persons under the age of 18 should not transfer personal information to us unless they have the consent of their parent(s) or guardian(s). Except for children of Plumbytes employees, we do not knowingly collect, nor do we want to receive, personal information about individuals who are under 13 years of age.

V. Storage, Retention, and Deletion of Personal Information

Storage of information

Information that we collect is stored on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf. Personally identifiable information on our servers is only accessible from our physical premises, or via an encrypted virtual private network (VPN). Access is limited to authorized personnel only, and company networks are password protected and subject to additional policies and procedures for security.

Access by our contractors

Maintenance of personally identifiable information is performed either by contractors who we hire, or by us or by our subsidiaries, affiliates, representatives, agents, or resellers who are working on our behalf. All such third parties must agree to observe the privacy of our users and to protect the confidentiality of their personal information. All have agreed not to share personal information of our users with other parties, and not to use such personal information for their own direct marketing purposes.

Third Party Advertisements

Third parties may place advertisements for third party products within Plumbytes applications. For this purpose, we will be embedding a third-party software development kit (SDK) into our software in order to display third party ads.

These third parties may also provide links to third-party websites and third-party apps. Any sharing of data with third parties through access to and use of these third party advertisements, their linked websites or apps is not governed by this privacy policy, but instead is governed by the privacy policies of those third parties. We are not responsible for the privacy practices of such third parties.

Disclosure to third parties

There may be limited circumstances in which we are required to disclose your personally identifiable information to unrelated third parties. There may be times when we must disclose your personal information in response to the following:

  1. where necessary to satisfy a legitimate government request or order;
  2. in response to a third-party subpoena, if we believe on the advice of our attorneys that we are required to respond;
  3. where we hire a contractor to perform a service for us, such as product development or market research (but not if doing so would violate the terms of our privacy policy, or laws governing personal data);
  4. if we obtain your permission;
  5. if necessary to defend ourselves or our users (for example, in a lawsuit).

There may be a few other limited cases in which we might share our users' personal information with third parties. For example, if you request a specific service or product from us, and if that product or service is administered by a third party who is working for us, we may share your personal information with the third party in order to respond to your request. The third party who is working for us may also transmit back to us any new information obtained from you in connection with providing the service or product.

We never allow a third party to use your personal information to market that party's products or services to you. However, in a case where you contact us or a third-party service provider working on our behalf for service or support, our service provider may suggest upgrades to Plumbytes products or services that you have already selected.

Our service provider may also suggest products or service that the service provider offers which are not Plumbytes products or services. In this case you will be clearly advised that the product or service is offered by the third party and not by Plumbytes, and you will be subject to the terms and conditions, end user license agreement (EULA), and privacy policy of the service provider.

Deletion of personal information

In general, our policy is to keep personal information for no longer than reasonably necessary in light of the purpose for which the information was collected, plus any additional period that is permitted or required by law thereafter. Following the expiration of the purpose for which we collected personal information plus any additional period that is permitted or required by law, we will either delete or de-identify the information from our systems.

If you subscribe to a recurring newsletter, we will keep the information in order to fulfill your subscription request until you cancel your subscription.

For products that are registered on a periodic basis (for example, a one-year license), we will keep your personal information for the duration of your product registration, and longer if you renew your license.

If you purchase a "premium" or paid service, we (or our third-party service providers) will retain payment information for as long as is necessary to complete payment, plus any period of time thereafter that is required or permitted by law.

If you participate in a giveaway or promotion that we offer, we will retain your data long enough to administer the promotion, plus any additional time that is permitted or required by law.

We strive to delete or de-identify inactive data as soon as it is possible after the above time periods have passed. We attempt to take this action every 90 days unless we have a specific reason to delete data sooner (e.g. if you contact us to request that your information is removed from our system.

VI. Information Security

Safeguards for the protection of personal information

We maintain administrative, technical, and physical safeguards for the protection of personal information. These safeguards include the following:

Administrative safeguards: Access to our personal data of users is limited to authorized personnel who have a legitimate need to know based on their job descriptions — for example, employees who provide technical support to end users, or who service user accounts. All such data is subject to password protection. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. Where an individual employee no longer requires access, that individual's credentials are revoked.

Deletion of personal information

By retaining personal information no longer than is reasonably necessary for the function for which we originally collected it, we effectively reduce the quantity of personal information that is in our possession at any given time. This, in turn, helps reduce the degree of risk associated with our maintenance and storage of personal information on the whole: the less data we store, and the shorter time we keep it, the smaller the risk of overall harm in the event a breach.

Proportionality

We also strive to collect no more personal information from users than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.

Notification in the event of a breach

In the unlikely event of a breach in the security of personal data, we will notify all users who are actually or potentially affected. The method of notice may be tailored to suit the facts of a particular case — for example, if the only contact information that we have for a particular user is an email address, then the notification will necessarily be by email. We may elect to give notice via the in-product messaging system described above. In an unusual case — for example, if we believe there are users for which we have no contact information on file — we may give notice via publication on our company website. In any case, we reserve the right to delay notification is we are asked to do so by law enforcement or other authorities, or if we believe that immediately giving notice will increase the risk of harm to our user body overall.

VII. Compliance with Laws and Dispute Resolution

Residents of the EU

There may be occasions in which we transmit personal data collected from EU residents to a location outside of the EU, including potentially the United States. The personal data may be transmitted to locations that may have less protective personal data protection legislation than the country of your residency. We comply with all conditions required by law for transmission of personal data to such locations.

We are also subject to certain provisions of EU Directive 2002/58/EC (also known as the E-Privacy Directive) governing privacy in various types of electronic communications. Additional information is available here:

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV:l24120

Residents of Switzerland

The collection and handling of personal information of residents of Switzerland are governed by the Swiss Federal Act on Data Protection, also known as the Data Protection Act ("DPA"). There may be cases where personal data is collected from Swiss residents and subsequently transmitted to locations outside of Switzerland, such as the United States. Additional information on the Swiss DPA can be found here:

https://www.admin.ch/opc/en/classified-compilation/19920153/index.html

Residents of the United States

The collection and handling of personal information in the United States are subjects to federal legislation, regulation by federal government agencies, and regulation on the state level. The federal agency with primary jurisdiction over our data handling practices is the Federal Trade Commission ("FTC").

Sharing of information among Plumbytes entities in different jurisdictions

Our data collection and data management practices do not vary by location. We follow the same minimum data security and data privacy procedures with respect to all personal data in our possession, regardless of the jurisdiction from which it was collected, and regardless of whether the data is transferred from one Plumbytes entity to another (for example, from Plumbytes Ptd. to Plumbytes Software, Inc.).

Dispute resolution

We make every effort to conduct our business in a fair and responsible manner. In the unlikely event of a disagreement or complaint about the way that your personal data is handled, the following procedures will apply.

For all users: informal dispute resolution

If you have a disagreement with us relating to our handling of your personal information, we ask that you contact us to work it out. We are always happy to hear from you, and we promise to try our best to respond to any concerns you may have.

There are several ways you can reach us:

Please type “PRIVACY REQUEST” in the message line of your email so we can have the appropriate member of the Plumbytes team respond.

For residents of the European Union and Switzerland: If you live in the EU or Switzerland and you have a dispute regarding our handling of your personal data, you may contact the Data Protection Authority(ies) in your jurisdiction. Information on Data Protection Authorities in Europe can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/

For residents of the United States: If you live in the U.S. and you have a dispute regarding our handling of your personal data, you may contact the FTC for information. See http://ec.europa.eu/justice/data-protection/bodies/authorities/. You may also contact the attorney general of the state where you live.