Offensive Security Privacy Notice
<p>
<strong>Last Updated July 2020</strong>
</p>
<p>This is our Privacy Notice. Please scroll down or click on the headings to the left to discover more.</p>
<p>
<strong>In Summary</strong>
</p>
<p>When you interact with us, our websites or products and services, we collect and you provide information about you that alone or when combined with other information, could be used to identify you (<strong>Personal Data</strong>).</p>
<p>(a) We only process your Personal Data if we have a legal basis to do so – this may be consent but more likely another legal basis (b) we collect only the Personal Data necessary to manage your relationship with us (c) we don’t sell your Personal Data to third parties (d) we only use your Personal Data in the way this Privacy Notice describes.</p>
<p>For the full version please continue reading.</p>
<p>
<strong>Background to this Privacy Notice</strong>
</p>
<p>This Privacy Notice explains what Personal Data we collect (a) because you interact with our websites and community sites (<strong>Sites</strong>) (b) because you use our free or paid for products and services promoted on the Sites (<strong>Products)</strong> (c) .
as the result of the provision of products and services to us by third parties (<strong>Suppliers)</strong>.</p>
<p>Offensive Security is the brand name of a group of companies that includes OffSec Services Limited (<strong>Offensive Security, we, us, our</strong>).</p>
<p>OffSec Services Limited of 5 Secretary’s Lane, Gibraltar is the data controller of your Personal Data.
 .
OffSec Services Limited provides Products to both individual Product users and customers who are organizations (<strong>Customers</strong>).</p>
<p>This Privacy Notice explains how we use and share Personal Data, and your choices about our data practices. .
Please read this Privacy Notice before using the Sites or Products.</p>
<p>
<strong>Other related terms and conditions</strong>
</p>
<p>This Privacy Notice should be read in conjunction with our <u>terms and conditions for the purchase and use of our Products</u> (<strong>Product T&Cs</strong>). .
It should also be read in conjunction with our <u>Academic Policy</u> and our .
Cookie Policy.</p>
<p>
<strong>What this Privacy Notice does not apply to</strong>
</p>
<p>This Privacy Notice does not apply to:</p>
<ul>
<li>Personal Data we hold about our employees or consultants</li>
<li>Personal Data gathered by other companies or organizations that promote our Services and who use cookies, tags and other technology to collect and use your Personal Data</li>
<li>How other organizations use your Personal Data if you link to their sites, apps, products, services or social media from our Sites, apps or social media.
By providing these links we do not imply that we endorse or have reviewed these third party sites. .
Please contact those sites directly for information on their privacy practices and policies.</li>
</ul>
<p>
<strong>Accessing your Personal Data</strong>
</p>
<p>We want to make sure the Personal Data we hold about you is up to date and relevant. .
You are also legally entitled to know what Personal Data we store.
If you’d like a copy of some or all of your Personal Data or you think your Personal Data is inaccurate, please contact us at privacy@offensive-security.com.</p>
<p>Please be aware that if you do not want to provide your Personal Data to us or ask us to delete it, we may not be able to provide Products to you and you may not be able to use the Sites.</p>
<p>
<strong>Personal Data we collect</strong>
</p>
<p>
<strong>Automatically Collected Data</strong>
</p>
<p>When you access the Sites or use Products, the following Personal Data is created and automatically logged in our systems:</p>
<ul>
<li>Log data: Information that your browser automatically sends whenever you visit the Sites. .
Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interacted with the Sites or Products.</li>
<li>Device information: Information that includes the device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. .
The information collected may depend on the device you use and its settings.</li>
<li>Usage Information: Information we collect about how you use our Sites and Products, such as the content you view or engage with, the features you use, and the actions you take.</li>
</ul>
<p>We use various technologies to collect and store information, including cookies, pixel tags, local storage such as browser web storage or application data caches, databases and server logs.</p>
<p>
<strong>Personal Data You Give Us</strong>
</p>
<p>You provide us with Personal Data when:</p>
<ul>
<li>You enquire about Products: we will collect Personal Data from you through web forms such as name and contact details</li>
<li>You sign up to use Products: you may be required to give us Personal Data, including your name and contact details, employer, gender, age range and billing information (e.g.
credit card details)</li>
<li>We need to verify your ID: we may collect copies of government IDs, utility bills, bank statements and/or parental consent letters</li>
<li>You email us or online chat with us: for example when you request customer support</li>
<li>You use our community Sites, blogs and forums: you may post comments and materials.</li>
</ul>
<p>
<strong>Personal Data we create or collect</strong>
</p>
<p>We may create or collect the Personal Data about you in the following ways:</p>
<ul>
<li>When you register to use Products, our systems will generate unique identifiers including your main Offensive Security ID (<strong>OSID</strong>), Purchase ID, Lab ID, Certificate ID, Video ID, system username and password. .
These identifiers are known as “pseudonymized” personal data.
They cannot alone identify you but can identify you when combined with other Personal Data we hold.</li>
<li>We may gather nicknames or handles you operate under in public blogs, forums, chat rooms or other channels.
We keep a record of your purchase history and exam history.</li>
<li>We may keep administrative notes on your file.</li>
<li>When we proctor our exams, we create videos of those taking our exams and their computer screens.
These videos may include third party Personal data if within range of Product User’s webcam or viewable on Product User’s computer screen.</li>
<li>When we look into potential breaches of our (a) Academic Policy (b) Product T&Cs (c) intellectual property rights, we may carry out public domain research.
That research may provide us with Personal Data about you and those you appear to be associated with. .
Sources of this Personal Data include social media sites, chat rooms, forums and community sites.</li>
</ul>
<p>
<strong>Personal Data We Get From Third Parties</strong>
</p>
<p>We may receive Personal data from a number of third parties including:</p>
<ul>
<li>Our Customers if they are paying for you to use Products</li>
<li>Our Suppliers and business partners if you are working with us on their behalf</li>
<li>Data brokers providing non-public lists</li>
<li>Publicly available sources like LinkedIn, other social media sites and other directories</li>
<li>ID verification service providers including those who check you are not subject to regulatory sanctions</li>
<li>Credit reference agencies</li>
<li>Third parties who report you to us because they believe you have breached our Product T&Cs, Academic Policy or intellectual property rights.</li>
</ul>
<p>
<strong>Where we process your Personal Data</strong>
</p>
<p>We store and process your Personal Data on servers both within and outside the European Economic Area (the “EEA” which includes countries within the EU plus Iceland, Liechtenstein and Norway).  .
For example, outside the EEA we process Personal data on servers in the USA, Israel and the Philippines.</p>
<p>
<strong>How we use personal data</strong>
</p>
<p>Below is a description of how we use your Personal Data and our legal basis for doing so</p>
<strong>Usage</strong>
<strong>To provide Products to you</strong>
<strong>Basis</strong>
For our legitimate interests and/or to perform a contract <strong>Description</strong>
We process your Personal Data to register you, authenticate your identity, provide Products to you, process financial transactions and manage your relationship with us.<p>
</p>
<p>If we cannot verify your identity with the basic information we collect, we may request additional Personal Data such as government ID, utility bill(s), or bank statement(s).</p>
<p>For Product users under the age of 18, we collect name(s) and IDs of and consent to provide you with Products from, the person who has parental responsibility for you</p>
<strong>Usage</strong>
<strong>To undertake Product related activities</strong>
<strong>Basis</strong>
For our legitimate interests <strong>Description</strong>
We use your Personal Data:<p>
</p>
<ul>
<li>To customize your user experience</li>
<li>To better understand how you interact with our Sites and ensure that our Sites are presented in the most effective manner for you,</li>
<li>As part of our efforts to keep our Sites, network, and information systems secure</li>
<li>To conduct analytics to inform our marketing strategy and enable us to enhance and personalize our communications and the experience we offer to you</li>
<li>To communicate with you in connection with Products you are using.</li>
</ul>
<strong>Usage</strong>
<strong>To manage Customer relationships</strong>
<strong>Basis</strong>
For our legitimate interests and/or to perform a contract <strong>Description</strong>
If one of our Customers pays for you to use Products, we will use your Personal Data to manage our relationship with that Customer. .
This may include disclosing (a) your usage of Products (b) your performance in our exams (c) any sanctions we impose on you as a result of a breach of our Academic Policy or Product T&Cs.<p>
</p>
<p>If you use Products under a Customer’s account (a) any account you create will be subject to control by Customer and Customer’s admins (b) your account information and other Personal Data will be shared with Customer and Customer’s admins (c) your Personal Data may also be visible to other Product users in Customer’s account.</p>
<p>If the domain of the email address associated with your account with us is owned by a Customer and Customer wishes to add that email address to its account, the Personal Data concerning your existing account may become accessible to that Customer.</p>
<strong>Usage</strong>
<strong>To undertake marketing</strong>
<strong>Basis</strong>
For our legitimate interests and, where required by law, with your consent <strong>Description</strong>
We use your Personal Data to send you updates and information about Products, upcoming events or other promotions or news by telephone, email or push notification.<p>
</p>
<p>You may opt out of receiving further marketing emails by following the instructions contained in each promotional email we send you or by contacting us at privacy@offensive-security.com.</p>
<p>If you opt out of marketing, we will continue to contact you regarding Products you use.</p>
<strong>Usage</strong>
<strong>To bill and collect payment from you </strong>
<strong>Basis</strong>
For our legitimate interests and/or to perform a contract <strong>Description</strong>
If you buy Products from us, we collect your billing information to process payments. .
We use third party payment providers to process payments for us.<p>
</p>
<p>If you don’t pay our bills, we will use your Personal Data to help us collect payment. .
We might ask a third party to collect the amount you owe.
We’ll give them Personal Data about you (such as your contact details) and your account (the amount of the debt) and may sell the debt to another organization to allow us to receive the amount due.</p>
<strong>Usage</strong>
<strong>To enforce our Product T&Cs and Academic Policy and/or prevent abuse of our intellectual property rights </strong>
<strong>Basis</strong>
For our legitimate interests and/or to perform a contract and/or to prevent or detect a crime <strong>Description</strong>
We may use your Personal Data to mark course materials we provide to you so we can monitor and protect our intellectual property and confidential information.<p>
</p>
<p>We will use your Personal Data to record and look into situations where we believe you or those you appear associated with may have breached (a) our Product T&Cs (b) our Academic Policy (b) our intellectual property rights (c) the law by committing an offense of dishonesty.</p>
<p>We may analyze your Personal Data in conjunction with the Personal data of third parties if we think you may have been involved in the same incident.
For example, we will compare your exam and lab reports with the reports of others to look for possible collaboration in breach of our Academic Policy.</p>
<p>We may use the results of public domain research to further investigate you and/or those you appear to be associated with.</p>
<p>Our findings may be used to (a) revoke any of our certificates you hold (b) terminate or suspend your access to Products (c) prevent you from doing business with us in the future (d) keep a record of our findings and sanctions imposed to ensure they can be enforced</p>
<strong>Usage</strong>
<strong>To proctor our exams</strong>
<strong>Basis</strong>
For our legitimate interests and/or to perform a contract and/or to prevent or detect a crime <strong>Description </strong>
Our exams may be subject to online proctoring to ensure their integrity is maintained.<p>
</p>
<p>A student’s webcam and computer screen will be monitored, viewed, recorded, stored, and/or audited. .
This will include images of the student, the student’s immediate surroundings, anything within range of the student’s webcam and anything viewable on the student’s computer screen.</p>
<p>Any communications you have with a student that are visible on that student’s computer screen will also be monitored, viewed, recorded, stored, and/or audited by us.</p>
<strong>Usage</strong>
<strong>To keep a public register</strong>
<strong>Basis</strong>
For our legitimate interests <strong>Description</strong>
If you have passed one of our exams, we may use your Personal Data to keep a public register of the status of all our certificate holders. .
This Personal Data may include (a) your name (b) your Offensive Security Identification Number (OSID) (c) the course you took (d) the exam you passed (e) the status of the certificate that was issued to you.
<strong>Usage</strong>
<strong>To undertake background checking</strong>
<strong>Basis </strong>
For our legitimate interests and/or to comply with the law <strong>Description</strong>
We may use your Personal Data to carry out credit reference checks and checks to ensure the law does not prohibit us from doing business with you e.g.
because you are subject to regulatory sanctions or in a country that is sanctioned.<p>
</p>
<p>We will use the results of these checks to decide whether to do business with you.</p>
<p>We will keep a record of the results of these checks and this record may be used to prevent you from doing business with us.</p>
<p>When credit reference agencies get a search request from us, a ‘footprint’ goes on your file which other organizations might see.</p>
<strong>Usage</strong>
<strong>To prevent or detect crime</strong>
<strong>Basis </strong>
For our legitimate interests and/or to comply with the law <strong>Description</strong>
We’ll use and share your Personal Data to help prevent and detect crime.<p>
</p>
<p>For example, we will use your Personal Data to investigate, detect and prevent attempts to obtain our certifications fraudulently or in any other .
dishonest manner.</p>
<p>We might share your Personal Data with government and law-enforcement agencies.</p>
<p>We’ll also use your Personal Data to prevent and detect criminal attacks on our computer network.</p>
<strong>Usage</strong>
<strong>To comply with our legal obligations</strong>
<strong>Basis</strong>
For our legitimate interests and/or to comply with the law <strong>Description</strong>
We will use and share Personal Data where we are obliged legally.
That might be when the law says we have to or because of a court order.
<strong>Usage</strong>
<strong>To manage Supplier relationships</strong>
<strong>Basis</strong>
For our legitimate interests and/or to perform a contract <strong>Description</strong>
if you are a Supplier or an employee or contractor of one of our Suppliers, we use your Personal Data to manage our relationship with you/that Supplier, for payment and to communicate with you/that Supplier about Products and services you/they are supplying to us <p>
<strong>Our legitimate interest in using your Personal Data</strong>
</p>
<p>We will use your Personal Data for our legitimate interests if we believe we have a legitimate business interest in doing so to operate our business.</p>
<p>
<strong>When do we believe we have a legitimate business interest?</strong>
</p>
<p>We’ll have formed the view:</p>
<ul>
<li>The usage is necessary and there’s no less intrusive way to achieve the same result</li>
<li>Your interests don’t override our interests</li>
<li>You would reasonably expect us to use your Personal Data in this way</li>
<li>You would not find the usage intrusive and it would not cause you harm</li>
<li>That we have taken extra care to protect the interests of children</li>
<li>That we have considered safeguards to reduce the impact where possible</li>
<li>That we have offered you an opt out where appropriate.</li>
</ul>
<p>
<strong>Sharing And Disclosure</strong>
</p>
<p>We may share your Personal Data and other information with certain third parties in these circumstances:</p>
<ul>
<li>
<strong>Affiliates within the Offensive Security group: </strong>for security, business, operational and administrative support purposes.</li>
<li>
<strong>Your Employer and others: </strong>If your employer or another third party has paid us for you to use Products.</li>
<li>
<strong>Service providers: </strong>your Personal Data may be shared with our third-party service providers to assist us in providing Products and to operate our business.
These include organizations who provide services in relation to marketing, infrastructure and information-technology, payment processing, logistics and shipping and professional advice.</li>
<li>
<strong>Third party accreditation: </strong>Sometimes, our certifications will be accredited by their parties as equivalent to their own. .
If you wish to take advantage of such accreditation, we will transfer your Personal Data to such third parties.</li>
<li>
<strong>Business transfers:</strong> If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction.</li>
<li>
<strong>Legal requirements: </strong>If required to do so by law, applicable regulation or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Offensive Security, (iii) act in urgent circumstances to protect the personal safety of users of the Sites or Products, or the public, or (iv) protect Offensive Security against legal liability.</li>
</ul>
<p>Where we use another organization to provide services or products to us, we still control and are responsible for your Personal Data and for ensuring there are controls in place to make sure it’s adequately protected.</p>
<p>If we need to transfer your Personal Data to another organization for processing in countries outside the EEA and not listed as ‘adequate’ by the European Commission, we’ll only do so if we have model clauses or other appropriate safeguards (protection) in place. .
For transfers between our Affiliates, we rely on model clauses. .
In relation to our US cloud platform providers, we rely on a combination of model clauses and the US Privacy Shield.
We have a further data center in Israel which is a country listed as adequate by the European Commission.</p>
<p>
<strong>Data Retention</strong>
</p>
<p>We will keep your Personal Data while we have a legitimate business need to do so for the reasons described in this Privacy Notice or as required by law (whichever is the longer).</p>
<p>Set our below are some specific data retention policies for certain categories of data.</p>
<ul>
<li>
<strong>Authentication and parental consent:</strong> additional Personal Data collected as part of the ID authentication process (e.g.
government ID, utility bill(s), or bank statement(s)) will be deleted after 120 days. .
We also delete the Personal Data collected as part of the parental consent process (i.e., parental IDs) after 120 days.</li>
</ul>
<ul>
<li>
<strong>Billing information: </strong>For the Personal Data we collect for billing (, country, credit card name, credit card number, credit card expiration date, billing address, and credit card CVV), we store this data in encrypted form and do not store the complete credit card number. .
We delete this data after 1 year from the most recent transaction (payment or refund).
This retention policy applies only to the billing information stored by Offensive Security and not to the billing information we provide to our third-party vendors and service providers.</li>
</ul>
<ul>
<li>
<strong>Proctoring video and screen feeds: </strong>video and screen feeds obtained during exam proctoring will be retained for up to 6 months.
This will include images of your ID that you have shown to the proctor.</li>
</ul>
<p>We may keep any Personal Data for longer than usual if we suspect you may have breached our (a) Product T&Cs (b) Academic Policy or (c) intellectual property rights.</p>
<p>
<strong>Cookies</strong>
</p>
<p>
<em>Cookies</em> are a standard feature of Sites that allow us to store small amounts of data on your computer about your visit to the Site.
They are widely used to help make Sites work or work in a better, more efficient way, such as by recognizing you and remembering information that will make your use of the Site more convenient (such as by remembering your preference settings).
Cookies also help us to learn which areas of the Site are useful and which areas need improvement, and to track your usage of the Site to provide you with targeted advertisements.</p>
<p>To learn more about how we use cookies please visit our Cookie Policy.</p>
<p>
<strong>Rights Under European Law </strong>
</p>
<p>This section provides information on your rights where applicable as a data subject under European data protection law.</p>
<p>Subject to applicable European law, you have the following rights in relation to your Personal Data:</p>
<ul>
<li>
<strong>Right of access:</strong> If you ask us, we will provide you with a copy of the Personal Data we hold on you along with certain other details.</li>
<li>
<strong>Right to rectification: </strong>If your Personal Data is inaccurate or incomplete, you may ask that we correct or complete it. .
If we shared your Personal Data with others, we will tell them about the correction where possible. .
If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.</li>
<li>
<strong>Right to erasure: </strong>You may ask us to erase your Personal Data in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable). .
If we share your data with others, we will alert them to the need for erasure where possible.
If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.</li>
<li>
<strong>Right to restrict processing: </strong>You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). .
We will tell you before we lift any restrictions on processing.
If we shared your Personal Data with others, we will tell them about the restriction where possible.
If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.</li>
<li>
<strong>Right to data portability: </strong>You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us in connection with our contract with you. .
We will give you your Personal Data in a structured, commonly used and machine-readable format.
You may reuse it elsewhere.</li>
<li>
<strong>Right to object: </strong>You may ask us to stop processing your Personal Data, and we will do so:
<ul>
<li>If we are relying on a legitimate interest (described under the <strong>How We Use Data </strong>section above) to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing.
or</li>
<li>If we are processing your Personal Data for direct marketing.</li>
</ul>
</li>
<li>
<strong>Rights in relation to automated decision-making and profiling: </strong>You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.</li>
<li>
<strong>Right to withdraw consent:</strong> If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has taken place.</li>
<li>
<strong>Right to lodge a complaint with a data protection authority: </strong>If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority authorized to hear those concerns.</li>
</ul>
<p>You may contact us at privacy@offensive-security.com to exercise your rights.</p>
<p>
<strong>Changes to processing</strong>
</p>
<p>We will notify you of changes to the data processing activities described in this Privacy Notice by updating the Privacy Notice or as otherwise required by law.</p>
<p>
<strong>Children</strong>
</p>
<p>The Site and Product is not directed to, nor intended to be used by, individuals under the age of 16, or the equivalent minimum age in the relevant jurisdiction.
We do not knowingly collect Personal Data from individuals under the age of 16, or the equivalent minimum age in the relevant jurisdiction.</p>
<p>For Product users under the age of 18, we collect name(s) and IDs of and consent to process your personal data and provide you with Products from the person who has parental responsibility for you.</p>
<p>If you believe we are processing the Personal Data of a student under the age of 18 without consent from the person who has parental responsibility for them, please contact us at privacy@offensive-security.com and we will endeavor to delete that Personal Data from our databases.</p>
<p>
<strong>Security</strong>
</p>
<p>We try to protect the Personal Data from loss, misuse and unauthorized access, disclosure, alteration, or destruction. .
However, no method of transmission over the internet is 100% secure.</p>
<p>
<strong>Changes to our privacy notice</strong>
</p>
<p>We may change this Privacy Notice at any time and when we do we will post an updated version on this page.</p>
<p>
<strong>Complaints</strong>
</p>
<p>If you want to make a complaint about how we have handled your Personal Data please contact us at privacy@offensive-security.com and we will investigate and report back to you. .
If you are still not satisfied after our response or believe we are not using your Personal Data in line with the law, you also have the right to complain to a data-protection regulator in Gibraltar this is the Gibraltar Regulatory Authority (<u>www.gra.gi</u>), alternatively see here for details of your local regulator <u>https://edpb.europa.eu/about-edpb/board/members_en</u>
</p>
<p>
<strong>Questions</strong>
</p>
<p>If you have questions about our Privacy Notice or our data practices, please contact us at privacy@offensive-security.com.</p>
California Consumer Privacy Act
<strong>Supplemental Notice for California Consumers</strong>
<p>For individuals who are California residents, the California Consumer Privacy Act (“CCPA”) requires certain disclosures about your personal information.
This notice (“CCPA Notice”) explains how we collect, process, and share personal information of California residents covered by the CCPA .
The terms “personal information” and “selling” used below will have the meaning under the CCPA.</p>
<p>
<strong>Personal Information We Collect, Process, and Share</strong>
</p>
<p>We collect and process personal information about California residents, and have for the preceding 12 months, including the following:</p>
<p>– If you request product information or support, or if you register to receive newsletters or other promotional material, we may collect your personal information including name, email, employer name, job title, phone number, location, and IP address in response to a request.
We may also collect personal information if someone refers you to us or if you refer someone to us to receive information about our products and services.</p>
<p>– If you submit information to us, such as filling out a survey about your user experience.</p>
<p>– If you use social media features or interact with our Site (e.g., “like” or “share” buttons), we collect your personal information.
The other site may also collect your personal information.
Your interactions with the other site’s features are subject to the terms of the company providing the site.</p>
<p>Our sources of personal information may include: you, such as through your use of our Site, products or services.
our affiliate companies or third parties.
or referring individuals who think you may be interested in our products or services.</p>
<p>We disclose your personal information to third parties as required for business purposes or under applicable law, including: our affiliates.
contractors, vendors or third parties who process personal information on our behalf.
channel partners such as distributors and resellers.
and any parties to whom we are legally required to disclose your personal information.</p>
<p>
<strong>Categories of Data and Business Purpose</strong>
</p>
<p>We collect and process, and have for the preceding 12 months, the following categories of personal information about California residents.</p>
<strong>Category of Personal Information</strong>
<strong>Examples</strong> Identifiers, including any categories of Personal Information listed in Section 1798.80 of the California Consumer Records statute
Name, address, email address, telephone number, employer information, IP address, or other similar identifiers, or transactions information Commercial information
Records of products or services requested or considered Financial Information
Billing information Internet or other electronic network activity information
Browsing history and information regarding interaction with the web site Location data
Location information you provide as part of your request or registration or approximate location based on your IP address Professional or employment-related information
Employer name or job title that you provide as part of your request or registration Legally protected classifications
Gender.
marital status Other information that identifies or can reasonably be associated with you
Preferences <p>We may use your personal information, including for the following purposes: To respond to requests or product inquiries, and to provide services or support.
to provide security and safety of the site, our IT and users of the site, and also to prevent and detect fraud.
to provide a customized web experience, including tracking your activities to understand site usage and improve the content and offerings of the website.
to operate our business, which includes analysis of our site performance, research, and improvement and development of our products and services.
and to comply with and enforce legal and contractual obligations.</p>
<p>
<strong>Sale of Personal Information</strong>
</p>
<p>California residents may opt out of the “sale” of their personal information.
We do not sell California resident’s personal information as defined under the CCPA and thus, we do not offer an opt-out.</p>
<p>
<strong>Your Consumer Rights Under The CCPA</strong>
</p>
<p>If you are a California resident, you have certain rights related to your personal information:</p>
<ol>
<li>Request disclosure, free of charge, the following information (if applicable) covering the preceding 12 months regarding:<br>
a) Categories of personal information we collect and our purposes for collecting the personal information;<br>
b) Categories of the sources of personal information we collect;<br>
c) Categories of third parties to whom we disclosed your personal information, along with categories of personal information disclosed and the purpose for disclosing.
and<br>
d) The specific pieces of personal information we collect about you, unless subject to certain conditions and limitations under the law;</li>
<li>Request deletion of personal information we collected from you, subject to certain conditions and limitations under the law.
and</li>
<li>Be free from unlawful discrimination for exercising your rights under the CCPA.</li>
</ol>
<p>
<strong>How To Exercise Your Rights</strong>
</p>
<p>If you are a California resident, you may submit a request by contacting us at privacy@offensive-security.com. .
For security purposes, we may request additional information to verify your identity before further action is taken on your request.</p>
<p>
<strong>Contact Us</strong>
</p>
<p>If you have any questions regarding this CCPA Notice, you may write to us at <u>privacy@offensive-security.com</u> or call us at (704) 899 4093.</p>