Huntress Labs Incorporated
Effective and Last Updated March 14, 2023
The personal data we collect about you depends on the particular products and services we provide to you. We may collect and use the following personal data about you:
- Your name and contact information, including email address and telephone number and company details
- Internet Protocol address
- Your billing information, transaction and payment card information
- Information about how you use our Services and websites
- Computer technical and diagnostic information
We collect and use this personal data for the purposes described in the section "How and why we use your personal data" below. If you do not provide personal data we ask for, it may delay or prevent us from providing products and services to you.
We collect most of this personal data directly from you—through the setup and use of the Services. However, we may also collect information:
- Via our Services, as discussed herein
Under data protection law, we can only use your personal data if we have a proper reason for doing so, such as:
- Where you have given consent
- To comply with our legal and regulatory obligations;
- For the performance of our contract with you or to take steps at your request before entering into a contract –or–
- For our legitimate interests or those of a third party
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
The table below explains how we may use (process) your personal data and our basis for doing so:
|What we may use your personal data for
|To perform our contract with you or to take steps at your request before entering into a contract
These activities constitute our legitimate interests. We do not use your personal data for these activities where our interests are overridden by the impact on you (unless you consent or we are otherwise required or permitted to by law).
To that end, our interests include such activities that: minimize fraud that could be damaging for you and/or us; protect trade secrets and other commercially sensitive or valuable information; protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us or third-parties; protect our business, interests and rights; help us be as efficient as we can and to make sure we are following our own internal procedures so we can deliver the best service to you at the best price; make sure that we can keep in touch with our customers about existing orders and new products; help us promote our business to existing and former customers; and to protect, realize or grow the value in our business and assets.
To comply with our legal and regulatory obligations
|Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or as indicated below or in the Services
We may use your personal data to send you updates (by email, text message, telephone, or mail) about our products and services, including exclusive offers, promotions, or new products and services.
We have a legitimate interest in processing your personal data for promotional purposes (see above “How and Why We Use Your Personal Data”). This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this consent separately and clearly.
You have the right to opt out of receiving marketing communications at any time by:
- Contacting us at firstname.lastname@example.org
- Using the unsubscribe link or following the instructions in communications
We may ask you to confirm or update your marketing preferences if you ask us to provide further products and services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell it to other organizations outside the Huntress Labs Incorporated and subsidiaries group for marketing purposes.
Huntress may create anonymous, aggregated, or de-identified data from your personal data and other individuals whose personal data we collect. We make personal data into anonymous, aggregated, or de-identified data by removing or not utilizing information that makes the data personally identifiable to you. We may use this anonymous, aggregated, or de-identified data and share it with third parties for our lawful business purposes, including to provide the Service, analyze and improve the Service, analyze and report on security risks, and promote our business. For example, in order to promote awareness, detection, and prevention of Internet security risks, Huntress may create and share anonymous, aggregated, or de-identified information (related to, e.g., potential or actual security incidents, malware, security threat data, diagnostic and usage related data, contextual data, threat detections, and indicators of compromise) with research organizations and other security software vendors and professionals via publications, blog posts, or social media, and provided no Customer identifying information is shared without written permission of Customer. Huntress may also make use of statistics derived from the information processed to track and publish reports on security risk trends.
We share personal data with:
- Companies within the Huntress Labs Incorporated group
- Third parties we use to help deliver our products and services to you, e.g., payment service providers, warehouses, data analytics, and communication delivery companies
- Other third parties we use to help us run our business, e.g., marketing agencies or website hosts
- Third parties approved by you, e.g., social media sites you choose to link your account to or third party payment providers
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We or the third parties mentioned above occasionally also share personal data with:
- Our external auditors, e.g., in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations
- Our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations
- Law enforcement agencies, courts, tribunals, and regulatory bodies to comply with our legal and regulatory obligations or on-going investigations, or in a good-faith belief that such action is necessary to investigate or protect the health and safety of or against harmful activities to Huntress or its customers, associates, property or to third-parties
- Other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations
We will not share your personal data with any other third party.
More details about who we share your personal data with and why are set out in our Subprocessors List, available at www.huntress.com/legal. If you would like more information about who we share our data with and why, please contact us (see "How to contact us" below).
Personal data may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above (see above: "Who We Share Your Personal Data With"). Some of these third parties may be based outside your region. For more information, including on how we safeguard your personal data when this occurs, see below: "Transferring Your Personal Data Out of the UK and EEA".
We will not keep your personal data for longer than we need it for the purpose for which it is used. Following the end of the relevant retention period, we will delete or anonymise your personal data.
If you would like further information about data transferred outside the UK/EEA, please contact us (see "How to Contact Us" below).
You have the following rights, which you can exercise free of charge:
|The right to be provided with a copy of your personal data (the right of access)
|The right to require us to correct any mistakes in your personal data
|Erasure (also known as the right to be forgotten)
|The right to require us to delete your personal data—in certain situations
|Restriction of processing
|The right to require us to restrict processing of your personal data—in certain circumstances, e.g., if you contest the accuracy of the data
|The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
The right to object:
• at any time to your personal data being processed for direct marketing
• in certain other situations to our continued processing of your personal data, e.g., processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defense of legal claims
|Not to be subject to automated individual decision-making
|The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
|Right to withdraw consents
If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time
Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn
If you would like to exercise any of those rights, please:
- Contact Huntress Privacy at email@example.com or at the mailing address below in the “How to Contact Us” section.
- Provide enough information to identify yourself (e.g,, your full name, email address(es), and company name) and any additional identity information we may reasonably request from you
- Let us know what right you want to exercise and the information to which your request relates
Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal data), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions.
We have appropriate security measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorized way. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Huntress is committed to protecting the security of the information it collects and processes. The information is stored on computer servers with limited and controlled access. Huntress operates secure data networks protected by industry-standard firewall and password protection systems. Huntress uses a wide range of security technologies and procedures to protect information from threats such as unauthorized access, use, or disclosure. Our security policies are periodically reviewed and enhanced as necessary, your data is encrypted at rest and in transit, and only authorized individuals have access to the data that we process.
More information about our security practices can be found in our Security Addendum, available at www.huntress.com/legal.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Please contact us if you have any queries or concerns about our use of your personal data (see below "How to Contact Us"). We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with:
- For users in the European Economic Area – the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en
- For users in the UK – the contact information for the UK data protection regulator is below:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. +44 303 123 1113
- For users in Switzerland – the contact information the Swiss data protection regulator can be found here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
Information for California Residents
This section provides additional details about the personal data, or “personal information,” we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA,” as amended by the California Privacy Rights Act or “CPRA”.
- Identifiers/contact information;
- Commercial information;
- Internet or electronic network activity information;
- Financial information;
- Geolocation information;
- Professional or employment-related information;
- Audio and visual data;
- In limited circumstances where allowed by law, information that may be protected under California or United States law; and
- Inferences drawn from any of the above categories.
We collect this information for the business and commercial purposes described in the “How and Why We Process Your Personal Data” section above. We share this information as described in the “Who We Share Your Personal Data With” section above. Huntress does not sell (as such term is defined in the CCPA or otherwise) the personal information we collect (and will not sell it without providing a right to opt out). We may also share personal information (in the form of identifiers and internet activity information) with third party advertisers for purposes of targeting advertisements on non-Huntress websites, applications, and services. In addition, we may allow third parties to collect personal information from our sites or services if those third parties are authorized service providers who have agreed to our contractual limitations as to their retention, use, and disclosure of such personal information, or if you use our sites or services to interact with third parties or direct us to disclose your personal information to third parties.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use, disclose, or may sell this information), to delete their personal information, to opt out of any “sales”, to know and opt out of sharing of personal information for delivering advertisements on non-Huntress websites, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at firstname.lastname@example.org. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf. Authorized agents must submit proof of authorization.
We may change this privacy notice from time to time – when we do we will inform you via our website.
In provision of the Services provided by Huntress, we are represented in the EU and the UK by the DPO Centre Ltd:
For Individuals in the EU:
Please contact our EU Representative at:
Alternatively, they can be reached by post:
The DPO Centre Europe Ltd
3 Ballsbridge Park, Dublin, D04C 7H2
+353 1 631 9460
For Individuals in the UK:
Please contact our UK Representative at:
Alternatively, they can be reached by post:
The DPO Centre Ltd
50 Liverpool Street
London, EC2M 7PY
+44 (0) 203 797 6340
Our contact details are shown below:
Huntress Labs Incorporated
6996 Columbia Gateway Dr, Ste 101
Columbia, MD 21046