search

Privacy Policy

Privacy Policy – Empow Cyber Security

Last updated: March 10, 2019

Empow Cyber Security Ltd. and its affiliates (“Empow”, “we”, “our” or the “Company”) respect the privacy of its Users and is committed to protect the personal information that its Users share with it. We believe that you have a right to know our practices regarding the information we may collect and use when you use our website and our Service and when we communicate with you. This Policy (the “Privacy Policy“) explains the types of information we may collect from Users or that Users may provide when visiting the website or use the Services. This Policy also describes Empow’s practices for collecting, using, maintaining and processing information.

Empow provides a solution for monitoring security logs  (e.g. ids logs, window logs) with the aim of assisting in the security operations process (“Products” or “Services“). The policy also governs your use of the company’s website available at: https://www.empow.co (the “Site“) and any communication either of us initiate.

 

A User may be either an entity which executed an agreement with Empow or with Empow’s resellers or distributors who provide Empow’s services (“Customer “) or Customer’s users of the services or visitors of the website or contact person in a potential customer (“End User(s)“) (collectively “Users” or “you“).

Empow is committed to protecting the privacy of its Users.  We do not share, sell, rent trade or loan personal data to third parties, other than as set out in this policy and our Terms and Conditions.

 

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.  By using our Services AND/OR THE WEBSITE, you acknowledge you have read, agreed and understood this privacy policy.

For the purposes of European Economic Area data protection law, (the “EU Data Protection Law“), the data controller of information provided through the Products or Services is the Customer. For information provided through the use of the Site or as part of any communications with us the controller is Empow Cyber Security Ltd. (see communication details below) (the “Controller“).

  1. Which information may we collect?

Categories of information and data we may collect from our Users.

  • Data we collect about you from your use of the Site or Services

The first type of Data is non-identifiable and anonymous information (“Non-personal Information”). We are not aware of the identity of the User from which we have collected Non- Personal Information. Non-Personal Information is any unconcealed information which is available to us while Users are using the Site and Services.

Non-personal Information which is being gathered through your use of the Services consists of technical information and behavioral information which may include, type of browser, browser plug-in types and versions, screen resolution and the User’s ‘click-stream’ on the website.

  • Data you give us

The second type of Data is individually identifiable information (“Personal Information “).

Personal Data Gathered through the Site: This information may identify you and may be of a private nature. This is information about you that you give us by filling in forms on our Site or by corresponding with us by phone, e-mail or otherwise.  It includes information you provide when you register on our Site, license our Service, submit a query, and when you report a problem with our Site.This may include your IP address (gathered through the Site) and unique identifiers, username, email address, full name and your phone number, all if you choose to provide us actively as part of the Site and Services.

Personal Data gathered through the Service: the service collects IP address (which may be considered personal in certain jurisdictions), device name, user name, email address, password, device identifiers and unique identifiers chosen by the Customer.

  • Data we collect about you from Third Parties

This is an information we receive about you but which you have not given us directly and will include information we collect about you from your use of other websites or services that we may provide or other end user’s use of the Services (such as id a Customer reports certain IP addresses to be involved in a security breach activity). Certain know how and insights may be shared between Users of the Service without any Personal Information.

You do not have any legal obligation to provide any information to Empow however, we require certain information in order to provide the Services. If you choose not to provide us with certain information we may not be able to provide you with the Services.

You are responsible for maintaining the security of any and all log-in information used by you in connection with our Services (e.g. user name and password) and ensuring that they are not passed on to or used by others. You are responsible for all actions that take place under your account(s) to the extent possible under applicable law (without derogating from our obligations under any applicable law and contractual obligations with our Customers).

 

  1. How do we collect information on Users of Empow?

There are two main methods we use:

  • We collect Non-Personal Information through your use of our Site and/or Service. In other words, when you are using the Site and/or Service we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.

 

  • We collect Personal Information which you provide us voluntarily through the use of the Site and Services. We also collect Personal Information required to operate the Service when you or the Customer’s administrator registers and opens an account and when you are using the Service (such as IP addresses).

 

  1. Why do we collect such Data?

Information you give us through the Services:

  • We will use this information in our legitimate interests, where we have considered these are not overridden by your rights to:
  • carry out our obligations arising from any contracts entered into between our Customer and us and to provide you with the information, products and Services that you request from us;
  • administer your account with us;
  • notify you about changes, offers and additions to our Service;
  • contact you for the purpose of providing you with technical assistance and other related information about the Service;
  • reply to your queries, troubleshooting problems, detect and protect against error, fraud or other criminal activity;
  • ensure in our legitimate interests that content from our Service is presented in the most effective manner for you and for your computer.

Information we collect about you from your use of our Site

  • We will use this information in our legitimate interests, where we have considered these are not overridden by your rights to:
  • to administer our Site under our terms and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to keep our Site safe and secure;
  • for measuring or understanding the effectiveness of content we serve to you and others, and to deliver relevant content to you;
  • to improve our Site to ensure that content is presented in the most effective manner for you and for your computer;
  • to allow you to participate in interactive features of our Site, when you choose to do so;
  • to make suggestions and recommendations to you and other Users of our Site about Services that may interest you or them.
  1. Sharing Data gathered with third parties

Other than as provided in this Policy, we do not sell, trade, lease, rent, or otherwise transfer your personally identifiable information to outside parties. We may give your Data to:

Members of our Group

Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy and only for the purpose of such support.

Third Parties

Our selected third parties may include:

  • business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They may assist us in providing the Services we offer and the Site, fulfilling requests for information, receiving and sending communications, updating marketing lists (from information gathered through our Site only), analysing data, providing IT and other support services or in other tasks, from time to time. These third parties will only use your information to the extent necessary to perform their functions;
  • analytics and search engine providers that assist us in the improvement and optimisation of our Site and subject to the cookie section of this policy;
  • data processors who process your personal data on our behalf in connection with the Services and in accordance with our instructions and applicable data protection law. Ccurrently Empow uses Amazon for infrastructure and backups as its sub processor. AWS’s privacy policy can be found here: https://aws.amazon.com/privacy/
  • We will disclose your personal information to third parties:
  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Empow or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Empow, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
  • to enforce this Privacy Policy and/or contracts executed with Empow, including investigation of potential violations thereof and to detect, prevent, or otherwise address fraud, security or technical issues in connection with the Service or Site;
  • to protect the rights, property, or personal safety of Empow, its Users, or the general public if Empow has a good faith belief that the law requires us to do so, with or without notice (we will endeavour to provide you with prior notice but we are not obligated to do so).

Service providers for the Site may be located in a country that does not have the same data protection laws as your jurisdiction. When Empow transfers data to a service provider, we seek when practical to transfer data only upon executing an appropriate agreement and/or in case of data containing information about EU citizens, after the certification of the service provider under the E.U-U.S Privacy Shield and/or with service providers that are located in a country recognized by the E.U. Council as providing adequate protection.

 

  1. Where do we store your data?

For Users of the Site:

The Data we collect from you is hosted on servers located in the US. Empow’s headquarters are based in Israel with a subsidiary in the US.  Data we collect from you may be transferred to, and stored at, a destination outside of your jurisdiction that may not be subject to equivalent Data protection laws.

For Users of the Services:

The information we collect about you is hosted on the Amazon Cloud. Amazon servers provide advanced security features and is compliant with ISO 27001 standard. We will not change the place we store data other than as agreed by the Customer. Backups may be stored in a different region on the same continent.

  1. Data Retention

Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. Empow shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of Empow’s trade secrets. Customer’s personnel shall be required to executed certain non-disclosure agreements prior to any performance of an Audit.  Unless agreed otherwise with the Customer, this policy shall govern the retention operation of Empow.

Empow will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements. The data in Empow’s managed servers is backed up for system continuity purposes and each backup file may be stored for 90 days months unless agreed otherwise with Customer or required for Empow’s legitimate reasons for forensics and security reasons, without materially adversely effecting End User’s rights.

Each User must keep the appropriate backup of its data. Empow shall not be responsible for any deletion of data or for any breach to database or for any erroneous data unless otherwise agreed with its Customer in writing.

After a (i) request from the Controller to delete any data or (ii) a deletion of data from the Empow’s interface;  (iii) termination of an account or/and agreement with Customer, an automated process will begin that permanently deletes the data in accordance with the timelines set forth in the tables below. Once begun, this process cannot be reversed and data will be permanently deleted.

 

Type of Data Timeline for Deletion (after deletion process begins) for Cancellation, Termination or Migration
User names 90 days
Backups 90 days
System Logs 90 days (unless otherwise agreed with a customer)
Access Logs and certain forensic data pertaining thereto 24 months

 

Similarly, Empow collects and retains metadata and statistical information concerning the use of the Service and Site which are not subject to the deletion procedures in this policy and may be retained by Empow for no more than required to conduct its business. We will use that information to help develop and improve our Site. Some data may be retained also on our third-party service providers’ servers in accordance with their retention policies. Please note that deleting certain incident data may affect the ability to produce proof of forensic data and we strongly recommend to consider other legal options before deleting such data.

Customer may retain Personal Information and other information about an End User which it owns and the End User may have no access to.  If you have any questions about the right of the Customer to retain and process your Personal Information you should raise this directly with the Customer.

Please note that in some cases some data will not be deleted and shall be kept in an anonymized manner if required for technical reasons.

  1. Cookies & local storage

When you access or use the Site, Company may use industry-wide technologies such as “cookies” or similar technologies (web beacons etc.), which store certain information on your computer (“Local Storage”) and which will allow us to enable automatic activation of certain features,  and make your Site experience much more convenient and effortless. The cookies used by the Service are created per session and do not include any information about you, other than your session key (usually removed as your session ends but sometimes can be kept in your device for no more than 6 months) and the ability to login again quickly. Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience with the Site may be limited. If you only disable third party cookies, you will not be prevented from making purchases on our sites.  If you disable all cookies, you will be unable to use our Services.

We use Cookies and other technologies on the basis that using them is in our legitimate interests (where we have considered that these are not overridden by your rights) for the purposes listed below.

Empow uses secured Cookies. That means a cookie with a secured flag which can only be transmitted over an encrypted connection. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.

We use the following types of Cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our Site and under our terms with you. They include, for example, cookies that enable you to log into secure areas of our Site .
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us for our legitimate interests of improving the way our website works, for example, by ensuring that users are finding what they are looking for easily.

 

  • Functionality cookies. These are used to recognise you when you return to our Site. This enables us, subject to your choices and preferences, to personalise our content, greet you by name and remember your preferences (for example, your choice of language or region).

 

  • Targeting cookies. These cookies record your visit to our Site, the pages you have visited and the links you have followed. We will use this information subject to your choices and preferences to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

If you want to disable cookies on our site, you need to change your website browser settings to reject cookies.  How you can do this will depend on the browser you use.

Except for essential cookies, some cookies used on our site may expire after the session ends and some may be retained for a longer period of time as can be seen in the cookie section in your browser.

 

 

 

  1. Security and storage of information

We take a great care in implementing, enforcing and maintaining the security of the Service, Site and our Users’ Personal Information. Empow implements, enforces and maintains security policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data and monitor compliance of such policies on an ongoing basis.

All Personal Information is stored with logical separation from information of other customers. However, we do not guarantee that unauthorized access will never occur.

Empow limits access to personal data to those of its personnel who: (i) require access in order for Empow to fulfil its obligations under this Privacy Policy and agreements executed with Empow and (ii) have been appropriately and periodically trained on the requirements applicable to the processing, care and handling of the Personal Information (iii) are under confidentiality obligations as required under applicable law. Empow takes steps to ensure that its staff who have access to personal data are honest, reliable, competent and periodically properly trained.

We use a combination of processes, technology and physical security controls to help protect Personal Information and Personal Data from unauthorized access, use, or disclosure. When Personal Information or Personal Data is transferred over the Internet, we encrypt it using Transfer Layer Security (TLS) encryption technology or similar technology.  Each server is protected by a firewall, exposing it only to the minimum ports necessary. However, no security controls are 100% effective, and we cannot completely ensure or warrant the security of your Personal Information and Personal Data.

Empow shall act in accordance with its policies to promptly notify Customer in the event that any personal data processed by Empow on behalf of Customer is lost, stolen, or where there has been any unauthorized access to it subject to applicable law and instructions from any agency or authority. Furthermore, Empow undertakes to co-operate with Customer in investigating and remedying any such security breach. In any security breach involves Personal Information, Empow shall promptly take remedial measures, including without limitation, reasonable measures to restore the security of the Personal Information and limit unauthorized or illegal dissemination of the Personal Information or any part thereof.

Empow maintains documentation regarding compliance with the requirements of the law, including without limitation documentation of any known breaches and holds reasonable insurance policies in connection with data security.

 

  1. Job applications

We may collect information provided to us by job candidates (“Applicants“) when they apply to a position in our company. Empow welcomes all qualified Applicants to apply to any of the open positions by sending us their contact details and CV (“Applicants Information”). Applicants Information will be maintained, processed and stored in Israel, US and in the applied position’s location(s), and as necessary, in secured cloud storage provided by our Third Party Services. We are committed to keep Applicants Information private and use it solely for our internal recruitment purposes (including for identifying Applicants, evaluating their applications, making hiring and employment decisions, background checks on Applicants and contacting Applicants by phone or in writing).

Please note that Empow may retain Applicants Information submitted to it even after the applied position has been filled or closed for no more than 12 months thereafter so we can re-consider Applicants for other positions and opportunities and in case the Applicant is hired, for additional employment and business purposes related to his/her work.

If you previously submitted your Applicants Information to Empow, and now wish to have it deleted, please contact us via the company website. We will be happy to assist in any manner.

  1. Requests Through the Website and Commercial Offers (Not applicable for Customers)

PLEASE NOTE: THIS SECTION IS NOT APPLICABLE TO USERS OF THE SERVICE AND ONLY APPLY TO USERS OF THE WEBSITE AND POTENTIAL CUSTOMERS NOT REGISTERED FOR THE SERVICE. If you request a demo, pricing or any quarry through the Website, we shall retain your contact details to communicate with you. Subject to applicable law, we may use you contact details to send you commercial offers related to the service and information about the Service (such as new features, sales etc.). We may transfer your contact details to our approved distributors to provide you with suitable offers in connection with our Service only. Your consent to this Privacy Policy constitute consent to send you commercial offers (Not applicable to Customers). You can withdraw your consent at any time by sending us an email or by pressing the link in the email sent to you with the commercial offer. We will retain you contact details only for the time period required to communicate with you and to provide you with offers. If you opt-out any newsletter, your details shall be deleted within 30 days however same contact details may be retained in other newsletter you sign to or in a “do not call” list if you asked us to.

 

  1. General and Individual’s End User’s Rights

Empow processes data fairly, lawfully, in a transparent manner and in accordance with individuals’ rights (as applicable). The use of information collected through our Services shall be limited to the purpose of providing the service for which our Client has engaged Empow or, if collected through the Site or other marketing means, to Empow’s legitimate interests, where we have considered these are not overridden by your rights or based on your consent above.

Empow may process data of an End User on behalf of the Controller when the Controller obtains consent from an End User or when there is another basis for doing so under applicable law. Customers who cause Empow to process Personal Information of an End User are obligated to hold all appropriate consents (if applicable) and may only utilize the Services pursuant to applicable law. If you are an End User of the Services, please contact the Controller for additional details. Empow supports End Users’ rights to retrieve any information retained on its servers which relates to such End User. Empow acknowledges that you may have the right to access your Personal Information. We have processes in place to accommodate an End User’s rights to delete data, amend erroneous data, access data and receive Personal Data or Sensitive Data in a machine readable commonly used format, all subject to reasonable technical restrains and abilities.

  1.   MINORS

We do not knowingly collect or solicit information or data from children under the age of 16 or knowingly allow children under the age of 13 to register for the Empow Service. If you are under 16, do not register or attempt to register for any of the Empow Service or send any information about yourself to us. If we learn that we have collected or have been sent Personal Information or Personal Data from a child under the age of 16, we reserve the right to delete that Personal Information or Personal Data as soon as reasonably practicable. If you believe that we might have collected or been sent information from a child under the age of 16, please contact us via the company website as soon as possible.

  1.   CHANGES TO THE PRIVACY POLICY

The terms of this Privacy Policy will govern the use of the Site and Service and any information collected in connection therewith, however, Empow may amend or update this Privacy Policy from time to time. The most current version of this Privacy Policy will always be posted at http://www.Empow.co/privacy-policy. We will endeavor to provide notice of material changes to this policy on the homepage of the Site and/or via an e-mail. Such material changes will take effect seven (7) days after such notice was provided on our Site or sent by email, subject to applicable laws. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of the Site and/or Services will constitute your written acceptance of, and agreement to be bound by, the changes to the Privacy Policy.

III.    QUESTIONS, CONTACT INFORMATION AND COMPLAINTS

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email or otherwise contact us at the following address and we will make an effort to reply within a reasonable timeframe.

E.U. citizens have the right to lodge a complaint with a supervisory authority (Data Protection Authority in your jurisdiction) in case of a breach of any E.U. data protection and privacy regulations. If the supervisory authority fails to deal with a complaint or inform you within the time frame set under applicable law, you have the right to an effective judicial remedy.

Privacy Commitment to California Residents:

If you are a resident of California, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by Hi Bob to a third party for that party’s direct marketing purposes. This right granted to California residents applies only to their activities within the State of California. To make such a request, please contact us at: privacy @empow.co.

 

Please do not hesitate to contact us via the contact us section in the website

Address: www.empow.co

Email: privacy@empow.co