www.bitsight.com Open in urlscan Pro
2606:4700:10::ac43:60f  Public Scan

Submitted URL: https://url.uk.m.mimecastprotect.com/s/mwSnCR6M2SOmXJysOsgI1tfu-?domain=bitsight.com
Effective URL: https://www.bitsight.com/privacy-policy
Submission: On December 12 via api from AE — Scanned from GB

Form analysis 0 forms found in the DOM

Text Content

This website is AudioEye enabled and is being optimized for accessibility. To
open the AudioEye Toolbar, press "shift + =". Some assistive technologies may
require the use of a passthrough function before this keystroke. For more
information, activate the button labeled “Explore your accessibility options”.

Skip to main content


UTILITY

 * Blog
 * Partners
 * Request Demo
 * Chat With Us
 * Login

See Your Rating
Show/Hide Main Menu
 * Products
   
    * Enterprise Security
       * Security Performance Management
       * External Attack Surface Management
       * Cybersecurity Analytics
       * Security Ratings
       * Cyber Threat Intelligence NEW
       * SPM Integrations
   
    * Digital Supply Chain
       * Third-Party Risk Management
       * Vendor Risk Management
       * Continuous Monitoring
       * Vulnerability Detection & Response
       * Trust Management Hub
       * TPRM Integrations
   
    * Cyber Governance & Reporting
       * Cybersecurity Ratings
       * Cybersecurity Regulations
       * Cyber Risk Quantification
   
    * Cybersecurity Data Feed
       * Cyber Data Solutions
   
    * Cyber Underwriting & Risk Control
       * Cyber Insurance
   
    * Professional Services
       * Service Offerings
   
   Free Attack Surface Report
   
   Your attack surface is expanding—know exactly how it looks. Our report gives
   you the insights you need to see your external attack surface.
   
   Receive custom report
 * Solutions
   
   See beyond borders
   
   Bitsight enables risk and security leaders to see beyond the firewall — to
   the vendors and partners, clouds and applications, patches and programs —
   that introduce risk in your digital ecosystem.
   
    * By Use Cases
       * Exposure Management
       * Third-Party Risk Management
       * Reporting and Compliance
       * Cybersecurity Regulations NEW
       * Continuous Monitoring
       * Executive Reporting
       * Supply Chain Visibility
       * Investment Management
       * National Cybersecurity
   
    * By Industry
       * Financial Services
       * Insurance Services
       * Healthcare
       * Government
       * Technology
       * Energy/Utilities
       * Retail
       * Manufacturing
       * Education
   
   Bitsight to Acquire Cyber Threat Intelligence Leader Cybersixgill to Help
   Enterprises to Preempt Cyber Attacks
   
   Read release
 * Why Bitsight
   
   Trust in our data
   
   We combine real-time discovery of networks, assets, and vulnerabilities with
   our AI attribution engine and over 100 security researchers to amass one of
   the largest and mapped risk datasets in the world.
   
    * Why Bitsight
       * Why Bitsight
       * Security Ratings Leader
       * * Trusted Ratings
       * Data & Insights
       * Data Correlation & Studies
       * Data Discovery
       * Data Mapping & Attribution NEW
       * Cyber Data for Capital Markets NEW
   
    * Bitsight TRACE
       * Latest Security Research
       * Meet the Team
   
   Bitsight delivered 297% ROI for security leaders
   
   Forrester Consulting's Total Economic Impact™ Of Bitsight study shows a near
   3x return on investment and material business outcomes for customers.
   
   Download Study
 * Company
   
   Building trust in the digital economy
   
   Bitsight is a cyber risk management leader transforming how companies manage
   exposure, performance, and risk for themselves and their third parties.
   
    * About Us
       * Our Story
       * Our Team
       * Trust Center
       * Diversity & Inclusion
       * Press Releases
       * In the News
   
    * Connect with Us
       * Careers
       * * Open Positions
       * Events
       * Locations
       * Contact Us
   
   Bitsight to Acquire Cyber Threat Intelligence Leader Cybersixgill to Help
   Enterprises to Preempt Cyber Attacks
   
   Read release
 * Resources
   
   Did you know?
   
   More than 60% of Known Exploited Vulnerabilities remain unmitigated past
   deadlines and take, on average, 4.5 months to remediate.
   
   Source: Bitsight TRACE
   
    * Resources
       * Customer Stories
       * Reports & eBooks
       * Datasheets
       * Webinars
       * Videos
       * Cybersecurity Glossary
       * All Resources
   
    * Blog
       * Vulnerabilities & Incidents
       * Policy & Regulations
       * Exposure Management
       * Third-Party Risk Management
       * All Blog Posts
   
   Bitsight delivered 297% ROI for security leaders
   
   Read the study to see how bolstering your cyber security program with
   Bitsight can protect your business while improving your bottom line.
   
   Download Forrester Study

See Your Rating
 * Blog
 * Partners
 * Login
 * Chat With Us
 * Request Demo


PRIVACY POLICY

BY USING THE SITES OR SERVICES, YOU ACCEPT AND AGREE TO THE TERMS OF THIS
PRIVACY POLICY. BY ACCEPTING THE TERMS OF THIS PRIVACY POLICY, YOU REPRESENT AND
WARRANT THAT YOU ARE ABLE TO PROVIDE INFORMATION EITHER ON YOUR OWN BEHALF OR ON
BEHALF OF THE COMPANY YOU REPRESENT. IF YOU DO NOT AGREE TO BE BOUND BY THE
TERMS OF THIS PRIVACY POLICY YOU MAY NOT USE THE SITES OR SERVICES.


BITSIGHT PRIVACY POLICY

Effective Date: July 22, 2024

At BitSight Technologies, Inc. ("we" or "us" or “BitSight”), including our
majority owned subsidiaries ThirdPartyTrust, LLC, NSEC Sistemas Informáticos,
S.A., BitSight Technologies UK, Limited, BitSight Technologies Singapore Pte.
Ltd., BitSight Technologies Argentina SA, and BitSight Technologies France SAS,
we respect and protect the privacy of our customers and others who use our
websites (including the www.bitsight.com, www.bitsighttech.com, and
www.thirdpartytrust.com domains) (the “Sites”) and our products and services
(collectively, our “Services”). This privacy policy (the “Privacy Policy”)
provides details about how your personal information is collected, secured,
transferred, disclosed and used by us. It also describes your choices regarding
use, access and correction of your personal information. Personal information is
any information that identifies you or would enable someone to contact you,
which may include your name, email address, phone number and other non-public
information that is associated with such information. It does not include
aggregate information, anonymous information or any other non-personally
identifiable information. Unless expressly set forth herein or required by law,
this Privacy Policy also does not apply to any unsolicited information you
provide to us through the Sites or the Services or through any other means, such
as information posted to any public areas of the Services (including our online
community and blog), any ideas for new products or modifications to existing
products, and other unsolicited submissions (collectively, “Unsolicited
Information”). All Unsolicited Information shall be deemed to be
non-confidential and we shall be free to reproduce, use, disclose, and
distribute such Unsolicited Information to others without limitation or
attribution. This Privacy Policy does not cover how our customers may use the
data that we provide to them in connection with our Services.


SUMMARY AND CONTENTS

The summary below provides the key concepts of the full Privacy Policy. If you
have questions, please click the links to view the complete text below.

 * Information We Collect:  When you interact with us through the Sites or the
   Services, we may collect personal information and other information from you,
   including information you give us, information we get from your use of our
   Services, information we receive from other sources and information collected
   by third parties on our Sites. Learn more

 * Our Use of Your Information:  We collect information only as necessary to
   fulfill the purposes set forth in this Privacy Policy (including to provide
   our services) and we will only use this information as described in this
   Privacy Policy. Learn more

 * Disclosure of Your Personal and Other Information:  There are certain
   circumstances in which we may disclose your personal information to certain
   third parties without further notice to you, including in connection with
   online marketing and business transfers to parties including affiliates,
   service providers, agents, consultants and related third parties, partners
   and resellers, to other users of the BitSight customer community forum and to
   comply with legal requirements. Learn more

 * Use of Cookies: We may use cookies to collect information about your use of
   our Sites. Learn more

 * Opt-out Choices: You may decide to opt-out of our use of certain cookies and
   other tracking technologies on our Sites. Learn more

 * Retention of Information: Personal and other information we collect will not
   be kept for longer than is necessary for the business purpose described above
   for which it is collected and processed and will be retained in accordance
   with our internal document retention policies. Learn more

 * Links from other Sites:  Certain pages of the Sites and Services may, from
   time to time, contain external links or access to services provided by third
   parties.  We are not responsible for the privacy practices of other websites
   or third parties. Learn more

 * Security:  We take reasonable steps to protect the personal information
   provided via the Sites and Services from loss, misuse, and unauthorized
   access, disclosure, alteration, or destruction. Learn more

 * Children:  Our Sites and our Services are designed for business use and are
   not directed to persons under 18.  If we become aware that a child under 18
   has provided us with personal information, we will delete such information
   from our files. Learn more

 * Location of Data: We are headquartered in the United States of America.
   Personal information may be accessed by us or transferred to us in the United
   States or to our affiliates, service providers, agents, consultants and
   related third parties, partners and resellers, or service providers elsewhere
   in the world. By providing us with personal information, you consent to this
   transfer. Learn more

 * Transferring Your Personal Information Internationally: We participate in and
   have certified our compliance with the EU-U.S. Data Privacy Framework, the UK
   Extension, and the Swiss-U.S. Data Privacy Framework. We are committed to
   subjecting all personal data received from the EEA, the UK, and Switzerland,
   respectively, in reliance on each Data Privacy Framework, to the Framework’s
   applicable Principles. Learn more

 * Certifications: Our privacy practices, described in this Privacy Policy,
   comply with the APEC Cross Border Privacy Rules (CBPR) System and APEC
   Privacy Recognition for Processors (PRP) System. Learn more

 * Your Privacy Rights: Depending on the jurisdiction in which you are located,
   and how you interact with Bitsight, you may have certain legal rights over
   the personal information we hold about you. Learn more

 * Exercising Your Privacy Rights: Where you are entitled to exercise privacy
   rights under applicable law, you may access, correct, object to processing or
   request deletion of your personal information by logging into your account or
   contacting us. Learn more

 * Our Contact Information:   We have designated our Privacy Manager to oversee
   our compliance with applicable privacy laws. Questions and inquiries
   concerning your privacy may be submitted by completing this form, by email to
   privacy@bitsight.com, by phone to 1 (844) 735-0076, or to the address
   below. Learn more

 * Notification of Changes:  Your access to and use of the Sites and the
   Services is strictly conditioned upon your agreement with and consent to the
   terms and conditions of this Privacy Policy. In the event of any material
   modification by us to this Privacy Policy, we will notify you as described
   below. Learn more




INFORMATION WE COLLECT AND THEIR SOURCES

When you interact with us through the Services or Sites, we may collect, hold,
and use the following personal information and other information from you,
including:



 * Information you give us.
   * Contact Information (Identifiers): We collect personal information from you
     when you complete our online forms, contact us with inquiries, or as part
     of your access and use of the Services. This information includes contact
     information such as name, mailing address, email, phone number, title,
     company information, and any other information provided by a user of the
     Services (including a user-submitted photograph).
   
   * Account and Payment Information: We also collect personal information from
     you when you log into the Services, provide payment and billing information
     (excluding credit card information), or post in BitSight customer community
     forum. You are solely responsible for the personal information you choose
     to submit in any customer community forums. Please note a third-party
     payment processor collects credit card information directly from you and
     holds and processes such information pursuant to their own privacy policy.
   
   * Call and Video Call Information:  We may collect personal information from
     you when you call us (including video calls) and calls may be recorded and
     analyzed for training, quality control and for sales and marketing
     purposes. We may use third party vendors to facilitate calls. During such
     calls we will notify you of the recording via either text disclaimer, voice
     prompt or script.
   
   * Chat information: We may collect personal information from you when you
     chat online with us and chats may be recorded and analyzed for training,
     quality control and for sales and marketing purposes. We may use third
     party vendors to facilitate chats.Information we get from your use of our
     Sites or Services (e.g. ISPs)

 * Information we get from your use of our Sites or Services (e.g. ISPs): 
   
   * Internet or other similar network activity (i.e. IP Address, Log Data, and
     Other Data): As is true of most websites, we gather certain information
     automatically and store it in log files. This information may include
     Internet protocol (IP) addresses, the region or general location where your
     computer or device is accessing the internet, browser type, Internet
     service provider (ISP), referring/exit pages, the files viewed on our site
     (e.g., HTML pages, graphics, etc.), operating system, date/time stamp,
     and/or clickstream data to analyze trends in the aggregate and administer
     the site. Such information we get from your use of our Sites and Services,
     which is collected passively using various technologies, and cannot
     presently be used to specifically identify you unless you have previously
     interacted with us by completing a form on our website or log into the
     Services (see “Contact Information” and “Account Information” above). We
     may store such information itself or such information may be included in
     databases owned and maintained by our affiliates, agents or service
     providers.
   
   * Tracking Technologies: As described in this Privacy Policy, we and third
     parties on our Sites, may use cookies and similar tracking technologies
     (collectively, “Cookies”) to improve your experience, for our advertising
     and marketing efforts, or provide feedback to us on your use. For more
     information, see Cookies Policy below. Information we receive or collect
     from other sources (e.g. third party vendors)
   
   * Third Party Data: We may receive information about you from other sources,
     including public internet sources, third parties from whom we have
     purchased data, or affiliated companies, and combine this data with
     information we already have about you. This helps us to update, expand and
     analyze our records, identify new customers, and provide products and
     services that may be of interest to you. If you provide us personal
     information about others, or if others give us your information, we will
     only use that information for the specific reason for which it was provided
     to us.
 * Information collected by third parties on our sites (e.g. vendors and service
   providers)
   
   * Social Media Information: Our Sites include social media features and
     widgets such as Facebook, YouTube, Twitter and LinkedIn or interactive
     mini-programs that run on our Sites. These features may collect your IP
     address, which page you are visiting on our Sites, and may set a cookie to
     enable the feature to function properly. Social media features and widgets
     are either hosted by a third party or hosted directly on our Sites. Your
     interactions with these features are governed by the privacy statement of
     the company providing it.
   
   * Automated Technologies, Usage and Analytic Data: We may accumulate and
     aggregate certain statistical and related data - such as what product
     features you use the most, when an object (like a ticket) is opened and
     closed, and how often certain features (like workflows) are triggered in
     your account - when you or your users interact with the Sites and Services
     in order to improve the performance and functionality of the Sites and
     Services, to develop new products and/or services or to analyze the usage
     of the Sites and Services or to provide our products and services,
     including providing our customers with support and customer success, and
     for tailored sales and marketing purposes (including profiling for
     automated targeted marketing campaigns). We engage third party providers to
     collect usage data . For more information about how we protect your
     information with these service providers, please see Disclosure of Your
     Personal and Other Information.

We are the sole owner of information collected on the Sites and Services
(including any metadata), except for vendor lists and contact information that
you provide to us in connection with your use of our Sites and Services.

To the extent the General Data Protection Regulation (the “GDPR”) applies to any
personal information you give us to enable us to provide the service or operate
our Sites, we rely on legitimate interest. We also process data based on consent
for certain sales and marketing purposes.




OUR USE OF YOUR INFORMATION AND LEGAL BASES FOR PROCESSING

We collect information only as necessary to fulfill the business purposes set
forth in this Privacy Policy and we will only use this information as described
in this Privacy Policy.

If you provide personal information for a specific reason, we will use such
personal information in connection with the reason for which it was provided. We
may rely on one or more of the following legal bases to process your personal
information where the General Data Protection Regulation (“GDPR”) or other
similar privacy laws apply:

 * Where use of information is necessary to perform our obligations under a
   contract  e.g. For internal purposes, such as for example, administering your
   account, including impersonation of account users for support purposes;
 * Where use of your information furthers our legitimate interests or the
   legitimate interests of others, taking into consideration your interests,
   rights, and expectations, for example: 
   * to communicate with you by responding to your requests, comments and
     questions, 
   * to help us improve the content and functionality of the Sites and Services
     and to market our Services to you including for automated personalized
     marketing campaigns for customers and prospects (which may also be based on
     consent, as applicable), 
   * to provide aggregated and non-identifiable analytical and benchmarking data
     for security and other insights, or to prevent fraudulent activity and for
     any other purpose based on our legitimate interest, 
   * for customizing your experience (e.g. remembering your preferences or
     restricting access to certain features or content due to applicable law in
     your location), and 
   * internal operations such as troubleshooting, data analysis, testing and
     statistical purposes, and product maintenance and improvement
 * Where you have consented to our processing of your information for a
   particular purpose.

Any bulk marketing communication we send to you will contain instructions to
"opt-out" of receiving future marketing communications. If at any time you wish
not to receive any future marketing communications or wish to have your name
deleted from our mailing lists, contact us as indicated below under “Our Contact
Information.” You may also opt out as to whether your personal information is
(i) to be disclosed to a third party other than as described herein or (ii)
believe your personal information is being used for a purpose that is materially
different from the purpose(s) for which it was originally collected (or
subsequently authorized by you) by contacting us as indicated below under “Our
Contact Information.”


DISCLOSURE OF YOUR PERSONAL AND OTHER INFORMATION

We do not sell your personal information to any third parties for their own
benefit. There are, however, certain circumstances in which we may share your
personal information with certain third parties without further notice to you,
as set forth below:

 * Business Communications. As we develop our business, we might sell or buy
   businesses or assets. In the event of a corporate sale, merger,
   reorganization, dissolution or similar event, personal information may be
   part of the transferred assets or otherwise shared as is in our legitimate
   business interests. 

 * Related Parties. We may also share your personal information with our
   affiliates for purposes consistent with this Privacy Policy. We may share
   your information with others within your organization (including any
   affiliates or any other individuals designated as users on your account). 

 * Service Providers, Agents, Consultants and Third Parties. Occasionally, we
   enter into contracts with carefully selected third parties so that they can
   assist us in servicing you (for example, providing or maintaining databases,
   analytics, processing payment, fraud detection and deterrence or access to
   advertising assets), to assist us in our own marketing and advertising
   activities or to engage in co-marketing activities with us. Our contracts
   with such third parties prohibit them from using any of your personal
   information for any purpose beyond the purpose for which it was shared.

 * Business Partners and Resellers. We may share your personal information with
   our partners and resellers so that they can assist you in using our Services
   and sell or resell our Services to you.

 * Data Submitted in Connection with BitSight Customer Community Forum. Your
   name and/or username and the information you post in the BitSight customer
   community forums and any activities you engage in will be available to other
   users of the BitSight customer community forum.

 * Legal Requirements. We may disclose your personal information as is in our
   legitimate interests when such disclosure is necessary or advisable, in our
   sole discretion, to conduct an investigation, respond to a third party or law
   enforcement subpoena or court order, bring legal action, prevent harm to
   others or pursue other relief when you or a third party are or may be:
   violating our terms and conditions of use; causing injury or other harm to,
   or otherwise violating our property or other legal rights, or those of other
   users of our Sites and Services or third parties; or violating federal,
   state, local, or other applicable law. This disclosure may include
   transferring information to the U.S. and outside the European Economic Area.

We may also share aggregated and non-identifiable information with any third
party, including the media and industry observers and as part of our products
and services. For example, we may disclose security trends, benchmarking data or
the number of customers that have evaluated or purchased our products and
services.


USE OF COOKIES

We may use Cookies served by a third party (e.g., Google Analytics) to collect
information about your use of our Sites so that we can provide advertising about
products and services tailored to your interests. Where required by law, we base
the use of third party cookies upon consent. We use the following types of
Cookies:

 * Essential Cookies: These Cookies are required for providing you with features
   or Services that you have requested. For example, certain Cookies enable you
   to log into secure areas of our Services. Disabling these Cookies may make
   certain features and Services unavailable.
 * Functional Cookies: These Cookies allow us to analyze Site usage so we can
   measure and improve performance.  For example, Google, Inc. (“Google”) uses
   Cookies in connection with its Google Analytics services. For more
   information on how Google uses this information, click here.
 * Advertising Cookies: These Cookies are used to deliver advertising that is
   more relevant to you and your interests. They may also be used to limit the
   number of times you see an advertisement and measure the effectiveness of
   advertising campaigns.

For more information about specific Cookies being used on our Site, and the
information they collect, please see our Cookie Consent Manager. If you would
prefer to not receive personalized ads based on your browser or device usage,
see Opt-out Choices for more information or see our Cookie Consent Manager. 


OPT-OUT CHOICES

There are a number of ways you can opt-out of certain interest-based advertising
and other online tracking activities, which we have summarized below. Please
note that these opt-out tools are not associated with BitSight, and we cannot
guarantee that these tools work as their providers advertise them:

Advertising industry opt-out tools: To opt-out of interest-based advertising by
participating companies in the following consumer choice mechanisms, please
visit: 

 * Digital Advertising Alliance (DAA)’s self-regulatory opt-out page
   (http://optout.aboutads.info/) and mobile application-based "AppChoices"
   download page (https://youradchoices.com/appchoices)
 * European Interactive Digital Advertising Alliance (EDAA)'s consumer opt-out
   page (http://youronlinechoices.eu)
 * Network Advertising Initiative (NAI)’s self-regulatory opt-out
   page (http://optout.networkadvertising.org/).

Platform opt-outs. Some of our advertising partners offer opt-out features that
let you opt out of use of your information for interest-based advertising,
including: Google, LinkedIn, and Bing.

 * Blocking advertising ID use in your mobile device settings. Your mobile
   devices may offer settings that enable you to make choices about the
   collection, use, or transfer of your advertising ID associated with your
   mobile device for interest-based advertising purposes.
    
 * Blocking Cookies in your browser. Most browsers let you remove or reject
   Cookies, including Cookies used for interest-based advertising. To do this,
   follow the instructions in your browser settings. Many browsers accept
   Cookies by default until you change your settings. For more information about
   Cookies, including how to see what Cookies have been set on your device and
   how to manage and delete them, visit www.allaboutcookies.org.
    
 * Using privacy plug-ins or browser add-ons. You can block our websites from
   setting Cookies used for interest-based ads by using a browser with privacy
   features or installing browser plugins and configuring them to block third
   party Cookies. For example, if you do not want Google Analytics to collect
   and use information about your use of our Sites, then you can install a
   browser add-on to opt- out of Google Analytics.

Note that because these opt-out mechanisms are specific to the device or browser
on which they are exercised, you will need to opt out on every browser and
device that you use. Opting-out of interest-based advertising does not mean that
you will no longer receive online ads. It only means that such ads will no
longer be tailored to your specific viewing habits or interests. You may
continue to see ads on and about the Services.

Visiting our Cookie Consent Manager. You can click here to customize your Cookie
consent preferences. See Use of Cookies above for more information.

Do Not Track. “Do Not Track” is a privacy preference that users can set in
certain web browsers. DNT is a way for users to inform websites and services
that they do not want certain information about their webpage visits collected
over time and across websites or online services. Please note that we do honor
DNT signals or similar mechanisms transmitted by web browsers except for
the www.thirdpartytrust.com website, which does not currently honor DNT or other
similar signals.


RETENTION OF INFORMATION

Personal and other information we collect will not be kept for longer than is
necessary for the business purpose described above for which it is collected and
processed and will be retained in accordance with our internal document
retention policies. The criteria used to determine our retention periods
include: (a) the length of time we have an ongoing relationship with our
customers and provide services, (b) whether there is a legal obligation to which
we are subject, and (c) whether retention is advisable in light of our legal
position (such as in regard to applicable statutes of limitations, litigation or
regulatory investigations). 

We may retain your personal information for as long as your account is active,
to provide you services, improve our Services, comply with our legal
obligations, resolve disputes and/or enforce our agreements.




LINKS FROM OTHER SITES

Certain pages of the Sites and Services may, from time to time, contain external
links or access to services provided by third parties. You should verify and
validate any and all privacy practices of other websites. We encourage you not
to provide personal information, without first assuring yourself of the privacy
policies of such other websites. 

WE ARE NOT RESPONSIBLE IN ANY WAY FOR THE PRIVACY PRACTICES OF OTHER WEBSITES OR
THIRD PARTIES OR FOR ANY USE AND/OR MISUSE OF ANY PERSONAL INFORMATION OR OTHER
INFORMATION PROVIDED BY YOU AT SUCH OTHER WEBSITES OR SERVICES.




SECURITY

We take reasonable steps to protect the personal information provided via the
Sites and Services from loss, misuse, and unauthorized access, disclosure,
alteration, or destruction. For example, access to your personal information
and/or your information on the Services is password-protected (it is your
responsibility to protect the security of any of your login information).
Notwithstanding our efforts, we cannot guarantee absolute or unqualified
protection of this information given the open nature and resulting instability
of the Internet, and we make no representations or warranties as to the
effectiveness of our security and assume no liability for security breaches or
any failure in the security of your computer equipment, your internet service
provider or other networks and communications providers. If you have any
questions about the security of your personal information, you can contact us
at privacy@bitsight.com.




CHILDREN

Our Sites and our Services are designed for business use and are not directed to
persons under 18. We do not knowingly collect personal information from children
under 18 and as such do not sell or share personal information of consumers
under the age of 18. If a parent or guardian becomes aware that his or her child
has provided us with personal information without such parent or guardian's
consent, he or she should contact us. If we become aware that a child under 18
has provided us with personal information, we will delete such information from
our files.


LOCATION OF DATA

We are headquartered in the United States of America. Personal information may
be accessed by us or transferred to us in the United States or to our
affiliates, service providers, agents, consultants and related third parties,
partners and resellers, or service providers elsewhere in the world. By
providing us with personal information, you consent to this transfer. We will
protect the privacy and security of personal information according to this
Privacy Policy, regardless of where it is processed or stored, however you
explicitly acknowledge and consent to the fact that personal information stored
or processed in the United States will be subject to the laws of the United
States, including the ability of governments, courts or law enforcement or
regulatory agencies of the United States to obtain disclosure of your personal
information.
 


TRANSFERRING YOUR PERSONAL INFORMATION INTERNATIONALLY

BitSight Technologies, Inc. and its wholly owned subsidiary ThirdPartyTrust, LLC
(“Bitsight US”) comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”),
the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework
(“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Bitsight
U.S. has certified to the U.S. Department of Commerce that it adheres to the
EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard
to the processing of personal data received from the European Union and the
United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the
EU-U.S. DPF. BitSight U.S. has certified to the U.S. Department of Commerce that
it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF
Principles”) with regard to the processing of personal data received from
Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between
the terms in this privacy policy and the EU-U.S. DPF Principles and/or the
Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the
Data Privacy Framework (“DPF”) Program, and to view our certification, please
visit https://www.dataprivacyframework.gov/ or visit the U.S. Department of
Commerce’s Data Privacy Framework List.

Bitsight U.S. is responsible for the processing of personal data it receives,
under the Data Privacy Framework, and subsequently transfers to a third party
acting as an agent on its behalf.  Bitsight U.S. complies with the Data Privacy
Framework Principles for all onward transfers of personal data from the EEA, UK,
and Switzerland, including the onward transfer liability provisions.

With respect to personal information received or transferred pursuant to the
Data Privacy Framework, we are subject to the regulatory enforcement powers of
the U.S. Federal Trade Commission. In certain situations, we may be required to
disclose personal information in response to lawful requests by public
authorities, including to meet national security or law enforcement
requirements.

If you have an unresolved privacy or data use concern that we have not addressed
satisfactorily, please contact our U.S.-based third-party dispute resolution
provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Data Privacy Framework
website, you may be entitled to invoke binding arbitration when other dispute
resolution procedures have been exhausted.

 


CERTIFICATIONS

Our privacy practices, described in this Privacy Policy, comply with the APEC
Cross Border Privacy Rules (CBPR) System and APEC Privacy Recognition for
Processors (PRP) System. The APEC CBPR and PRP systems provides a framework for
organizations to ensure protection of personal information transferred among
participating APEC economies. More information about the APEC framework can be
found here.





 


YOUR PRIVACY RIGHTS

Depending on the jurisdiction in which you are located, and how you interact
with Bitsight, you may have certain legal rights over the personal information
we hold about you, subject to local privacy laws. These may include the right,
depending on your jurisdiction, to:

 * Obtain access to your personal information that is being processed by us,
   including: the categories and/or specific pieces of personal information we
   collected, the categories of sources from which personal information is
   collected, the business or commercial purpose for collecting personal
   information, and the categories of third parties to whom we disclosed
   personal information
 * Correct inaccurate personal information.
 * Request the deletion of your personal information.
 * Opt out of the sale or sharing of personal information for targeted
   advertising.
 * Object to the processing of your personal information carried out on the
   basis of our legitimate interests in the EEA, UK, and Switzerland, and ask us
   to restrict the processing of your personal information.
 * Request the portability of your personal information in a structured,
   commonly used, and machine-readable format.
 * Withdraw your consent at any time, if we have collected and processed your
   personal information with your consent. Withdrawing your consent will not
   affect the lawfulness of any processing we conducted prior to your
   withdrawal, nor will it affect processing of your personal information
   conducted in reliance on lawful processing grounds other than consent.
 * Opt out of marketing communications sent by Bitsight.

Applicable laws may also give you the right to lodge a complaint with a local
supervisory authority related to this Privacy Policy.

Residents of Colorado, Connecticut, Virginia, Utah, and other U.S. states may
have additional rights which may include the rights included above in the
absence of a valid exemption.
 


EXERCISING YOUR PRIVACY RIGHTS

Where you are entitled to exercise privacy rights under applicable law, you may
access, correct, object to processing or request deletion of your personal
information by logging into your account or contacting us (including our
European representative) by completing the Privacy Request Form. You must
provide the information listed in the Privacy Request Form so that we can verify
your identity, including validating your name and the email you use when
interacting with Bitsight. You may also authorize another person or third party
to submit a request to exercise your rights by providing written permission in
conjunction with the submission of the requested information or by giving the
third party your power of attorney. We will acknowledge your request and provide
a follow-up substantive response within a time period permitted by applicable
law. In the event that we need an extension to fulfill a request, we will notify
you. If we deny your request, we will provide reasons for that denial. 

If your personal information has been submitted to us by or on behalf of a
Bitsight customer and you wish to exercise any rights you may have under
applicable data protection laws, please inquire with the applicable customer
directly.

We will not discriminate against you for exercising any of your rights with
respect to your personal information.

Please be aware that even after we have processed your request, we may retain
certain residual information in the backup and/or archival copies of our
database or any data that we may retain in compliance with applicable law. 
 


RIGHT TO OPT-OUT OF THE SALE OF YOUR PERSONAL INFORMATION

You may opt-out of the sale or sharing of your personal information for targeted
advertising by clicking the Cookie Preferences link in the footer of our Website
and opting out of the Functional and Advertising Cookies, or by implementing the
Global Privacy Control (GPC). For instructions on how to download and use GPC,
please visit https://globalprivacycontrol.org. See Use of Cookies above for more
information.

Further, we do not share the personal information of California residents with
third parties for their own direct marketing purposes.


OUR CONTACT INFORMATION

We have designated our Privacy Manager to oversee our compliance with applicable
privacy laws. Questions and inquiries to us (including our European
representative) concerning your privacy may be directed:

 * By email to privacy@bitsight.com.
 * By phone at 1 (844) 735-0076, or you can write us at:
   * BitSight Technologies, Inc.
     111 Huntington Ave, Floor 4
     Boston, MA 02199
     United States
     Attn: Legal Department/Privacy Manager

We will use commercially reasonable efforts to make an initial response to your
inquiries, questions or comments within five (5) business days of their receipt.

All data subject or similar access requests must be made by completing this
Privacy Request form.




NOTIFICATION OF CHANGES

Your access to and use of the Sites and Services is strictly conditioned upon
your agreement with and consent to the terms and conditions of this Privacy
Policy, as it may be amended and/or updated from time to time at our sole
discretion. In the event of any material modification by us to the way and
purpose we process your personal information, we will notify you by email (sent
to the email specified in your account) or by means of a notice
on www.bitsight.com prior to the change becoming effective and your continued
use of the Sites and Services will indicate your acknowledgement of such changes
and agreement to be bound by the modified Privacy Policy terms. If you object to
any such changes, you may not continue to access or use the Sites or Services.
We encourage you to periodically review this page for the latest information on
our privacy practices.

BitSight Technologies, Inc.
111 Huntington Ave, Suite 400
Boston,  MA  02199
United States of America

+1-617-245-0469




Free Cyber Security Reports
 * Security Ratings Snapshot
 * Attack Surface Report
 * Supply Chain Risk Report
 * Marsh McLennan Cyber Risk Report
 * Third-Party Vendor Risk Report

 * BitSight Academy
 * BitSight Knowledge Base
 * Privacy Statement
 * Corporate Social Responsibility Statement
 * Security
 * BitSight Security Ratings Access Terms
 * Website Terms Of Use
 * Get A Free Demo
 * Cybersecurity Glossary
 * Do Not Sell or Share My Personal Information
 * Order Fulfillment Policy
 * Cookie Preferences

Contact Us
© 2024 BitSight Technologies, Inc. and its Affiliates. All Rights Reserved.
 * Facebook
   
 * Instagram
   
 * Linkedin
   
 * Twitter
   
 * YouTube
   


This website uses cookies to enhance user experience, for advertising purposes,
and to analyze traffic on our website as described in our Privacy Policy. You
may choose to consent to our use of these technologies by selecting "Accept" or
select "Required Only" if you do not consent. To change your preferences or
learn more about our use of cookies select "Manage Settings".
Accept Required Only Manage Settings


Opens in new window
PDF Download
Word Download
Excel Download
PowerPoint Download
Document Download
Explore your accessibility options


close carousel