Privacy Policy

Table of Contents

Who is Cyberscout and what do we do?

How Does Cyberscout Approach Data Collection?

What role do the U.S./E.U. Privacy Shield and U.S./Switzerland Privacy Shield programs play in Cyberscout’s approach to privacy and data collection across Cyberscout US’s and Cyberscout International’s operations?

European Union/Swiss Residents and U.S.-E.U./U.S.-Swiss Privacy Shield application to Cyberscout US and its dealings with Cyberscout International

What Kind of Personal Information Does Cyberscout Collect?

Does Cyberscout Share Personal Data with Third Parties?

What Are Cyberscout’s Policies Regarding Website Privacy, Specifically the Use of Cookies and Web Tracking Mechanisms? 

What are Cyberscout’s Policies Regarding Transfer of EU and other non-US Employee Data to the US?

Where can I go for any additional questions or inquiries around Cyberscout policies that have not been answered or provided here?

 

Who is Cyberscout and what do we do?

This policy applies to all non-US Cyberscout entities, including Cyberscout Inc. (Canada), Cyberscout Ventures Limited (Ireland); Cyberscout Limited (UK); Cyberscout Pty Ltd (Australia); Cyberscout Sdn Bhd (Malaysia); and Cyberscout Pty Ltd., and Taiwan Branch (Taiwan). All of the above companies shall be collectively referred to in this policy as ‘Cyberscout International.

For purposes of this privacy policy all Cyberscout business entities formed and focused on doing business in the United States or providing support to Cyberscout International including such entities as Cyberscout LLC (US), Cyberscout Claims LLC (US), and Cyberscout Consulting LLC (US) shall herein be collectively referred to as  ‘Cyberscout US’.

Cyberscout International and Cyberscout US shall be collectively referred to as ‘Cyberscout’ for purposes of this privacy policy.

Cyberscout provides identity management services including identity monitoring services and resolution of identity fraud and account takeover situations for consumers and individuals worldwide. Our services are generally provided on an institutional basis and are not available direct to the public. This means that services are made available to the public and to you through insurance providers, financial institutions, employee benefits providers and other entities that have paid us to be able to refer individuals like you to Cyberscout for assistance with your fraud or identity theft situation.

How Does Cyberscout Approach Data Collection?

Cyberscout's policies are to inform you any time we may be about to collect any personal information about you, regardless of whether it is online, in person or over the telephone. This means that any time you are asked to reveal personal information about yourself to Cyberscout or to a Cyberscout affiliate, we'll always do our best to inform you:

  • why we need to collect the information;
  • what we intend to do with it;
  • who, if anybody, we intend to share it with and why.

At that time, we will give you the option to either:

  • affirmatively consent to that collection of information and proceed with providing it to us for its intended purpose to redeem a service or product; or
  • stop what you are doing and discontinue providing us with that information at the risk that the relevant service or product may not be able to be provided to you.

What role do the U.S./E.U. Privacy Shield and U.S./Switzerland Privacy Shield programs play in Cyberscout’s approach to privacy and data collection across Cyberscout US’s and Cyberscout International’s operations?

European Union/Swiss Residents and U.S.-E.U./U.S.-Swiss Privacy Shield application to Cyberscout US and its dealings with Cyberscout International

Cyberscout is made up of both US based entities (Cyberscout US) and entities outside of the US (Cyberscout International). While data subject information is stored in the relative geographic location of the data subject and servicing entity’s location (i.e. US data subjects and US entity data stored in the US; Canadian data subject and Canadian entity data stored in Canada; EU data subjects and EU entity data stored in Ireland; etc.), access to and limited transfer of personal data across jurisdictions may occur as any assistance provided could potentially be from any geographic location of Cyberscout based on the time, date, and nature of the assistance being provided.

Therefore, since Cyberscout generally and Cyberscout International specifically rely on service support that could be provided by Cyberscout US, it is important to clarify that any sharing or transfer of information between EU and US entities to Cyberscout US is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission as well as any of the applicable data protection/privacy authorities in all relevant jurisdictions it serves.

Cyberscout US has indicated that it would be liable for cases of onward transfers of Privacy Shield data to third parties. Cyberscout US complies with the EU-US Privacy Shield and the Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Cyberscout US has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies of the Cyberscout US privacy policy and the applicable Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Cyberscout US’s certification page, please visit https://www.privacyshield.gov/

In compliance with the EU-US Privacy Shield and the Swiss-US Privacy Shield Principles, Cyberscout US commits to resolve complaints about privacy and Cyberscout US’s collection or use of personal information.

Any individuals from around the world, including European Union and/or Swiss individuals, with requests for access to data, requests for data deletion, and any other inquiries or complaints regarding their applicable legal rights as data subjects or regarding any Cyberscout privacy policy should first contact Cyberscout via E-mail addressing any inquiries or complaints to:

Cyberscout Global Privacy Office
ATTN: Custodian of Personal Records

[email protected]

Please provide your legal name, mailing address, telephone number and E-mail address, or be ready to provide such,  so that we may locate your record(s) (if any), conduct proper identity verification prior to complying with any request or inquiry, and communicate with you regarding the status of your request.

If you would rather send your inquiry, request or complaint via standard mail/post to the nearest Cyberscout offices, you may submit to the relevant address below:

  • United States Mailing address: 7580 N Dobson Rd, Suite 201 Scottsdale, AZ 85256 USA
  • Canada Mailing address: 1080 Côte du Beaver Hall, Suite 700, Montreal, Quebec H2Z 1S8 Canada
  • United Kingdom Mailing address: 10 John Street, London WC1N 2EB United Kingdom
  • Ireland/E.U. Mailing address: 2B Galway Technology Centre, Mervue Business Park, Mervue, Galway, Ireland
  • Asia Pacific Mailing address: 7F, No. 214, Dun Hua North Road, Taipei 10546 Taiwan

Please allow for a slower response time via submissions submitted by post

While Cyberscout generally and Cyberscout International specifically are subject to the authority of the Irish (or any other applicable) Data Protection authorities, Cyberscout US has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield and the Swiss-US Privacy Shield Principles to the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your request, inquiry, or complaint, or if your complaint is not satisfactorily addressed by Cyberscout US, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/  for more information and to file a complaint. In certain circumstances you have a right to invoke binding arbitration before the Privacy Shield Panel as a last resort in resolving your issues.

What Kind of Personal Information Does Cyberscout Collect?

Cyberscout collects limited information from website visitors as is described in more depth in the What Are Cyberscout’s Policies Regarding Website Privacy, Specifically the Use of Cookies and Web Tracking Mechanisms? section of this policy.

In your relationship with Cyberscout you are the Data Controller. Cyberscout provides identity theft, fraud remediation, security breach notification, identity monitoring and other support services to individuals (hereinafter referred to collectively as ‘consumer services’) via their employer, insurance provider, financial institution or other third-party business. Cyberscout does not advertise and solicit business directly from any individuals, consumers or data subjects as it is primarily a business-to-business entity.

However, if you have sought out or been referred to Cyberscout for any consumer services Cyberscout may collect any relevant information needed to assist you with enrollment in services, fulfillment of identity monitoring, fraud remediation case management, or assistance with your involvement in a data security breach. The types of information we may collect to assist you may include but is not limited to: name; address; government issued ID numbers (Social Security Numbers, Social Insurance Numbers, National Insurance Number, Passport Number, National Identification Numbers, etc.); compromised or fraudulent financial or other account information; tax information; or any other information necessary to assist you with the consumer services you have chosen to utilize through Cyberscout.

Please note that any and all information collected is provided directly by you during interviews with a case manager or during the online or telephone enrollment process. The information provided by you to Cyberscout may be used to help populate letters and fraud victim affidavits and documents provided to you to sign and execute accordingly. You are in control of any ‘sharing’ of this information with third parties by Cyberscout. This sensitive and personal information in the form of letters and communications would be sent by you directly to law enforcement, fraud departments, collection agencies, regulators, attorneys, regulators and/or any other necessary third parties required to help resolve your fraud or identity theft situation.

Cyberscout also provides special monitoring services including cyber monitoring and credit monitoring in both the U.S. and certain limited markets outside of the U.S. These special monitoring services are provided to help you detect fraudulent activity on your personal accounts as well as track the use of your account information and personal information by fraudsters and criminals. The particular monitoring services available will depend upon the country you and/or region you reside in. In certain situations, in order to sign up for these services you may be asked to provide certain personal information. This information is used to (1) verify your identity for security purposes and (2) for Cyberscout to know what information you want us to monitor for fraud and other illicit uses. Examples of data you may want to monitor could include account numbers or government issued ID numbers. Any information being monitored by you would have to be provided by you to Cyberscout.

Cyberscout collects information from its employees in connection with our employer-employee relationship. This information is limited to information necessary to pay our employees, provide them with benefits and to comply with tax and other government reporting requirements applicable in each jurisdiction. For additional information on Cyberscout Employee data transfers, specifically any transfers of employee data from Cyberscout International to Cyberscout US please refer to the section in this policy with the heading “What are Cyberscout’s Policies Regarding Transfer of EU and non-US Employee Data to the US?

Cyberscout acknowledges the individual’s right to access their personal data. If you haven't provided us with information about yourself in the past, we don't have information about you. However, if you have provided information to Cyberscout and would like to know what information we currently have about you, feel free to contact Cyberscout's custodian of personal records to provide you with access to any information Cyberscout has about you. In addition, should you note any inaccuracies in the information we have about you, you have a right to correct that information or to even have the information deleted.

Cyberscout may be required to disclose an individual’s personal information in response to a lawful request by public authorities including but not limited to meeting national security or law enforcement requirements and/or requests.

Does Cyberscout Share Personal Data with Third Parties?

In your relationship with Cyberscout you are the Data Controller. You have full control of what information, if any you provide about yourself to Cyberscout. However, in our efforts to service you Cyberscout may utilize 3rd party vendors or agents and their solutions to provide you with certain services and support. While most services and the data collected in carrying out that service is managed in house by Cyberscout, including both Cyberscout International and

Cyberscout US, some services must be provided by outside vendors. These limited situations are when Cyberscout is required to share data in order to help provide these services.

For instance if you were to be offered or provided any special monitoring services including cyber monitoring and/or credit monitoring which is available in both the U.S. and certain limited markets outside of the U.S., specific information such as that used (1) to verify your identity for security purposes and/or (2) specific information or data you may want to monitor including but not limited to account numbers or government issued ID numbers; that information would be shared with relevant Cyberscout services vendors to provide you with this monitoring. Cyberscout limits the purposes of this sharing with its vendors to providing the monitoring service they were contracted to provide. That data is not shared for marketing or resale purposes by our vendor(s) and any such activity would be a violation of Cyberscout’s agreements with any such vendor(s).

In addition, Cyberscout International, specifically the entities covering EU offerings and services, only share data with authorized third party vendors located in (1) the EU; (2) non-EU countries that have been
deemed adequate by the EC and Article 29 working group; and/or (3) the US so long as they are active Privacy Shield Program participants.

Cyberscout offers individual’s an opportunity to opt-out of having their data shared with third parties by simply not signing up for monitoring and other services that, by definition, involve the sharing of personal information with third parties. Individuals are presented at time of sign up with the request for them to provide and submit this personal information to be verified and monitored as part of the service. The request is in response to them redeeming a service with the understanding that the basis for the services involves sharing of this information individuals can opt out of this sharing by simply not enrolling in these services.

Cyberscout does not share or sell any of the personal information provided to Cyberscout with any third-party organizations for the purposes of marketing or further reselling your data. Information is only shared if necessary, to provide you services.

 

What Are Cyberscout’s Policies Regarding Website Privacy, Specifically the Use of Cookies and Web Tracking Mechanisms?

Cyberscout may collect limited personal information from visitors to its website including IP Addresses and may use cookies or other means to do so. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cyberscout uses cookies on all of its websites. Most web browsers allow some control of cookies through browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. Further information about the cookies used by Cyberscout is provided below using cookie categories based on classifications presented in the International Chambers of Commerce (ICC) Cookie Guide.

Category 1: Strictly necessary cookies.  These cookies are essential to allow us to provide services that you have requested. Category 1 cookies used by Cyberscout Websites: Login status – To identify you as being logged in to our website. Load balancing – Cookies may be used to distribute traffic across our web servers – to ensure that our websites perform well and give you the best possible experience. User subscription data – Subscription cookies allow us to ensure that you can access resources that you have registered for.

Category 2: Performance cookies.  These cookies collect information about how visitors use our website, for instance which pages visitors go to most often. The information collected by these cookies is aggregated, so these cookies don’t collect information that identifies individual visitors. The information collected is anonymous and is only used to improve the way our website works. Web analytics – Web analytics cookies are used to improve the design and user experience of our website by providing statistics on site usage and pages visited. Embedded videos – Most videos on Cyberscout websites are hosted on Vimeo and YouTube. These sites use cookies to collect video statistics and improve site experience. Please review those provider’s privacy policies for more information on their cookie use.

Category 3: Functionality cookies.  These cookies allow us to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more relevant features. Some examples of Category 3 cookies used by Cyberscout websites:

  • User preferences – Preference cookies remember settings you’ve applied to this site such as layout, default views, search filters.
  • Login information – Login cookies may be used to communicate your login details across pages of this website. This data is encrypted and not shared with third parties.
  • User profile data – Email addresses, address and contact information. Cyberscout uses a third party solution to collect this information for Cyberscout and Cyberscout purposes only. The user profile data collected by Cyberscout is collected by Marketo on Cyberscout’s behalf and is provided directly to Cyberscout. This data is not shared with third parties and is used to better provide additional services like newsletters and use of user specific online tools and resources.

Category 4: Advertising Cookies. These cookies are set through Cyberscout’s website by our advertising partners. Category 4 cookies are used by Cyberscout’s  advertising partners to build a profile of a user’s interests and show relevant adverts on other sites where they have the ability to do so. The specific personal data captured could include the user’s browser, IP address, and device used. These cookies contain a unique key that is able to distinguish individual users’ browsing habits or store code that can be translated into a set of browsing habits or preferences using information stored elsewhere.  Cookies may also be used to limit the number times a user sees a particular ad on a website and to measure the effectiveness of a particular campaign.

These cookies are not persistent and have an expiration, varying by advertising partner and based on the last time Cyberscout’s  website was visited by the user. Some examples of Category 4 cookies that may be used by Cyberscout websites include:

  • Cookies placed by advertising networks to collect browsing habits in order to target relevant adverts to the user. The site the user is visiting need not actually be serving adverts, but often this will also be the case. 
  • Cookies placed by advertising networks in conjunction with a service implemented by the website to increase functionality, such as commenting on a blog, adding a site to the user’s social network, providing maps or counters of visitors to a site. 

What are Cyberscout’s Policies Regarding Transfer of EU and other non-US Employee Data to the US?

Cyberscout has employees that are citizens of a various countries including but not limited to the United States, Canada, the United Kingdom, as well as other Asian and European Union countries.  Cyberscout respects the unique privacy and data protection rights those employees have under applicable national laws, but specifically those enumerated under E.U. laws and the specific regulations of its EU Member states. While Cyberscout limits the HR data transferred about its EU based employees to the extent possible, some information must be shared between Cyberscout International’s European/International operations and Cyberscout US for those HR related functions that cannot be managed in their respective countries.

Cyberscout US’s participation in the U.S.-E.U. Privacy Shield Program, as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from EU member countries to companies in the United States, requires that Cyberscout US have in place appropriate independent recourse mechanisms (IRMs) for dispute resolution.

Therefore Cyberscout US has consented to work with applicable E.U. Data Protection Authorities (E.U. DPAs) to serve as an IRM for dispute resolution surrounding HR specific data transfer, data protection and privacy disputes. Therefore, should your concerns around the transfer or treatment of your personal HR data by Cyberscout,specifically transfer from Cyberscout International to Cyberscout US Entities not be properly addressed by Cyberscout’s HR staff or privacy staff, you have the right to access and utilize the E.U. DPAs’ Dispute resolution panel as your IRM for the dispute. Cyberscout US will adhere to the decisions of the EU DPAs’ Dispute resolution panel and IRM.

Where can I go for any additional questions or inquiries around Cyberscout policies that have not been answered or provided here?

Cyberscout does it best to provide clear and transparent information and policies around its privacy and data sharing practices. If you have additional questions not covered by this policy please feel free to contact us for more information via E-mail at [email protected]

PRIVACY POLICY UPDATED on the 21st   day of May, 2019