Our mission is to help build a safer Internet. We place great importance on establishing trust with our Customers, Website Visitors, and the Internet community globally. To earn and maintain that trust, we commit to communicating transparently, providing and protecting the security of our Customer’s data on our systems.
We keep your personal information personal and private. We will not sell, rent, share, or otherwise disclose your personal information to anyone except as necessary to provide our services or as otherwise described in this Policy without first providing you with notice and the opportunity to consent.
1. POLICY APPLICATION
This Policy applies to BitNinja’s collection, use, and disclosure of the information of the following categories of individuals:
- Website Visitors:
Individuals who visit our Websites and who may opt to provide an email address to receive communications from BitNinja. For the purposes of this Policy, “Websites” shall refer collectively to www.bitninja.io as well as any other websites BitNinja owns and that link to this Policy. For clarity, “Websites” does not include any sites owned or operated by our Customers.
Those who register on their own or on behalf of an entity or organization to use any of the BitNinja Services (as defined below), including administrators on a Customer account.
For the purposes of this Policy, “Services” shall refer to all network service solutions marketed for subscription at www.bitninja.io, including when Services are sold by an authorized partner or reseller.
Individuals who provide their information to BitNinja or BitNinja representatives when they attend or register to attend BitNinja-sponsored events or other events, at which BitNinja participates.
- Resolver users:
Individuals visiting the Websites on servers using BitNinja’s protection may undergo an investigation phase, if we had previously observed an attack from the visitor’s IP address. BitNinja records the successful investigation in order the source not to undergo an investigation phase on other protected servers. It is called a resolving. We may record the Resolver Users’ HTTP headers, request parameters and codes sent in the verification form in order to verify the justifiedness of the resolution.
- End Users:
BitNinja provides security services that our Customers use to their websites, including a reverse proxy. On the server we filter the information, perform malware analysis and otherwise improve security. Any external attack observed generates an incident that gets to BitNinja’s database through an encrypted channel. We use the resultant information to prevent further incidents. We may send an abuse report to the owner of the IP triggering the incident in order to discontinue the source of the incident.
This Policy does not apply to our Customers’ websites, which may have their own terms and privacy policies. Our Customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, including those relating to the collection of personal information in connection with the use of our Services by End Users with whom our Customers interact.
BitNinja and its Services are not intended for, nor designed to attract, individuals under the age of eighteen. BitNinja does not knowingly collect personally identifiable information from any person under the age of eighteen.
2. INFORMATION WE COLLECT
- Name, email address, and other contact information. We ask for and — at your option — collect personal information from you when you submit web forms on our Websites, including opportunities to sign up for and agree to receive email communications from us. We also may ask you to submit such personal information if you choose to use interactive features of the Websites, including participation in surveys, contests, promotions, sweepstakes, requesting customer support, or otherwise communicating with us. The consent given may be withdrawn at any time.
We will send communications in accordance with applicable law.
- Log Files. Just as when you visit and interact with most websites and services delivered via the Internet, when you visit our Websites we gather certain information and store it in log files. This information may include but is not limited to Internet Protocol (IP) addresses, system configuration information, URLs of referring pages, and locale and language preferences.
- Interactive Areas. On our Website interactive features may be offered (“Interactive Areas”). If you choose to participate in any of these Interactive Areas, please be aware that that any information that you post in an Interactive Area might be read, collected, and used by others who access it. If you wish to remove your personal information from any of our Interactive Areas, please see the section below entitled, Your Data Rights.
- Customer Account Information. When you register for a BitNinja account, we collect your email address. We refer to this information as “Customer Account Information” for the purposes of this Policy. Customer Account Information is required to identify you as a Customer and permit you to access your account(s). By voluntarily providing us with such Customer Account Information, you represent that you are the owner of such personal data or otherwise have the requisite consent to provide it to us.
- Payment Information. You are not required to enter your credit card information unless and until you decide to continue with a paid subscription to our Services. When you sign up for one of our paid Services, you must provide billing information. The information you will need to submit depends on which billing method you choose. For example, if you pay with a credit card, we will collect your card information and billing address; conversely, we do not store full credit card numbers or personal account numbers.
- Server Installation and Server Information. The use of our service requires the installation of the BitNinja server protecting agent that collects safety data on the server.
- We may record the Resolver Users’ HTTP headers, request parameters and codes sent in the verification form in order to verify the justifiedness of the resolution.
- BitNinja provides security services that our Customers use to improve and protect their websites.
- We collect End Users’ information when they use our Customers’ websites, web applications, and APIs. This information may include but is not limited to IP addresses, system configuration information, and other information about traffic to and from Customers’ websites (collectively, “Log Data”). We collect and use Log Data to operate, maintain, and improve our Services in performance of our obligations under our Customer agreements. For example, Log Data can help us to detect new threats, identify malicious third parties, and provide more robust security protection for our Customers.
- We may ask for and collect personal information such as your name, address, phone number and email address when you register for or attend a sponsored event or other events at which BitNinja (and/or its representatives) participates.
Legal Basis for Processing (EEA only):
If you are an individual from the European Economic Area (EEA), please note that our legal basis for collecting and using your personal information will depend on the personal information collected and the specific context in which we collect it. We normally will collect personal information from you only where: (a) we have your consent to do so, (b) where we need your personal information to perform a contract with you, or (c) where the processing is in our legitimate interests.
Please note that in most cases, if you do not provide the requested information, BitNinja will not be able to provide the requested service to you.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time. Where we rely on our legitimate interests to process your personal data, you have the right to object.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at firstname.lastname@example.org.
3. How we use information we collect
BitNinja only processes personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized. As a general matter, for all categories of data we collect, we may use the information we collect (including personal information, to the extent applicable) to:
- provide, operate, improve, maintain and promote the Website and Services;
- enable you to use and access the Website and Services;
- process and complete transactions, and send you related information, including purchase confirmations and invoices;
- send transactional messages, including responses to your comments, questions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages;
- send commercial communications, in accordance with your communication preferences, such as providing you with information about products and services, features, surveys; newsletters, offers, promotions, contests, and events about us and our partners; and send other news or information about us and our partners. See Section 8 below for information on managing your communication preferences.
- monitor and analyse trends, usage, and activities in connection with the Websites and Services and for marketing or advertising purposes;
- personalize the Websites and Services, including by providing features or content that match your interests and preferences; and
- comply with legal obligations as well as to investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities;
- process for other purposes for which we obtain your consent.
Information from Third Party Services
We may combine information we collect as described above with personal information we obtain from third parties. For example, we may combine information entered on a BitNinja sales submission form with information we receive from a third-party sales intelligence platform vendor to enhance our ability to market our Services to Customers or potential Customers.
4. Information sharing
Specifically, we do not permit our Service Providers to use any personal information we share with them for their own marketing purposes or for any other purpose than in connection with the services they provide to us.
In addition to sharing with Service Providers as described above, we may also share your information with others in the following circumstances:
- Within the BitNinja Group (defined for the purposes of this Policy);
- With our resellers and other sales partners who may help us distribute the Services to Customers;
- In the event of a merger, sale, change in control, or reorganization of all our part of our business;
- When we are required to disclose personal information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.
- Where we have a good-faith belief sharing is necessary to investigate, prevent or take action regarding illegal activities, violations of our Service Agreement, or as otherwise required to comply with our legal obligations; or as you may otherwise consent from time to time.
We do not sell, rent, or share personal information with third parties for their direct marketing purposes, including as defined under applicable regulatory provisions.
5. Data Aggregation
BitNinja may aggregate data we acquire about our Customers and their End Users, including the Log Data described above. For example, we may assemble data to determine how Web crawlers index the Internet and whether they are engaged in malicious activity or to compile web traffic reports and statistics. Non-personally identifiable, aggregated data may be shared with third parties.
6. Data subject rights
Attendees, Website Visitors and Customers:
You have the right to access, correct, update, export, or delete your personal information. You may email us at email@example.com with any such subject access requests, and we will respond within thirty days. Customers also can access, correct, export, or update their Account Information by editing their profile or organization record at firstname.lastname@example.org.
BitNinja has no direct relationship with End Users. Even where “BitNinja ” may be indicated as the authoritative name server for a domain, unless BitNinja is the owner of that domain, we have no control over a domain’s content. Accordingly, we rely upon our Customers to comply with the underlying legal requirements for subject access requests. If an End User requests that we access, correct, update, or delete their information, or no longer wishes to be contacted by one of our Customers that use our Services, we will direct that End User to contact the Customer website(s) with which they interacted directly. Our Customers are solely responsible for ensuring compliance with all applicable laws and regulations with respect to their website users.
For any request mentioned above, we will need to verify a requestor is inquiring about their own information before we can assist. Where a request may implicate the personal data of another individual, we must balance the request against the risk of violating another person’s privacy rights. We will comply with requests to the extent required by applicable law. In the EU, you also have the right to lodge a complaint with a supervisory authority.
7. Data processing preferences
You may manage your receipt of commercial communications by clicking on the “unsubscribe” link located on the bottom of such emails, through your account settings if you have a BitNinja account, or you may send a request to email@example.com.
8. Data security, data integrity, and access:
We take all reasonable steps to protect information we receive from you from loss, misuse or unauthorized access, disclosure, alteration, and/or destruction. We have put in place appropriate physical, technical, and administrative measures to safeguard and secure your information, and we make use of privacy-enhancing technologies such as encryption.
If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org.
9. Notification of changes
If we make changes to this Policy that we believe materially impact the privacy of your personal data, we will promptly provide notice in case of any such changes (and necessarily obtain your consent), as well as post the updated Policy on our website noting the effective date of any changes.
10. Business transactions
We may assign or transfer this Policy, as well as information covered by this Policy, in the event of a merger, sale, change in control, or reorganization of all our part of our business.
11. English language controls
Non-English translations of this Policy are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version is authoritative and controls.
Date of entry into force of this GTC: 24th May, 2018