External Privacy Notice
1. Your privacy is important to us
NetSPI, LLC and its wholly owned subsidiaries NetSPI UK Ltd., NetSPI Canada Ltd., and NetSPI India Private Ltd. (collectively, “NetSPI” and individually each a “NetSPI Entity”) are committed to respecting the privacy of all individuals whose data we process. This privacy notice explains our (instances of “our,” “we,” or “us” refer collectively to NetSPI) global personal data processing practices related to external individuals whose data we process, in accordance with applicable data privacy and protection laws and regulations. As needed, NetSPI may provide additional notices. Any questions or other inquiries should be directed to the contact information listed below.
2. Contact details
The NetSPI entity that determines the purposes for which and the means by which your personal data is processed is the Data Controller for all purposes discussed within this notice, and one or more NetSPI entities other than the entity acting as the Controller may be processors for all purposes discussed within this notice. Communications, questions, or concerns about this privacy notice should be addressed to us by email to privacy@netspi.com, or in writing to us at 241 N 5th Ave Suite 1200, Minneapolis, MN 55401, attn: Legal.
NetSPI’s Data Protection Officer:
Project Consulting Group
privacy@netspi.com
104 Main St N Ste 100.
Stillwater, MN, 55082.
NetSPI’s EU Representative:
Prighter Group
https://prighter.com/q/18434068728
Schellinggasse 3/10
1010 Vienna, Austria
If you feel any of your rights regarding the collection or use of your personal data have been violated, please contact us at privacy@netspi.com. We will investigate and attempt to resolve reasonable complaints and disputes. If you have concerns about how we are processing your personal data, you may have the right to lodge a complaint with your local data protection authority.
We have appointed Prighter Group with its local partners as our privacy representative in the European Union (EU). Individuals located in the EU can contact us directly through our EU Representative using their website listed above.
3. Definitions
Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’).
Data Subject: An individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
4. Overview of personal data processing
The types of personal data we process, how we collect it, and our uses for it vary depending on your relationship with NetSPI. Please refer to the Appendix (Section 16) of this Notice for more details related to our personal data processing activities, purposes for processing, categories of personal data processed, our legal bases for processing, the sources of data, and the categories of third parties involved in processing personal data.
This Privacy Notice applies to you if you interact with NetSPI in one or more of the following ways:
- ‘Candidate’: This applies to you if you have applied for or are otherwise considered for employment opportunities with NetSPI.
- ‘Customer’: This applies to you if you are your employer’s point of contact regarding our Sales, Marketing, or Project Management activities.
- ‘Customer User’: This applies to you if your employer has contracted NetSPI for its products or services, and you are an end user of our technology offerings.
- ‘Partner’: This applies to you if you are a current or prospective Partner or reseller of NetSPI offerings.
- ‘Vendor’: This applies to you if NetSPI has contracted services from a company for which you are a point of contact.
- ‘Website Visitor’: This applies to you if you visit our website.
5. Data security
The security of your data is important to us. As such, NetSPI maintains a high standard for information security, including in relation to personal data. However, it is important to remember that no method of transmission over the Internet or method of storage is 100% secure. We strive to use commercially acceptable means to protect data. Our computer equipment, networks, systems, and data are monitored and maintained to a high standard, and access to data and equipment is always restricted to appropriate staff.
6. Individual rights
Depending on where you’re located, privacy laws and regulations may allow you to exercise certain rights regarding the processing of your personal data – such as those listed in the table below. If you wish to exercise any of your rights, please contact us at privacy@netspi.com. If you are from the EU, you may also submit requests via our EU Representative.
Requests are typically addressed within 30 days, and we will notify you if we need additional time to process your request. NetSPI will not discriminate against individuals for exercising their rights under applicable data privacy laws.
Not all these rights are absolute. Certain requests may be declined depending on the applicable privacy law(s), our legal basis for data processing, and whether a request is manifestly unfounded or excessive, or requires disproportionate effort to fulfill.
Absent statutory or contractual requirements, individuals are not strictly obligated to provide NetSPI with their personal data. However, if you prefer not to provide your data for certain purposes, please understand that such a refusal would likely compromise NetSPI’s ability to deliver for you upon the purpose(s) or function(s) for which that personal data is intended.
# | Data Subject Right | Description |
1 | Right to be Informed | This privacy notice provides the awareness you are entitled to. |
2 | Right of Access | The right to confirm if we process your personal data, to view what personal information is processed, or request a copy. |
3 | Right to Rectification | The right to have your personal data corrected if it is inaccurate. |
4 | Right to Erasure | The right to have your personal data deleted. |
5 | Right to Restrict or Limit Processing | The right to restrict or limit the way(s) we use your personal data, including sensitive personal data. |
6 | Right to Data Portability | The right to have your personal data transferred to you or to another data controller, in a machine-readable electronic format. |
7 | Right to Object | The right to object to certain data processing such as that based on legitimate interests or the public interest, for direct marketing, or scientific/historical research and statistical purposes. |
8 | Right in Relation to Automated Decision Making | The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or other significant affects. |
9 | ‘Do Not Sell My Data’ | The right to request that we do not sell your personal data (NetSPI does not sell personal data). |
10 | Right to Withdraw Consent | In situations where you have consented to us processing your personal data, you have the right to withdraw that consent at any time. |
7. Third parties involved in processing personal data
NetSPI may share your personal data with third parties in connection with the data processing purposes described in this notice. NetSPI requires third parties receiving personal data to be bound to confidentiality requirements and agree to handle all personal data in accordance with applicable laws. NetSPI requires that third parties involved in the processing of personal data maintain appropriate technical and organizational measures for safeguarding the data relative to its risk.
In the Appendix (Section 16) of this notice, we have identified the categories of third parties that may receive personal data in connection with our different purposes for processing data. Please refer to the Appendix for more details. Additionally, we may disclose or share your personal data if compelled under a duty to comply with any legal obligation.
8. International transfers of personal data
When NetSPI processes personal data or shares it with third parties, data may be transferred over international borders. That includes data originating from the European Economic Area (EEA), United Kingdom (UK), Canada, India, or elsewhere, depending on where you are located, and transferring it to third countries outside of that region, including to the United States. Where EU & UK personal data is transferred internationally, NetSPI utilizes standard data protection clauses with third parties, adequacy decisions, and other applicable safeguards for the protection of your personal data. NetSPI takes steps to protect this information by implementing appropriate safeguards relative to the risk and sensitivity of the information transferred.
If you have questions regarding the safeguards used to protect your data when it is transferred to countries outside of the EU or UK, please reach out to us using the contact information provided in this notice. This may take the form of a copy or a reference to where such information is available.
9. Data retention
NetSPI will retain personal data only for as long as is necessary for the purpose(s) for which it was collected – based on internally defined business rules and in accordance with applicable laws. Data may be removed upon request by a data subject (when applicable), or when the data is no longer needed for the purpose(s) it was collected for.
10. Automated decision making
NetSPI does not use your personal data to make automated decisions that have legal or similarly significant impacts upon you, without human intervention.
11. Minors
NetSPI’s services are not intended to be used by minors. NetSPI does not knowingly collect any personal data from children under the age of 16. If you think that a minor child or dependent provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best to promptly remove such information from our records.
12. Cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. When you use our website (‘Website Visitor’) or our cybersecurity products/services (‘Customer Users’), certain cookies or similar technologies may be used, including those we classify as “Necessary” or “Non-Essential”:
- Necessary Cookies — We use these cookies for our legitimate interests to ensure basic functioning of the website or cybersecurity products/services. These include cookies for security and authentication purposes, for example to identify the user for the duration of their session while using our product/service platform(s).
- Non-Essential Cookies — We use these cookies to analyze user behavior and advertise to you. We use these cookies per your consent, and you may opt-out of these cookies at any time by configuring your browser settings.
Most web browsers offer settings that permit the user to manage cookies. You can set your browser to refuse cookies or to alert you when websites set or access cookies. Please be advised that if you opt out of certain cookies, some website features may not function optimally. Necessary Cookies, including but not limited to those used for security and authentication purposes on our product/service platform(s) cannot be disabled.
13. Do not track disclosures
Our website does not respond to Do Not Track (DNT) signals.
14. Merger, divestiture, bankruptcy
If NetSPI should ever file for bankruptcy or be acquired by a third party, merge with a third party, sell all or part of our assets, or otherwise transfer substantially all our relevant assets to a third party, NetSPI is entitled to share the personal data to potential and subsequent business and merger partners.
15. Privacy notice changes
This privacy notice will be reviewed at least annually and updated as needed. For instance, this privacy notice may need to change as new legislation is introduced or as it is amended. This privacy notice was last updated February 2024.
16. Appendix: Personal data processing details
Depending on your relationship to NetSPI, we may process your personal data as indicated in the tables below. Please note it is likely not all these scenarios apply to you individually. Please contact us if you have any questions regarding the uses described in this notice.
Candidates: If you have applied for or are otherwise being considered for employment or independent contractor opportunities with NetSPI, we may use your personal data in the following ways. When Candidates transition to becoming Employees, they are provided additional notice regarding employee personal data processing.
Processing Activities | Our Purpose(s) | Types of Personal Data Processed (*Indicates Sensitive Data Types) | Legal Basis | Data Sources | Third Party Recipients |
Pre-Employment HR Activities | • Collect employment applications or otherwise source candidates, conduct interviews, and manage candidate database(s). • To verify that candidates who receive job offers are authorized to work in the applicable country.• To conduct background checks and substance screens (as requested by clients). | Affiliations – General, Career/Professional, Communications Received, Criminal, Demographic, Family, General Identifiers, Geolocation – Approximate, Finances*, Life History, Social Network, Government Identifiers*, Medical/Health*, Race or Ethnicity*, Substance Use*. | • Performance of a Contract.• Employment and Social Security or similar government benefits program purposes. | We receive this data directly from you, Third Party Recruiters, LinkedIn or similar business-based social media sources, and our third parties that facilitate background checks, substance screens, and work authorization status. | Our HR software or service providers, Work Authorization and Background Check partners, and the other NetSPI corporate entity(ies) may process your data. |
Customer Users: If your employer has contracted NetSPI for its products or services, and you are an end user of our technology offerings, we may use your personal data in the following ways.
Processing Activities | Our Purpose(s) | Types of Personal Data Processed (*Indicates Sensitive Data Types) | Legal Basis | Data Sources | Third Party Recipients |
Customer User Account Management & Support on NetSPI products. | • Provisioning and deactivating user accounts on NetSPI products.• Provide direct support to triage end user issues on NetSPI products.• Evaluate recent feature launches, provide input into new features, and identify other product improvement opportunities on NetSPI products.• Audit logs for security & operational purposes on NetSPI products. | Career/Professional, Communications Received, General Identifiers. | • Performance of a Contract.• Legitimate Interest. | We receive this data directly from you and your use of NetSPI products. | Our cloud infrastructure provider, IT software providers, and other NetSPI corporate entity(ies) may process your data. |
Customers & Partners (Resellers): If you are a point of contact for your company regarding our Sales, Marketing or Project Management activities, or if you collaborate with NetSPI as a partner/reseller of NetSPI offerings, we may use your personal data in the following ways.
Processing Activities | Our Purpose(s) | Types of Personal Data Processed (*Indicates Sensitive Data Types) | Legal Basis | Data Sources | Third Party Recipients |
Delivery Management | Using customer contact and related info to liaise with active customer contacts to ensure alignment with SOW/engagements. | Career/Professional, Communications Received, General Identifiers, Geolocation – Approximate, Participation. | Performance of a Contract. | We receive this data directly from you. | Our technology providers (cloud infrastructure and IT software) and our other NetSPI corporate entity(ies) may process your data. |
Events Management | To engage individuals in connection with events (tradeshows, webinars, etc.) our company hosts or participates in. | Career/Professional, Demographic, General Identifiers, Geolocation – Approximate, Images, Participation, Physical Traits. | Consent. | We receive this data directly from you and third-party event organizers. | Our Marketing software providers, third-party event organizers, and our other NetSPI corporate entity(ies) may process your data. |
Email Marketing | To provide prospects, customers, and partners marketing communications that promote NetSPI products, services or other information related to NetSPI’s ‘thought leadership’. | Behaviors, Career/Professional, Communications Received, Device Information, General Identifiers, Geolocation – Approximate, Participation. | Consent. | We receive this data directly from you and third parties such as advertising partners, LinkedIn, and ZoomInfo. | Our marketing software and service providers, and our other NetSPI corporate entity(ies) may process your data. |
Customer Surveys | To solicit feedback from customers for the purpose of improving operations, customer service or products/services. | Career/Professional, Communications Received, Device Information, General Identifiers, Product/Service feedback and other personal opinions expressed. | Consent. | We receive this data directly from you. | Our IT & Marketing software providers, and our other NetSPI corporate entity(ies) may process your data. |
Sales Cycle Activity | To communicate directly with customers regarding potential engagements throughout the sales cycle (qualification, scoping, proposal, negotiation, finalization). | Communications Received, General Identifiers, Geolocation – Approximate, Keyed Identifier, Participation, Preferences. | Legitimate Interest. | We receive this data directly from you, Client referrals, and third parties like LinkedIn and ZoomInfo. | Our IT & Sales software providers, sales service providers, and our other NetSPI corporate entity(ies) may process your data. |
Customer Success | To communicate with active and recent customers to enrich their use of NetSPI products/services and promote related products/services on an individual level. | Communications Received, General Identifiers, Geolocation – Approximate, Keyed Identifier, Participation, Preferences. | Legitimate Interest. | We receive this data directly from you, Client referrals, and third parties like LinkedIn and ZoomInfo. | Our IT & Sales software providers, sales service providers, and our other NetSPI corporate entity(ies) may process your data. |
Sales Development | To promote company products or services to individuals that have not demonstrated prior interest, or with whom we had prior relevant discussions. | Affiliations – General, Communications Received, General Identifiers, Geolocation – Approximate, Participation. | Legitimate Interest. | We receive this data directly from you and our interactions with you, Trade shows and other events, and ZoomInfo. | Our IT & Sales software providers, and our other NetSPI corporate entity(ies) may process your data. |
Partner Management | To establish and manage relationships with individuals from businesses interested in partnering with NetSPI. | Behaviors, Career/Professional, Communications Received, General Identifiers, Geolocation – Approximate, Participation. | Performance of a Contract. | We receive this data directly from you and ZoomInfo. | Our IT & Sales software providers, sales service providers, and our other NetSPI corporate entity(ies) may process your data. |
Accounts Receivable | Customer contact information is used in connection with invoicing activities. | Communications Received, General identifiers. | Performance of a Contract. | We receive this data directly from you. | Our Finance Software providers and our other NetSPI corporate entity(ies) may process your data. |
Vendors: If your employer has been contracted by NetSPI to provide us services, we may use your personal data in the following ways.
Processing Activities | Our Purpose(s) | Personal Data Categories | Legal Basis | Data Sources | Third Party Recipients |
Accounts Payable | Administrative functions related to paying vendors for the services they provide to our company. | Communications Received, General Identifiers, Geolocation – Approximate. | Performance of a Contract. | We receive this data directly from you. | Our finance software providers and our other NetSPI corporate entity(ies) may process your data. |
Contact Us
If you have any questions about this Privacy Policy, please contact us at privacy@netspi.com.