© 2023 All rights reserved
Last Revised: August 17, 2020
Fractional CISO helps companies with their cybersecurity strategy and execution. We are based in the Greater Boston Area.
Fractional CISO is committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
“Personal data” means data that reasonably can be used to identify a living person, or that reasonably relates to a living person.
When we use the term “Services,” we mean to refer collectively to:
We collect and process personal data about a number of different individuals through the provision of the Services. These individuals include our individual clients and prospective clients, their representatives, visitors to our offices, visitors to our Sites, vendors, and other individuals.
The majority of our clients are corporate entities and data about entities is not personal data. However, we process personal data of company employees, representatives and other personal data clients provide to us, or allow us to collect on their behalf, while providing the Client Services. This includes contact information and any other personal data that is relevant to or necessary for us to deliver the Client Services.
We also process personal data to assist in building relationships. This may include, but is not limited to, name, contact information, and job title.
We collect and use this information to provide the Client Services and for other legitimate business interests. For example, we use contact details to send communications and industry updates.
Our basis for processing personal data in connection with Client Services is:
Certain visitors interact with the Sites in ways that lead us to gather personal data. The amount and type of data that we gather depends on the nature of the interaction. For example, if you sign up to our mailing list we collect your name, contact details, job title and company name. Visitors can always refuse to supply personal data, with the caveat that it may prevent them from engaging in certain Site-related activities.
In addition, we collect information automatically as disclosed in our Cookie Notice, below.
The bases we rely on to process this information is:
For visitors to our offices we will take a record of name and contact information. This information is recorded for legitimate business purposes and for health and safety purposes so that we know who is in the building in event of an emergency.
The bases we rely on to process your personal data is:
We process personal data of vendors and business partners, including name and contact details. For vendors, we do this so that we can liaise about the services the vendors are providing to us now and in the future. For business partners, we do this to support, grow, and maintain the relationship. For individual vendors and business partners, we also may hold financial information in order to pay invoices. Sometimes we receive this information from a third party who is recommending the service to us.
The basis we rely on to process this personal data is:
The primary reason we process this personal data is to provide the Client Services, fulfill our professional duties, comply with law, and operate our business.
The bases we rely on to process your personal data is:
In addition to the uses described above, we may use your personal data for the following purposes. Some of these uses may, under certain circumstances, be based on your consent, may be necessary to fulfill our contractual commitments to you, or are necessary to serve our legitimate interests in the following business operations:
We share personal data with the following categories of recipients.
We may disclose your personal data to third-party service providers to provide us with services such as website hosting, professional services, including information technology services and related infrastructure, customer service, e-mail delivery, auditing and other similar services.
To Perform Client Services
We will also disclose personal data to the following categories of third parties: (1) anyone involved in the matter we are working on; (2) law enforcement, tax, and regulatory agencies and bodies; (3) insurers; and (4) service providers such as IT and telephony services, document production, and postal and delivery services.
We may disclose personal data to third parties in order to perform services you request or functions you initiate, such as when you post information and materials on message boards and forums. When you post information publicly.
We do not sell any personal data and have not sold any personal data in the past.
Corporate Transactions or Events
We may disclose your information to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital, including in connection with any bankruptcy or similar proceedings.
Other Legal Reasons
In addition, we may use or disclose your personal data as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of Fractional CISO, our affiliates, you and others; and (7) to enforce our terms and conditions.
Rights in other states and countries vary, but they may include the right to: (i) request access to and rectification or erasure of their personal data; (ii) restrict or object to the processing of their personal data; and (iii) obtain a copy of their personal data in a portable format. Individuals may also have the right to lodge a complaint about the processing of personal data with a data protection authority.
If you make a request related to personal data about you, you may be required to supply a valid means of identification as a security precaution.
Individuals in California may have a right under the California Consumer Privacy Act (“CCPA”) to request erasure of their personal data or access to personal data that we have collected in the last twelve (12) months.
You may submit requests for access or erasure of your personal information.
Individuals who submit requests for access or erasure of personal information will be required to verify their identity by answering certain questions. We will not disclose or delete any information until identity is verified.
If you are making a request for access, we may not be able to provide specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of your personal information, your account with us, or our systems or networks.
If you are making a request for erasure, we may ask that you confirm that you would like us to delete your personal information again before your request is submitted.
You may designate an authorized agent to submit a request on your behalf by providing that agent with your written permission. If an agent makes a request on your behalf, we may still ask that you verify your identity directly with us before we can honor the request.
Agents who make requests on behalf of individuals may be required to verify the request by submitting written authorization from the individual. We will not honor any requests from agents until authorization is verified.
We may periodically send you relevant alerts and newsletters by e-mail. To help improve our marketing activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.
You can review your Internet browser settings to exercise your options for certain Cookies. If you disable or delete certain Cookies in your settings, you may not be able to use features of the Sites.
The services contained in this section enable Fractional CISO to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics is a web analysis service provided by Google LLC (“Google”). Google tracks and examines the data collected on our Sites to prepare reports on its activities and share them with other Google services. Google may use the data collected to contextualize and personalize the ads of its own advertising network.
Personal Data collected: Cookies and usage data.
© 2023 All rights reserved
Only 1/3 of cyber insurance policies actually pay out in incidents. Most companies have cyber insurance policies that insure too little, or too much, and have absurdly low caps and silly exclusions.
To learn more about cyber insurance and determine if you have the right coverage for you, join us for a free vCISO Office Hours session on Tuesday, April 18 at 1 p.m. eastern time. Bring your questions!
Getting ready for your first SOC 2? This eBook is full of actionable advice to help you prepare for and succeed in your first SOC 2 audit.