Define the Risks
Defend the Assets
Your privacy is of paramount importance to us. At LeveL5Cyber we have a few fundamental principles:
LeveL5Cyber, LLC. (“LeveL5Cyber”, “we”) operates LeveL5Cyber.com. It is LeveL5Cyber’s policy to respect your privacy regarding any information we may collect while operating our website, products and services (“Services”).
We do not ask you for personal information unless we truly need it.
We do not share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
We do not store personal information on our servers unless required for the on-going operation of one of our services.
If you have questions about deleting, correcting your personal data, or limiting collection or use, please contact our team and review the Manage Consent link at the bottom of each page.
In the course of marketing our Services, we will collect information on customers or potential customers in the course of doing business. This may include names, job titles and roles, current employers, employer’s address, as well as contact information such as email addresses or phone numbers. For example, if you reach out to us through our contact page, we will collect your name and email address and/or phone number.
Like most website operators, LeveL5Cyber collects non-personally identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. LeveL5Cyber’s purpose in collecting non-personally identifying information is to better understand how LeveL5Cyber’s visitors use its website. From time to time, LeveL5Cyber may release non-personally identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
While this is not common, there may be circumstances where we would have to retain evidence that would contain personally identifying information from our customers in the course of delivering our Services. An example of this is when we have to respond to an incident or collect evidence of adhering to a compliance or regulatory standard.
LeveL5Cyber may collect statistics about the behavior of visitors to its websites. For instance, LeveL5Cyber may monitor common landing pages or pages related to our services to ensure good customer engagement. LeveL5Cyber may display this information publicly or provide it to others. However, LeveL5Cyber does not disclose personally identifying information other than as described below.
LeveL5Cyber discloses potentially personally identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on LeveL5Cyber’s behalf or to provide services available at LeveL5Cyber’s websites, and (ii) that have agreed not to disclose it to others. For example, evidence containing personally identifying information may be collected to provide expert advice around the scope of services for a customer.
Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using LeveL5Cyber’s websites, you consent to the transfer of such information to them.
LeveL5Cyber will not rent or sell potentially personally identifying to anyone. Other than to its employees, contractors and affiliated organizations, as described above, LeveL5Cyber discloses potentially personally identifying information only in response to a subpoena, court order or other governmental request, or when LeveL5Cyber believes in good faith that disclosure is reasonably necessary to protect the property or rights of LeveL5Cyber, third parties or the public at large.
If you are a registered user of a LeveL5Cyber website and have supplied your email address, LeveL5Cyber may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with LeveL5Cyber and our services. We primarily use our various blogs to communicate this type of information, so we expect to keep this type of email to a minimum. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users.
If LeveL5Cyber, or substantially all of its assets, were acquired, or in the unlikely event that LeveL5Cyber goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of LeveL5Cyber may continue to use your personal information as set forth in this policy.
LeveL5Cyber is committed to the security of your information, and has in place physical, administrative and technical measures designed to prevent unauthorized access to that information. LeveL5Cyber security policies cover the management of security for both its internal operations as well as the services.
LeveL5Cyber is also committed to reducing risks of human error, theft, fraud, and misuse of LeveL5Cyber facilities. LeveL5Cyber’s efforts include making personnel aware of security policies and training employees to implement security policies. LeveL5Cyber employees are required to maintain the confidentiality of services data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.
LeveL5Cyber promptly evaluates and responds to incidents that create suspicions of unauthorized handling of services data. LeveL5Cyber Management is informed of such incidents and, depending on the nature of the activity, define escalation paths and response teams to address the incidents. If LeveL5Cyber determines that your services data has been misappropriated (including by an LeveL5Cyber employee) or otherwise wrongly acquired by a third party, LeveL5Cyber will promptly report such misappropriation or acquisition to you.
California Civil Code Section 1798.83, known as the “Shine The Light” law, permits our customers who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, we currently do not share any personal information with third parties for their direct marketing purposes.
The California Consumer Privacy Act gives their citizens new rights as of January 1, 2020. LeveL5Cyber, at this time, does not meet the thresholds for applicability, LeveL5Cyber does uphold the principles of the act.
LeveL5Cyber will be adopting Standard Contractual Clauses (SCCs) for transfers of online advertising and measurement of personal data out of the Europe Economic Area, Switzerland and the UK.
The nature of LeveL5Cyber’s business is to lawfully protect the data subject’s vital interests. The European Union General Data Protection Regulation (GDPR) mentions IT security as a legitimate interest. LeveL5Cyber provides services that are designed to identify security issues. The information collected and generated by our services is often highly sensitive. Therefore to ensure the highest standards possible, LeveL5Cyber maintains GDPR compliance with both internal business processes and with respect to the services we perform for clients.
ATTN: Privacy Officer
80 Broad Street
New York NY 10004