CMMC: Cybersecurity Maturity Model Certification

TechGuard Security Privacy Policy

Purpose

The purpose of this TechGuard Security, LLC Privacy Shield Statement is to outline how we comply with the Principles with respect to personal information we collect. TechGuard Security provides the following services:

 

• Resell Security Awareness Training & Phishing Simulator subscriptions
• Cybersecurity Assessment including
  • vulnerability assessment
  • penetration testing
  • wireless access point assessment
  • social engineering campaigns
  • IT security control assessments

 

How We May Receive Your Information

TechGuard Security may receive your personal information through several means; through meetings at conferences or events where you provide your business card, through our website when you utilize our “subscribe” or “contact” forms, through direct email contact, referrals and leads.

What Information We Collect

The Personally Identifiable Information (PII) we collect includes:

• Your first and last name
• Business address
• Phone number
• Email address

Non-personally identifiable information we collect from our website includes:

• IP address and geolocation based on the IP address
• Age range
• Gender
• Site visitation information
• Page views
• Browsers used
• Browser capabilities
• Site search queries

 

How and When Your Information is Collected

• You agree to allow third-party sites to share you contact information with us
• You communicate with us regarding our services or content
• You subscribe to our services
• You subscribe to our mailing lists or newsletters
• You purchase our services and when you access our website
• You complete a job application or submit a resume for potential employment

 

Why We Collect Data

We collect your personal data for legitimate business purposes, including these and other similar purposes:

• To establish, maintain, and manage our business relationships
• Where collection enables us to enhance, modify, personalize, or otherwise improve our services and communications for the benefit of our customers
• Process and respond to privacy concerns or complaints
• To enhance the security of our network and information systems
• To better understand how visitors interact with our services
• To determine the effectiveness of advertising campaigns
• To determine suitability for an employment opportunity

 

Reuse of Your Personal Information

We will not reuse personal data for a new purpose other than the original use for which it was collected, unless one or more of the following apply:

• The new use is compatible with the original use, meaning you should reasonably expect a similar use,
• We have notified you of the new use and given you an opportunity to object to it; or
• The new use is otherwise permitted or required by law

 

Third Party Service Providers

TechGuard subscribes to third party SaaS applications in order to provide our services to you. These services include:

• Customer Relationship Manager (CRM)
• Proposal Development
• Marketing
• Email, File Storage
• Custom Reporting

We may use other businesses to perform certain specialized services. In such instances we will obtain, in writing, assurance third parties will provide at least the same level of privacy protection required by the Principles.

TechGuard Security remains liable under the Privacy Shield Principles if an agent or third-party processes Personal Data covered by this Privacy Shield Policy in a manner inconsistent with the Principles, except where TechGuard Security is not responsible for the event giving rise to the damage.

 

Retention, Destruction, and Disclosure of Your Personal Data

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or for the reasons listed below and any similar:

• To enforce compliance with our Terms of Use and applicable law.  This may include developing and using tools that help detect fraud and prevent violations.
• To protect the rights and safety of our customers and third parties, as well as our own.
• To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
• To provide information to representatives and advisers, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.

Depending on the purpose, retention periods will vary.  The criteria we use to determine retention periods include whether:

• We are under a legal, contractual, or other obligation to retain personal data pursuant to data retention laws, as part of an investigation or for litigation purposes
• Personal data is needed to provide our business services including performance improvement and to maintain accurate business and financial records
• If you have consented to us retaining your personal data for a longer period, we retain that data with your consent.

If we must disclose your data to a third party, we will do so only under these circumstances:

• We are required to do so by law, court order or legal process
• Under the discovery process in litigation
• To enforce our policies or contracts
• To collect debts owed to us
• When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity
• Or, if we, in good faith, believe disclosure is otherwise necessary or advisable. In addition, server logs may be reviewed for security purposes including detection of unauthorized activity on our services. In such cases, server log data containing personal data may be shared with law enforcement agencies, so they may identify users in connection with an investigation of unauthorized activities.

 

For EU Individuals: Your Rights under the General Data Protection Regulation

There are additional rights under the European Union’s General Data Protection Regulation which may apply to you If you wish to correct, update, block or delete data which we maintain, please inform us by sending an email to [email protected].

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In
some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

Links to Third Party Websites

Our website may contain links to sites and/or applications operated by third parties. We make no representations or warranties in relation to the privacy practices of any third- party site or application and we are not responsible for any third-party content or privacy statements. Your use of such sites and applications is subject to the relevant third-party notices.

Use of Cookies and Online Tracking

Our website makes use of cookies which are small digital files stored in your web browser that enable us to track your return visits to our website. Your browser settings may allow you to block these cookies, but we recommend you have them enabled to help us personalize your experience on our website. Additionally, 3rd party advertisers on our site may use cookies for tracking purposes.

Options to Limit Use of Your Data

We are committed to providing you with informed choices about the information we collect to provide you with information about our services. There are options available if you would like to apt out of any of the technology tools we use.

Cookies: You can manage the use of cookies on your computer using controls in your browser.  To learn more about how to manage cookies, visit http://www.allaboutcookies.org.

Google Analytics:  We utilize Google Analytics to help us track and analyze our web site traffic.    If you would like to prevent Google Analytics from utilizing your data, an opt-out browser add-on is available HERE.

Change of Ownership or Business Transition

Should we have any change to our business, such as merger, acquisition, or sale of our company, your personal information as we have it stored may be transferred in accordance with applicable privacy laws. In the event a business change as described, we may disclose your data to the prospective seller or buyer of such business or assets, subject to their entering into appropriate confidentiality undertakings (such as non- disclosure agreements) prior to the effective date of said change.

Complaints and Concerns For EU Individuals: Privacy Shield Notice for Personal Data Transfers to the United States

TechGuard Security complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries to the United States pursuant to Privacy Shield. TechGuard Security has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

The Federal Trade Commission has jurisdiction with enforcement authority regarding our Compliance with the Privacy Shield Principles.

We are subject to various laws which may provide you rights to your personal data. For example, for EU data transferred to the United States pursuant to Privacy Shield, the Privacy Shield Principles provide the right to access your personal data, including limiting its use and disclosure.

Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable time frame.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

TechGuard Security’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. TechGuard Security remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless TechGuard Security proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, TechGuard Security commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact TechGuard Security by email at [email protected] or via post at:

Email: [email protected]

Mail: TechGuard Security, LLC

ATTN: Data Privacy Officer

703 Seibert Rd. Suite 2

Scott AFB, IL 62225

TechGuard Security has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to
you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

How to Contact Us

If you have any questions regarding the handling of your data or if you have a privacy concern, please contact our Data Privacy Officer.

Email:  mailto:[email protected]

Mail:  TechGuard Security, LLC

ATTN:  Data Privacy Officer

703 Seibert Rd. Suite 2

Scott AFB, IL 62225

Changes to Our Privacy Notice

We will review this notice periodically and may modify it at our discretion. We encourage you to review this Privacy Notice on a regular basis to ensure you are informed on our data privacy practices.