Join the OffSec Evolution - Introducing Trickest's New Workflow Engine!
Privacy Policy
About us
Trickest Hive d.o.o. based in Belgrade – Republic of Serbia and our existing affiliates (including our parent company Trickest Inc.) or future affiliates (collectively “Trickest” or “we,” “us” or “our”) are the controllers with respect to your data. This means that we determine the purpose and manner in which your personal data is processed. The contact entity for any questions regarding how your personal data is being processed is „Trickest Hive“ d.o.o. Belgrade – Republic of Serbia, a limited liability company, operating and registered under the laws of the Republic of Serbia, with its registered headquarters in Humska 6, Apt 28, Belgrade, Serbia, or at: privacy@trickest.com
| TRICKEST AS CONTROLLER | TRICKEST AS PROCESSOR |
|---|---|
| We are the data controller when we collect and use information as described herein. In this case we are responsible for determining use of the Service, and for ensuring that all legal requirements applicable to processing of personal information through our Service are ensured. | We are the data processor when our customers collect and use information as described herein. In this case data controller is the customer who is solely responsible for determining how to use the Service, and for ensuring that all legal requirements applicable to processing of personal information through our Service are ensured. |
WHAT DOES THIS PRIVACY POLICY COVER
This privacy policy describes how Trickest (“we”, “us” or “our”) will make use of your information in the context of your use of our website as the “Website”, software as the “Platform”, and customer support (collectively the “Service”), and for marketing, sales, and advertising initiatives.
WHAT ARE WE DOING?
Trickest is a cybersecurity company developing ethical hacking and cybersecurity tools focused on empowering its users to proactively assess, identify and address information technology and system infrastructure vulnerabilities.
WHAT INFORMATION ABOUT YOU DO WE COLLECT?
When you make use of our Service, we collect information that identifies you. Beside storing analysis of your content on our servers hosted by AWS Cloud (e.g. documents, workflows, photos, videos, activity logs, time stamps, other usage data and data points, and direct feedbacks from you, which are sent or received using an online feature of our Service), we may share some of information that identifies you with third party platforms, which we ask to protect your information similar to this policy.
WHEN YOU BROWSE OR VISIT OUR WEBSITE
When you browse or visit our Website, we collect information that identifies you such as:
| Personal Data we collect | Main third parties with whom we share your Personal Data |
|---|---|
| - Hardware: User Agent; Operating System; Browser; Location; - Route: Website that led you to our website; - Activity: Use and navigation of website; Search terms entered into a search engine which lead you to our website; |
Main explicit sharing with 3rd party platforms providing analytics such as: - Google Analytics (customer experience analytics tool); Main consent based sharing (cookies data) with 3rd party platforms providing analytics such as: - Hotjar (customer experience analytics tool); Main 3rd party platforms providing storage such as: - Google Cloud, - AWS Cloud; |
A list of all third party platforms with which we share information that identifies you, the information defined above, can be found HERE and will be updated from time to time.
WHEN YOU MAKE A USE OF OUR WEBSITE TO CONTACT US
When you use our Website to request a product demo, free trial access to our Platform, apply for specific job position, or contact us for support, feedback or other offerings, we collect information that identifies you such as:
| Personal Data we collect | Main third parties with whom we share your Personal Data |
|---|---|
| - Personal Data: Full Name; Email address; Company name as optional information; - Recruitment Personal Data: Information in resume/cv, (schools or previous employment) along with other relevant information to the extent you are applying for an open position with us; - Hardware: IP address; User Agent; Operating System; Browser; - Activity: Security Enhancement Program “SEC” details; People with whom you communicate or share content or SEC requests; Types of apps and websites of interest; Activity on third party sites and apps that use our services; Types of industries and services of interest; and Content of customer support communications. |
Main explicit sharing with 3rd party platforms providing support such as: - Paperform (customer relations management tool); Main 3rd party platforms providing storage such as: - Google Cloud (storage), - AWS Cloud (storage); |
A list of all third party platforms with which we share information that identifies you, the information defined above, can be found HERE and will be updated from time to time.
WHEN YOU CREATE AN ACCOUNT, LOGIN AND MAKE A USE OF OUR PLATFORM
When you register to use our Platform, login and make use of our Platform, we collect information that identifies you such as:
| Personal Data we collect | Main third parties with whom we share your Personal Data |
|---|---|
| - Personal Data: Email address; Company name; - Activity: Use and navigation of our software, including logins and other actions taken, time stamps, and other usage data. |
Main explicit sharing with 3rd party platforms providing analytics and support such as: - Intercom (customer service tool), - Segment (customer experience management tool), - Mixpanel (customer experience analytics tool), - Hubspot (customer relationship management tool); Main consent based sharing (cookies data) with 3rd party platforms providing analytics and support such as: - Hotjar (customer experience analytics tool); Main 3rd party platforms providing storage such as: - Google Cloud (storage), - AWS Cloud (storage); |
A list of all third party platforms with which we share information that identifies you, the information defined above, can be found HERE and will be updated from time to time.
WHEN YOU MAKE A USE OF OUR PLATFORM TO CONTACT US
When you use our Platform to contact us for support, feedback or other offerings, we collect information that identifies you such as:
| Personal Data we collect | Main third parties with whom we share your Personal Data |
|---|---|
| - Personal Data: Username; - Activity: Usage info as timestamp and other relevant data, and content send; |
Main Explicit sharing with 3rd party platforms providing support such as: - Intercom (customer service tool); Main 3rd party platforms providing storage such as: - Google Cloud (storage), - AWS Cloud (storage); |
A list of all third party platforms with which we share information that identifies you, the information defined above, can be found HERE and will be updated from time to time.
COMBINING THE DATA
We may combine information provided by you to ensure accuracy of the data with information from third party sources, and we may also collect information to detect, prevent, or otherwise address fraud, security, or technical issues, as well as to protect against harm to the rights, property or safety of our company, employees, users, vulnerable categories, or the public.
TRICKEST EMAILS AND TEXTS
Emails we send you may include web beacons through which we see if you have received or opened the email, or clicked a link in the email (you can opt out from collection and receiving our marketing).
TRICKEST ADVERTISING
We may advertise online, including displaying our ads to you on other companies’ websites and on social media platforms, such as Facebook. Trickest Service uses cookies and similar technologies that allow us to gather additional information to measure and improve the effectiveness of our advertising, such as:
- Which ads are displayed
- Which ads are clicked on
- Where the ad was displayed
HOW DOES TRICKEST USE THE INFORMATION IT COLLECTS ABOUT ME, AND WHAT ARE THE LEGAL BASES FOR THESE USES?
Trickest uses the information we collect about you for the following purposes:
To comply with a contract, or take steps linked to a contract: this is relevant where you register to use an Trickest Platform (whether paid, or as a free trial). This includes:
- Providing you with the requested Service;
- Verifying your identity;
- Processing payments;
- Sending you communications (for example, related to payments);
- Sending communication related to an SEC; and
- Providing customer service or support.
As required by Trickest to conduct our business and pursue our legitimate interests, in particular:
- Providing you with the Service for which you have registered;
- Analyzing your use and measuring effectiveness of our Service;
- Sending you information about our products and services and similar information;
- For various events which we may organize;
- For recruitment purposes;
- Sharing your information with 3rd parties for their own marketing purposes (where your consent is not required);
- Analyzing your use and content on the Service to customize marketing communications (where your consent is not required);
- Analyzing your content through techniques such as machine learning to improve our Service (where your consent is not required);
- Create aggregated statistical data, inferred non-personal data, or anonymized or pseudonymized data (rendered non-personal and non-identifiable), which we or our partners or customers may use to provide and improve our Service.
- Detecting, preventing, or otherwise addressing problems, fraud, security or technical issues, as well as protecting against harm to the rights, property or safety of the company, our users, or the public;
- Sharing your information with third party Customer Experience and Analytics tools that help us in better understanding, enhancing your experience and improving usage of the Platform, on the basis of our legitimate interest in ensuring your data, our other clients data and our services are secure;
- Conducting surveys and market research about our customers (unless we need consent to undertake such surveys, in which case we will only do this with your permission);
- Investigating and responding to any comments or complaints;
- Checking the validity of the account number and card number (we may use third parties for this);
- If we merge with or are acquired by another company, sell the Service or business unit, or if all or a substantial portion of our assets are acquired by another company, your information will likely be disclosed to our advisers and any other prospective purchaser’s advisers and will be one of the assets that is transferred to the new owner;
- In connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of information in connection with government agency requests, legal process or litigation).
Where we process your information based on legitimate interests, you can object to this processing in certain circumstances. In such cases, we will cease processing information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
Where required, when you give us your consent (which you can withdraw at any time) or otherwise consistent with your choices:
- Sending you information about our products and services, special offers and similar information, and sharing your information with third parties for their own marketing purposes;
- Placing cookies and using similar technologies on our website and in email communications, in accordance with this policy and the information provided to you when those technologies are used;
- Accessing information stored on your device relating to your use of the Service and crash reports; and
- Analyzing your content using techniques such as machine learning in order to improve our services and the user experience;
For legal reasons:
- Responding to requests by government or law enforcement authorities conducting an investigation or to detect, prevent, or otherwise address misuse, fraud, security, potential illegal activities, or technical issues and software piracy.
Where this processing and these disclosures are not strictly required by law, we may rely on our legitimate interests and those of third parties described above.
DOES TRICKEST SHARE MY PERSONAL INFORMATION?
1. SHARING WITH OTHER DATA CONTROLLERS
We will share your personal information within our group of companies (as identified on our website) for the purposes identified above. We may also share your personal information with other third-party data controllers. The types of third parties your information may be shared with include:
- contractors
- vendors
- resellers
- sales partners
- advertisers
- research org
- information services providers
- fraud monitoring providers
- publishers
- Cloud Providers
Related to Contributors who participate in certain Security Enhancement Programs, to be able to allow those Publishers to contact Contributors and interact directly or as otherwise authorized by the Contributor with respect to the specific SEC, we may share information to Publishers about those Contributors to the extent required for the SEC, such as:
- Name
- Company name(if any)
- Contact data
Third-party data controllers may also use Trickest platform to collect and process your personal information. If you are using an email address that is associated with a business domain to access Trickest’s Service, or if you were invited to use the Service by a business, we may share your information to that business.
2. SHARING FOR FRAUD PREVENTION, SAFETY AND SECURITY PURPOSES
We will share personal information with companies, organizations or individuals outside of Trickest if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues, as well as to protect against harm to the rights, property or safety of the company and our employees, our users, vulnerable categories or the public as required or permitted by law.
3. Other Information Sharing
Trickest may also share your personal information based on:
- Legal Process: When we have a good faith belief that we are required to provide information in response to a subpoena, court order, or other applicable law or legal process, or to respond to an emergency.
- Corporate Restructuring: Merger or acquisition by another company, sell of all, or a substantial portion of our assets or business to another company, your information will likely be disclosed to our advisers and any prospective purchaser’s advisers and will be one of the assets that is transferred to the new owner.
- Statistics: We may share or publish aggregate information that doesn’t specifically identify you, such as statistical information about visitors to our websites or statistical information about how customers use the website.
IS MY PERSONAL INFORMATION SECURE?
We employ administrative, technical, and physical security controls where appropriate, and strict contractual confidentiality obligations for employees and contractors. Nevertheless, no security system is impenetrable, and system failures or bad actors activity may happen which prevents us from making any guarantees that the information and data within our control, is absolutely secure.
WHERE DOES TRICKEST STORE MY PERSONAL INFORMATION?
Your personal information and files are stored on our servers and the servers of companies we hire to provide services to us, such as hosting providers.
DOES TRICKEST TRANSFER MY PERSONAL INFORMATION ACROSS NATIONAL BORDERS?
The main locations where we process your personal information are in the Republic of Serbia and the US, but we may also transfer personal information to other countries in the world where our platform is available or we are engaged in business development. Currently, all our servers from hosting providers are based in Frankfurt, Germany, Europe. We carry out these transfers in compliance with applicable laws – for example, by putting data transfer agreements in place to help protect your personal information. We rely on one or more of the following legal mechanisms to ensure adequate protection: European Commission approved Standard Contractual Clauses, or your consent in certain circumstances. A copy of the relevant mechanism can be provided for your review upon request, using the contact details.
WHAT RIGHTS DO I HAVE IN RESPECT OF MY PERSONAL INFORMATION AND HOW CAN I EXERCISE THESE?
We process your personal data in accordance with the applicable law and you have the right:
Access
- you have the right to obtain a confirmation whether or not we process your personal data;
- to have access to the type of personal data and to the conditions of processing;
- you have the right to obtain the personal information you provide to us for a contract or with your consent in a structured, machine-readable format.
Rectification
- you have the right to request, the rectification of inaccurate or incomplete personal data which we have about you
Erasure
- you have the right to request erasure of your personal data in case
- the data are no longer necessary for their original purpose (and no new lawful purpose exists),
- we initially process your data based on your consent and you withdraw your consent and therefore no lawful ground exists anymore,
- you object and we have no overriding grounds for continuing the processing,
- the data have been processed unlawfully,
- erasure is necessary for compliance with applicable law
Restriction
- you have the right to ask for the restriction of processing in cases where you consider that the personal data processed is inaccurate or unlawful
Withdraw
- you have the right to withdraw your consent for processing
Object
- you have the right to object to the data processing and to object at any moment to the data processing for direct marketing purposes and the right not to be subject to a decision based solely on automated processing
Portability
- you have the right to ask us to port your information to another controller in a structured, machine-readable format
Complain
- you have the right to file a complaint with the Data Protection Authority and the right to address to the competent courts of law.
WHAT RIGHTS DO I HAVE IF I AM A CALIFORNIA CONSUMER?
In addition to the rights above, see California Consumer Privacy Rights for additional information. Please note that we do not sell the personal information we collect to other parties.
WHAT RIGHTS DO I HAVE IF I AM A CALIFORNIA CONSUMER?
In addition to the rights above, see California Consumer Privacy Rights for additional information. Please note that we do not sell the personal information we collect to other parties.
WITHDRAWING CONSENT OR OBJECTING TO DIRECT MARKETING
We and the companies we hire may use your information to provide you with information and offers related to Trickest. Where we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your information for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have the right to opt-out of direct marketing, at any time by:
- Updating your preferences in your account
- Clicking the unsubscribe link at the bottom of our marketing emails
- E-mail us using the details provided here
HOW LONG DOES TRICKEST RETAIN MY INFORMATION?
We will store your personal data for the period of time necessary to achieve the purposes described in this policy and in accordance with our legal obligations, our contractual obligations or the industry practices. When you register for an account, we process and keep most personal information we have about you for as long as you are an active user. When you close your account, we begin deleting (in accordance with our procedures, which may involve archiving, anonymizing or destroying it) certain personal information that we no longer have a business reason to retain. However, we will retain personal information related to our contract and business transactions with you for 5 years from the termination of our agreement with you, unless the applicable law specifies otherwise.
Where we process personal information for marketing purposes or with your consent, we process the information until you request us to stop the processing. We also keep a permanent record of the fact that you have asked us not to send you direct marketing or to process your information so that we can respect your request in future.
DOES TRICKEST USE COOKIES AND SIMILAR TECHNOLOGIES?
Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring your preferences and settings, enabling you to sign in, combating fraud, analyzing how our Service perform, remembering your preferences, measuring your use of our Service, understanding your interests so we can provide you more relevant content, running the solutions that help our customers improve the security and performance of their websites and digital infrastructure.
We also use “web beacons” (or “tags” bits of programming code included in web pages, emails, and ads that notify us or our partners when those web pages, emails, or ads have been viewed or clicked on) to help deliver cookies and gather usage and performance data. Our Service may include web beacons, cookies, or similar technologies from third-party service providers. Depending on the purpose for which they are used cookies can be: essential (for the functionality of the Service); functional (for enhancement of your experience and remembering your preferences); analytical (for understanding how the Service is used), advertising (for providing offers and services). Cookies can also be “first” or “third” party based on the Service or domain placing it. Third party cookies are set by third parties’ websites or domains that you are visiting and are other entities than Trickest. You have the tools to control the data collected by cookies, web beacons, and similar technologies. For example, you can use the settings in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies.
WHERE CAN I SEE THE COOKIE LIST?
You can see the cookies we are using on our Platform HERE.
WILL THIS PRIVACY POLICY CHANGE?
We may update this privacy policy (or other related documents) to allow Trickest to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will change the “last updated” date at the top of this policy and the revised policy will be posted to this page so that you are aware of the information we collect, how we use it, and under what circumstances we may disclose it. Under certain circumstances (for example with certain material changes) we will provide notice to you of these changes and, where required by applicable law, we will obtain your consent. Notice may be by email to you, by posting a notice of such changes on our apps and websites, or by other means consistent with applicable law.
WHO CAN I CONTACT WITH QUESTIONS OR CONCERNS?
If you have a privacy question or request, please send us an e-mail at: privacy@trickest.com