Ataata's Privacy Policy and GDPR Compliance

EFFECTIVE DATE: 1ST MAY 2018

LAST UPDATED DATE: 1ST MARCH 2018

ATAATA, Inc. (“ATAATA,” “We,” “Us,” “Our,” or the “Company”) is committed to protecting privacy of individual. ATAATA provides a website (https://secure.ataata.com) that allows individuals, including security professionals, to view certain information relating to security that is made available on the website (“Website”) or any individual (“Customers”) who is registered on Our application (collectively, the “Application(s)”) and who uses the online services (“Services”). This Privacy Policy governs the collection and use of all the information collected from all of Our sources, whether the Application or other source. Any terms not defined herein shall have the meaning given to them in the associated Terms of Use available at www.ataata.com/terms-of-service

Your privacy is important to ATAATA. “You” and “Your” refers to the individual or legal entity, as applicable, that accessing the Website and/or Application.

Please read the following carefully to understand Our views and practices regarding Your Personal Data (defined below) and how We collect, use and disclose the Personal Data and Company Data (defined below) that We collect through the Application. We draw Your attention in particular to Sections 4 (International Data Transfer) and 9(a) (Email Communications). By visiting the Website and/or using the Application, You are accepting and consenting to the practices described in this Privacy Policy.

1. Questions; Contacting ATAATA; Reporting Violations

You have any questions, concerns or complaints about Our Privacy Policy or Our data collection or processing practices, or if You want to report any security violations to Us, please contact Us by mail at the following address:

ATAATA, Inc.
Attn: Reporting Violations
4500 East West Highway
Suite 125
Bethesda, MD 20814

or Email Us at: contact@ataata.com

In compliance with the Privacy Shield Principles, ATAATA commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact ATAATA at: contact@ataata.com

ATAATA has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.

If You have an unresolved privacy or data use concern that We have not addressed satisfactorily, please use the online dispute resolution platform, (free of charge) at http://ec.europa.eu/odr. All disputes will be resolved by a third party.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

2. User Consent

By submitting Personal Data (as defined in section 5) through the Application or having such Personal Data collected through Your use of the Application or Services, You agree to the terms of this Privacy Policy, and You expressly consent to the collection, use and disclosure of Your Personal Data in accordance with this Privacy Policy.

Additional information on consent for European Union Users:

By selecting "Agree" option or any other check box indicating Your acceptance to this privacy policy, You expressly consent to the following:

  • You consent to the collection, use, disclosure and processing of Your personal data in the manner described in this privacy policy, including Our procedures relating to cookies, IP addresses and log files.
  • You consent to processing of Your personal data in the United States since Our servers are based in the United States. You consent to the transfer and processing of Your personal data in the United States by ATAATA.
  • You consent and agree that We may store Your data to Our hosting partner located in United States. Your consent is voluntary and You may revoke Your consent by opting out at any time. Please note that if You opt-out, We may no longer be able to provide You Our Services.
  • You consent to Us sharing Your personal data with relevant persons working as service providers, who assist Us to provide Our services.
  • If You have enabled cookies on Your web browser, You consent to Our use of cookies as described in this privacy policy.

If You later want to change Your consent, contact ATAATA at contact@ataata.com

3. A Note About Children

We do not intentionally gather Personal Data from visitors to the Application who are under the age of 13. If a child under 13 submits Personal Data to ATAATA and We learn that the Personal Data is the information of a child under 13, We will attempt to delete the information as soon as possible. If You believe that We might have any Personal Data from a child under 13, please contact Us at contact@ataata.com.

4. International Data Transfer

Information, including Personal Data, that We collect from You, will be transferred to, stored at and processed by Our affiliates and other third parties in a country outside the European Economic Area, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By accessing the Application, You agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that Your Personal Data is treated securely in accordance with this Privacy Policy.

5. Types of Data We Collect

We get information about You in a range of ways, including Personal Data and Company Data. "Personal Data" means data that allows someone to identify or contact You, including, for example, Your name, e-mail address, as well as any other non-public information about You that is associated with or linked to any of the foregoing data. "Company Data" means data specific to a company, such as, a company's name, address, telephone number, and e-mail address; as well as company's employee names and department names. "Anonymous Data" means data that is not associated with or linked to Your Personal Data; Anonymous Data does not, by itself, permit the identification of individual persons. We collect Personal Data, Company Data, Anonymous Data and other information as described below.

(a) Information directly provided to Us.

  • We may collect Personal Data from You, such as Your first and last name.
  • We may also collect Personal Data at other points on Our Application that state that Personal Data is being collected.
  • Your personal details, that have been provided towards registration to use Our training Application, will only be used to send You a Welcome e-mail, e-mail notifications and respond to the requests that You make; thus to aid ATAATA in serving You better.
  • If You provide Us with feedback or contact Us via e-mail, we will collect Your name and email address, as well as any content included in the e-mail, in order to send You a reply.
  • We may request that You complete a questionnaire or survey. We may collect Personal Data and other information You provide as part of a survey. The survey information will be stored in the database.
  • We would generate statistical data out of Your responses and provide a dashboard to Your management, offering them direct line of sight into Company's overall training program.
  • The Customers who have opted for phishing service in Our Application, will have an option for their administrator to launch phishing campaign. Your response to fake phishing emails and reports of campaign result is recorded and published on the performance dashboard within Our Application.

(b) Information Collected via Technology

  • Information Collected by Our Servers: To make Our Application and Services more useful to You, Our servers (which may be hosted by a third party service provider) collect information from You, including Your browser type, operating system, Internet Protocol ("IP") address (a number that is automatically assigned to Your computer when You use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for Your visit.
  • Log Files: As is true of most websites and applications, We gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider ("ISP"), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends, provide You with access to the Application, track users' movements around the Application and better tailor the Application and Services to Your needs. Except as noted in this Privacy Policy, We do not link this automatically-collected data to Personal Data.
  • Cookies: Like many online websites, We use cookies to collect information. "Cookies" are small pieces of information that a website sends to Your computer's hard drive while You are viewing the website. We use session Cookies (which expire once You close Your web browser). Upon user authentication in the system a signed session cookie is established which is then used for identifying the user for subsequent transactions. Cookies are set for the duration of the session, which is also terminated automatically after about 1 hour of inactivity. Information We store inside the cookie is purely for the purpose of session management inside the ATAATA platform.

    ATAATA platform allows administrator to link to any URL with a gif image they like on "http://i.giphy.com". ATAATA does not have any control over these 'third party' cookies, so We suggest You to check the respective cookie policy for these external services to help You understand their cookies and how to manage these cookies.
  • Pixel Tags : In addition, We use "Pixel Tags" (also referred to as clear Gifs, Web beacons, or Web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to Cookies, which are used to track online movements of Web users. Pixel Tags also allow Us to send e-mail messages and they tell Us whether e-mails have been opened. This is done only for the Customers, who have enabled phishing extension in Our Application to launch phishing campaigns and simulate phishing attacks. We may use this information to provide Your employer with phishing simulation statistic.

6. Use of Your Personal Data

(a) General Use. In general, the Personal Data You submit to Us is used to respond to requests that You make, or to aid Us in serving You better. We use Your Personal Data in the following ways:

  • facilitate the creation of and secure Your Account on Our network;
  • improve the quality of experience when You use Our Application and Services;
  • respond to Your inquiries and other requests;
  • send You a Welcome e-mail to verify ownership of the e-mail address provided when Your Account was created;
  • send you training module assignments and reminders
  • send You administrative e-mail notifications, such as security, or support and maintenance advisories;
  • launch phishing campaign by Your administrator through Our Application;
  • generate reports of phishing campaign result and publish it on the performance dashboard for Your management (Only applicable to those Customers who have opted for Phishing Service in the Application).
  • generate statistical data and provide performance dashboard to Your management, offering them direct line of sight into Company's overall training program.
  • send newsletters, surveys, offers, and other promotional materials related to the Application or Services, and services made available by third parties and for other marketing purposes of ATAATA.

(b) Creation of Anonymous Data. We may create Anonymous Data records from Personal Data, Company Data, and other information, such as information from surveys, by excluding information (such as Your name) that makes the data personally identifiable to You. We use this Anonymous Data to analyze request and usage patterns so that We may enhance the content of Our Services and improve Website navigation. We reserve the right to use Anonymous Data for any purpose and disclose Anonymous Data to Your management at Our sole discretion.

7. Disclosure of Your Personal Data

We recognize that You have entrusted us with safeguarding the privacy of Your information. Because that trust is very important to us, the only time We will disclose or share Your personal information or survey data with a third party is when We have done one of three things, in accordance with applicable law: (a) given You notice, such as in this privacy policy; (b) obtained Your express consent, such as through an opt-in checkbox; or (c) de-identified or aggregated the information so that individuals or other entities cannot reasonably be identified by it. Where required by law, We will obtain Your express consent prior to disclosing or sharing any personal information.

ATAATA maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations, and ATAATA may be liable if they fail to meet those obligations and We are responsible for the event giving rise to damage.

(a) Third Party Service Providers. We may share Your Personal Data with third party service providers to: provide You with the Application and Services, including to conduct quality assurance testing; to facilitate creation of accounts; to provide technical support; and/or to provide other services to ATAATA. We will not, without Your permission, sell publish or share information You entrust to us that identifies You or any person. ATAATA stores your personal data for product use in Amazon Web Services (AWS).

(b) Corporate Restructuring. We may share some or all of Your Personal Data in connection with or during negotiation of any merger, financing, acquisition or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of Our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset. If another company acquires Our Company, business, or assets, that company will possess the Personal Data collected by Us and will assume the rights and obligations regarding Your Personal Data as described in this Privacy Policy.

(c) Other Disclosures. Regardless of any choices You make regarding Your Personal Data (as described below), ATAATA may disclose Personal Data if it believes in good faith that such disclosure is necessary (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas or warrants served on ATAATA; (c) to protect or defend the rights or property of ATAATA, its Customers audits users of the Application; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or Our Terms of Use.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, ATAATA is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, ATAATA may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

8. Third Party Applications

Our Application may contain links to third party websites. When You click on a link to any other website or location, You will leave Our Application and go to another website and another entity may collect Personal Data or Anonymous Data from You. We have no control over, do not review, and cannot be responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of Your Personal Data after You click on links to such outside websites. We encourage You to read the privacy policies of every website You visit. The links to third party websites or locations are for Your convenience and do not signify Our endorsement of such third parties or their products, content or websites

ATAATA's Application and Website may contain links to other websites. The information practices or the content of such other web sites is governed by the privacy statements of such other websites. The Company encourages You to review the privacy statements of other websites to understand their information practices.

9. Your Rights Regarding Your Personal Information

You have several rights under EU Privacy Shield framework regarding Use of information that You provide when accessing the Application:

(a) Email Communications (Right to be informed). We may periodically send You free newsletters and e-mails that directly promote the use of Our Application. When You receive newsletters or promotional communications from Us, You may indicate a preference to stop receiving further communications from Us and You will have the opportunity to "opt-out" by following the unsubscribe instructions provided in the e-mail You receive or by contacting Us directly (please see contact information above). Despite Your indicated e-mail preferences, We may send You service related communications, including notices of any updates to Our Terms of Use or Privacy Policy.

(b) Opt-out (Right to Restrict Processing). Users of ATAATA, can opt out of some of the following services:

  1. direct marketing communications;
  2. automated decision-making and/or profiling;
  3. Our collection of sensitive personal data;
  4. any new processing of Your personal data that We may carry out beyond the original purpose; or
  5. the transfer of Your personal data outside the EEA.

Please note that Your use of ATAATA Website and Application may be ineffective to certain extent upon opt-out. Users of ATAATA Application, who are registered through their employer, will have to opt out by contacting Your employer.

(c) Cookies. If You decide at any time that You no longer wish to accept cookies from the Application for any of the purposes described above, then You can instruct Your browser, by changing its settings, to stop accepting cookies or to prompt You before accepting a cookie from the Applications You visit. Consult Your browser's technical information. If You do not accept cookies, however, You may not be able to use all portions of the Application or all functionality of the Application. If You have any questions about how to disable or modify cookies, please let Us know at the contact information provided above.

(d) Changing, Requesting or Deleting Your Personal Data (Right to rectification, Right to Erasure and Right of access). All users may review, update, correct or delete the Personal Information in Your user account by contacting Your employer only (applicable for registered users of the application). If Your employer completely delete all of Your Personal Information, then Your user account may become deactivated, and You may no longer be able to utilize the Application. We will Use commercially reasonable efforts to honor Your request. We will only retain Your personal data as long as reasonably required for You to use the Application(s) and/or to provide You with the services, unless a longer retention period is required or permitted by law (for example, for regulatory purposes).

(e) NOTICE TO CALIFORNIA RESIDENTS – YOUR CALIFORNIA PRIVACY RIGHTS

(AS PROVIDED BY CALIFORNIA CIVIL CODE SECTION 1798.83

A CALIFORNIA RESIDENT WHO HAS PROVIDED PERSONAL DATA TO A BUSINESS WITH WHOM HE/SHE HAS ESTABLISHED A BUSINESS RELATIONSHIP FOR PERSONAL, FAMILY, OR HOUSEHOLD PURPOSES (A "CALIFORNIA CUSTOMER") MAY REQUEST INFORMATION ABOUT WHETHER THE BUSINESS HAS DISCLOSED PERSONAL DATA TO ANY THIRD PARTIES FOR THE THIRD PARTIES' DIRECT MARKETING PURPOSES. IN GENERAL, IF THE BUSINESS HAS MADE SUCH A DISCLOSURE OF PERSONAL DATA, UPON RECEIPT OF A REQUEST BY A CALIFORNIA CUSTOMER, THE BUSINESS IS REQUIRED TO PROVIDE A LIST OF ALL THIRD PARTIES TO WHOM PERSONAL DATA WAS DISCLOSED IN THE PRECEDING CALENDAR YEAR, AS WELL AS A LIST OF THE CATEGORIES OF PERSONAL DATA THAT WERE DISCLOSED. CALIFORNIA CUSTOMERS MAY REQUEST FURTHER INFORMATION ABOUT OUR COMPLIANCE WITH THIS LAW BY E-MAILING COMPLIANCE@ATAATA.COM. PLEASE NOTE THAT WE ARE REQUIRED TO RESPOND TO ONLY ONE REQUEST PER CALIFORNIA CUSTOMER EACH YEAR AND WE ARE NOT REQUIRED TO RESPOND TO REQUESTS MADE BY MEANS OTHER THAN THROUGH THIS E-MAIL ADDRESS.

10. Changes to This Privacy Policy

This Privacy Policy is subject to occasional revision, and if We make any material changes in the way We use Your Personal Data, We will notify You by sending You an e-mail to the last e-mail address You provided to Us and/or by prominently posting notice of the changes on Our Application. Any changes to this Privacy Policy will be effective upon the earlier of thirty (30) calendar days following Our dispatch of an e-mail notice to You or thirty (30) calendar days following Our posting of notice of the changes on Our Application. These changes will be effective immediately for new users of the Application. Please note that at all times administrator appointed by the Your employer is responsible for updating Your Personal Data to provide Us with Your most current e-mail address. In the event that the last e-mail address that You have provided Us is not valid, or for any reason is not capable of delivering to You the notice described above, Our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. If You do not wish to permit changes in Our use of Your Personal Data, You must notify Your employer prior to the effective date of the changes that You wish to deactivate Your Account with Us. Continued use of the Application following notice of such changes shall indicate Your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Contacting ATAATA

If You have any questions about this Privacy Policy, please contact ATAATA at contact@ataata.com

Ataata
4500 East West Hwy,
Suite 125,
Bethesda, MD 20814