Corelight Privacy Policy
This Privacy Policy describes how Corelight and its affiliates (collectively, “Corelight,” “we,” “us,” or the “Company”) collects, uses, shares, or otherwise processes information relating to individuals (“Personal Data”) and the rights associated with that processing. By using our websites, products, and services, or by providing information to us, you are consenting to be bound by the terms and conditions of this Privacy Policy.
Covered Activities
This Privacy Policy applies to the processing of Personal Data collected by us through your interactions with us, such as, but not limited to, when you:
- Visit our offices, websites, social media pages,
- Use our products and services,
- Attend events, trainings, webinars, contests, or programs,
- Participate in a Corelight community such as that focused on open-source development,
- Participate in data collection efforts facilitated by us, or
- Receive communications from us.
In some circumstances, we may also collect, or our partners provide us with, publicly available information which may contain Personal Data that you have published or that has been made available online. The way in which our partners collect this information is detailed in their own privacy policies, available on their respective websites.
Data Collected
DIRECT
The types Personal Data we collect directly from you may include information such as:
- Commercial information,
- Financial account information,
- Professional or employment-related information,
- Identifiers,
- Visual information,
- Usage data information,
- Computer or device information,
- Behavioral information,
- Login information, and
- Internet activity information (cookies, web beacons, pixels, tags, etc.).
If you provide to us, our service providers, or our affiliates any Personal Data relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Policy. If you believe that your Personal Data has been provided to us improperly or want to exercise your rights relating to your Personal Data, please contact us.
You agree not to provide or disclose any information that is sensitive in nature, such as, but not limited to, information relating to political opinions, ethnic origin, race, religious beliefs, genetic data, criminal history.
OTHER RESOURCES
We also collect Personal Data from other sources for advertising purposes, which information includes commercial information, professional or employment-related information, education information, and internet activity information. We collect this information from third party providers, along with information such as mailing addresses, email addresses, phone numbers, job titles, behavior data, social media profiles, and LinkedIn URLs for purposes of targeted advertising, determining eligibility, event promotion, and verifying contact information. If you are not interested in receiving tailored advertising, you can visit this website to opt out of most companies that engage in such advertising.
Reasons for Collection
We collect and process your Personal Data for the purposes of providing you with the services you have requested from us. The legal basis we rely on when processing your personal data will be one of the following:
- Performance of the contract between you and us (and/or in preparation of entering into such contract),
- Corelight’s legitimate interests in running its business, and
- Compliance with a legal obligation to which we are subject.
If you fail to provide certain Personal Data when requested, we may not be able to provide the services that you have requested.
Data We Share
Corelight does not sell, rent, or lease your information. We may share your Personal Data with:
- Our vendors, contractors, subprocessors, or other service providers to support our legitimate business interests,
- Corelight affiliates,
- Event and promotion sponsors,
- Specific partners and resellers that offer supplementary services to those provided by Corelight and/or help sell our products and services,
- Third-party social media networks, advertising networks and websites, so that Corelight can market and advertise on third party platforms and websites,
- Third parties interested in your information in an anonymous or de-identified form,
- Government authorities, as required by law, or in the pursuit of available remedies or mitigation of damages,
- A buyer or other successor if we are involved in a reorganization, divestiture, merger, dissolution, or other corporate change.
Data Security
We take appropriate precautions to protect your Personal Data including physical, administrative, and technical measures to help safeguard against unauthorized access or disclosure, loss, misuse, alteration, and destruction. Despite our efforts, no method of storage or transmission is 100% secure. The security and safety of your information also depends on you. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions. If you have any questions about the security of our websites or feel that the security of any Corelight account you may have has been compromised, please contact us at privacy@corelight.com.
Cross-Border Transfers
Corelight is an international company with offices around the world. Your Personal Data may be collected, transferred to, and stored by us in the United States and by our affiliates and third parties based in other countries. Consequently, your information may be processed outside of your country or jurisdiction, including places that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulators or legislators. Where required by applicable law, we will only share, transfer, or store your Personal Data outside of your jurisdiction with your prior consent.
Retention Period
We may retain your Personal Data for as long as is required to fulfill our legal obligations or the original purpose for which the information was collected. After such time, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete, we will implement measures to prevent any further use of the information.
Children
Corelight does not direct its websites and services at children. We do not knowingly collect Personal Data from children without first having obtained consent from a parent or guardian. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us and we will take steps to delete their Personal Data from our systems.
Third-Party Analytics
We may use third-party analytics to evaluate use of our site and services. We or our service providers use these tools to help us understand and improve our services. These entities may use cookies and other tracking technologies, such as web beacons or local storage objects to perform their services.
Third-Party Links
Our website, products, and services may contain links to third-party websites and applications. Any access to and use of such linked websites and applications is not governed by this Privacy Policy, but instead is governed by the privacy policy of those third parties. We are not responsible for the information practices of such third-party websites or applications.
Cookies
We and our service providers may use cookies and other tracking mechanisms to track information about your use of our website, products, and services. We may combine this information with other information, including personal information we collect about you. Should you want to disable cookies on the Corelight website, you may adjust your browser settings accordingly. If you choose to do so, please note that parts of our website may not function properly.
Your Rights
Subject to local data protection laws, you may have certain rights relating to your Personal Data. Depending on the applicable laws these rights may include the right to:
- Access a copy of your Personal Data in Corelight’s possession,
- Opt-out of certain disclosures of your Personal Data to third parties,
- Learn more about how Corelight processes your Personal Data,
- Rectify inaccurate Personal Data,
- Erase or delete your Personal Data,
- Withdraw any consent you have provided for the processing of your Personal Data,
- Transfer the data Corelight holds to another entity, and
- Object to the processing of your personal data.
To exercise your rights, please contact us using the methods described in the Contact section. We will use commercially reasonable efforts to comply with your request, typically within one month unless otherwise required by law, and will contact you if we need additional information from you in order to honor your request or verify your identity. If you are an employee of a Corelight customer, we recommend you contact your employer’s system administrator for assistance in correcting or updating your information.
As described above, we may also process Personal Data submitted by a Corelight customer or third party acting on your behalf. We are not responsible for and have no control over the privacy and data security practices of our customers or other third parties, which may differ from those explained in this Privacy Policy. If your data has been submitted to us by a Corelight customer or third party and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. If you wish to make your request directly to us, please provide the name of the Corelight customer who submitted your information to us. We will refer your request to that customer and will support them as needed in responding to your request within a reasonable timeframe.
Additionally, if you believe that we have not been able to assist with your complaint or concern and you are located in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with the appropriate data protection authority in your country. If you work or reside in a country that is a member of the European Union or that is in the EEA, you may find the contact details for your appropriate data protection authority at website.
Contact
If you have any questions or concerns regarding this Privacy Policy, please contact us at privacy@corelight.com, or write to the address below:
Attention: Legal Department
Corelight, Inc.
548 Market Street, PMB 77799
San Francisco, CA 94104-5401
United States
Privacy Policy Updates
We may update this Privacy Policy from time to time. If we do, we will update the Effective Date section so that you may determine when this Privacy Policy was last revised. We encourage you to periodically review this Privacy Policy to learn how Corelight is protecting your information.
Breach Notification
Breach Notification procedures fall within our Incident Response process and comply with EU GDPR and other regulatory time reporting/notification requirements.
Effective Date
Corelight Privacy Policy, effective as of August 22, 2022