Privacy Policy | Fortra

Privacy Policy

Last Updated: September 9, 2024

Who we are

This Statement of Privacy (“Statement”) relates to Fortra LLC of 11095 Viking Drive, Suite 100, Eden Prairie, MN 55344 and its affiliates (“Fortra”, “we”, “our”, “us”). Fortra is committed to protecting your personal information, and this Statement explains how and why we process your personal information.

This Statement governs the data collection, processing, and usage practices of Fortra on its Website, its services, software, and/or appliances (each, a “Solution”, and collectively, the “Solutions”) and recruiting and employment processes. This includes the websites, Solutions, and recruiting and employment processes of its affiliates and subsidiaries and in the other contexts outlined below. In many cases, Fortra shares the various categories of personal information identified below with its affiliate and subsidiaries for a variety of purposes (as outlined below).

If you have any questions about this privacy Statement or want to exercise any of your data protection rights as described in this privacy Statement, please contact us at [email protected]. Please note we may update this privacy Statement from time to time.

Your personal information

Data protection law requires us to have a lawful basis to process your personal information. The purposes for which we use your personal information and the lawful basis on which we rely is as follows.

Purpose of processing

Types of Personal Information

Lawful Basis

Account registration

We may process personal information including your name, home and/or work address, company affiliation, telephone number, email, username and password.

Other account information may be collected as well, such as account credentials, demographic data, and payment data.

Necessary for the performance of our contract with you

Necessary for our legitimate interest of providing effective and efficient Solutions

Marketing communications

We may process personal information including your name, email, phone number and address

Necessary for our legitimate interest of promoting our business

Consent (if applicable). If so, you may withdraw your consent at any time by contacting us at [email protected] 

Partner Promotion

 

We may process personal information including your name, email, phone number and address

Necessary for our legitimate interest of promoting our business

Provision of our Solutions

We may process personal information including your name, email, phone number, address, payment details, company name and job title

Necessary for the performance of our contract with you

Necessary for our legitimate interest of providing effective and efficient Solutions 

Responding to your enquiries

We may process personal information including your name, email, phone number and enquiry details

Necessary for our legitimate interest of responding to your enquiry

Testimonials

We may process personal information including your name and testimonial

Necessary for our legitimate interest of promoting our business

Surveys or ContestsWe may process personal information including your name and opinionNecessary for our legitimate interests of satisfying our customers and generating more business 
Cookies and similar technologiesWe may process personal information such as your name, email, IP address and usage data (e.g. number of website visits, pages visited, average time spent, number of clicks, pages referred from the landing page, etc.)Consent
Use of data analytics to improve our SolutionsWe may process personal information including your name, usage data, customer history and company detailsNecessary for our legitimate interests of satisfying our customers and generating more business
Trade shows and eventsWe may process personal information including your name and contact detailsNecessary for our legitimate interests of generating more business
Fraud preventionWe may process personal information including your name and customer historyNecessary for our legitimate interests of preventing fraud 
Establishment and defense of legal claimsWe may process personal information including your name and customer historyNecessary for our legitimate interests of dealing with legal claims
Requests/SupportWe may process personal information including your name, e-mail address, company affiliation, telephone number, state, and country, as well as any other content that you send to us, in order to contact you or process your request.

Necessary for the performance of our contract with you

Necessary for our legitimate interest of providing effective and efficient Solutions

Necessary for our legitimate interests of satisfying our customers and generating more business 

Recruiting and EmploymentWe may process personal information including your identifiers and contact information, national identifiers, work eligibility, demographics, education information, employment history, financial information, and sensitive personal information in order to recruit job applicants, schedule interviews, make employment decisions, and for general employment administrative purposes.

Necessary for our legitimate interests in recruiting and employment.

Information is collected and processed with your consent.

Video, images, electronic, visual, and similar information.We may process personal information such as your image provided via video recordings in order to perform interviews, monitor physical locations via video monitoring, and record video meetings. 

Information is collected and processed with your consent.

Necessary for our legitimate interests of physical security.

 

Device and Usage Information

We may collect information about your computer or device and Internet or other electronic network activity information. This includes:

  • Device identifiers, such as IP address, WIFI MAC address and Bluetooth address;
  • Geolocation information such as your mobile device’s Global Positioning System (GPS) technology, other technology (such as wireless transmitters known as beacons) and information about your contacts, depending on your device settings;
  • Information about your online activity, including information collected through the use of standard Internet technologies, such as cookies, pixels, web beacons, logs and other Internet technologies, as further set forth in our Cookie Statement and your offline activity, including information about your visit to our resorts or properties; and
  • Through Google Analytics, information about the use of our Site such as how often you visit our Site, what pages you visit, and what other sites you used prior to visiting our Site (for more information, see the “Web Analytics” section below).

 

Solution-Specific Information

Purpose of processing

Types of Personal Information

Lawful Basis

Agari Phishing Defense
Email InformationWhen using Agari Phishing Defense, email information such as “mail from” header, Friendly From header, “rcpt to”/Email Friendly To header, subject, and IP addresses are collected.
Additional information may be collected if attachment analysis or Uniform Resource Identifier URI) analysis is enabled, such as attachment filename, URI, attachment metadata, and attachment hash.

Necessary for the performance of our contract with you

Necessary for our legitimate interest of providing effective and efficient Solutions

Agari DMARC Protection
Email InformationWhen using Agari DMARC Protection, email information such as Email From and Email To addresses, Email subject, URI, and Sender IP are collected.

Necessary for the performance of our contract with you

Necessary for our legitimate interest of providing effective and efficient Solutions

Fortra VM
Company and User informationWhen using Fortra VM, company name and address, and user information including username and password is collected.

Necessary for the performance of our contract with you

Necessary for our legitimate interest of providing effective and efficient Solutions.

 

Scanning InformationWhen using Fortra VM, infrastructure information, such as network configuration, IP addresses, scanning configuration settings, asset names, host names, and file share listings, vulnerabilities, and results, including malware findings, are collected. Additional binary information may be collected if Active Threat Scanning Autosubmit is enabled.

Necessary for the performance of our contract with you

Necessary for our legitimate interest of providing effective and efficient Solutions.

 

ReportsExternal reports can be uploaded into Fortra VM, these include information such as usernames, passwords, phishing results, physical site reviews, domain services reports, and vulnerabilities.

Necessary for the performance of our contract with you

Necessary for our legitimate interest of providing effective and efficient Solutions.

 

PhishLabs Web App
User informationWhen using PhishLabs, user information including first and last name, email address, and company affiliation is collected.

Necessary for the performance of our contract with you

Necessary for our legitimate interest of providing effective and efficient Solutions.

PhishLabs Suspicious Email Analysis (SEA)

 

Email Information

When using PhishLabs SEA, email information such as “mail from” header, Friendly From header, “rcpt to”/Email Friendly To header, subject, and IP addresses are collected. Additional information may be collected if attachment analysis or Uniform Resource Identifier URI) analysis is enabled, such as attachment filename, URI, attachment metadata, and attachment hash.

Necessary for the performance of our contract with you

Necessary for our legitimate interest of providing effective and efficient Solutions.

Terranova Security's Phish Submitter add-on for Gmail use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Additionally, we may process your personal information to comply with our legal or regulatory obligations.

In addition to the purposes and uses described above, we may use personal information in the following ways:

  • to identify you when you visit our Website
  • to provide our Solutions
  • to provide access to our Solutions
  • to improve our Solutions
  • to conduct analytics;
  • to verify the accuracy of data that we hold about you
  • to manage the security of your information and our network and, more specifically, in relation to any steps we may take to protect your information against loss, damage, theft or unauthorized access or disclosure
  • for the prevention of fraud and other criminal activities
  • for the establishment and defense of our legal rights
  • to respond to inquiries related to support, or other requests and more generally correspond or communicate with you
  • to send marketing and promotional materials, including information relating to our Services, sales, or promotions
  • for internal administrative purposes, as well as to manage our relationships
  • for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.

Although the sections above describe our primary purpose in collecting and using your personal information, in many situations we have more than one purpose. For example, if you complete an online purchase, we may collect your information to perform our contract with you, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your order. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.

Public Forums and Comment Sections

Our Website offers publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through Fortra public message boards, blogs, or forums, this information may be collected and used by others. Note: Fortra does not share your private online communications with others.

Who we share your personal information with

We may share your personal information to the following affiliates, subsidiaries, and our business partners:

  • Fortra: we share personal information to Fortra affiliate and subsidiaries who may assist us in providing certain aspects of our Solutions or, where you use our websites to enquire about a particular Solution, we may share your personal information with the affiliate responsible for providing that particular Solution;
  • Business partners:  we may partner with other companies to provide you with products and, services. Additionally, we may allow third-party partners to recognize you when you visit a particular website or app, or to recognize you as one of their customers when you visit our websites or apps. We may share your email address with third parties using available security measures that may match it with their own email addresses so that they can send online and email advertisements to you on our behalf. We may also share geolocation information with business partners and service providers to provide information, offers and services that may be of interest to you;
  • third party services providers: who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the integrity of our websites, hosting elements of our services, conduct surveys, provide technical support and process payments), or who otherwise process personal information for purposes that are described in this Privacy Statement or notified to when we collect your personal information. Such third parties may include information technology providers, CRM providers, marketing agencies, research companies, cloud service providers (such as hosting and email management), data analytics providers, data backup providers, security services providers, advertising agencies, HRIS systems, background check vendors, employee benefit vendors, and administrative services. In particular, we use Gong and Drift, services that enable it to record, transcribe, analyse and share the contents of its sales communications, including phone calls, video conferences, email and other correspondences, as well as its CRM and customer contact;
  • Web Analytics and Other Third-Party Analytics: We use tools to collect information about the use of our websites (e.g., web analytics tools such as Google Analytics collect information such as how often users visit our websites, what pages they visit, when they do so and what other sites they used prior to visiting our websites). The providers of these tools only collect the IP address assigned to you on the date that you visit, rather than your name or other identifying information. The information collected through the use of such tools is not combined with your personal information. We also may use other third-party analytics tools to collect similar information about use of our Solutions. In particular, we partner with provider FullStory who provides analytics to us on how our customers interact with our various Solutions. This tool works by capturing page views, mouse movements and clicks made within those platforms our customers use to interact with our Solutions.
  • Social media platforms: We maintain pages on certain social media platforms, such as LinkedIn and Reddit, and may use personal information collected through our website and such pages for personalized advertising. If you choose to participate in social media activities or offerings sponsored by us, we may collect certain information from your social media account consistent with your settings within the social media service.
  • Our professional advisors such as our lawyers, accountants and insurers: who provide us with consultancy, banking, legal, insurance and accountancy services but only where we are either legally oblige to share, or have a legitimate interest in sharing, your personal information.
  • A competent law enforcement body, government or regulatory agencies (or similar bodies) or court: where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, (iii) to protect your vital interests or those of any other person, or (iv) to investigate, prevent, or take action regarding possible illegal activities, , safety of person or property, or a violation of our policies; to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, including at the negotiation stage; to any other person with your consent to the disclosure; and,
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.

Where we store your personal information

Fortra is a global business. your personal information is subject to the EU GDPR and/or the UK GDPR and we transfer your personal information outside of the EU and/or UK we will only do so in accordance with applicable data protection law.

How long we keep your personal information

We will keep your personal information for as long as your account is active or as needed to provide you with our Solutions, unless we are required to keep it for longer to comply with our legal or regulatory requirements.

If your personal information is no longer needed and there is no legal or regulatory requirement to maintain your personal information, your personal information may be maintained for up to 12 months. If you wish to cancel your account please contact us at [email protected].

Security

Fortra has implemented appropriate technical and organizational security measures to help protect your personal information from unauthorized access, use, or disclosure. Fortra secures the personally identifiable information you provide on computer servers in a controlled, secure environment.

Cookies

We may collect personal information about your devices and their location, and your use across our websites, including through cookies, pixels, web beacons, logs and other Internet technologies.

For detailed information regarding cookies and related data processing activities please refer to our Cookie Statement.

Your data protection rights

EU / UK

If you are located in the EU or UK, you have the following rights under applicable data protection law. However, please note that these rights are only available in certain circumstances. To exercise any of these rights please contact us at [email protected].

Your Rights

Further Information

Right of rectificationYou have the right to have any incomplete or inaccurate personal information corrected.
Right of objectionYou have the right to object to us processing your personal information, depending on our lawful basis for processing your personal information. However, you do have the absolute right to object to the processing of your personal information for direct marketing purposes.
Right to withdraw consentWhere we rely on your consent as the lawful basis for processing your personal information, you have the right to withdraw your consent at any time.
Right of restrictionYou have the right to limit the way that we use your personal information.
Right of erasureYou have the right to ask us to delete your personal information. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
Right of accessYou have the right to ask us for a copy of the personal information that we hold about you. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
Right of portabilityYou have the right to ask us to send you your personal information in a structured, commonly used and machine-readable format and the right to ask us to send your personal information directly to another controller.
Rights relating to automated decision making, including profilingYou have the right to contest a decision made about you based purely on automated processing.
Right to complain to a data protection authorityYou have the right to complain to a data protection authority. In the UK this is the Information Commissioner’s Office and, in the EU, as set out here- https://www.edpb.europa.eu/about-edpb/about-edpb/members_en 

US

A number of US States afford certain rights to residents of those states with respect to their personal information.

In particular, for residents of California, please see additional information about your rights in the “California Residents - Your California Privacy Rights” section below.

For residents of Nevada, you have the right to opt-out of the sale of your personal information, but please note that Fortra does not “sell” your personal information as that term is defined under Nevada law.

For residents of Iowa your rights include (i) the right to know whether Fortra holds or processes your personal information, (ii) the right to access your personal information, (iii) the right to have your personal information deleted and, if applicable, (v) the right to opt out of the sale of personal information.

For residents of Colorado, Connecticut, Indiana, Virginia or Utah, your rights include (i) the right to know whether Fortra holds or processes your personal information, (ii) the right to receive a copy of your personal information in a readily usable format, (iii) the right to request correction of your personal information, (iv) the right to have your personal information deleted and, if applicable, (v) the right to opt out of targeted advertising, the sale of personal information, or certain profiling (if the profiling is in furtherance of decisions that produce legal or similarly significant effects on you). If you are a resident of one of these states, please contact us at [email protected].

If, after reviewing your request, we determine that we cannot honor it, we will notify you of that decision via email. If you wish to appeal any such decision, please respond to the emailed decision.

If your appeal is denied and you are unsatisfied with the outcome, you may contact the Attorney General of your state using the links below to submit a complaint.

We do not sell your personal information for financial benefit. If you are a resident of California, Colorado or Connecticut, however, please note that some of our data transfers do constitute a “sale” under California, Colorado and Connecticut law.

“Do Not Track”

If you have enabled the feature, your web browser may transmit “do-not-track” signals to our websites and other online services with which your browser communicates. We currently do not take any action in response to these signals.

California Residents - Your California Privacy Rights

Under California law, California residents have the following rights:

  • The right to know what personal information we collect, use, disclose, and or sell:
    • personal information categories we have collected, used, disclosed or sold about you and the business or commercial purposes of such actions.
    • The category of sources of collection of such information and the category of parties to whom we have disclosed it to for business purposes or a sale.
    • The specific pieces of personal information we have collected about you in the last 12 months from the date of your request. You may request any or all of this information up to two times in a 12-month period.
  • The right to request that we delete certain personal information we hold about you.
  • The right to Opt-Out of Sale of your personal information.
  • The right to correct inaccurate personal information.
  • The right to limit the use of sensitive personal information.
  • The right not to receive discriminatory treatment by us for exercising any of the privacy rights conferred by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020.  This means that, consistent with California law, we will not deny providing our Solutions to you, charge you different prices or provide a different level or quality of service to you for exercising any of your California privacy rights.

Regarding your rights to know, delete and/or correct, we will need certain information from you to verify your identity as the requestor. Generally, we will ask you information that we have already collected about you to provide this verification. For example, if you submit a request, we may ask your name, address and account number. We may ask additional questions and/or to contact you directly if we determine additional information is needed for verification.

Fortra complies with the CPRA pertaining to employees, contractors and job applicants. Our California Privacy Notice and Policy can be found here.

Exclusions

Some personal information is not subject to the California privacy laws described above, such as consumer credit reports and background checks, publicly available data lawfully made available from state or federal government records, and any other personal information exempt from California privacy laws. 

Further California Disclosures

  • We may collect all of the personal information categories noted above from you and sources set forth in the “Your Personal Information” section of this Statement.
  • Sharing Your Personal Information: We disclose personal information to affiliates, vendors and service providers, legal and regulatory agencies under certain circumstances, third-party product and service providers, third-party partners, and others under certain circumstances. Please see the “Who we share your personal information with” section for further information.

Third Party Links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Children’s privacy

We do not knowingly collect personal information from children under 13.

Contact Us

If you have any questions or comments regarding this Statement, please contact us at [email protected] or at the physical addresses set out in the list of global entities at the top of this Statement.

If you wish to submit a personal data request related to the GDPR, please complete this form.

If you wish to submit a personal data request related to the CCPA, please complete this form.

Changes to this Statement

Fortra will occasionally update this Statement. Fortra encourages you to periodically review this Statement to be informed of how Fortra is protecting your information. When such a change is made, we will update the “Last Updated” date above. If we make any material changes, we will notify you or our Client by email (sent to the email address specified in your account) or by means of a notice on this Site prior to the change becoming effective. To the extent that ¬our policy changes in a material way, the Statement that was in place at the time that you submitted personal information to us will generally govern that information unless we receive your consent to the new Statement. We encourage you to periodically review this page for the latest information on our privacy practices.

Copyright Terms and Conditions

The content on this website is protected by the Copyright Laws of the United States of America and other countries worldwide. The unauthorized use and/or duplication of this material without express and written permission from Fortra is strictly prohibited.

For purposes of applicable data protection laws, the data controller of your personal information is Fortra, LLC and its affiliates and subsidiaries.