Checkmarx Privacy Policy
Checkmarx Privacy Policy
CHECKMARX PRIVACY POLICY
When you use our website, sign-up to view our content or participate in events, you consent to the collection, storage, use, disclosure and other uses of your data as described in this Privacy Policy.
What type of data we collect?
When you access our website, we collect your IP address and information regarding your general location. We also use various technological tracking tools such as cookies which are used to store content information and preferences relating to your interactions with our website.
We also collect analytics data about the use of our website. This may include data related to website visits, page views, site interactions, browser type, display settings, operating system, device type, session start/stop time, referral URL, time zone, and network connection type. We may merge data collected through these tracking technologies and data we may obtain from other sources and, as a result, such data may become personal data.
We may receive your personal information when you communicate with us. For example, when you send us an email or contact us through the forms on our website, we will collect the information you provide to us. We may also collect your information when you sign-up or register to view content prepared by us (eg. white papers, webinars) or participate in events hosted or sponsored by Checkmarx. This information may include your email address, your telephone number, information about your company and your position, your country, and any other information submitted by you.
Our websites may include social media features. These features may collect your IP address, which page you are visiting on our website, and may set a cookie so that the social media feature works properly. Social media features are governed by the privacy policies of the website providing the feature.
We may receive personal data from our business partners. We may combine information collected about you with information from third party sources.
How do we use the data we collect?
We will use your data to operate our website, to communicate with you, to keep you informed of the latest updates to our website, products and services, and provide you, or have our business partners provide you, with offers.
We may use your personal data for our internal marketing and promotional purposes. For example, by subscribing to our newsletter you will receive announcements from us. You may choose not to receive our promotional or marketing emails (all or any part thereof) by clicking on the “unsubscribe” link in the emails that you receive from us. Please note that even if you unsubscribe from our communications, we may continue to send you product/service-related updates and notifications, or reply to your queries and feedback you provide us.
If you do not want us to use your personal data for marketing purposes, you may opt-out by sending an email request to [email protected]. Please note that even if you opt-out, we may still use your data for non-marketing purposes (for example to fulfill your requests, communicate with you and respond to your inquiries, etc.).
From time to time, we may conduct surveys or test features, and analyze the data we have to develop, evaluate and improve these features and our internal business operations, in order to better understand our customers and improve our business operations, website, products and services.
We may use your personal data when we believe it’s necessary in order to take precautions against liabilities, investigate and defend ourselves against any third party claims or allegations, investigate and protect ourselves from fraud, protect the security or integrity of our services and protect the rights and property of Checkmarx, its users and/or partners. We may use your personal data in order to enforce our policies, including but not limited to our website Terms of Use. We may also use your personal data to investigate violations, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process.
With whom do we share your personal data?
We share your information with companies in our group, as well as employees and contractors, and our business partners, in order to operate the website, to communicate with you, and to offer and provide our products and services to you.
We share your information with our third party service providers, such as web hosting, storage, customer management, analytics, survey, data security and assessment and email service providers. Additionally, we also share your information with event organizers, logistic and production companies in connection with events that you may attend. These third parties have access to your personal data so that they may provide these services on our behalf but they are not permitted by us to use your personal data for any other purpose.
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any data about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being illegal, unethical, inappropriate or legally actionable. We also may be required to disclose an individual’s personal data in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.
We may share your data if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your data in accordance with the terms of this Privacy Policy.
Transfer of data outside the EEA
Please note that some data recipients may be located outside the European Economic Area (“EEA”). In such cases, we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or we will enter into legal agreements ensuring an adequate level of data protection in accordance with applicable law. By providing us your personal data, you hereby consent to such transfers of data outside the EEA.
How we protect your information
We have implemented administrative, technical, and physical safeguards to prevent unauthorized access, use, or disclosure of your data. We limit access of your information to those employees, subcontractors and service providers who require access to the data to discharge their duties to us.
While we seek to protect your information to ensure that it is kept confidential, we cannot absolutely guarantee its security. You should be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect your personal data, we cannot ensure or warrant the security and privacy of your personal data or other content you transmit while using the website, and you do so at your own risk.
Retention
We will retain your personal data for as long as necessary to provide our website, products and services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client personal data, communications and anything else as required by applicable laws and regulations.
User rights
You may request to:
- Receive confirmation as to whether or not personal data concerning you is being processed, and access your stored personal data, together with supplementary information.
- Receive a copy of personal data you directly volunteer to us in a structured, commonly used and machine-readable format.
- Request rectification of your personal data that is in our control.
- Request erasure of your personal data.
- Object to the processing of personal data by us.
- Request to restrict processing of your personal data by us.
- Lodge a complaint with a supervisory authority.
However, please note that these rights are not absolute, and may also be subject to our own legitimate interests and regulatory requirements.
How to contact us?
If you wish to exercise any of the aforementioned rights, or to receive more information, please contact us using the contact details set out in the “Contact Us” portion of our website: https://www.checkmarx.com/contact-us.
Updates to this Policy
This Privacy Policy is subject to changes from time to time, in our sole discretion. The most current version will always be posted on our website. Your continued use of the website or our services shall be deemed to be your consent to such changes.
Last updated: January 3, 2022
Checkmarx Privacy Policy
PRIVACY AT CHECKMARX
At Checkmarx (“we“, “us“, “our”), we routinely collect and use information which may identify individuals (“personal data“), including visitors to our website: www.checkmarx.com, business partners (including customers and suppliers), job applicants and physical visitors to any of our premises (“you“, “your”).
We are aware of our responsibilities to handle your personal data with care, to keep it secure and comply with applicable privacy and data protection laws.
The purpose of this Policy is to provide a clear explanation of when, why and how we collect and use personal data as data controller, which we explain further below.
We also process personal data on behalf of our respective customers, and while our role is dependent upon relevant circumstances, we generally process the personal data of our customers as a processor on their behalf. Our processing of such personal data is subject to the instructions of our respective customers or as otherwise required by applicable data protection law, not this Policy.
We have designed this Policy to be as user friendly as possible. Click on a topic in the list below to find out more or explore individual sections in more detail by following the various links. We have labelled sections of the Policy to make it easy for you to navigate to the information that may be most relevant to you.
Please read this Policy carefully as it explains how we use personal data. We may change this Policy and, when we do, we will post any changes on this page, so please check back frequently
CONTENTS OF THIS POLICY
1. About us (as Data Controller)
Checkmarx Ltd. is the data controller for the personal data set out above. Otherwise, the data controller will be the group member of Checkmarx that you have an engagement with (e.g. terms of business) from our group of companies:
- Checkmarx, Inc. (United States)
- Checkmarx UK Ltd. (United Kingdom)
- Checkmarx Portugal, Unipessoal Lda (Portugal)
- Checkmarx France S.A.S. (France)
- Checkmarx Australia Pty Ltd. (Australia)
- Checkmarx India Technology Services Pvt. Ltd. (India)
- Checkmarx Singapore Pte. Ltd. (Singapore)
- Checkmarx Germany GmbH (Germany)
You can contact Checkmarx:
By post: Amot Atrium Tower, 11th Floor, 2 Jabotinsky Street, Ramat Gan 5250501 Israel (which is the registered office address of Checkmarx)
By email: at [email protected]
2. Personal Data: collection, purposes and lawful basis
This Policy applies to the collection of and processing of your personal data by Checkmarx.
We collect personal data from you directly:
- through our “Contact Us” webpage;
- if you register to view content prepared by us (e.g. updates (via our “Updates” sign-up form), white papers, webinars);
- if you register to attend an event we host or sponsor;
- if you would like to “Get a Demo”;
- if you purchase one of our products or services;
- if you work with us as a business partner, vendor or service provider;
- via our Live Chat window; or
- if you apply for a position with us.
We collect personal data during your use of our website via the cookies we use, certain details of which are set out in the table below. For further details about our use of cookies, please refer to our Cookie Policy
We also have CCTV cameras at our premises, which directly capture video footage.
Where you apply for a position at Checkmarx, we may also receive information indirectly from recruitment agencies and your references (including previous employers).
The type of personal data we process differs depending on how you engage with us. The table below provides this information including how we will use personal data and the context for which we use your personal data:
| Types of Personal Data | Purpose | Legal Basis |
|---|---|---|
|
Customers |
||
|
First name, surname, email address, business address, business phone number / mobile phone number, title, information about your professional expertise |
For the provision of our products and services, which includes processing orders, sending invoices and payment reminders, collecting payments and any other general contract administration. |
The processing is necessary for performance of a contract. |
|
To resolve any queries or complaints |
Our legitimate interest to respond to any correspondence or queries you send us, and to send service information about our products and/or services. |
|
|
To send marketing material, updates, newsletters, informational materials about our products and services including online webinars, and other related information, including, sending solicited information (e.g. quotes in response to an enquiry), and surveys and promotions. |
Where required by privacy laws, your consent or where information is solicited. Otherwise, our legitimate interest to send you communications related to the same or similar products or services to which you have previously purchased or entered into negotiations to purchase, where permitted by privacy laws. Please see section 7 (Marketing) of this Policy for more information. |
|
|
To conduct data and usage analytics, forecasting, sales and business performance analytics and market research for statistical and survey purposes, improvement and optimization of products, service and business processes and operations, and for other internal business purposes. |
Our legitimate interest to measure the use of our products and/or services and interaction to inform and improve service/product direction and development, business processes and operations, and to enable provision of accurate and reliable reporting. |
|
|
Suppliers |
||
|
First name, surname, email address, business address, business phone number / mobile phone number, title, information about your professional expertise |
Payment and ordering, and any other general contract administration. |
The processing is necessary for us to administer our contract with you. Our legitimate interest in conducting our business, including ordering and paying for services, and good contract management |
|
Receiving and using supplier products and services, including support and maintenance and other associated services. |
Our legitimate interest in conducting our business, including arranging the delivery and receipt of services and payment for those services. |
|
|
Job applicants |
||
|
First name, surname, contact details (including residential address, email address and phone number / mobile phone number), identification information and details of your qualifications and education history, language and other relevant skills, salary expectations, awards and professional memberships, CV, application letters, references, candidate assessment (including interview notes and interview video); content of your Linkedin profile (if shared); professional and other work-related licenses, permits and certifications including information relating to right to work (citizenship, passport data, residency or work permit), Visa Information (where applicable) and information about your skills, experience and education. |
To communicate with you and to respond to request for vacancies and for recruiting and hiring purposes |
The processing is necessary for us to administer our contract with you - or take steps to consider entering into an employment contract with you. |
|
To carry out background screening in accordance with applicable laws and comply with our legal requirements. |
Necessary to comply with relevant employment law obligations (for example, carrying out right to work checks). |
|
|
To improve our recruitment process and activities. |
Necessary for our legitimate interests to maintain our reputation as a leading employer. |
|
|
To process your application and assess your capabilities and qualifications for a position. |
The processing is necessary for us to take steps to consider entering into an employment contract with you. Necessary for our legitimate interest to fully and properly assess candidates in order to make informed decisions about who we recruit for the benefit of our business. |
|
|
Retention for management of employment if successful and retention for consideration for possible future roles if unsuccessful. |
The processing is necessary for us to administer our contract with you - or take steps to consider entering into an employment contract with you. Necessary for our legitimate interest to fully and properly assess candidates in order to make informed decisions about who we recruit for the benefit of our business. |
|
|
Website users |
||
|
Name, email address, title, company name and website analytics (described in the next row) |
Provision of content and services, marketing and promotional purposes, participation in events, newsletter subscriptions, and responding to enquiries (including social media features) in response to you contacting us through our Contract Us page |
Your consent (in relation to non-essential cookies – see below). Our legitimate interest in providing you with information about our products and services (where you indicate an interest) and developing our relationship with you. Please refer to our Cookie Policy for further details about our use of cookies |
|
Information about your visits to our website, your IP address, browser type, your operating system and device type, the number of times you visit our website, your interactions with our website, the pages you’ve visited on our website, your display settings, session start / stop time, referral URL, time zone, and network connection type, your geo-location address, content information and preferences, |
To help us to keep our website available and secure. |
Our legitimate interest to provide and maintain our website through utilising cookies that are strictly necessary. |
|
To improve your experience when you visit our website. This includes: (a) for statistical analysis to improve, test and monitor the effectiveness of our website; (b) to monitor metrics such as total number of visitors and traffic data (including demographic patterns); (c) to ensure content on our website is presented in the most effective manner for you and to enhance your use of our website; and (d) to optimize marketing campaigns . |
Your consent for cookies that are not strictly necessary, such as cookies relating to performance, functionality and target/advertising. Please refer to our Cookie Policy for further details about our use of cookies. |
|
|
Marketing |
||
|
Name, email address, telephone number, company and position information, location |
Lead generation for marketing and promotion purposes through first and third party physical and web based events, conferences, roundtables, webinars and other interactive mediums. |
Where required by privacy laws, your consent or where information is solicited. Otherwise, our legitimate interest to promote our products or services. |
|
Name, email address, telephone number, company and position information, location |
Lead generation for marketing and promotion purposes through third party lead generation including content syndication. |
Where required by privacy laws, your consent or where information is solicited. Otherwise, our legitimate interest to promote our products or services. |
|
Name, email address, telephone number, company and position information, location |
Where you attend a Checkmarx hosted or sponsored event, to provide you with information, gifts and giveaways in connection with the event |
Where required by privacy laws, your consent or where information is solicited. Otherwise, our legitimate interest to promote our products or services. |
|
Individuals captured on CCTV systems we manage |
||
|
CCTV images. |
To capture footage to help prevent and detect crime e.g. at our premises. |
Our legitimate interest, and those of our clients/customers, to ensure security and help prevent and detect crime. We have a separate CCTV policy which you can request / is available on site. |
|
All Data Subjects |
||
|
All data above mentioned. |
In connection with any merger, sale, transfer of our assets, investment, acquisition, bankruptcy, or similar event or corporate transaction. |
Necessary for our legitimate interests to ensure we can protect and grow our business. |
|
All data above mentioned. |
To help us improve and optimise our products and services. |
Necessary for our legitimate interests to maintain our reputation as a leading provider of application security testing solutions to customers across the globe |
|
All data above mentioned. |
To perform financial accounting functions including tax reporting to comply with applicable laws and accounting standards that Checkmarx adheres to. |
Necessary to comply with relevant legal obligations (for example, relating to tax reporting). |
|
All data above mentioned. |
To protect the rights of Checkmarx and Data Subjects |
Necessary to comply with relevant legal obligations (for example, applicable data protection/privacy laws). Necessary for our legitimate interests to act in, and protect, the interests of our business. |
|
All data above mentioned. |
To perform risk analysis, fraud/crime prevention and due diligence. |
Necessary to comply with relevant legal obligations (for example, applicable anti-money laundering and anti-terrorist laws). Necessary for our legitimate interests to act in, and protect, the interests of our business. |
In limited circumstances we may process any of the personal data we hold to the extent necessary to defend, establish and exercise legal claims or to comply with legal or regulatory obligations, including, responding to requests and communications from competent authorities, courts or tribunals.
Where we need to collect personal data due to a legal or regulatory obligation, or for performance of a contract, and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products/services). We will notify you of this at the time.
3. Disclosure of your Personal Data
Depending on your dealings with us, we may disclose some or all of the personal data we collect from and obtain about you to the following:
| Purpose | Legal Basis |
|---|---|
|
Internal Recipients |
Entities within our Checkmarx Group: Personal data is shared internally within the Checkmarx Group as described in section 1 as required for internal administrative purposes, management purposes or other business-related purposes, in order to operate our website, to communicate with you, and to offer and provide our products and services to you, as described in this Policy. |
|
Personnel: Personal data is shared internally on a need-to-know basis to our staff and personnel including directors, shareholders, employees, contractors and other temporary workers. |
|
|
External Recipients |
Service Providers and Data Processors: We engage third party vendors, from time to time, including:
Some of these service providers use 'cloud based' IT applications or systems, which means that your personal data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of personal data.
|
|
Reselling and Distribution Partners: We disclose and share your personal data with reselling and distribution partners who promote, market and sell Checkmarx products and services in the territory you are located. |
|
|
Third parties in case of a legal requirement: We disclose your personal data if disclosure is required by law or in the context of an investigation, regulatory requirement, judicial proceeding, court order or legal process (including to law enforcement or competent authorities like the police and tax authorities). |
|
|
Third parties in case of a corporate transaction: Information about our customers, including personal data, may be disclosed as part of any merger, sale, transfer of our assets, investment, acquisition, bankruptcy, or similar event, including while engaging with our actual or potential investors. |
4. International transfers of your Personal Data
Some of the recipients listed in section 3 above may be based outside the European Economic Area and/or the United Kingdom.
Whenever we make transfers of your personal data, we implement appropriate safeguards in accordance with applicable data protection laws, e.g.,
- within the Checkmarx Group, an intra-group agreement gives specific contractual protections;
- the EU Standard Contractual Clauses and additional measures to supplement such clauses as may be required in line with transfer impact assessments we carry out, to prevent interference by public authorities of third countries;
- the UK Addendum; and/or
- by sending to countries that have an adequacy decision by the European Commission and/or the UK Information Commissioner’s Office.
Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed. If you would like to find out more about any such transfers or obtain a copy of safeguards, please contact us using the details set out in section 1
5. Retention of your Personal Data
We will not retain your personal data longer than it is necessary to carry out the purposes listed in section 2 of this Policy or than is required by law.
In some circumstances we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. In specific circumstances we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
6. Your rights and how to exercise them
You have several rights in relation to your personal data set out in this section. In certain circumstances these rights might not be absolute, as they depend on our reason for processing your personal data. You are not required to pay any charge for exercising your rights, although we may charge a reasonable fee if your request is unfounded, repetitive or excessive. We have one month to respond to you (unless you have made a number of requests or your request is complex, in which case we may take up to an extra two months to respond).
Please note that, where we ask you for proof of identification, the one-month time limit does not begin until we have received this. If we require any clarification and/or further information on the scope of the request, the one-month deadline is paused until we receive that information.
| Purpose | Legal Basis |
|---|---|
|
Right |
What this means |
|
Access |
You can ask us to:
|
|
Rectification |
You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it. |
|
Erasure |
You can ask us to erase your personal data, but only where:
We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary:
There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request. |
|
Restriction |
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
We can continue to use your personal data following a request for restriction, where:
|
|
Portability |
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format or you can ask to have it 'ported' directly to another data controller, but in each case only where:
|
|
Objection |
You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis (see section 2 above) if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. |
|
International Transfers |
You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Economic Area. We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity. |
|
Supervisory Authority |
You have a right to lodge a complaint with your local supervisory authority about our processing of your personal data. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time. |
|
Withdrawal of consent |
If you have given your consent to the processing of your personal data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data before this remains unaffected. |
7. Marketing
We take steps to limit direct marketing to a reasonable and proportionate level and to send you communications which we believe may be of interest or relevance to you, based on the information we have about you. You may change your marketing preferences at any time by contacting us.
In most cases our processing of your personal data for marketing purposes is based on your consent (including where required by law), although in some cases it may be based on our legitimate interest. Further information about our legal basis for processing personal data for marketing purposes is set out in section 2 In particular, you can always opt-out of email marketing communications by clicking the “unsubscribe” link at the bottom of marketing emails, or by contacting the contact details provided in section 1.
When you choose to unsubscribe, your data is automatically moved to a suppression list to prevent your email address being accidentally added to our database again. If you wish your data to be fully deleted from our systems, we will do so at your request but, if your email address is at any point added back into our database, by you or on your behalf, there will be no automated process in place to prevent marketing being emailed to you again. Please note that where we have another lawful basis for processing, we will continue to process personal data for other purposes – for example, we may process information based on contract necessity. You may also receive indirect marketing from us by way of general marketing communications (e.g. post or non-targeted adverts in the media etc).
8. Any Questions?
We hope this Policy has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that have not been covered, please contact our Data Privacy Team who will be pleased to help you via email at [email protected]. If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time.
This Policy was last updated on April 3, 2023.
