CHECKMARX PRIVACY POLICY

PRIVACY AT CHECKMARX

At Checkmarx (“we“, “us“, “our”), we routinely collect and use information which may identify individuals (“personal data“), including visitors to our website: www.checkmarx.com, business partners (including customers and suppliers), job applicants and physical visitors to any of our premises (“you“, “your”).

We are aware of our responsibilities to handle your personal data with care, to keep it secure and comply with applicable privacy and data protection laws.

The purpose of this Privacy Policy (“Policy“) is to provide a clear explanation of when, why and how we collect and use personal data as data controller, which we explain further below.

We also process personal data on behalf of our respective customers, and while our role is dependent upon relevant circumstances, we generally process the personal data of our customers as a processor on their behalf. Our processing of such personal data is subject to the instructions of our respective customers or as otherwise required by applicable data protection law, not this Policy.

We have designed this Policy to be as user friendly as possible. Click on a topic in the list below to find out more or explore individual sections in more detail by following the various links. We have labelled sections of the Policy to make it easy for you to navigate to the information that may be most relevant to you.

Please read this Policy carefully as it explains how we use personal data. We may change this Policy and, when we do, we will post any changes on this page, so please check back frequently.

CONTENTS OF THIS POLICY

ABOUT US (AS DATA CONTROLLER)
PERSONAL DATA: COLLECTION, PURPOSES AND LAWFUL BASIS
DISCLOSURE OF YOUR PERSONAL DATA
INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
RETENTION OF YOUR PERSONAL DATA
YOUR RIGHTS AND HOW TO EXERCISE THEM
MARKETING
PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
POLICY AMENDMENTS
CHILDREN’S INFORMATION
ANY QUESTIONS?

1. About us (as Data Controller)

Checkmarx Ltd. is the data controller for the personal data set out above in this Policy. Otherwise, the data controller will be the group member of Checkmarx that you have an engagement with (e.g. terms of business) from our group of companies:

Checkmarx, Inc. (United States)
Checkmarx UK Ltd. (United Kingdom)
Checkmarx Portugal, Unipessoal Lda (Portugal)
Checkmarx France A.S. (France)
Checkmarx Australia Pty Ltd. (Australia)
Checkmarx India Technology Services Pvt. Ltd. (India)
Checkmarx Singapore Pte. Ltd. (Singapore)
Checkmarx Germany GmbH (Germany)

You can contact Checkmarx:

By post: Amot Atrium Tower, 11th Floor, 2 Jabotinsky Street, Ramat Gan 5250501 Israel (which is the registered office address of Checkmarx)

By email: privacy@checkmarx.com

2. Personal Data: collection, purposes and lawful basis

This Policy applies to the collection of and processing of your personal data by Checkmarx.

We collect personal data from you directly:

through our “Contact Us” webpage;
if you register to view content prepared by us (e.g. updates (via our “Updates” sign-up form), white papers, webinars);
if you register to attend an event we host or sponsor;
if you would like to “Get a Demo”;
if you purchase one of our products or services;
if you work with us as a business partner, vendor or service provider;
via our Live Chat window; or
if you apply for a position with us.

We also have CCTV cameras at our premises, which directly capture video footage.

We collect your personal data indirectly:

from recruitment agencies and your references (including previous employers), where you apply for a position at Checkmarx;
from social media platforms (e.g. LinkedIn); and
from third party lead generators / content syndication service providers (e.g. Lusha and Zoominfo).

Any information we collect indirectly will be from a publicly available source or you will have consented to it being shared.

We collect personal data during your use of our website via the cookies we use, certain details of which are set out in the table below. For further details about our use of cookies, please refer to our Cookie Policy.

The type of personal data we process differs depending on how you engage with us. The table below provides this information including how we will use personal data and the context for which we use your personal data:

Types of Personal Data	Purpose	Legal Basis
Customers
First name, surname, email address, business address, business phone number / mobile phone number, title, information about your professional expertise	For the provision of our products and services, which includes processing orders, sending invoices and payment reminders, collecting payments and any other general contract administration.	The processing is necessary for performance of a contract.
	To resolve any queries or complaints	Our legitimate interest to respond to any correspondence or queries you send us, and to send service information about our products and/or services. In addition, responding to queries is necessary for fulfilling our contractual obligations; In addition, responding to queries is necessary for fulfilling our contractual obligations.
	To send marketing material, updates, newsletters, informational materials about our products and services including online webinars, and other related information, including, sending solicited information (e.g. quotes in response to an enquiry), and surveys and promotions.	Where required by privacy laws, your consent or where information is solicited. Otherwise, our legitimate interest to send you communications related to the same or similar products or services to which you have previously purchased or entered into negotiations to purchase, where permitted by privacy laws. Please see section 7 (Marketing) of this Policy for more information.
	To conduct data and usage analytics, forecasting, sales and business performance analytics and market research for statistical and survey purposes, improvement and optimization of products, service and business processes and operations, and for other internal business purposes.	Our legitimate interest to measure the use of our products and/or services and interaction to inform and improve service/product direction and development, business processes and operations, and to enable provision of accurate and reliable reporting.
Suppliers
First name, surname, email address, business address, business phone number / mobile phone number, title, information about your professional expertise	Payment and ordering, and any other general contract administration.	The processing is necessary for us to administer our contract with you. Our legitimate interest in conducting our business, including ordering and paying for services, and good contract management. We may also process certain information in order to comply with legal obligations to which we are subject (e.g. with respect to tax reporting and deducting).
	Receiving and using supplier products and services, including support and maintenance and other associated services.	Our legitimate interest in conducting our business, including arranging the delivery and receipt of services and payment for those services. Otherwise, the processing is necessary for fulfilling our contractual obligations. We may also process certain information in order to comply with legal obligations to which we are subject (e.g. with respect to tax reporting and deducting).
Job applicants
First name, surname, contact details (including residential address, email address and phone number / mobile phone number), identification information and details of your qualifications and education history, language and other relevant skills, salary expectations, awards and professional memberships, CV, application letters, references, candidate assessment (including interview notes and interview video); content of your Linkedin profile (if shared); professional and other work-related licenses, permits and certifications including information relating to right to work (citizenship, passport data, residency or work permit), Visa Information (where applicable) and information about your skills, experience and education.	To communicate with you and to respond to request for vacancies and for recruiting and hiring purposes	Where you apply for a position with us and choose to provide us with your personal data in connection with your application, our processing and any communications to you in this regard relies on your consent. The processing is also necessary for us to administer our contract with you – or take steps to consider entering into an employment contract with you.
	To carry out background screening in accordance with applicable laws and comply with our legal requirements.	Necessary to comply with relevant employment law obligations (for example, carrying out right to work checks). Such processing may also rely on our legitimate interest.
	To improve our recruitment process and activities.	Necessary for our legitimate interests to maintain our reputation as a leading employer.
	To process your application and assess your capabilities and qualifications for a position.	The processing is necessary for us to take steps to consider entering into an employment contract with you. Necessary for our legitimate interest to fully and properly assess candidates in order to make informed decisions about who we recruit for the benefit of our business.
	Retention for management of employment if successful and retention for consideration for possible future roles if unsuccessful.	The processing is necessary for us to administer our contract with you – or take steps to consider entering into an employment contract with you. Necessary for our legitimate interest to fully and properly assess candidates in order to make informed decisions about who we recruit for the benefit of our business.
Website users
Name, email address, title, company name and website analytics (described in the next row)	Provision of content and services, marketing and promotional purposes, participation in events, newsletter subscriptions, and responding to enquiries (including social media features) in response to you contacting us through our Contract Us page	Your consent (in relation to non-essential cookies – see below). Our legitimate interest in providing you with information about our products and services (where you indicate an interest) and developing our relationship with you. Please refer to our Cookie Policy for further details about our use of cookies
Information about your visits to our website, your IP address, browser type, your operating system and device type, the number of times you visit our website, your interactions with our website, the pages you’ve visited on our website, your display settings, session start / stop time, referral URL, time zone, and network connection type, your geo-location address, content information and preferences,	To help us to keep our website available and secure.	Our legitimate interest to provide and maintain our website through utilising cookies that are strictly necessary.
	To improve your experience when you visit our website. This includes: (a) for statistical analysis to improve, test and monitor the effectiveness of our website; (b) to monitor metrics such as total number of visitors and traffic data (including demographic patterns); (c) to ensure content on our website is presented in the most effective manner for you and to enhance your use of our website; and (d) to optimize marketing campaigns.	Your consent for cookies that are not strictly necessary, such as cookies relating to performance, functionality and target/advertising. Please refer to our Cookie Policy for further details about our use of cookies.
Marketing
Name, email address, telephone number, company and position information, location	Lead generation for marketing and promotion purposes through first and third party physical and web based events, conferences, roundtables, webinars and other interactive mediums.	Where required by privacy laws, your consent or where information is solicited. Otherwise, our legitimate interest to promote our products or services.
Name, email address, telephone number, company and position information, location	Lead generation for use in marketing and promotion purposes through sourcing personal data via third party lead generation including content syndication, databases or social media platforms.	Where required by privacy laws, your consent. Otherwise, our legitimate interest to promote our products or services.
Name, email address, telephone number, company and position information, location	Where you attend a Checkmarx hosted or sponsored event, to provide you with information, gifts and giveaways in connection with the event	Where required by privacy laws, your consent or where information is solicited. Otherwise, our legitimate interest to promote our products or services.
Individuals captured on CCTV systems we manage
CCTV images.	To capture footage to help prevent and detect crime e.g. at our premises.	Our legitimate interest, and those of our clients/customers, to ensure security and help prevent and detect crime. We have a separate CCTV policy which you can request / is available on site.
All Data Subjects
All data above mentioned.	In connection with any merger, sale, transfer of our assets, investment, acquisition, bankruptcy, or similar event or corporate transaction.	Necessary for our legitimate interests to ensure we can protect and grow our business.
All data above mentioned.	To help us improve and optimise our products and services.	Necessary for our legitimate interests to maintain our reputation as a leading provider of application security testing solutions to customers across the globe
All data above mentioned.	To perform financial accounting functions including tax reporting to comply with applicable laws and accounting standards that Checkmarx adheres to.	Necessary to comply with relevant legal obligations (for example, relating to tax reporting).
All data above mentioned.	To protect the rights of Checkmarx and Data Subjects	Necessary to comply with relevant legal obligations (for example, applicable data protection/privacy laws). Necessary for our legitimate interests to act in, and protect, the interests of our business.
All data above mentioned.	To perform risk analysis, fraud/crime prevention and due diligence.	Necessary to comply with relevant legal obligations (for example, applicable anti-money laundering and anti-terrorist laws). Necessary for our legitimate interests to act in, and protect, the interests of our business.

In limited circumstances we may process any of the personal data we hold to the extent necessary to defend, establish and exercise legal claims or to comply with legal or regulatory obligations, including, responding to requests and communications from competent authorities, courts or tribunals. Such processing is based on our legitimate interests, which in this case are protecting our services and data, exercising our legal rights, and complying with our legal obligations.

Where we need to collect personal data due to a legal or regulatory obligation, or for performance of a contract, and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products/services). We will notify you of this at the time.

3. Disclosure of your Personal Data

Depending on your dealings with us, we may disclose some or all of the personal data we collect from and obtain about you to the following:

Category of Recipient	Data that will be Disclosed
Internal Recipients	Entities within our Checkmarx Group: Personal data is shared internally within the Checkmarx Group as described in section 1 as required for internal administrative purposes, management purposes or other business-related purposes, in order to operate our website, to communicate with you, and to offer and provide our products and services to you, as described in this Policy.
Internal Recipients	Personnel: Personal data is shared internally on a need-to-know basis to our staff and personnel including directors, shareholders, employees, contractors and other temporary workers.
External Recipients	Service Providers and Data Processors: We engage third party vendors, from time to time, including: IT service providers to help manage our IT and back office systems web services including web hosting, storage and web analytics digital communication providers including online and instant messaging, chat and email providers data, website, product and platform security providers ordering, invoicing and payment platforms analytics and search engine providers to help us improve and optimise our products and services. We will only share this information in a form that does not directly identify you providers of various services for improvement and optimization of our products, service and business processes and operations, and for other internal business purposes including data and usage analytics, forecasting, sales and business performance analytics and market research for statistical and survey purposes recruitment and referral agencies and background screening service providers professional advisors such as tax or legal advisors (for example, as necessary for the establishment, exercise or defence of legal claims or to protect the rights or safety of the Checkmarx Group) agents, suppliers or sub-contractors and other associated organisations where they are engaged by us to help deliver a service or product that we have instructed them on or assist with customer management (where you attend a Checkmarx hosted or sponsored event) event organizers, logistic and production companies in connection with events that you may attend. Some of these service providers use ‘cloud based’ IT applications or systems, which means that your personal data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of personal data.
	Reselling and Distribution Partners: We disclose and share your personal data with reselling and distribution partners who promote, market and sell Checkmarx products and services in the territory you are located.
	Third parties in case of a legal requirement: We disclose your personal data if disclosure is required by law or in the context of an investigation, regulatory requirement, judicial proceeding, court order or legal process (including to law enforcement or competent authorities like the police and tax authorities). We may also disclose personal data in case we believe, in good faith, that such disclosure is necessary in order to enforce our policies, take precautions against liabilities, investigate and defend ourselves against any third-party claims or allegations, protect the security or integrity of the service and protect our rights and property.
	Third parties in case of a corporate transaction: Information about our customers, including personal data, may be disclosed as part of any merger, sale, transfer of our assets, investment, acquisition, bankruptcy, or similar event, including while engaging with our actual or potential investors.

4. International transfers of your Personal Data

Some of the recipients listed in section 3 above may be based outside the European Economic Area and/or the United Kingdom.

Where the GDPR or the UK GDPR are applicable, and whenever we make transfers of your Personal Data, we implement appropriate safeguards in accordance with applicable data protection laws and will only transfer or share your Personal Data to recipients:

within the Checkmarx Group under an intra-group agreement which gives specific contractual protections;
pursuant to the EU Standard Contractual Clauses and additional measures to supplement such clauses as may be required in line with transfer impact assessments we carry out, to prevent interference by public authorities of third countries;
pursuant to the UK Addendum; and/or
in countries that have an adequacy decision by the European Commission and/or the UK Information Commissioner’s Office; or
located in the EEA or in the UK.

Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed. If you would like to find out more about any such transfers or obtain a copy of safeguards, please contact us using the details set out in section 1

5. Retention of your Personal Data

We will not retain your personal data longer than it is necessary to carry out the purposes listed in section 2 of this Policy or than is required by law.

In some circumstances we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. In specific circumstances we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.

We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.

6. Your rights and how to exercise them

Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have several rights in relation to your personal data set out in this section. In certain circumstances these rights might not be absolute, as they depend on our reason for processing your personal data. You are not required to pay any charge for exercising your rights, although we may charge a reasonable fee if your request is unfounded, repetitive or excessive.

EU Residents Rights	California Residents Rights	Details
Right to know or access Personal Data collected by us	The right to know what personal data the business has collected.	The right to know what personal data we collected, including the categories of personal data, the sources from which the personal data is collected, the business or commercial purpose for collecting, selling, or sharing personal data, the categories of third parties to whom we disclose personal data, and the specific pieces of personal data the we collected about you.
Deletion Rights		The right to delete personal data that we collected from you, subject to certain exceptions.
Correct Inaccurate Data		The right to correct inaccurate personal data that we maintain about you
N/A	Opt-Out of Sharing for Cross-Contextual Behavioural Advertising	You have the right to opt-out of the “sharing” of your personal data for “cross-contextual behavioural advertising” (all as defined under the CCPA), often referred to as “interest-based advertising” or “targeted advertising”.
N/A	Opt-out from selling	The right to opt-out of the “sale” or “sharing” (as defined under the CCPA) of personal data.
N/A	Limit the Use or Disclosure of Sensitive personal data (SPI)	You have the right to request to limit the collection of your SPI to that use which is necessary to maintain our service,
Opt-Out of the Use of Automated Decision Making	N/A	In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your personal data.
N/A	Non-Discrimination	The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your personal data.
Data Portability		You may request to receive a copy of your personal data, including specific pieces of personal data, including, where applicable, to obtain a copy of the personal data you provided to us in a portable format.
Restriction or Objection to Processing	N/A	You have the right to object the processing of your personal data, unless certain exceptions apply.
Withdrawal of Consent	N/A	If personal data is processes on the basis of your consent, you have the right to withdraw it at any time.

Your rights may be exercised by contacting us at: privacy@checkmarx.com. In case of rejection, the response we provide will explain the reasons for which we cannot comply with your request.

Responding times and format:

For EU residents: We have one month to respond to you (unless you have made a number of requests or your request is complex, in which case we may take up to an extra two months to respond).

Please note that, where we ask you for proof of identification, the one-month time limit does not begin until we have received this. If we require any clarification and/or further information on the scope of the request, the one-month deadline is paused until we receive that information.

For California residents:

Our goal is to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing within the first 45 days period. We will deliver our written response, by mail or electronically, at your option. Any disclosures we provide will cover only the 12-month period preceding the request. If reasonably possible, we will provide your personal data in a format that is readily useable and should allow you to transmit the information without hindrance. You may only request a copy of your data twice within a 12-month period.
The request must:
- Provide sufficient information to allow us to reasonably verify you are the person about whom we collected personal data or an authorized representative.
- Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

7. Marketing

We take steps to limit direct marketing to a reasonable and proportionate level and to send you communications which we believe may be of interest or relevance to you, based on the information we have about you. You may change your marketing preferences (for example whether you want to receive email, SMS and/or telephone marketing) at any time by contacting us.

In most cases our processing of your personal data for marketing purposes is based on your consent (including where required by law), although in some cases it may be based on our legitimate interest. Further information about our legal basis for processing personal data for marketing purposes is set out in section 2 In particular, you can always opt-out of email marketing communications by clicking the “unsubscribe” link at the bottom of marketing emails, or by contacting the contact details provided in section 1.

When you choose to unsubscribe, your data is automatically moved to a suppression list to prevent your email address being accidentally added to our database again. If you wish your data to be fully deleted from our systems, we will do so at your request but, if your email address is at any point added back into our database, by you or on your behalf, there will be no automated process in place to prevent marketing being emailed to you again. Please note that where we have another lawful basis for processing, we will continue to process personal data for other purposes – for example, we may process information based on contract necessity. You may also receive indirect marketing from us by way of general marketing communications (e.g. post or non-targeted adverts in the media etc).

8. Privacy Notice for U.S Residents

This part of the Policy addresses the specific disclosure requirements under the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and the regulations enacted thereunder (collectively: “CCPA“).

Collection, Disclosure and Sharing of Personal Information

In the preceding twelve (12) months, we have collected the following Personal Information:

Category of Personal Information Collected	Personal Information Collected	Sources of Personal Information	Business Purposes for Collection
Identifiers	Full name, email address, social media identifier, IP address.	Directly and indirectly from activity on our website: For example, directly from forms you complete on website; or indirectly, we collect your usage data automatically from measurement tools. Indirectly from you:We track your activities across the internet, for example, when you view or interact with certain content, web page or ad. From third-parties: For example, from vendors who assist us in performing services for consumers, recruiting agencies, internet service providers, data analytics providers, social networks, and data brokers.	To provide you with and improve our service. To fulfil our contractual obligations with you To detect and prevent fraud or illegal activities. To respond to your requests and inquiries and communicate with you. Direct marketing purposes – we may use the contact details you provided us to send you promotional offers and other content. To perform research, technical diagnostics, analytics or statistical purposes. To charge our Customers for the Service provided by us. For recruiting and hiring purposes. For marketing and promotion purposes. To perform financial accounting functions.
Personal information described in subdivision (e) California Code, Civil Code – CIV § 1798.80	Full name, email address, social media identifier, IP address, phone/mobile phone number, information relating to right to work (citizenship, passport data, residency or work permit), and CCTV images.
Commercial Information	Records of products or services purchased
Professional or employment-related information	1. Title and professional expertise of our customers, suppliers and our events’ attendees’;2. Job applicants’ awards and professional memberships, CV, application letters, references, candidate assessment (including interview notes and interview video); content of LinkedIn profile (if shared); professional and other work-related licenses, permits and certifications including Visa Information (where applicable).
Geolocation data	IP address and device location data
Electronic network activity	Information about users’ visits to our website, IP address, browser type, operating system and device type, number of visits on our website, interactions with our website, the pages visited on our website, display settings, session start / stop time, referral URL, time zone, and network connection type, content information and preferences.

In the preceding twelve (12) months we disclosed your Personal Information, as described below:

Categories of Recipients	Business and Commercial Purposes for Disclosure
Internal entities	Personal Information is shared internally within the Checkmarx Group as described in section 1 as required for internal administrative purposes, management purposes or other business-related purposes, in order to operate our website, to communicate with you, and to offer and provide our products and services to you, as described in this Policy.
Service Providers	The disclosure of such Personal Information will be as reasonably necessary and proportionate to achieve, inter alia, the following purposes: To provide, operate, maintain, improve, and promote the website and services. To enable you to access and use the website and services. To process and complete transactions, and send you related information, including purchase confirmations and invoices. To send transactional messages, including responses to your comments, questions, and requests. To send marketing communications, in accordance with your communication preferences, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events. To improve and optimize our products, service and business processes and operations, and for other internal business purposes including data and usage analytics, forecasting, sales and business performance analytics and market research for statistical and survey purposes. To obtain professional advice from external counsel (such as, lawyers, accountants and tax advisors). To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity. To organize our events, where you attend a Checkmarx hosted or sponsored event) To promote, market and sell Checkmarx products and services. To comply with legal obligations or requirements, and exercise our rights.

Categories of Recipients

Business and Commercial Purposes for Disclosure

Internal entities

Personal Information is shared internally within the Checkmarx Group as described in section 1 as required for internal administrative purposes, management purposes or other business-related purposes, in order to operate our website, to communicate with you, and to offer and provide our products and services to you, as described in this Policy.

Service Providers

The disclosure of such Personal Information will be as reasonably necessary and proportionate to achieve, inter alia, the following purposes:

To provide, operate, maintain, improve, and promote the website and services.
To enable you to access and use the website and services.
To process and complete transactions, and send you related information, including purchase confirmations and invoices.
To send transactional messages, including responses to your comments, questions, and requests.
To send marketing communications, in accordance with your communication preferences, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events.
To improve and optimize our products, service and business processes and operations, and for other internal business purposes including data and usage analytics, forecasting, sales and business performance analytics and market research for statistical and survey purposes.
To obtain professional advice from external counsel (such as, lawyers, accountants and tax advisors).
To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity.
To organize our events, where you attend a Checkmarx hosted or sponsored event)
To promote, market and sell Checkmarx products and services.
To comply with legal obligations or requirements, and exercise our rights.

We do not “Sell” or “Share” personal information, as these terms are defined under the CCPA.

Authorized Agents

“Authorized agents” may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you are an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer.

Usually, we will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:

When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require that the consumer do the following:
- Provide the authorized agent signed permission to do so or power of attorney.
- Verify their own identity directly with the business.
- Directly confirm with the business that they provided the authorized agent permission to submit the request.
We may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.

Direct Marketing Requests

California Civil Code Section 1798.83 permits you, if you are a California resident, to request certain information regarding disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us at privacy@checkmarx.com.
“Do Not Track” Settings: “Do Not Track” is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to the Do Not Track settings. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.

Record Keeping

We will maintain records of consumer requests made pursuant to the CCPA and our responses to said requests for minimum period of 24 months. Such information will be used for no other purpose other than records keeping requirements under the CCPA or other legal requirements such as law, court order, subpoena, warrant or other legal judicial process.

9. Policy Amendments

We reserve the right to change this Policy at any time, so please re-visit this page frequently. All changes to this Policy are effective as stated “Last Updated” date, and your continued use of the services after the Last Update date will constitute acceptance of, and agreement to be bound by, those changes. As required by the CCPA we will review this Privacy Policy every twelve (12) months and amend it as necessary.

10. Children’s Information

Our Services are not intended for, and we will not knowingly collect personal data from, minors below the age of sixteen (16) years, or otherwise below the legal age for providing consent that is not subject to authorization by the holder of parental responsibility, in accordance with the laws in the jurisdiction you reside (“Age of Majority”). If we become aware that of personal data of a user under the Age of Majority, we will remove such information from our files immediately. We reserve the right to request proof of age at any stage so that we can verify that children are not using the Services.

11. Any Questions?

We hope this Policy has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that have not been covered, please contact our Data Privacy Team who will be pleased to help you via email at privacy@checkmarx.com.If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time.

This Policy was last updated on 22 February 2024.