Checkmarx Privacy Policy

Checkmarx Privacy Policy

CHECKMARX PRIVACY POLICY

When you use our website, sign-up to view our content or participate in events, you consent to the collection, storage, use, disclosure and other uses of your data as described in this Privacy Policy.

What type of data we collect?

When you access our website, we collect your IP address and information regarding your general location.  We also use various technological tracking tools such as cookies which are used to store content information and preferences relating to your interactions with our website. 

We also collect analytics data about the use of our website.  This may include data related to website visits, page views, site interactions, browser type, display settings, operating system, device type, session start/stop time, referral URL, time zone, and network connection type.   We may merge data collected through these tracking technologies and data we may obtain from other sources and, as a result, such data may become personal data.

We may receive your personal information when you communicate with us.  For example, when you send us an email or contact us through the forms on our website, we will collect the information you provide to us.  We may also collect your information when you sign-up or register to view content prepared by us (eg. white papers, webinars) or participate in events hosted or sponsored by Checkmarx.  This information may include your email address, your telephone number, information about your company and your position, your country, and any other information submitted by you.

Our websites may include social media features. These features may collect your IP address, which page you are visiting on our website, and may set a cookie so that the social media feature works properly.  Social media features are governed by the privacy policies of the website providing the feature.

We may receive personal data from our business partners. We may combine information collected about you with information from third party sources. 

How do we use the data we collect?

We will use your data to operate our website, to communicate with you, to keep you informed of the latest updates to our website, products and services, and provide you, or have our business partners provide you, with offers.

We may use your personal data for our internal marketing and promotional purposes. For example, by subscribing to our newsletter you will receive announcements from us.   You may choose not to receive our promotional or marketing emails (all or any part thereof) by clicking on the “unsubscribe” link in the emails that you receive from us. Please note that even if you unsubscribe from our communications, we may continue to send you product/service-related updates and notifications, or reply to your queries and feedback you provide us.

If you do not want us to use your personal data for marketing purposes, you may opt-out by sending an email request to [email protected].  Please note that even if you opt-out, we may still use your data for non-marketing purposes (for example to fulfill your requests, communicate with you and respond to your inquiries, etc.). 

From time to time, we may conduct surveys or test features, and analyze the data we have to develop, evaluate and improve these features and our internal business operations, in order to better understand our customers and improve our business operations, website, products and services. 

We may use your personal data when we believe it’s necessary in order to take precautions against liabilities, investigate and defend ourselves against any third party claims or allegations, investigate and protect ourselves from fraud, protect the security or integrity of our services and protect the rights and property of Checkmarx, its users and/or partners.   We may use your personal data in order to enforce our policies, including but not limited to our website Terms of Use.  We may also use your personal data to investigate violations, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process.

With whom do we share your personal data?

We share your information with companies in our group, as well as employees and contractors, and our business partners, in order to operate the website, to communicate with you, and to offer and provide our products and services to you.

We share your information with our third party service providers, such as web hosting, storage, customer management, analytics, survey, data security and assessment and email service providers. Additionally, we also share your information with event organizers, logistic and production companies in connection with events that you may attend. These third parties have access to your personal data so that they may provide these services on our behalf but they are not permitted by us to use your personal data for any other purpose.

We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any data about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being illegal, unethical, inappropriate or legally actionable. We also may be required to disclose an individual’s personal data in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.

We may share your data if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your data in accordance with the terms of this Privacy Policy.

Transfer of data outside the EEA

Please note that some data recipients may be located outside the European Economic Area (“EEA”). In such cases, we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or we will enter into legal agreements ensuring an adequate level of data protection in accordance with applicable law.  By providing us your personal data, you hereby consent to such transfers of data outside the EEA.

How we protect your information

We have implemented administrative, technical, and physical safeguards to prevent unauthorized access, use, or disclosure of your data.  We limit access of your information to those employees, subcontractors and service providers who require access to the data to discharge their duties to us.

While we seek to protect your information to ensure that it is kept confidential, we cannot absolutely guarantee its security. You should be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect your personal data, we cannot ensure or warrant the security and privacy of your personal data or other content you transmit while using the website, and you do so at your own risk.

Retention

We will retain your personal data for as long as necessary to provide our website, products and services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client personal data, communications and anything else as required by applicable laws and regulations.

User rights

You may request to:

  • Receive confirmation as to whether or not personal data concerning you is being processed, and access your stored personal data, together with supplementary information.
  • Receive a copy of personal data you directly volunteer to us in a structured, commonly used and machine-readable format.
  • Request rectification of your personal data that is in our control.
  • Request erasure of your personal data.
  • Object to the processing of personal data by us.
  • Request to restrict processing of your personal data by us.
  • Lodge a complaint with a supervisory authority.

However, please note that these rights are not absolute, and may also be subject to our own legitimate interests and regulatory requirements.

How to contact us?

If you wish to exercise any of the aforementioned rights, or to receive more information, please contact us using the contact details set out in the “Contact Us” portion of our website: https://www.checkmarx.com/contact-us

Updates to this Policy

This Privacy Policy is subject to changes from time to time, in our sole discretion. The most current version will always be posted on our website. Your continued use of the website or our services shall be deemed to be your consent to such changes.

Last updated: January 3, 2022

Checkmarx Privacy Policy

PRIVACY AT CHECKMARX

At Checkmarx (“we“, “us“, “our”), we routinely collect and use information which may identify individuals (“personal data“), including visitors to our website: www.checkmarx.com, business partners (including customers and suppliers), job applicants and physical visitors to any of our premises (“you“, “your”).

We are aware of our responsibilities to handle your personal data with care, to keep it secure and comply with applicable privacy and data protection laws.

The purpose of this Privacy Policy (“Policy“) is to provide a clear explanation of when, why and how we collect and use personal data as data controller, which we explain further below.

We also process personal data on behalf of our respective customers, and while our role is dependent upon relevant circumstances, we generally process the personal data of our customers as a processor on their behalf. Our processing of such personal data is subject to the instructions of our respective customers or as otherwise required by applicable data protection law, not this Policy.

We have designed this Policy to be as user friendly as possible. Click on a topic in the list below to find out more or explore individual sections in more detail by following the various links. We have labelled sections of the Policy to make it easy for you to navigate to the information that may be most relevant to you.

Please read this Policy carefully as it explains how we use personal data. We may change this Policy and, when we do, we will post any changes on this page, so please check back frequently.

CONTENTS OF THIS POLICY

  1. ABOUT US (AS DATA CONTROLLER)
  2. PERSONAL DATA: COLLECTION, PURPOSES AND LAWFUL BASIS
  3. DISCLOSURE OF YOUR PERSONAL DATA
  4. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
  5. RETENTION OF YOUR PERSONAL DATA
  6. YOUR RIGHTS AND HOW TO EXERCISE THEM
  7. MARKETING
  8. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
  9. POLICY AMENDMENTS
  10. CHILDREN’S INFORMATION
  11. ANY QUESTIONS?

1. About us (as Data Controller)

Checkmarx Ltd. is the data controller for the personal data set out above in this Policy. Otherwise, the data controller will be the group member of Checkmarx that you have an engagement with (e.g. terms of business) from our group of companies:

  • Checkmarx, Inc. (United States)
  • Checkmarx UK Ltd. (United Kingdom)
  • Checkmarx Portugal, Unipessoal Lda (Portugal)
  • Checkmarx France  A.S. (France)
  • Checkmarx Australia Pty Ltd. (Australia)
  • Checkmarx India Technology Services Pvt. Ltd. (India)
  • Checkmarx Singapore Pte. Ltd. (Singapore)
  • Checkmarx Germany GmbH (Germany)

You can contact Checkmarx:

By post:           Amot Atrium Tower, 11th Floor, 2 Jabotinsky Street, Ramat Gan 5250501 Israel (which is the registered office address of Checkmarx)

By email:         [email protected]

 

2. Personal Data: collection, purposes and lawful basis

This Policy applies to the collection of and processing of your personal data by Checkmarx.

We collect personal data from you directly:

  • through our “Contact Us” webpage;
  • if you register to view content prepared by us (e.g. updates (via our “Updates” sign-up form), white papers, webinars);
  • if you register to attend an event we host or sponsor;
  • if you would like to “Get a Demo”;
  • if you purchase one of our products or services;
  • if you work with us as a business partner, vendor or service provider;
  • via our Live Chat window; or
  • if you apply for a position with us.

We also have CCTV cameras at our premises, which directly capture video footage.

We collect your personal data indirectly:

  • from recruitment agencies and your references (including previous employers), where you apply for a position at Checkmarx;
  • from social media platforms (e.g. LinkedIn); and
  • from third party lead generators / content syndication service providers (e.g. Lusha and Zoominfo).

Any information we collect indirectly will be from a publicly available source or you will have consented to it being shared.

We collect personal data during your use of our website via the cookies we use, certain details of which are set out in the table below. For further details about our use of cookies, please refer to our Cookie Policy.

The type of personal data we process differs depending on how you engage with us. The table below provides this information including how we will use personal data and the context for which we use your personal data:

Types of Personal Data Purpose Legal Basis

Customers

First name, surname, email address, business address, business phone number / mobile phone number, title, information about your professional expertise

For the provision of our products and services, which includes processing orders, sending invoices and payment reminders, collecting payments and any other general contract administration.

The processing is necessary for performance of a contract.

To resolve any queries or complaints

Our legitimate interest to respond to any correspondence or queries you send us, and to send service information about our products and/or services. In addition, responding to queries is necessary for fulfilling our contractual obligations; In addition, responding to queries is necessary for fulfilling our contractual obligations.

To send marketing material, updates, newsletters, informational materials about our products and services including online webinars, and other related information, including, sending solicited information (e.g. quotes in response to an enquiry), and surveys and promotions.

Where required by privacy laws, your consent or where information is solicited.

Otherwise, our legitimate interest to send you communications related to the same or similar products or services to which you have previously purchased or entered into

negotiations to purchase, where permitted by privacy laws.

Please see section 7 (Marketing) of this Policy for more information.

To conduct data and usage analytics, forecasting, sales and business performance analytics and market research for statistical and survey purposes, improvement and optimization of products, service and business processes and operations, and for other internal business purposes.

Our legitimate interest to measure the use of our products and/or services and interaction to inform and improve service/product direction and development, business processes and operations, and to enable provision of accurate and reliable reporting.

Suppliers

First name, surname, email address, business address, business phone number / mobile phone number, title, information about your professional expertise

Payment and ordering, and any other general contract administration.

The processing is necessary for us to administer our contract with you.

Our legitimate interest in conducting our business, including ordering and paying for services, and good contract management.

We may also process certain information in order to comply with legal obligations to which we are subject (e.g. with respect to tax reporting and deducting).

Receiving and using supplier products and services, including support and maintenance and other associated services.

Our legitimate interest in conducting our business, including arranging the delivery and receipt of services and payment for those services.

Otherwise, the processing is necessary for fulfilling our contractual obligations.

We may also process certain information in order to comply with legal obligations to which we are subject (e.g. with respect to tax reporting and deducting).

Job applicants

First name, surname, contact details (including residential address, email address and phone number / mobile phone number), identification information and details of your qualifications and education history, language and other relevant skills, salary expectations, awards and professional memberships, CV, application letters, references, candidate assessment (including interview notes and interview video); content of your Linkedin profile (if shared); professional and other work-related licenses, permits and certifications including information relating to right to work (citizenship, passport data, residency or work permit), Visa Information (where applicable) and information about your skills, experience and education.

To communicate with you and to respond to request for vacancies and for recruiting and hiring purposes

Where you apply for a position with us and choose to provide us with your personal data in connection with your application, our processing and any communications to you in this regard relies on your consent.

The processing is also necessary for us to administer our contract with you - or take steps to consider entering into an employment contract with you.

To carry out background screening in accordance with applicable laws and comply with our legal requirements.

Necessary to comply with relevant employment law obligations (for example, carrying out right to work checks).

Such processing may also rely on our legitimate interest.

To improve our recruitment process and activities.

Necessary for our legitimate interests to maintain our reputation as a leading employer.

To process your application and assess your capabilities and qualifications for a position.

The processing is necessary for us to take steps to consider entering into an employment contract with you.

Necessary for our legitimate interest to fully and properly assess candidates in order to make informed decisions about who we recruit for the benefit of our business.

Retention for management of employment if successful and retention for consideration for possible future roles if unsuccessful.

The processing is necessary for us to administer our contract with you - or take steps to consider entering into an employment contract with you.

Necessary for our legitimate interest to fully and properly assess candidates in order to make informed decisions about who we recruit for the benefit of our business.

Website users

Name, email address, title, company name and website analytics (described in the next row)

Provision of content and services,  marketing and promotional purposes, participation in events, newsletter subscriptions, and responding to enquiries (including social media features) in response to you contacting us through our Contract Us page

Your consent (in relation to non-essential cookies – see below).

Our legitimate interest in providing you with information about our products and services (where you indicate an interest) and developing our relationship with you.

Please refer to our Cookie Policy for further details about our use of cookies

Information about your visits to our website, your IP address, browser type, your operating system and device type, the number of times you visit our website, your interactions with our website, the pages you’ve visited on our website, your display settings, session start / stop time, referral URL, time zone, and network connection type, your geo-location address, content information and preferences,

To help us to keep our website available and secure.

Our legitimate interest to provide and maintain our website through utilising cookies that are strictly necessary.

To improve your experience when you visit our website. This includes: (a) for statistical analysis to improve, test and monitor the effectiveness of our website; (b) to monitor metrics such as total number of visitors and traffic data (including demographic patterns);  (c) to ensure content on our website is presented in the most effective manner for you and to enhance your use of our website; and (d) to optimize marketing campaigns .

Your consent for cookies that are not strictly necessary, such as cookies relating to performance, functionality and target/advertising.

Please refer to our Cookie Policy for further details about our use of cookies.

Marketing

Name, email address, telephone number, company and position information, location

Lead generation for marketing and promotion purposes through first and third party physical and web based events, conferences, roundtables, webinars and other interactive mediums.

Where required by privacy laws, your consent or where information is solicited.

Otherwise, our legitimate interest to promote our products or services.

Name, email address, telephone number, company and position information, location

Lead generation for use in marketing and promotion purposes through sourcing personal data via third party lead generation including content syndication, databases or social media platforms.

Where required by privacy laws, your consent.

Otherwise, our legitimate interest to promote our products or services.

Name, email address, telephone number, company and position information, location

Where you attend a Checkmarx hosted or sponsored event, to provide you with information, gifts and giveaways in connection with the event

Where required by privacy laws, your consent or where information is solicited.

Otherwise, our legitimate interest to promote our products or services.

Individuals captured on CCTV systems we manage

CCTV images.

To capture footage to help prevent and detect crime e.g. at our premises.

Our legitimate interest, and those of our clients/customers, to ensure security and help prevent and detect crime.

We have a separate CCTV policy which you can request / is available on site.

All Data Subjects

All data above mentioned.

In connection with any merger, sale, transfer of our assets, investment, acquisition, bankruptcy, or similar event or corporate transaction.

Necessary for our legitimate interests to ensure we can protect and grow our business.

All data above mentioned.

To help us improve and optimise our products and services.

Necessary for our legitimate interests to maintain our reputation as a leading provider of application security testing solutions to customers across the globe

All data above mentioned.

To perform financial accounting functions including tax reporting to comply with applicable laws and accounting standards that Checkmarx adheres to.

Necessary to comply with relevant legal obligations (for example, relating to tax reporting).

All data above mentioned.

To protect the rights of Checkmarx and Data Subjects

Necessary to comply with relevant legal obligations (for example, applicable data protection/privacy laws). Necessary for our legitimate interests to act in, and protect, the interests of our business. 

All data above mentioned.

To perform risk analysis, fraud/crime prevention and due diligence.

Necessary to comply with relevant legal obligations (for example, applicable anti-money laundering and anti-terrorist laws).

Necessary for our legitimate interests to act in, and protect, the interests of our business.

In limited circumstances we may process any of the personal data we hold to the extent necessary to defend, establish and exercise legal claims or to comply with legal or regulatory obligations, including, responding to requests and communications from competent authorities, courts or tribunals. Such processing is based on our legitimate interests, which in this case are protecting our services and data, exercising our legal rights, and complying with our legal obligations.

Where we need to collect personal data due to a legal or regulatory obligation, or for performance of a contract, and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products/services). We will notify you of this at the time.

3. Disclosure of your Personal Data

Depending on your dealings with us, we may disclose some or all of the personal data we collect from and obtain about you to the following: 

 

 

Category of Recipient Data that will be Disclosed

Internal Recipients

Entities within our Checkmarx Group: Personal data is shared internally within the Checkmarx Group as described in section 1 as required for internal administrative purposes, management purposes or other business-related purposes, in order to operate our website, to communicate with you, and to offer and provide our products and services to you, as described in this Policy.

Personnel: Personal data is shared internally on a need-to-know basis to our staff and personnel including directors, shareholders, employees, contractors and other temporary workers.

External Recipients

Service Providers and Data Processors: We engage third party vendors, from time to time, including:

  • IT service providers to help manage our IT and back office systems
  • web services including web hosting, storage and web analytics
  • digital communication providers including online and instant messaging, chat and email providers
  • data, website, product and platform security providers
  • ordering, invoicing and payment platforms
  • analytics and search engine providers to help us improve and optimise our products and services. We will only share this information in a form that does not directly identify you
  • providers of various services for improvement and optimization of our products, service and business processes and operations, and for other internal business purposes including data and usage analytics, forecasting, sales and business performance analytics and market research for statistical and survey purposes
  • recruitment and referral agencies and background screening service providers
  • professional advisors such as tax or legal advisors (for example, as necessary for the establishment, exercise or defence of legal claims or to protect the rights or safety of the Checkmarx Group)
  • agents, suppliers or sub-contractors and other associated organisations where they are engaged by us to help deliver a service or product that we have instructed them on or assist with customer management
  • (where you attend a Checkmarx hosted or sponsored event) event organizers, logistic and production companies in connection with events that you may attend.

Some of these service providers use 'cloud based' IT applications or systems, which means that your personal data will be hosted on their servers, but under our control and direction.  We require all our service providers to respect the confidentiality and security of personal data.

 

Reselling and Distribution Partners: We disclose and share your personal data with reselling and distribution partners who promote, market and sell Checkmarx products and services in the territory you are located.

Third parties in case of a legal requirement: We disclose your personal data if disclosure is required by law or in the context of an investigation, regulatory requirement, judicial proceeding, court order or legal process (including to law enforcement or competent authorities like the police and tax authorities).

We may also disclose personal data in case we believe, in good faith, that such disclosure is necessary in order to enforce our policies, take precautions against liabilities, investigate and defend ourselves against any third-party claims or allegations, protect the security or integrity of the service and protect our rights and property.

Third parties in case of a corporate transaction: Information about our customers, including personal data, may be disclosed as part of any merger, sale, transfer of our assets, investment, acquisition, bankruptcy, or similar event, including while engaging with our actual or potential investors.

4. International transfers of your Personal Data

Some of the recipients listed in section 3 above may be based outside the European Economic Area and/or the United Kingdom.

Where the GDPR or the UK GDPR are applicable, and whenever we make transfers of your Personal Data, we implement appropriate safeguards in accordance with applicable data protection laws and will only transfer or share your Personal Data to recipients:

  • within the Checkmarx Group under an intra-group agreement which gives specific contractual protections;
  • pursuant to the EU Standard Contractual Clauses and additional measures to supplement such clauses as may be required in line with transfer impact assessments we carry out, to prevent interference by public authorities of third countries;
  • pursuant to the UK Addendum; and/or
  • in countries that have an adequacy decision by the European Commission and/or the UK Information Commissioner’s Office; or
  • located in the EEA or in the UK.

Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed.  If you would like to find out more about any such transfers or obtain a copy of safeguards, please contact us using the details set out in section 1

5. Retention of your Personal Data

We will not retain your personal data longer than it is necessary to carry out the purposes listed in section 2 of this Policy or than is required by law.

In some circumstances we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. In specific circumstances we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings. 

We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.

6. Your rights and how to exercise them

Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have several rights in relation to your personal data set out in this section. In certain circumstances these rights might not be absolute, as they depend on our reason for processing your personal data. You are not required to pay any charge for exercising your rights, although we may charge a reasonable fee if your request is unfounded, repetitive or excessive.

Purpose Legal Basis

Right

What this means

Access

You can ask us to:

  • confirm whether we are processing your personal data;
  • give you a copy of that data;
  • provide you with other information about your personal data in accordance with data protection laws, to the extent that information has not already been provided to you in this Policy.

 

Rectification

You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.

Erasure

You can ask us to erase your personal data, but only where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see 'Objection' below); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which Checkmarx is subject.

We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defence of legal claims.

There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.

Restriction

You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

  • its accuracy is contested (see Rectification above), to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal data following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Portability

You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format or you can ask to have it 'ported' directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; an
  • the processing is carried out by automated means.

 

Objection

You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis (see section 2 above) if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

International Transfers

You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Economic Area. We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.

Supervisory Authority

You have a right to lodge a complaint with your local supervisory authority about our processing of your personal data. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

Withdrawal of consent

If you have given your consent to the processing of your personal data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data before this remains unaffected.

Purpose Legal Basis

EU Residents Rights

California Residents Rights

Details

Right to know or access Personal Data collected by us

The right to know what personal data the business has collected.

The right to know what personal data we collected, including the categories of personal data, the sources from which the personal data is collected, the business or commercial purpose for collecting, selling, or sharing personal data, the categories of third parties to whom we disclose personal data, and the specific pieces of personal data the we collected about you.

Deletion Rights

The right to delete personal data that we collected from you, subject to certain exceptions.

Correct Inaccurate Data

The right to correct inaccurate personal data that we maintain about you

N/A

Opt-Out of Sharing for Cross-Contextual Behavioural Advertising

You have the right to opt-out of the “sharing” of your personal data for “cross-contextual behavioural advertising” (all as defined under the CCPA), often referred to as “interest-based advertising” or “targeted advertising”. 

N/A

Opt-out from selling

The right to opt-out of the "sale" or "sharing" (as defined under the CCPA) of personal data.

N/A

Limit the Use or Disclosure of Sensitive personal data (SPI)

You have the right to request to limit the collection of your SPI to that use which is necessary to maintain our service,

Opt-Out of the Use of Automated Decision Making

N/A

In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your personal data.

N/A

Non-Discrimination

The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your personal data.

Data Portability

You may request to receive a copy of your personal data, including specific pieces of personal data, including, where applicable, to obtain a copy of the personal data you provided to us in a portable format.

Restriction or Objection to Processing

N/A

You have the right to object the processing of your personal data, unless certain exceptions apply.

Withdrawal of Consent

N/A

If personal data is processes on the basis of your consent, you have the right to withdraw it at any time.

Your rights may be exercised by contacting us at: [email protected]. In case of rejection, the response we provide will explain the reasons for which we cannot comply with your request.

Responding times and format:

For EU residents: We have one month to respond to you (unless you have made a number of requests or your request is complex, in which case we may take up to an extra two months to respond).

Please note that, where we ask you for proof of identification, the one-month time limit does not begin until we have received this. If we require any clarification and/or further information on the scope of the request, the one-month deadline is paused until we receive that information.

For California residents

  • Our goal is to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing within the first 45 days period. We will deliver our written response, by mail or electronically, at your option. Any disclosures we provide will cover only the 12-month period preceding the request. If reasonably possible, we will provide your personal data in a format that is readily useable and should allow you to transmit the information without hindrance. You may only request a copy of your data twice within a 12-month period.
  • The request must:
    • Provide sufficient information to allow us to reasonably verify you are the person about whom we collected personal data or an authorized representative.
    • Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. 

7. Marketing

We take steps to limit direct marketing to a reasonable and proportionate level and to send you communications which we believe may be of interest or relevance to you, based on the information we have about you. You may change your marketing preferences (for example whether you want to receive email, SMS and/or telephone marketing) at any time by contacting us.

In most cases our processing of your personal data for marketing purposes is based on your consent (including where required by law), although in some cases it may be based on our legitimate interest. Further information about our legal basis for processing personal data for marketing purposes is set out in section 2 In particular, you can always opt-out of email marketing communications by clicking the “unsubscribe” link at the bottom of marketing emails, or by contacting the contact details provided in section 1.

When you choose to unsubscribe, your data is automatically moved to a suppression list to prevent your email address being accidentally added to our database again. If you wish your data to be fully deleted from our systems, we will do so at your request but, if your email address is at any point added back into our database, by you or on your behalf, there will be no automated process in place to prevent marketing being emailed to you again. Please note that where we have another lawful basis for processing, we will continue to process personal data for other purposes – for example, we may process information based on contract necessity. You may also receive indirect marketing from us by way of general marketing communications (e.g. post or non-targeted adverts in the media etc).

8. Privacy Notice for U.S Residents

This part of the Policy addresses the specific disclosure requirements under the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and the regulations enacted thereunder (collectively: “CCPA“).

Collection, Disclosure and Sharing of Personal Information

In the preceding twelve (12) months, we have collected the following Personal Information:

Purpose Legal Basis

Category of Personal Information Collected

Personal Information Collected

Sources of Personal Information

Business Purposes for Collection

Identifiers

Full name, email address, social media identifier, IP address.

Directly and indirectly from activity on our website: For example, directly from forms you complete on website; or indirectly, we collect your usage data automatically from measurement tools.

 

Indirectly from you:  We track your activities across the internet, for example, when you view or interact with certain content, web page or ad.

 

From third-parties: For example, from vendors who assist us in performing services for consumers, recruiting agencies, internet service providers, data analytics providers, social networks, and data brokers.

 

To provide you with and improve our service.

To fulfil our contractual obligations with you

To detect and prevent fraud or illegal activities.

To respond to your requests and inquiries and communicate with you.

Direct marketing purposes – we may use the contact details you provided us to send you promotional offers and other content.

To perform research, technical diagnostics, analytics or statistical purposes.

To charge our Customers for the Service provided by us.

For recruiting and hiring purposes.

For marketing and promotion purposes.

To perform financial accounting functions.

Personal information described in subdivision (e) California Code, Civil Code - CIV § 1798.80

Full name, email address, social media identifier, IP address, phone/mobile phone number, information relating to right to work (citizenship, passport data, residency or work permit), and CCTV images.

Commercial Information

Records of products or services purchased

Professional or employment-related information

1. Title and professional expertise of our customers, suppliers and our events' attendees'; 

2. Job applicants'  awards and professional memberships, CV, application letters, references, candidate assessment (including interview notes and interview video); content of LinkedIn profile (if shared); professional and other work-related licenses, permits and certifications including Visa Information (where applicable).

Geolocation data

IP address and device location data

Electronic network activity

Information about users' visits to our website, IP address, browser type, operating system and device type, number of visits on our website, interactions with our website, the pages visited on our website, display settings, session start / stop time, referral URL, time zone, and network connection type, content information and preferences.

In the preceding twelve (12) months we disclosed your Personal Information, as described below:

Purpose Legal Basis

Categories of Recipients

Business and Commercial Purposes for Disclosure

Internal entities

Personal Information is shared internally within the Checkmarx Group as described in section 1 as required for internal administrative purposes, management purposes or other business-related purposes, in order to operate our website, to communicate with you, and to offer and provide our products and services to you, as described in this Policy.

Service Providers

The disclosure of such Personal Information will be as reasonably necessary and proportionate to achieve, inter alia, the following purposes:

  • To provide, operate, maintain, improve, and promote the website and services.
  • To enable you to access and use the website and services.
  • To process and complete transactions, and send you related information, including purchase confirmations and invoices.
  • To send transactional messages, including responses to your comments, questions, and requests.
  • To send marketing communications, in accordance with your communication preferences, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events.
  • To improve and optimize our products, service and business processes and operations, and for other internal business purposes including data and usage analytics, forecasting, sales and business performance analytics and market research for statistical and survey purposes.
  • To obtain professional advice from external counsel (such as, lawyers, accountants and tax advisors).
  • To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity.
  • To organize our events, where you attend a Checkmarx hosted or sponsored event)
  • To promote, market and sell Checkmarx products and services.
  • To comply with legal obligations or requirements, and exercise our rights.

We do not “Sell” or “Share” personal information, as these terms are defined under the CCPA.

 

Authorized Agents

“Authorized agents” may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you are an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer.

Usually, we will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:

  • When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require that the consumer do the following:
      • Provide the authorized agent signed permission to do so or power of attorney.
      • Verify their own identity directly with the business.
      • Directly confirm with the business that they provided the authorized agent permission to submit the request.
  • We may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.

Direct Marketing Requests

  • California Civil Code Section 1798.83 permits you, if you are a California resident, to request certain information regarding disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].
  • Do Not Track” Settings: “Do Not Track” is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to the Do Not Track settings. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.

Record Keeping

We will maintain records of consumer requests made pursuant to the CCPA and our responses to said requests for minimum period of 24 months. Such information will be used for no other purpose other than records keeping requirements under the CCPA or other legal requirements such as law, court order, subpoena, warrant or other legal judicial process.

9. Policy Amendments

We reserve the right to change this Policy at any time, so please re-visit this page frequently. All changes to this Policy are effective as stated “Last Updated” date, and your continued use of the services after the Last Update date will constitute acceptance of, and agreement to be bound by, those changes. As required by the CCPA we will review this Privacy Policy every twelve (12) months and amend it as necessary.

10. Children’s Information

Our Services are not intended for, and we will not knowingly collect personal data from, minors below the age of sixteen (16) years, or otherwise below the legal age for providing consent that is not subject to authorization by the holder of parental responsibility, in accordance with the laws in the jurisdiction you reside (“Age of Majority”). If we become aware that of personal data of a user under the Age of Majority, we will remove such information from our files immediately. We reserve the right to request proof of age at any stage so that we can verify that children are not using the Services.

11. Any Questions?

We hope this Policy has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that have not been covered, please contact our Data Privacy Team who will be pleased to help you via email at [email protected]. If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time. 

This Policy was last updated on 22 February 2024.

Skip to content