Loading . . .

PRIVACY POLICY

It was updated on June 10, 2024

SOC Prime, Inc. (“SOC Prime,” “we,” “our,” or “us”) recognizes the importance of protecting the privacy of your personal information. We have prepared this Privacy Policy to provide you with information about our privacy practices - how we collect, use, and disclose the information you provide or which we otherwise collect in providing products or services (“Services") to you. Please read this Privacy Policy carefully before using our Services.

By continuing to interact with our Services in any manner, you expressly consent to us processing your personal data as described in this Privacy Policy.

As part of our ongoing efforts to enhance transparency and provide clear information about how we collect, use, and protect your data, we have added a dedicated section specifically for participants of our developer's program. This section outlines the data practices and privacy protections that apply to individuals participating in our SOC Prime Threat Bounty Program.

“You,” “User” means the entity you represent in accepting this Privacy Policy or, if that does not apply, you individually. If you are accepting on behalf of your employer or another entity, you represent and warrant that: (i) you have the full legal authority to bind your employer or such entity to this Privacy Policy; (ii) you have read and understood this Privacy Policy; and (iii) you agree to this Privacy Policy on behalf of the party that you represent.

“Site” collectively means SOC Prime websites located at: https://tdm.socprime.com/, https://socprime.com/, https://my.socprime.com/.

1. Background to the General Data Protection Regulation (‘GDPR’)

The General Data Protection Regulation 2016/679 of the European Parliament and the Council (“GDPR”) replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the “rights and freedoms” of natural persons (i.e., living individuals), ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.

All data subjects whose personal data is collected are in line with the requirements of the GDPR.

2. Privacy notice

2.1 Information We Collect

SOC Prime may collect personally identifying information provided through voluntary registration at: https://tdm.socprime.com/signup/ and profile account:

  • Email address, Full Name, Country, Phone number, Company, Industry, Professional Role, your SIEM, EDR, and NSM Platforms.
  • Email addresses and names of your team.
  • Other information that you provide to us to receive technical or further service-related assistance during customer service interactions.

Non-service-related information: If you interact with us at events, webinars, or from other marketing activities and you give us your contact details or as to be contacted in one way or another, we will process that Information for this purpose.

Information we collect automatically when you use the Services: We keep track an activity logs which means recorded logs of how you interact with our Services, including browsing our site, downloading the content, and taking other actions within the Services.

Information from other sources: We may obtain information, including your personal data, from our Site or Services and combine or associate it with information from third parties and sources (our partners, advertisers, and integrated services). We will treat the combined information as personal data in accordance with this Privacy Policy.

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer, and technical information about Users' means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

We will endeavor to keep your information accurate and up to date and not keep it for longer than is necessary. We do not collect your sensitive personal data.

2.2 Why does SOC Prime need to collect, process, and store personal data?

We collect your personal data to provide the Services, personalize and improve your experience using the Services we provide. This may include authenticating you when you log in, processing transactions with you, providing customer support, and managing, maintaining, and improving the Services. In any case, we strive to ensure that the information we collect and use is suitable for this purpose and does not constitute an invasion of your privacy.

The personal data we collect includes the following purposes:

  • Providing customer support and help with our Services when you contact us.
  • Contacting you about your account, changes to this Privacy policy, Cookie policy, or other documents.
  • Details of your company and industry to get the most targeted content matching your company’s threat profile.
  • For troubleshooting and testing of our Services to ensure that they secure, reliable, and of a high standard and to prohibit the illegal activity of using our Services.
  • Maintaining and improving our Services.
  • Communicate about Services, offers, and events, and provide news and information.
  • To subscribe to a newsletter, send product updates or technical alerts.
  • To send notifications tailored to a specific search profile, content list, Lucene query, and Services updates, usually once a week, with a summary according to your region, industry, etc. (you can set up email notifications frequency and define what is relevant to you in your account cabinet).
  • Analyze activity logs and other analytic data to improve productivity, customer experience, and trends and statistics.
  • For analytics and metrics, evaluating the effectiveness of our outreach efforts.
  • To send marketing communications relating to Services, sales, or promotions via email. You can opt out of these at any time.

2.3 Our legal basis for collecting and processing personal data

We will only collect and process your personal data where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (e.g., to deliver our Services), and “legitimate interests.”

By signing up for an account, you gave us consent, which expresses consent to us processing your personal data as described in this Privacy Policy. SOC Prime does not collect personal information classified under the GDPR as ‘special categories’.

If you choose not to provide the information we request, you can still visit our Site, but you may be unable to log into your account or access specific options, offers, downloads, and Services.

Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time, and where we rely on legitimate interests, you have the right to object. Please contact our Data Protection Officer if you have any questions about the lawful bases upon which we collect and use your personal data.

2.4 Legitimate interests

The legitimate interests of processing mean that such processing is performed for a task carried out in the public interest or the exercise of official authority vested in the controller or on grounds of the legitimate interests of a controller or a third party. SOC Prime may process your personal data for our legitimate interests or the legitimate interests of third parties, provided that such processing shall not outweigh your rights and freedoms. For example, we may process your personal data to:

  • Protect you, us, or others from threats (such as security threats or fraud);
  • Comply with laws that apply to us;
  • Enable or administer our business, such as for quality control, consolidated reporting, and customer service;
  • Understand and improve our business or customer relationships generally.

2.5 Consent

By consenting to this Privacy Policy, you are permitting us to process your personal data specifically for the purposes identified. Specifically, you expressly consent to us processing your personal data as described in this Privacy Policy, which provides transparency to our Users as to how their data is collected and used and serves as a Privacy Policy as required by GDPR.

You may withdraw consent at any time on your profile page or by sending a request to our Data Protection Officer (DPO) to: dpo@socprime.com.

You are not eligible to register and provide us with personal information if you are 16 and under without your parent/guardian's permission.

2.6 Organizations with which you engage

If you have registered for the Services with your company's domain name ("Organization"), i.e. @yourcompany.com, or if the Services are provided to you through an Organization, you expressly agree that we might provide your Organization with your activity logs on the Services upon prior written request from the Organization owner.

As a result of improving our platform for customers, your personal information provided during registration, such as your names and email addresses, as well as information about when and how you clicked on specific content, will be visible to all members of your company team. This information is confidential and not to be disclosed outside of your company. If you work as a contractor, you must have a non-disclosure agreement that contains liability for any leakage of personal information obtained in this way.

2.7 How Can You Opt Out of Use and Disclosure of Your Information?

SOC Prime will only use your personal data for the purposes described in this Privacy Policy or as subsequently authorized by you. You can avoid having your personal data disclosed in the following ways: a) do not provide us with your personal data; b) do not access or request Services, or c) email us at support@socprime.com to request that we deactivate your account and delete your personal information.

Following the registration process, we also allow Users the option to opt out of receiving emails from SOC Prime. Users who opt-in may remove themselves from emailing lists at any time through the edit profile pages or by following the instructions at the end of any email they receive from SOC Prime.

3. Data Processors

We may use the services of various service providers and partners contracted to SOC Prime (Data Processors) in order to process your data more effectively. When they no longer need your data to fulfill Services, they will dispose of the details in line with SOC Prime’s procedures.

SOC Prime selects only suppliers that can provide technical, physical, and organizational security that meet our requirements in terms of all the personal data they will process on SOC Prime’s behalf. We will ensure that all security arrangements are outlined in the contract with the external processor.

Suppliers from outside the EU will only be selected under the following conditions, in addition to the requirements noted elsewhere in this procedure:

  • if the supplier or the state in which it resides has been positively identified in an adequacy decision by the EU Commission; or
  • where there are organizational and technical safeguards established between SOC Prime and the supplier to secure the rights and freedoms of data subjects at least equal to those afforded within the EU; or
  • where the arrangement has been approved by the supervisory authority.

SOC Prime maintains a list of processors (https://my.socprime.com/en/privacy-faq/, clause 6) who process personal data as a part of the Services, which SOC Prime updates as needed.

4. Personal Information Collected from Third Parties

We use Hotjar to understand our Users’ needs better and optimize the Services and experience. Hotjar is a technology service that helps us better understand our Users’ experience (e.g., how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.), and this enables us to build and maintain our Services with User feedback. Hotjar uses cookies and other technologies to collect data on our Users’ behavior and devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our Site. Hotjar stores this information on our behalf in a pseudonymized User profile. Hotjar is contractually forbidden to sell any data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

Use of Intercom Services: We apply third-party analytics services to help understand your usage of our Services. In particular, we provide a limited amount of information you have submitted (such as sign-up data and some personal information like your email address) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyzes your use of our website and/or product and tracks our relationship using cookies and similar technologies so that we can deliver an improved service for you. For more information on Intercom's use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy. We may also use Intercom as a medium for communications, either through email or through messages within our product(s). The Intercom Messenger Apps and Apps in Inbox products may also provide you with access to other third-party applications such as Stripe. You should consult these third parties' privacy notices for further information on their use of your personal data. As part of our service agreement, Intercom collects your publicly available contact and social information, such as your email address, gender, company, job title, photos, website URLs, social network handles, and physical addresses, to enhance your user experience. For more information on the privacy practices of Intercom, please visit https://www.intercom.com/terms-and-policies#privacy. Intercom’s services are governed by Intercom’s Terms of Service, which can be found at https://www.intercom.com/terms-and-policies#terms. If you would like to opt-out of having this information collected by or submitted to Intercom, please contact us at support@socprime.com.

Use of Reply.io Services

We have implemented Reply.io (“Reply”), a cold email software, to assist our sales teams in automating and streamlining our outreach efforts, primarily targeting non-registered users. This involves conducting email campaigns to existing email databases stored in both Cognizm and Reply and utilizing information obtained from LinkedIn contacts for communication via LinkedIn. However, our using Reply along with the LinkedIn Email Finder and Outreach extension, is based on the following:

  • the extension exclusively to extract information that is in open access on LinkedIn;
  • any issues regarding access or deletion of your data from Reply’s system will be promptly addressed upon your request to us or to Reply;
  • your data remains your exclusive property, and Reply utilizes it solely to deliver the outreach service. Reply does not share your data with third parties or engage in data mining for advertising purposes;
  • a built-in Unsubscribe link is implemented in each email, enabling users who wish to unsubscribe to do so immediately.

Additionally, we will use Reply to track and analyze the effectiveness of our outreach efforts. This includes:

  • Syncing data on our communication in Pipedrive;
  • Analyzing open rates, click-through rates, and response rates.

We are potentially reaching out to existing registered new users to recommend our content or provide additional value and to recommend setting up a call.
These measures will help us better understand and improve our outreach efforts.
For a comprehensive overview of how Reply addresses GDPR compliance, please refer to Reply.io's Privacy Policy.

5. Your account, retention, and deletion of the personal data

We may provide you with tools and preference settings that allow you to access, correct, delete, withdraw, and modify information associated with your personal data.

SOC Prime will retain your personal data for as long as necessary to carry out the Services to you and will store the personal data for five years from the moment the account is terminated or not used. Then all your personal data collected through the platform will be deleted, as required by applicable law. Alternatively, you at any time may request that we no longer use your information; then please contact us at: support@socprime.com.

In some cases, we choose to retain certain information in a depersonalized or aggregated form.
We may also retain certain information about you as required by law or for legitimate interest purposes as set above after you delete your account.

6. Children's Online Privacy Protection

Children are not eligible to use SOC Prime Services. Minors should not submit personal information to SOC Prime if they are 18 and under without parent/guardians' permission. SOC Prime does not knowingly collect personal information from persons who are under 18 years of age. If you learn that a child under 18 has provided us with personal information without consent, please contact our Data Protection Officer email: dpo@socprime.com.

7. Your rights as a data subject

At any point, while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organization.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: if SOC Prime refuses your request under rights of access, we will provide you with a reason. You have the right to complain as outlined below.

As a data subject, you are entitled to exercise all the rights indicated above through a Subject access request procedure. For this purpose, please send your request to our Data Protection Officer (DPO) email: dpo@socprime.com. In the subject of your letter, please indicate the exact title of the right you are concerned about (Right of access, Right of rectification, Right to be forgotten, Right to restriction of processing, Right of portability, Right to object, Right to object to automated processing, including profiling, Right to judicial review).

It will ensure that you receive the answer to your request from our DPO. DPO provides you with the requested information in electronic format within one month from the date of receipt.

8. Cookies

Cookies are small pieces of information that a website transfers to an individual's hard drive for record-keeping purposes. They let us know when you visit our Site and save the preferences you set. Your browser can be set to notify you when you are sent a cookie, giving you the chance to decide whether or not to accept it. To control third-party cookies, you can also adjust your browser settings.

The information we collect and analyze is used to improve our Services to you. Some of the cookies we use are essential for the Site to work. We want to be sure you understand that accepting a cookie in no way gives us access to your computer or any personal information about you. The cookies collect information in an anonymous form. The cookie-related information is not used to identify you personally, and the pattern data is entirely under our control. To find out more about cookies, visit our Cookie Policy.

9. Do Not Track (DNT)

Do Not Track is a browser setting that sends a ‘Do not track’ request to websites when a user visits the website. It is a way the browser communicates to a website that the user has opted out of tracking. When a user enables this feature, the browser sends a signal to websites that the user visits, not to store cookies on their device. However, we do not currently recognize or respond to browser-initiated Do Not Track signals, as there are no consistent industry standards and solutions for compliance.

10. The right to complain to a supervisory authority

In the event that you wish to make a complaint about how your personal data is being processed by SOC Prime (or third parties) or how your complaint has been handled, you have the right to lodge a complaint directly with SOC Prime’s Data Protection Officer or with the supervisory authority in the Member State where you live, work, or where the infringement took place.

11. Links to Third Party Sites

We may place links on our Site. When you click on a link to a third party website from our Site, your activity and use on the linked website are governed by that website’s policies, not by those of SOC Prime. We encourage you to review the privacy policies of third parties before connecting to or using their websites to learn more about their privacy and information handling practices.

12. Third Party Apps

You may may choose to add new functionality or change the behavior of the Services by installing third party apps within the Services (“Third Party App”). Third Party Apps are completely optional and are chosen and installed at your sole discretion. Third Party Apps are owned and operated by third parties, and you may have to agree to additional terms and conditions from the owner or provider of the Third Party App in order to use Third Party App. SOC Prime is not responsible or liable for any aspect of the Third Party Apps and does not endorse any Third Party App.

13. Data Protection Officer

The Data Protection Officer is responsible for ensuring that this Privacy policy is made available to data subjects prior to SOC Prime collecting/processing their personal data. Our Data Protection Officer can be contacted directly here: Email:dpo@socprime.com

14. Changes to this Privacy Policy

We may change this Policy at any time by updating this page and encourage you to review our Privacy Policy to stay informed. If we plan to change the purpose of the collection and processing of personal data, we may provide additional notice before starting any new processing. If you do not provide us with consent to these changes, SOC Prime has a right to close your account and discontinue the use of our Services and Site. If you continue to use our Services after Privacy Policy changes go into effect, you consent to the revised policy.

15. Contacting us

If you have questions about this Privacy Policy, please feel free to contact us at: legal@socprime.com

16. SOC Prime Threat Bounty Program Privacy Section

This section applies to individuals participating in the SOC Prime Threat Bounty Program (“Program”). By enrolling in or using our Threat Bounty Program, you agree to the terms outlined in this Privacy Policy.

Privacy notice

Information We Collect.

SOC Prime may collect personally identifiable information provided by you through voluntary registration:

  • First name, Last name, Email.
  • Expertise area and years of experience in cyber security.
  • Professional profiles on social media.
  • Displayed author’s name - real name or pseudonym that will be used as an identification of the author(s) ("author" field of the Rule) under the Detection Rule License (DRL) 1.0.
  • Certain financial information from you to process payment of Program Rewards, including your first name, your last name, address, form W-9 or W-8BEN, PayPal, financial account information, or other billing information.
  • Country.
  • Photo or picture that will be used as an additional identification of the Program participant.
  • Other information that you voluntarily provide to us to receive technical or other Program-related assistance.

Why does SOC Prime need to collect, process, and store personal data?

We collect your personal data to improve your personalized experience with the Program. We are committed to ensuring that the information we collect and use is appropriate for this purpose and does not constitute an invasion of your privacy.

The personal data we collect includes the following purposes:

  • For registration on the Website and in the Program.
  • To offer you the most suitable and convenient payment method.
  • To provide customer support and help with our Program when you contact us.
  • To contact you about your account, changes to our Website Terms, this Privacy policy, Cookie policy or other documents, and any other issues regarding the Program.
  • Details of your experience to advise you on content matching your professional profile.
  • For troubleshooting and testing of the Program to ensure that it is secure, reliable, and of a high standard and to prohibit illegal activity.
  • To process payment for Program Rewards.
  • Maintaining and improving our Program.
  • To respond to legal requests, court orders, or lawful requests from government agencies.
  • For sending you analytical, statistical information, information about private webinars for developers.
  • For onboarding.
  • Analyze IP address data for trends and statistics.
  • We use Credly to issue digital badges serving as online representations of achievements and skills.

To facilitate payments in connection with the Program, we may collect certain financial information from you to process transactions, including your name, email address, address, financial account information, and other billing information.

Digital Badges by Creedly.

SOC Prime utilizes the services of Credly, a 3rd party data processor located in the United States, to assist in creating and managing digital badges, that serve as online representations of achievements and skills. To issue you a digital badge, your personal information (email address and name) will be shared with Credly. You will receive an email notification from Credly with instructions for claiming the digital badge. To claim your badge, you are asked to sign in to an existing account or register for a Credly account as part of this process. You will be asked to accept the Credly Terms and the Credly Privacy Policy (https://info.credly.com/privacy-policy). At this point, Credly becomes the Data Controller of your personal data. To learn how Credly handles your information, read their privacy policy.

17. Definitions (drawn from the GDPR)

Data controller – the natural or legal person, public authority, agency, or other body which alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data processor – a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Personal data – any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of personal data – Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Data subject – any living individual who is the subject of personal data held by an organization.

Processing – any operation or set of operations that are performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Profiling – is any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyze or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behavior. This definition is linked to the right of the data subject to object to profiling and a right to be informed about the existence of profiling, measures based on profiling, and the envisaged effects of profiling on the individual.

Data subject consent – means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by explicit affirmative action, signifies agreement to the processing of personal data relating to him or her.

Child – the GDPR defines a child as anyone under the age of 16 years old, although this may be lowered to 13 by Member State law. The processing of the personal data of a child is only lawful if parental, or custodian consent has been obtained. The controller shall make reasonable efforts to verify in such cases that consent is given or authorized by the holder of parental responsibility over the child (Article 8, 1 – first paragraph GDPR).

Third-party – a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.