Privacy Notice

Last updated August 2020

About

This is the Privacy Notice of JSC Positive Technologies (Positive Technologies, we, us), for the website of the International Information Security Forum Positive Hack Days 10 (the Forum), located at www.phdays.com (the website), and the website of the contractor RUVENTS LLC (RUVENTS). Please read this Privacy Notice to understand how we collect and use the information you provide to us when you visit this website, use its features, or contact us.

This Privacy Notice applies to this website and the services provided by us through this website. It does not apply to our websites, products or services that are covered by a separate privacy notice.

If you are a subject of the Russian Federation, please see the separate privacy notice at https://www.phdays.com/ru/privacy-policy/, developed in compliance with Federal Law No.152-FZ On Personal Data of July 27, 2006.

Contacts

The controller for processing personal data relating to use of this website is JSC Positive Technologies, a company registered in Russian Federation and located at room 30, office V, 23A, Schelkovskoe shosse, Moscow, 107241, Russian Federation.

If you have any questions or feedback regarding data protection or the processing of your personal data, please contact our Data Protection Officer at privacy@ptsecurity.com.

When and why we process your Personal Data

We seek to only collect and process the personal data we need in order to provide you with our services. Below you will find more detailed information about how, when and why.

1. When you visit our website

When you visit our website, we automatically collect some personal data from your device. This information includes your IP address, date and time of the request, browser language and version, operating system version or producer, information about your device, user’s session fingerprints, as well as some data about how you interact with our website (e.g. which website you came from, pages visited, heatmaps and links clicked). We do this to keep our website secure and to understand who visits it and which pages they find interesting, so we can improve the site and provide relevant content. Some of this data is collected using cookies and similar technologies. You can find more detailed information in our Cookie Notice.

Our legal basis for processing the personal data collected by most types of cookies is your consent. You have the right to withdraw this consent at any time in your cookie preference center, but it will not affect any processing that has already taken place.

However, there are also some cookies which are necessary for the proper functioning of our website, and you cannot refuse them. The legal basis for this processing, and the processing of the data from the website logs, is our legitimate interest.

2. When you contact us

When you contact us, we will process your email address, as well as the data you put into the subject line and in the body of the email. This data will be sent to us automatically from the web server. If you contact us using social media, we will have access to your profile and any other information you choose to share with us.

3. Social networks

If you request information or contact us on social media sites such as YouTube, Facebook, Instagram, SlideShare, or Twitter, we will process your personal data in order to respond to your enquiry.

It is useful for both Positive Technologies and you, if we are able to respond to enquiries quickly, so this processing is done on the basis of our legitimate interest.

How we share your information

In order to provide you with our services, at times we have to share your personal data with partners and external third party service providers. They will only process your personal data on the basis of data processing agreements and according to strict instructions, which do not allow them to use your data for any other purposes without notifying you or asking for your consent.

Some of the categories of the parties we may share your data with include providers of information technology, website hosting and management, data analysis, data backup, security and storage services, as well as consultants, partners, providers under agreements, and agents.

We, our partners, service providers and others may also be required to share your personal data with various financial institutions and/or enforcement or court authorities to comply with applicable laws, prevent fraud, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or agents.

This website uses interfaces with social media sites such as LinkedIn, Twitter, YouTube and others. If you choose to "like" or share information from this website through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.

Additionally, we may reveal your personal data to third-parties if: (1) you request or authorize it; (2) to address emergencies or acts of God; and (3) to address disputes, claims, or to persons demonstrating provable legal authority to act on your behalf.

If you would like to receive more detailed information regarding third parties we share your personal data with, please contact our Data Protection Officer at privacy@ptsecurity.com.

International data transfers

The Company and Contractor process personal data, including data storage, on servers located in the Russian Federation and Poland. For this reason, if you contact us or visit this website, your personal data will be transferred there, as well as other countries around the world, including the ones listed below.

Google Analytics

Google Analytics uses traffic log cookies to gain information about visits to pages on our website. We use this information to generate reports on how our website is used to help us improve it. We do not retain any data specific to any identifiable user. The services are provided by Google LLC and Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, as well as Google Ireland Limited (as applicable), located at Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (collectively "Google"). All information is processed by Google in compliance with Data Processing Amendment to the Google Analytics Agreement, including cross-border processing. To get more information about how Google processes your personal data, please see its Privacy Notice.

Yandex.Metrica

Yandex.Metrica is a web analytics service that tracks and reports website traffic. Yandex.Metrica tool allows us to gather information about how you use our website. With its help we analyze your behavior and gather statistics. The services are provided by YANDEX, LLC, located at Ulitsa Lva Tolstogo 16, Moscow, Russia 119021. To get more information about how YANDEX processes your personal data, please see its Terms of Use and Privacy Policy.

Amazon Web Services

Amazon Web Services is a secure cloud services platform which offers computing power, database storage, content delivery, and other functionality to help businesses scale and grow. We use this service to store your data. The services are provided by Amazon Web Services, Inc., located at 410 Terry Avenue North, Seattle, WA 98109-5210, and Amazon Web Services EMEA SARL, located at 38 Avenue John F. Kennedy, L-1855, Luxembourg (collectively "Amazon"). All information is processed by Amazon in compliance with AWS GDPR Data Processing Addendum, including cross-border processing. To get more information about how Amazon processes your personal data, please see its Privacy Notice.

Microsoft Office 365

Microsoft Office 365 is a cloud-based subscription service that provides tools for working with documents and email in apps like Excel and Outlook. These tools help us to store, send and otherwise process your data. The services are provided by Microsoft Corporation, located at One Microsoft Way, Redmond, WA 98052-6399. To get more information about how Microsoft Corporation processes your personal data, please see its Privacy Statement.

Facebook

Facebook Pixel is a technology that helps us integrate with Facebook, understand and measure our products and services, and better reach and serve people who use or might be interested in them. This service is provided by Facebook Ireland Ltd, located at 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland. To read more about Facebook’s data collection and cookie-setting practices, please read its Data Policy and Cookie Policy.

Hotjar

Hotjar tool allows us to gather information about how you use our website. With its help we analyze your behavior and gather statistics. The services are provided by Hotjar Ltd, located at 3, Elia Zammit Street, St Julians, STJ 3155, Malta, Europe. To get more information about how Hojar processes your personal data, please see its Privacy Policy.

GetResponse

GetResponse is an internet marketing platform, which includes tools for various business purposes, such as email marketing, webinars, landings, and CRM. We use this service to send you marketing emails and newsletters, if you subscribed to them. The services are provided by GetResponse LLC, located at Gdansk (80-387), Arkonska 6, A3, Poland. To get more information about how GetResponse processes your personal data, please see GetResponse Privacy Policy.

Your rights

Data protection laws provide you with rights to help you understand and control how your personal data is used. These are your rights:

  • Right to be informed about why and how we are processing your personal data — we hope we achieved this by providing you with this Privacy Notice.
  • Right to have access to your data — you have the right to ask us if we are processing your personal data, why we are doing so, under what lawful basis, the categories of your personal data, whether the data is being sent outside the EU, who we share your data with, how long we keep it, and request a copy of the data we are processing. If you are unable to find sufficient information in our Privacy Notice, please contact our Data Protection Officer at privacy@ptsecurity.com.
  • Right to object to some processing — you have the right to object to direct marketing, or if processing is based on legitimate interest.
  • Right to have your data deleted — otherwise known as “right to be forgotten”. You can exercise this right if you withdraw your consent and there is no further legitimate interest in our processing of your data, your objection to processing under legitimate interest outweighs our interests, the processing is no longer necessary, there is a law that requires the data to be deleted, or the processing is unlawful.
  • Right to restrict processing — you can use this right if the personal data we are processing is inaccurate, if our processing is unlawful, if the data is no longer necessary for the original purpose of processing but needs to be kept for potential legal claims, or you have objected to processing carried out under legitimate interest and we’re still in the process of determining whether there is an overriding need to continue processing.
  • Right to data portability — you can ask for your data which you provided to us on the basis of consent or because it was necessary for a contract and which we process by using a computer.
  • Right to ask us about automated decision-making — you have the right to ask us to explain the logic involved in making any automated decisions and for the decision to be reviewed by a human being, if that decision had an effect on your rights or freedoms.
  • Right to rectification — if any of your personal data that we hold is inaccurate, you can request to have it corrected.
  • You have the right to lodge a complaint with the competent data protection authority if you have concerns about how we process your personal data. However, we would appreciate it if you contacted us first and gave us an opportunity to resolve the issue.

If you would like to exercise any of these rights, or find out more about how we process your personal data, please contact us at email. Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, we will let you know the date when the information will be provided. If for some reason we cannot satisfy your request, we will provide an explanation why.

Information for users in California

Under the California Consumer Privacy Act (CCPA), residents of the State of California have certain rights concerning the personal data we hold about them. These rights include the right to request access or deletion of your personal data, right to request that we stop selling your personal data, right against discrimination because you exercised the rights available to you and the right to protection against waiver of rights.

If you are a California resident, you can exercise your rights as provided in the CCPA by contacting our Data Protection Officer at privacy@ptsecurity.com As per definitions in the CCPA, please note that we do not sell your personal data.

How we protect your information

We are committed to ensuring security of your information. We make every effort to keep your information secure in accordance with our internal security procedures and applicable law. Appropriate security measures are in place to protect against loss, misuse, or alteration of your information. Specifically, we use the following measures to protect your personal information:

  • Development of local regulations of Positive Technologies implementing the requirements of personal data legislation, including GDPR
  • Refusal to process personal data if the methods of such processing do not meet the purposes of processing predefined by us
  • Granting access to personal data to a limited number of people
  • Ensuring that those persons who have access to personal data have read and understood the applicable laws relating the processing and protection of the personal data
  • Applying cryptographic protection instruments to information containing personal data
  • Restricted access to information resources and data processing facilities
  • Use antivirus tools for personal data security system
  • Access mode to Positive Technologies' premises
  • Appointment of the person responsible for processing of personal information (you can contact this person using the following email address: privacy@ptsecurity.com)
  • Periodic assessment of risks related to the processing of personal data
  • Conducting internal investigations to detect facts related to unauthorized access to personal data
  • Trainings of Positive Technologies' employees related to personal data processing
  • Ensuring that both Positive Technologies and third parties that are involved in personal data processing maintain confidentiality of personal data and do not use personal data without legal grounds for processing.

How long we keep your information

We keep your personal data for as long as it is necessary to achieve the purpose for which it was collected, usually for the duration of our contractual relationship plus any period thereafter as required or permitted by law, or to satisfy any legal obligations. When the data is no longer required, it is deleted.

In some cases, we can also delete your data if we think that it presents a threat to our company’s security, or if you violated the terms of this Privacy Notice, or if your contract has expired or was terminated.

Profiling

Profiling means any form of automated processing of personal data that divides natural persons into groups (profiles) depending on their behavior, interests, and more specific characteristics. We do profiling by means of Google Analytics. You can find more details here: About Demographics and Interests. In any case, the data used for profiling purposes is not transferred to third parties or publically shared.

Third-party websites

Our website may contain links to other websites of interest. However, we do not have any control over other websites and cannot be held responsible for the protection of any information that you may provide them. We encourage you to exercise caution and check the privacy statements of those websites.

Changes to this Privacy Notice

As our organization and services change from time to time, this Privacy Notice may change as well. We reserve the right to amend it at any time, for any reason, without notice to you, other than the posting of the updated Privacy Notice on our website. We may email periodic reminders of our notices and terms and conditions and will notify you of material changes thereto, but you should check our site to see the Privacy Notice that is in effect and any changes that may have been made to it.