Services Privacy Policy – PHISHING BRAINS

PhishingBrains respects your privacy. This Service Privacy Policy describes the privacy practices for PhishingBrains Services at (https://www.phishingbrains.com) the “Service”).

This policy does not govern information related to our informational website. For our privacy practices related to our website, please review our Online Privacy Policy.

YOUR USE OF THE SERVICES OFFERED BY PHISHINGBRAINS IS CONDITIONED UPON YOUR ACCEPTANCE OF THE TERMS OF SERVICE LOCATED AT WWW.PHISHINGBRAINS.COM AS WELL AS THIS SERVICES PRIVACY POLICY. IF YOU DO NOT ACCEPT THE TERMS OF SERVICE OR TERMS OF THIS POLICY, DO NOT USE THE SERVICES OFFERED BY PHISHINGBRAINS.

NOT INTENDED FOR CHILDREN
PhishingBrains is platform focused on serving the needs of businesses. Our services are not intended for children. PhishingBrains does intentionally obtain information from persons under 18 years of age.

COMPLIANCE WITH PRIVACY SHIELD FRAMEWORK
PhishingBrains platform complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union and Switzerland to the United States, respectively. PhishingBrains has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

TYPE AND PURPOSE OF DATA COLLECTED

Personal Data: If you choose to sign up for the Service, we collect the following personal information from you: your name, email address, and phone number. We use this information to establish an account on our system for clients to use our Service. We will also use this information to respond to service requests, and send activity, security, training, or feature notices to users and administrators.

Payment Information: We may collect and process payment information from you when you subscribe to the Service, including credit cards numbers and billing information. We process credit card information using third party PCI-compliant service providers.

Customer Data: PhishingBrains provides an online system that our customers use to send simulated phishing emails. In providing this service, PhishingBrains processes data our customers submit to our services or instruct us to process on their behalf. PhishingBrains processes data submitted by customers for the purpose of providing simulated email phishing campaigns, training, and reports to our customers.

Cookies: We use session cookies to enable certain features of the Service. Session cookies usually expire and are deleted when you close your web browser. Session cookies must be enabled to use the Service.

Log Files: As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.

IP Address: In addition to above, the client administrator may configure the system to restrict access to the Service to specific IP addresses, such as an approved corporate network.

Single Sign On: Client administrators may configure the Service to import and authenticate users with various Single Sign On providers, including name and email address. It is the client’s responsibility to understand the privacy policies of their Single Sign On provider.

SECURITY
PhishingBrains takes reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction.

SHARING DATA / ACCOUNTABILITY FOR ONWARD TRANSFER

Your privacy is important to us. We do not sell or otherwise disclose your personal information we obtain through the Services to third parties, except as described here.

PhishingBrains uses a limited number of third-party service providers to assist us in providing our services to customers. These third-party providers offer customer support to our customers, perform database monitoring and other technical operations, assist with the transmission of data, and provide data storage services. These third parties may access, process, or store personal data in the course of providing their services. PhishingBrains maintains contracts with these third parties, restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations, and PhishingBrains may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.

We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).

We reserve the right to disclose your personal information as required by law or legal process, in response to a request by law enforcement authorities, when we believe that disclosure is necessary or appropriate to protect our rights or to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity.

RIGHTS TO ACCESS PERSONAL DATA
Where appropriate, PhishingBrains provides Consumers with reasonable access to the Personal Data PhishingBrains maintains about them. PhishingBrains also provides a reasonable opportunity for Consumers to correct, amend or delete that information where it is inaccurate, as appropriate. PhishingBrains may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Privacy Shield principles. The right to access personal information also may be limited in some circumstances by local law requirements. Consumers may request access to their Personal Data by contacting PhishingBrains as indicated below.

In circumstances in which PhishingBrains maintains Personal Data about Consumers with whom PhishingBrains does not have a direct relationship because PhishingBrains obtained or maintains the Consumers’ data as a service provider for its Customers, PhishingBrains Customers are responsible for providing Consumers with access to the Personal Data and the right to correct, amend or delete the information where it is inaccurate. In these circumstances, Consumers should direct their questions to the appropriate PhishingBrains Customer. When a Consumer is unable to contact the appropriate Customer, or does not obtain a response from the Customer, PhishingBrains will provide reasonable assistance in forwarding the individual’s request to the Customer.

CHOICE
In circumstances in which PhishingBrains collects Personal Data directly from Consumers, it offers Consumers the opportunity to choose whether PhishingBrains may (i) disclose their Personal Data to certain third parties or (ii) use their Personal Data for a purpose that is incompatible with the purpose for which the information was originally collected or subsequently authorized by the individual. Consumers may contact PhishingBrains as indicated below regarding the company’s use or disclosure of their Personal Data.

PhishingBrains may disclose Personal Data without offering an opportunity to opt out (i) to service providers the Company has retained to perform services on its behalf, (ii) if it is required to do so by law or legal process, (iii) to law enforcement or other government authorities, or (iv) when PhishingBrains believes disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity. PhishingBrains also reserves the right to transfer Personal Data in the event it sells or transfers all or a portion of its business or assets (including in the event of a reorganization, dissolution or liquidation). Should such a sale or transfer occur, PhishingBrains will use reasonable efforts to direct the transferee to use the Personal Data in a manner that is consistent with PhishingBrains privacy policies. PhishingBrains uses Personal Data only for the purposes indicated in this Policy or the Online Privacy Policy unless it has a legal basis, such as consent, to use it for other purposes. To the extent required by law, PhishingBrains obtains prior opt-in consent at the time of collection for the processing of (i) Personal Data for marketing purposes and (ii) Sensitive Data, to the extent that PhishingBrains collects any Sensitive Data.

FILING A PRIVACY COMPLAINT
In compliance with the EU-US and Swiss-US Privacy Shield Principles, PhishingBrains commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact PhishingBrains as outlined in the Contact Us section of this policy.

PhishingBrains has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.

RECOURSE, ENFORCEMENT AND LIABILITY
PhishingBrains is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. PhishingBrains complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred to the Privacy Shield Framework, PhishingBrains is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, PhishingBrains may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

DATA INTEGRITY & PURPOSE LIMITATION
PhishingBrains takes reasonable steps to ensure that the Personal Data the company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current. In this regard, PhishingBrains depends on its Consumers and Customers (with respect to Personal Data of Consumers with whom PhishingBrains does not have a direct relationship) to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals. Consumers (and Customers, as appropriate) may contact PhishingBrains as indicated below to request that PhishingBrains update or correct relevant Personal Data.

LINKS TO OTHER SITES
This service may contain links to other websites that are not owned or controlled by PhishingBrains. The linked websites may have their own privacy policies which we strongly suggest you review. To the extent such websites are not owned or controlled by PhishingBrains, we are not responsible for the website’s content or privacy practices, or for any use of the websites.

FORUMS
This site offers publicly accessible community forums. You should be aware that any information you provide in these areas may be read, collected and used by others who access them. To request removal of your personal information from the community forum, contact us via one of the methods listed in this privacy policy. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

CHANGES TO POLICY
From time to time, and without prior notice to you, PhishingBrains may update this Policy to reflect changes in our personal information practices. We will post the updated version on this page and indicate at the top of the Policy when it was most recently updated.

If we make any material changes, we will notify you by email (sent to the email address specified in your account) or by means of a notice within the Service. We encourage you to periodically review this page for the latest information on our privacy practices.

CONTACT US ABOUT PRIVACY
If you have any questions or concerns with regards to these our privacy policies, please contact us by mail, email, or phone.

PhishingBrains
Email: info@phishingbrains.com
Phone: +357 22485607