Privacy Notice

Effective: May 25, 2018

This Privacy Notice is provided by RADAR, Inc. (“RADAR” or “we”) to inform you of our commitment to: (i) visitors to www.radarfirst.com and other subdomains that form our corporate web presence (“Website”); (ii) our customers who purchase a subscription to our software-as-a-service product (accessible at app.radarfirst.com) (“Product”), and (iii) individuals whose personal information is stored in any of our systems or software. This Privacy Notice explains how RADAR collects and uses the personal information and describes the choices available for accessing, updating, and correcting this personal information.

This Privacy Notice applies to our Website visitors, our customers, and individuals whose personal information is stored in any of our systems or software. It does not address privacy policies or practices of any third parties or their services, including third party platforms that you choose to use to connect with our Website or Product.

We reserve the right to modify this Privacy Notice at any time so please review it frequently.

When we make material changes to this Privacy Notice, we will notify you here prior to the changes becoming effective.

Prior versions of this Privacy Notice are available here: www.radarfirst.com/priorprivacynotices.

All references to the Customer Agreement only apply to our customers.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

RADAR participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. RADAR is committed to the use and treatment of all personal information received from EU member countries and Switzerland, respectively, consistent with the applicable Privacy Shield Principles and in reliance on the applicable Privacy Shield Framework. For more information about the Privacy Shield Frameworks, please visit the U.S. Department of Commerce’s Privacy Shield website here. To view our certification, please visit the U.S. Department of Commerce’s Privacy Shield List and search for “RADAR, Inc.” here.

RADAR protects your privacy through the application of the Privacy Shield Principles. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU member countries and Switzerland, including the onward transfer liability provisions.

Data Controller & Data Processor

RADAR is the data controller for: (i) all personal information collected from EU data subjects who are registered users of the Product (“Registered User Information”); and (ii) all personal information collected from EU data subjects who visit our Website (“Visitor Information”). We collect and process Registered User Information based on our legitimate business interest. We collect and process Visitor Information based on our legitimate business interest and, where required, consent.

RADAR is the data processor for all personal information regarding EU data subjects entered into the Product by our customers (referred to as “User Information”). As the data controllers, our customers determine the purpose and legal basis of the data processing activities for User Information.

RADAR can be contacted via email at privacy@radarfirst.com or you may send a letter to:

ATTN: Privacy
RADAR, Inc.
319 SW Washington Street
Suite 900
Portland, OR 97204
USA

Rights of EU Data Subjects

The Privacy Shield and EU data protection regulations provide EU data subjects with the following rights:

  • Right of access;
  • Right to rectification;
  • Right to erasure;
  • Right to restrict processing; and
  • Right to object.

To exercise your rights, see Choice below.

The remainder of this Privacy Notice is organized below with reference to the applicable Privacy Shield Principles, which are also supportive of other privacy protection frameworks.

1. Notice

We provide this Privacy Notice so that you can make informed choices regarding the use and treatment of your personal information.

What Data We Collect

Here are the types of information that we collect from you through our Website or Product:

Visitor Information: When you register to receive information from RADAR or participate in our events, we collect certain information about you (e.g. first name; last name; title; business email address; phone number; IP address; company information). If you interact with the Website and submit your contact information via a form, you consent for RADAR to contact you for the purposes set forth in the form and this Privacy Notice. All personal data collected through the Website is stored in secure applications with access limited to business needs. No personal data is shared with third parties other than service providers acting as RADAR’s agents. From time to time, we may use surveys for feedback or in connection with events that request personal information. In addition to your contact information, such surveys may request demographic information, information about your personal interests, or your feedback as a RADAR customer.

Registered User Information: When you create or update your profile as a registered user of the Product or when you submit incident information into the Product (including via a web form), we collect certain information about you (e.g. first name; last name; title; business email address; IP address; company information; login and password; authentication). All personal information collected from Registered Users is stored in secure applications with access limited to business needs. No personal data is shared with third parties other than service providers acting as RADAR’s agents. We collect this information for the purposes described in this Privacy Notice and the Customer Agreement, including without limitation to provide you with access to the Product and fulfill the terms of our Customer Agreement.

We utilize application analytics tools to improve customer relations and monitor the performance of our Product. Such information may include frequency and nature of the customer’s use of the Product and information necessary to troubleshoot any issues reported by the customer.

User Information: The functionality of our Product does not require the entry of personal information about individuals in order to provide risk assessments. However, our customers may enter information about individuals into the Product for the purpose of tracking incidents. All information entered into the Product by our customers (including without limitation any personal information) is referred to as “User Information”. We process and store User Information as the data processor. However, our customers, as the data controllers, determine the purpose and legal basis of the data processing activities for User Information. We treat User Information as the property and confidential information of the applicable RADAR customer. We reserve a limited right to disclose any User Information for the purposes set forth in Section 3 of this Privacy Notice or as expressly stated in the Customer Agreement.

Information that We Obtain from Other Sources: RADAR may collect information about you from third party sources and services. We may buy or lease contact, marketing, and demographic data from brokers. RADAR may also access certain profile information from social networking platforms and services that you use to interact with the Website or Product. We may combine that third party information with information that we collect directly from you.

Information that We Automatically Collect: When you visit our Website or use our Product, some information (e.g. IP address; access times; browser type and language; referral website) is logged automatically and stored in log files. We also collect information about your usage and activity on our Website. We may tie your IP address to information that we automatically collect on our Website. We may also tie information that we automatically collect with personal information that we receive from your interactions with the Website or Product. We use products of third parties acting on our behalf to analyze and improve our Website.

Notice Regarding Cookies

RADAR and our marketing partners and analytics providers use cookies and similar tracking technologies to analyze trends, administer the Website, track movements around the Website, and gather demographic information about our audience as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We utilize cookies and other information that your browser transmits to better understand our Website audience. Such information includes aspects of your browser’s technical capabilities, information about your device, and your geographic location. Cookies may store information that identifies your browsing device with enough specificity to be able to deliver relevant content.

Notice Regarding Retention of Personal Information

We will retain your information collected for a commercially reasonable period of time to fulfill the terms of the Customer Agreement (if applicable) and for the purposes described in this Privacy Notice. In addition, we will retain your information for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Notice Regarding Third Party Partnerships

When you register to receive information from RADAR about our third party partnerships, we collect certain information about you (e.g. first name; last name; title; business email address; phone number; IP address; company information). By submitting this information, you consent for RADAR to contact you for the purposes set forth in this Privacy Notice and to share your contact information with such third party partners.

2. Choice

By entering personal information into the Website or Product, you expressly allow us to collect, process, store, and use that data in a manner consistent with this Privacy Notice and the Customer Agreement (if applicable).

You may opt-out of receiving promotional emails from RADAR by following the instructions in those emails. If you opt-out, we may still send non-promotional communications, such as emails about your subscription, your account, product notices, or our ongoing business relations.

Customers have the choice to update, add, or delete certain Registered User Information. However, you cannot opt-out of some collection and processing within the Product as it is necessary to ensure security. Customers also have the choice to update, add, or delete User Information.

Upon request, RADAR will provide you with information about whether we hold any of your personal information. You may email privacy@radarfirst.com to: (i) request RADAR to provide you with information about your personal information that we process and store; (ii) request changes to your contact preferences; (iii) request access to your personal information; and (iv) request changes to your personal information. If you would like this information edited or deleted, we will respond to your request within 30 days.

You may request for us to remove you from any mailing list or delete your personal information from any of our systems, except where the deletion of such information would: (i) prevent us from exercising our rights; (ii) prevent us from performing our obligations under the Customer Agreement (e.g. responding to your inquiries); or (iii) violate the terms of our Customer Agreement. We reserve the right to delete your personal information from our system and software if retention of that information is reasonable required for the fulfillment of a contractual or legal obligation. If we are required to refuse for any reason, we will provide prompt written notice of the reason.

If you are a registered user of the Product, you may not opt out of personal information collection because such collection is required to ensure the security and integrity of the Product. If you are a registered user of the Product and you would like to be removed from the applicable Customer account, you will need to contact the administrator within your organization who manages this Customer account.

Sensitive Information

We do not solicit or seek to collect “Sensitive Information” as such term is defined in the Privacy Shield Frameworks (i.e. personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual). If you choose to enter Sensitive Information pertaining to an individual into the Product, you agree to provide that information to us for the purpose of storing that information in the Product for your own business purposes. We will never use Sensitive Information for any other purpose without your opt-in consent. For your security and in defense of your privacy rights, we only contract with the third parties who also provide a level of privacy protection that meets or exceeds industry standards.

Your Choices Regarding Cookies, Browser Information & Third-Party Websites

If you wish to prevent the use of cookies on our Website, you will need to adjust your browser settings to block them. Blocking cookies will not impair the function of our Website. There are a variety of tools available for blocking cookies.

Cookies are required for use of the Product (e.g. authentication) and may not be disabled.

The Website may contain links to enable you to quickly visit other third party websites of interest. RADAR does not have any control over those other third party websites. While we intend to offer links to reputable websites, RADAR is not responsible for the protection and privacy of any information which you provide while visiting such websites and such websites are not governed by this Privacy Notice. You should review the privacy policy applicable to the website in question.

3. Accountability for Onward Transfer

RADAR engages third parties (e.g. Amazon Web Services) to provide system infrastructure, email, and tools that are necessary for the orderly and efficient function of our business. Such third parties act in accordance with the terms of our agreements, which include data protection provisions and business associate agreements, as appropriate. These agreements require that the third parties use your personal information only in a manner consistent with the purposes for which you entrusted it to us and in accordance with the Privacy Shield Principles. We further require that any such third parties provide us with notification in the event of any intentional or unintentional use inconsistent with these Privacy Shield Principles or where the third party determines that it is no longer able to meet such obligations.

We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU member countries and Switzerland, including without limitation the onward transfer liability provisions.

3a. Requests by Authorities and Litigants

We may be compelled to disclose personal information obtained through our Website or the Product: (i) in response to a lawful request by the government or public authorities; (ii) to comply with a subpoena or other legal process; (iii) to protect our rights; (iv) to protect your safety or the safety of others; or (v) to investigate fraud. In the event that we are permitted by law to disclose the request or the rationale for the disclosure, we will contact you in order to provide you with an opportunity to respond.

4. Security

RADAR employs robust security measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction in light of the nature of the personal information and the risks involved in processing. For example, RADAR conducts annual third party audits and penetration testing. We use passwords, security questions, multi-factor authentication, and other applicable security measures to prevent an inappropriate entity or individual from gaining access to your personal information.

RADAR retains personal information that it collects as a data controller consistent with its Information Retention & Destruction Policy. RADAR retains personal information that it collects as a data processor consistent with this Privacy Notice and the Customer Agreement.

RADAR processes and stores personal information in the U.S.

5. Data Integrity

RADAR uses appropriate contractual and quality control measures to ensure that your personal information is accurate and not confused with that of any other individual or customer or registered user. These measures include: (i) updating records at your request; (ii) applying quality control procedures to software development; (iii) limiting employee access to personal information on the basis of business need; (iv) prohibiting the sharing of user accounts; and (v) other appropriate administrative, quality assurance, and technical safeguards.

6. Purpose Limitation

We limit our use of your personal information to the purposes set forth in this Privacy Notice and the Customer Agreement (if applicable).

For example, we may use your information to:

  • operate and improve our Website, the Product, and services;
  • respond to your comments and questions and provide customer support;
  • contact you to request feedback about your experience with our Product and services or learn about your demographics, preferences, and interests;
  • provide and deliver the Product and services that you use;
  • send you information related to the Product and services that you use, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
  • communicate with you about upcoming events and webinars and other news about products and services offered by RADAR and our selected partners;
  • anonymize and aggregate personal information for business purposes. This could include market analysis, traffic flow analysis and reporting, and to deliver relevant content;
  • customize or personalize your online experience (e.g. to pre-populate forms and display relevant content);
  • customize or personalize communications to bring you relevant information about products and services that may interest you; and
  • protect, investigate, and deter against fraudulent, unauthorized or illegal activity.

We may also use your personal information in other ways than as listed here, in which case, we will inform you.

7. Access

You have a right to access any personal information about yourself that RADAR processes and stores and correct, amend, or delete such personal information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, except: (i) where the burden or expense of providing access would be disproportionate to the risks to your privacy in the particular situation; or (ii) where the rights of persons other than yourself would be violated. To access, correct, amend, or delete your information, please utilize the interface in RADAR for managing your personal information or contact us for assistance at privacy@radarfirst.com.

Registered Users have access to their Registered User Information and are able to correct, amend, or delete such Registered User Information through the Product’s user interface with limited exception (e.g. security activity logs).

8. Recourse, Enforcement and Liability

RADAR takes your privacy rights seriously. We provide mechanisms for the resolution of your concerns and any disputes that may arise under this Privacy Notice. If you have any questions or concerns regarding this Privacy Notice or the use and treatment of your personal information by RADAR, please contact us via email at privacy@radarfirst.com or send a letter to:

ATTN: Privacy
RADAR, Inc.
319 SW Washington Street
Suite 900
Portland, OR 97204
USA

RADAR will respond to your message within a maximum of 30 days.

For natural persons in the EU and with regard to unresolved Privacy Shield complaints, RADAR designates and commits to cooperate with the panel of Data Protection Authorities in the EU to provide recourse, free of charge.

For natural persons in Switzerland and with regard to unresolved Privacy Shield complaints, RADAR designates and commits to cooperate with the Swiss Federal Data Protection and Information Commissioner to provide recourse, free of charge.

Under certain conditions (more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

With respect to the personal data received or transferred pursuant to the Privacy Shield Frameworks, RADAR is subject to the investigative and enforcement powers of the U.S. Federal Trade Commission.