Privacy Notice

Effective: May 25, 2018

Update: March 28, 2019

RADAR, LLC (“RADAR”) is a leading provider of incident response management software. Our software is used by our business customers to support a consistent and efficient approach to risk assessing and managing incidents. This Privacy Notice is provided to help you understand what information we collect, how we use it, secure it and share it, and the choices available to you in accessing, updating, and correcting your personal information. We want to share this information with you because privacy is not only important to us—it is the foundation of our business.

This Privacy Notice applies to: (i) RADAR websites, including www.radarfirst.com and other subdomains that form our corporate web presence (“Website”); (ii) RADAR software that collects and processes information of our customers who purchase a subscription to our software-as-a-service product (accessible at app.radarfirst.com) (“Product”), and (iii) any RADAR internal business systems used to maintain personal information. Collectively, we refer to our Website, Product, and internal business systems as “Services”.

RADAR is committed to complying with laws to which it is subject, including applicable privacy laws. Our Website and Product are not intended for individuals under age 16 and we do not knowingly collect personal information from individuals under age 16. If you are under 16, do not provide any information on this Website. If we learn that we collected or received personal information from an individual under age 16, without verification of parental consent, we will delete that information.

Information We Collect

RADAR collects information as part of its business operations, to provide the services, to respond to requests and offer customer support, to fulfill legal and contractual obligations, and to improve our Product. You provide some of this data directly, such as when you contact customer support, or register for a RADAR event or publication. We also collect information through your interaction with the Product and our Website, for example, where we use embedded product technologies and cookies. We also obtain data from third party sources, as more fully described in this Privacy Notice.

Website Visitor Information: When you visit our Website, contact us to receive information about RADAR, or participate in our events, we collect certain information about you, which may include: first name; last name; title; business email address; phone number; IP address; and company information. All personal information collected through the Website is secured and access to that personal information is limited to individuals within our business that need access to this information to perform their job. No personal information is shared with third parties other than those service providers that RADAR directly engages to provide services supporting operation and administration of our Website. We may use surveys to solicit feedback or in connection with events that request personal information. In addition to your contact information, these surveys may request demographic information or information about your personal interests.

Licensed User Information: We collect personal information from you when you create or update your profile as a licensed user of the Product (“Licensed User”). This information includes first name; last name; title; business email address; IP address; company information; and authentication information including username and password. All personal information collected from Licensed Users is secured and access is limited to those individuals with a business need. No personal information of Licensed Users is shared with third parties other than those select service providers that RADAR has engaged.

We utilize application analytics tools to improve user interactions and monitor the performance of our Product. Such information may include frequency and nature of a customer’s use of the Product and information necessary to troubleshoot any issues reported.

Customer Information: Other than where our customer has specifically contracted with us to employ single-sign-on authentication, the Product does not require personal information in order to provide risk assessments. However, our customers may elect to enter personal information into their Product account for record-keeping or other purposes. All information entered into the Product by our customers (including without limitation any personal information) is “Customer Information”. We process and store Customer Information on behalf of our customers as a data processor. Our customers, as the controller of the data that we collect on their behalf, determine the purpose and legal basis for the data processing activities associated with Customer Information. Any Customer Information disclosed will be for the purposes set forth in this Privacy Notice (see Why and With Whom We Share Your Information) or as expressly set forth in the agreement with our customer.

Webinar Registration Information: We partner with select third parties to deliver webinars and other similar events. When you register to attend one of these events, we may receive your information from these third-party partners.

Information We Obtain from Other Sources: We may receive information about you from other third-party sources. We may buy or lease contact, marketing, and demographic data from third parties, including certain profile information from marketing and sales intelligence tools, social networking platforms, and services that you use to interact with the Website or Product. This information may be combined with information that we collect directly from you.

We may also collect information about you from other third party or public sources, such as social networks, when you use “Share This” via Facebook, Twitter, Google+, or other social media “like” buttons or plug-ins on our Website. While we do not provide your personal information to third-party advertising partners, they may combine this information with personal information that they collect directly from you or receive from other sources.

Information We Automatically Collect: When you visit our Website or use our Product, some information is logged automatically and stored in log files. This information may include: IP address; access times; browser type and language; and referral website. As is common with most websites, we also collect information about your usage and activity on our Website, including pages visited and resources accessed. We may aggregate this information, received both directly and indirectly from you, to better understand our users, analyze trends, and improve our Website.

Sensitive Information: As noted above, our Product does not require submission of personal information, including information that may be sensitive in nature, such as medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of an individual (“Sensitive Information”). Where you register for an event and your registration includes Sensitive Information, such as dietary needs or accessibility needs, your submission of that information is your consent for us to process this information for the purpose of meeting your needs. We will never use Sensitive Information for any other purpose without your opt-in consent.

Information you post on the forum or blog

Our Product offers Licensed Users the opportunity to join a Product feedback forum (“Forum”), hosted by a third-party provider, to allow you to make feature requests. Access to the Forum is only allowed for Licensed Users who have authenticated their identity within the Product. Please be sure that you limit any information you do not want others to view or have access to in their use of the Forum. If you elect to post information by using the Forum, any information you provide may be read, collected, and used by others with equal access. To request removal of your personal information from the feedback forum, contact us at privacy@radarfirst.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Cookies and Similar Tracking Technologies

RADAR and our marketing partners and analytics providers use cookies and similar tracking technologies to analyze trends, administer the Website, track movements around the Website and the Product, and gather demographic information about our audience as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We utilize cookies and other information that your browser transmits to better understand our Website audience. Such information includes aspects of your browser’s technical capabilities, information about your device, and your geographic location. Cookies may store information that identifies your browsing device with enough specificity to be able to deliver relevant content.

To learn more about cookies, how RADAR uses them, and your choices regarding RADAR’s use of cookies, please read RADAR’s Cookie Notice.

Do Not Track Requests

Some browsers offer a “Do Not Track” setting. Generally, when a user turns on the Do Not Track setting, their browser sends a message to websites requesting that the user not be tracked. Our Website currently does not respond to “Do Not Track” settings.

How We Use Information

We limit the use of your personal information to the purposes set forth in this Privacy Notice and our contracts with business customers.

We may use your information to:

  • operate and improve our Website and the Product;
  • respond to your feedback, comments, questions and to provide customer support;
  • contact you to request feedback about your experience with our Product or learn about your demographics, preferences, and interests;
  • provide and deliver the Product;
  • send you information related to the Product and services that you use, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
  • communicate with you about upcoming events and webinars and other news about products and services offered by RADAR and our selected partners;
  • collect anonymized and aggregated personal information for business purposes; this may include market analysis, traffic flow analysis and reporting, and to deliver relevant content;
  • customize or personalize your online experience (e.g. to pre-populate forms and display relevant content);
  • customize or personalize communications to bring you relevant information about products and services that may interest you; and
  • protect, investigate, and deter against fraudulent, unauthorized or illegal activity.

Your Choices and Rights

Choices Regarding Your Information

You may opt-out of receiving marketing or promotional emails from RADAR by following the instructions in those emails or by emailing privacy@radarfirst.com. If you opt-out, we may still send service-related communications, such as emails about your subscription, your account, Product notices, our ongoing business relations, or responses to customer service enquiries.

You may submit a request for us to remove you from any mailing list or delete your personal information from any of our systems, except where the deletion of such information would: (i) prevent us from exercising our rights; or (ii) prevent us from performing our obligations under any agreement with our customer. If we refuse your request, we will provide prompt written notice of the reason why, within the timeframe required by law.

If you are a Licensed User of the Product, please submit your request directly to the applicable customer for resolution; this includes requests to be removed from a customer account.

Updating Your Information

You may request that we correct or update your personal information. To request corrections or updates to your information, please login to the Product and utilize the tools available for managing your personal information. Alternatively, you may contact us for assistance at privacy@radarfirst.com.

Please note that RADAR customers can update, add, or delete Licensed User and Customer Information on their own. However, collection, use and processing of some personal information within the Product is necessary to ensure the security of the data and to authenticate access.

Licensed Users have access to their own Licensed User Information and are able to correct, amend, or delete their personal information through the Product’s user tools. Note there may be limits to what data can be deleted or amended, such as data associated with security activity logs.

For Licensed Users and Visitors from the European Union, Switzerland, and the United Kingdom

Our Legal Basis for Processing Personal Information

If you are a resident of the European Union (“EU”), RADAR’s legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which it is collected.

Generally, we will collect personal information from you: (1) where we have your consent, (2) where we need your personal information to perform a contract with you, (3) where we have a legal obligation to do so, such as the performance of a contract with our business customer, or (4) where the processing is in our legitimate interests and not overridden by your data protection interests of fundamental rights and freedoms (such as processing for administrative purposes, product development or improvement, preventing fraud or criminal acts, or securing information that we collect).

RADAR is the data controller for all personal information from EU residents who visit our Website (“Website Visitor Information”). We collect and use Website Visitor Information based on our legitimate business interest or consent (where legally required).

RADAR is the data processor for all personal information regarding EU, Swiss, or United Kingdom data subjects entered into the Product. Our business customers are data controllers and, in that role, determine the purpose and legal basis for the data processing activities we perform.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please send an email to privacy@radarfirst.com.

International data transfers

Our Website servers are located in the U.S. and we utilize third party service providers and partners located in the U.S. This means that, when we collect your personal information, it may be processed in a country that has different data protection laws than the laws of your country.

However, we have taken appropriate safeguards to require that the personal information will remain protected in accordance with this Privacy Notice when transferred internationally, including when processed internationally by third party service providers and partners. The safeguards we have taken include implementing the European Commission's Standard Contractual Clauses or relying on a third-party service provider’s EU-U.S. or EU-Swiss Privacy Shield certification in connection with any transfer of personal information to non-European Economic Area (“EEA”) third party service providers or business partners.

In addition, RADAR participates in the EU-U.S. and Swiss-U.S. Privacy Shield programs. Please see EU-U.S. and Swiss-U.S. Privacy Shield Frameworks for additional information.

Data retention

We will retain your personal information where we have an ongoing legitimate business need to do so, such as to provide our Product or to comply with applicable legal, tax, or accounting requirements. When we no longer have an ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, where your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until it is deleted. In addition, we will retain your information for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Your data protection rights

You have the following data protection rights associated with the data that we process as a data controller:

  • You may request access, correction, deletion, or updates to your personal information by emailing privacy@radarfirst.com;
  • You may object to our processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information by contacting us by email at privacy@radarfirst.com;
  • You may opt-out of our marketing communications at any time by clicking the “unsubscribe” or “opt-out” link in the marketing e-mails you receive from us.  If you wish to opt-out of other forms of marketing, such as postal marketing or telemarketing, please email privacy@radarfirst.com;  
  • In addition, if we collect and process your personal information with your consent, you can withdraw your consent at any time. Please note however, that withdrawing your consent will not affect the lawfulness of any processing that we conducted prior to your withdrawal, nor will it affect the processing of your personal information where we have relied upon an alternate legal basis for the processing of your information; and
  • You have the right to submit a complaint to your local data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland, and certain non-European countries (including the U.S. and Canada) may be found by going here.

We will respond to all data protection rights requests we receive in accordance with applicable data protection laws.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

RADAR participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. RADAR is committed to the use and treatment of all personal information received from EU member countries, Switzerland, and the United Kingdom, respectively, consistent with the applicable Privacy Shield Principles and in reliance on the applicable Privacy Shield Framework. For more information about the Privacy Shield Frameworks, please visit the U.S. Department of Commerce’s Privacy Shield website here. To view our certification, please visit the U.S. Department of Commerce’s Privacy Shield List and search for “RADAR, LLC” here.

RADAR implements appropriate safeguards to require that the personal information we process is protected in accordance with the Privacy Shield Principles. We comply with the Privacy Shield Principles for all onward transfers of personal information from the EU member countries, Switzerland, and the United Kingdom, including the onward transfer liability provisions.

Accountability for Onward Transfers

RADAR engages trusted third-party providers to provide system infrastructure, email, and tools that are necessary for the orderly and efficient function of our business. Such third parties act in accordance with the terms of our agreements, which include data protection provisions and business associate agreements, as appropriate. These agreements require that these third parties use your personal information only in a manner consistent with our instructions and in accordance with the Privacy Shield Principles. We further require that any such third parties notify us in the event of any use (intentional or unintentional) that is inconsistent with the Privacy Shield Principles or where the third-party determines that it is no longer able to meet such obligations.

We comply with the Privacy Shield Principles for all onward transfers of personal information from EU member countries, Switzerland, and the United Kingdom, including without limitation the onward transfer liability provisions.

Why and With Whom We Share Your Information 

Third-Party Providers

RADAR uses trusted third parties in order to effectively operate our business and deliver the Services to you. This may require that we provide third parties with access to your personal information or that those third parties may collect your information directly when using our Services. These third parties support RADAR in delivery of the Services in the areas of marketing, finance, business administration, and computer hosting infrastructure and support, as well as those providers used by us to support our compliance with legal or regulatory requirements, such as legal and tax advisors.

In addition, we may share your personal information with third parties, such as webinar or other event co-sponsors, for the limited purpose of your participation in a webinar or other event if you have specifically consented.

Legal Disclosures

We may be compelled to disclose personal information obtained through our Website or the Product: (i) in response to a lawful request by the government or public authorities; (ii) to comply with a subpoena or other legal process; (iii) to protect our rights; (iv) to protect your safety or the safety of others; or (v) to investigate fraud.

Information Security and Integrity

Information Security

RADAR employs robust security measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction reflective of the type of personal information and the risks associated with our processing of the information. For example, RADAR conducts annual third-party audits and penetration testing. We use passwords, security questions, multi-factor authentication, and other appropriate security measures to prevent unauthorized access to your personal information.

Information Integrity

RADAR uses appropriate contractual and quality control measures to ensure that your personal information is accurate and remains separate from another individual, customer, or Licensed User. These measures include: (i) updating records at your request; (ii) applying quality control procedures to software development; (iii) limiting employee access to personal information on the basis of need in order to perform job function; (iv) prohibiting the sharing of user accounts; and (v) other appropriate administrative, quality assurance, and technical safeguards.

Recourse, Enforcement, and Liability

RADAR takes your privacy rights seriously. We provide mechanisms for the resolution of your concerns and any disputes that may arise under this Privacy Notice. If you have any questions or concerns regarding this Privacy Notice or the use and treatment of your personal information by RADAR, please contact us via email at privacy@radarfirst.com or send a letter to:

ATTN: Privacy
RADAR, LLC

319 SW Washington Street

Suite 900

Portland, OR 97204
USA

RADAR will respond to your message within the time period required under applicable law.

For natural persons in the EEA and with regard to unresolved Privacy Shield complaints, RADAR designates and commits to cooperate with the panel of Data Protection Authorities in the EU to provide recourse, free of charge.

For natural persons in Switzerland and with regard to unresolved Privacy Shield complaints, RADAR designates and commits to cooperate with the Swiss Federal Data Protection and Information Commissioner to provide recourse, free of charge.

Under certain conditions (more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

With respect to the personal information received or transferred pursuant to the Privacy Shield Frameworks, RADAR is subject to the investigative and enforcement powers of the U.S. Federal Trade Commission.

Third Party Sites & Services

The Website may contain links to third party websites. This Privacy Notice does not apply to any RADAR, or third-party site, service, or product that does not display or link to this policy or that contains its own privacy policy, notice or statement. We strongly recommend that you review the privacy policy of any website you visit so that you can stay informed as to how your data is collected, used, and shared.

Business Transfer

In the event that RADAR goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data will likely be among the assets transferred. You will be notified via a prominent notice on our Website for 30 days following any such change in ownership or control of your personal information.

Changes To This Policy

We reserve the right to modify this Privacy Notice at any time, so please review it frequently.
When we make material changes to this Privacy Notice, we will notify you here prior to the changes becoming effective.

How to Contact Us

If you have any questions about this Privacy Notice or RADAR’s commitment to your privacy, RADAR can be contacted via email at privacy@radarfirst.com or you may send a letter to:

ATTN: Privacy
RADAR, LLC
319 SW Washington Street
Suite 900
Portland, OR 97204
USA