Last Updated: March 21, 2023
RADAR, LLC, dba RadarFirst (“RadarFirst”), is a leading provider of data privacy incident response management software. Our software is used by our business customers to support a consistent and efficient approach to assessing risk and managing incidents. This Privacy Notice is provided to help you understand what information we collect, how we use it, secure it, and share it, and the choices available to you in accessing, updating, and correcting your personal information. This information is shared with you not only because we understand privacy is important to you, but because it is important to us and is the foundation of our business.
This Privacy Notice applies to: (i) RadarFirst websites, including www.radarfirst.com and other subdomains that form our corporate web presence (collectively, “Website”); (ii) RadarFirst software that collects and processes information of our customers who purchase a subscription to our software-as-a-service platform (app.radarfirst.com) (“Product”), and (iii) any RadarFirst internal business systems used to maintain personal information. Collectively, we refer to our Website, Product, and internal business systems as “Services”.
RadarFirst is committed to complying with laws to which it is subject, including applicable privacy laws. As part of our compliance efforts, we evaluated the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, “CCPA”) and determined that RadarFirst is not currently subject to CCPA. However, we recognize that many of our customers are subject to CCPA and, as a result, we are committed to supporting our customers’ obligations under CCPA. Further, our Website and Product are not intended for individuals under age 13 and we do not knowingly collect personal information from individuals under age 13. If you are under 13, please do not provide any information on this Website. If we learn that we collected or received personal information from an individual under age 13, without verification of parental consent, we will delete that information.
Information We Collect
RadarFirst collects information as part of its business operations, to provide the Services, to respond to requests, provide customer support, to fulfill our legal and contractual obligations, and to improve our Product. The personal information we collect is never sold and is shared only as described in this Privacy Notice. You provide some of this information directly, such as when you contact customer support, or register for a RadarFirst event or publication. We also collect information automatically through your interaction with the Product and our Website, for example, where we use embedded product technologies and cookies. We also obtain data from third party sources, as more fully described in this Privacy Notice.
Business Information: When you visit our Website, contact us to receive information about RadarFirst, or participate in events we sponsor, we collect certain information about you, which may include: first name; last name; job title; business email address; phone number; IP address; and company information. All personal information collected through the Website (“Website Visitor Information”) is secured and access to that personal information is limited to individuals within our business that need access to this information to perform their job. No personal information is shared with third parties other than those service providers that we engage to (i) provide services supporting the operation and administration of our Website; (ii) provide content to you from RadarFirst or from our third-party providers; and (iii) supplement and update business contact details for our sales prospects and customers in order to ensure the contact information we have is accurate and up-to-date. We may use surveys to solicit feedback or in connection with events that request personal information. In addition to your contact information, these surveys may request demographic information or information about your personal interests.
Licensed User Information: We collect personal information from you when you create or update your profile as a licensed user of the Product (“Licensed User”) or to respond to customer service requests. Registration information includes first name; last name; job title; business email address; IP address; company information; and authentication information including username and password (when not using a single-sign-on (SSO) service). All personal information collected from Licensed Users is secured and access is limited to those individuals with a business need. No personal information of Licensed Users is shared with third parties other than those select service providers that RadarFirst has engaged as described in this Notice, typically to ensure contact details are up-to-date, for customer support and to monitor the performance of our Product.
We utilize application analytics tools to improve user interactions and monitor the performance of our Product. The information collected from these application analytics tools may include frequency and nature of a Licensed User’s use of the Product and information necessary to troubleshoot any issues reported.
Customer Information: Other than authentication information for Licensed Users, the Product does not require personal information to provide risk assessments. However, our customers may enter personal information into their Product account for record-keeping or other purposes such as documenting specific details related to an incident risk assessment. All information entered into the Product by our customers (including any personal information) is “Customer Information”. We process and store Customer Information on behalf of our customers as a data processor and service provider. Our customers, as the controllers of Customer Information, determine the purpose and any required legal basis for processing this data. Any Customer Information disclosed will be for the purposes set forth in this Privacy Notice (see Why and With Whom We Share Your Information) or as expressly set forth in the agreement with our customer.
Webinar Registration Information: We partner with select third parties to deliver webinars and other similar events. When you register to attend one of these events, we may receive your information from these third-party partners or, with your permission, share your information with these third-party partners.
Information We Obtain from Other Sources: We may receive information about you from other third-party sources. We may buy or lease contact, marketing, and demographic data from third parties, including certain profile information from marketing and sales intelligence tools, social networking platforms, and services you use to interact with the Website or Product. We may also use data enrichment services to ensure business contact details and information about our customers and business prospects is accurate and kept up to date. This information may be combined with information that we collect directly from you.
We may also collect information about you from other third party or public sources, such as social networks, when you use “Share This” via Facebook, Twitter, or other social media “like” buttons, or plug-ins on our Website. While we do not provide your personal information to third-party advertising partners, they may combine this information with personal information that they collect directly from you or receive from other sources.
Information We Automatically Collect: When you visit our Website or use our Product, some information is automatically collected and stored in log files. This information may include: IP address; access times; browser type and language; and referral website. As is common with most websites, we also collect information about your usage and activity on our Website, including pages visited and resources accessed. We may aggregate this information to better understand our users, analyze trends, and improve our Website and/or Product.
Sensitive Information: As noted above, personal information is not required to conduct incident risk assessments and is only required to authenticate Licensed Users to permit access to the particular customer’s Product account. In no event is personal information that may be sensitive in nature, such as financial information, medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of an individual (“Sensitive Information”) required nor should it be submitted in the Product. In limited circumstances we may, however, receive Sensitive Information, such as where you register for an event and your registration includes Sensitive Information, such as dietary or accessibility needs. We consider your submission of that information as your consent for us to process that information for the limited purpose of meeting your needs. We will never use Sensitive Information for any other purpose without your opt-in consent.
Information you Post on the Forum or Blog
Our Product offers Licensed Users the opportunity to join a Product feedback forum (“Forum”), hosted by a third-party provider, to allow you to make feature requests. Access to the Forum is only allowed for Licensed Users who have authenticated their identity within the Product. If you elect to post information by using the Forum, any information you provide may be read, collected, and used by others with equal access. Please do not share information that you do not want others to view or access in the Forum. To request removal of your personal information from the Forum, contact us at [email protected].
Cookies and Similar Tracking Technologies
We utilize cookies, and other information that your browser transmits, to better understand our Website audience. Such information includes aspects of your browser’s technical capabilities, information about your device, and your geographic location. Cookies may store information that identifies your browsing device with enough specificity to be able to deliver relevant content.
Do Not Track Requests
Some browsers offer a “Do Not Track” setting. Generally, when a Website visitor turns on the “Do Not Track” setting, their browser sends a message to websites requesting that the website visitor is not tracked. Our Website currently does not respond to “Do Not Track” settings.
How We Use Information
RadarFirst does not sell your personal information and we limit the use of your personal information to the purposes set forth in this Privacy Notice and our agreements with our customers.
We may use your information to:
- operate and improve our Website and Product;
- respond to your feedback, comments, and questions and provide customer support;
- contact you to request feedback about your experience with our Product or learn about your demographics, preferences, and interests;
- provide and deliver the Product;
- send you information related to the Product and services that you use, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
- communicate with you about upcoming events and webinars and other news about products and services offered by RadarFirst and our selected partners;
- collect anonymized and aggregated personal information for business purposes; this may include market analysis, traffic flow analysis and reporting, and to deliver relevant content;
- customize or personalize your online experience (e.g. to pre-populate forms and display relevant content);
- customize or personalize communications to bring you relevant information about products and services that may interest you; and
- protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
Your Choices and Rights
We understand you want to protect and control your personal information. We are also committed to complying with the laws applicable to our business and to ensuring we honor rights granted to individuals required by those laws. While RadarFirst is not currently subject to the CCPA, as a service provider, we are committed to supporting our customers’ obligations under the CCPA. In addition, as noted below, we support the rights of individuals located in the European Economic Area, Switzerland and the United Kingdom. This section details how you may review, update, or delete certain personal information and any additional rights required by applicable law.
Opting out of Promotional Emails. You may opt-out of receiving marketing or promotional emails from RadarFirst by (1) clicking the “Manage Subscriptions” link in those emails or (2) emailing [email protected]. Please keep in mind that you still may receive transactional and service related e-mails from us (such as e-mails related to your subscription, your account, password reset requests, reminder e-mails you have requested, Product notices and other similar communications essential to your use of the Platform) that may be necessary for us to make the Platform available to you or respond to your inquiries.
You may submit a request for us to delete your personal information from any of our systems. However, we may retain your personal information where allowed by law, including where deletion would: (i) prevent us from exercising our rights; or (ii) prevent us from performing our obligations under the law or any agreement with our customers. If we refuse your request, we will provide prompt written notice of the reason why, within the timeframe required by law.
Viewing or Updating Your Information
Updates and Access: To request corrections or updates to your contact information, please login to the Product and utilize the tools available for managing your personal information. Alternatively, you may submit a customer service request for assistance by emailing [email protected] with “Update My Account” in the subject line,
Please note that RadarFirst customers can update, add, or delete Licensed User and Customer Information directly by logging into their Product account. However, collection, use, and processing of some personal information within the Product is necessary to ensure the security of the information and to authenticate access.
There may be limits to what information can be deleted or amended, such as information associated with security logs.
Deactivating your account: Licensed Users must submit a request to the relevant business customer to request deactivation of an account. RadarFirst will deactivate an account upon request from our customer.
Event Attendees or Website Visitors
To request corrections, updates or deletion of your personal information, please email [email protected] with “Update My Account Information” in the subject line.
For Licensed Users and Visitors from the European Union, Switzerland, the United Kingdom, and Canada
Rights of Licensed Users and Visitors from the European Economic Area, Switzerland, the United Kingdom, and Canada
Residents of the European Union (“EU”), Switzerland, the United Kingdom (“UK”), and Canada have certain legal rights associated with their personal data (“EU Personal Data”) and if you are a data subject from any of these locations, this section provides you with additional information associated with those rights.
International Transfers and Our Legal Basis for Processing
RadarFirst is headquartered in the United States and EU Personal Data will be transferred to, processed, and maintained on computer systems located in the United States.
The United States currently is not a country the European Union has deemed “adequate” under applicable data protection laws. RadarFirst collects, transfers, and processes personal data as required by applicable law, including: when you provide your consent (where required by law), to deliver requested services to you or our customers, or to fulfill a legitimate interest of RadarFirst in a manner that does not outweigh your rights and freedoms. We may enter into data protection agreements or other legally approved mechanisms with our vendors to support compliance with applicable law.
We have taken appropriate safeguards to require that EU Personal Data we process will remain protected in accordance with this Privacy Notice when transferred internationally, including when processed by third-party service providers and partners. The safeguards we have taken include implementing the European Commission’s Standard Contractual Clauses, relying on a third-party service provider’s lawfully approved certification, or Binding Corporate Rules, for any transfer of EU Personal Data to EEA third-party service providers or business partners not located in the EU, Switzerland or the UK.
For all EU Personal Data we collect from our Website, RadarFirst is the data controller and we collect and use this information based on our legitimate business interest or consent.
For all EU Personal Data we collect in our Product, RadarFirst is the data processor, our customers are data controllers, and as data controllers, our customers determine the purpose and legal basis for the data processing activities we perform for them.
RadarFirst previously relied on its participation in and certification under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (the “Frameworks”) to legally receive and process EU Personal Data. However, in 2020, the Frameworks were declared invalid and RadarFirst can no longer rely on the Frameworks to legally receive and process EU Personal Data to the United States. However, RadarFirst continues to certify under the Frameworks, such that all data received by RadarFirst under the Frameworks prior to their invalidation will be maintained in accordance with the Frameworks. EU Personal Data transferred to RadarFirst following the invalidation will be in accordance with the EU Standard Contractual Clauses unless or until an alternate legally recognized option is available to us. Any change in the mechanism for receiving EU Personal Data will be reflected in this Notice as required by law. Please go here for more information on the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
Our Legal Basis for Processing Personal Information
If you are a resident of Canada or the European Union (“EU”), RadarFirst’s legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which it is collected.
Generally, we will collect personal information from you: (1) where we have your consent, (2) where we need your personal information to perform a contract with you, (3) where we have a legal obligation to do so, such as the performance of a contract with our business customer, or (4) where the processing is in our legitimate interests and not overridden by your data protection interests of fundamental rights and freedoms (such as processing for administrative purposes, product development or improvement, preventing fraud or criminal acts, or securing information that we collect).
If you have questions about, or need further information concerning, the legal basis on which we collect and use your personal information, please send an email to RadarFirst’s Chief Privacy Officer at [email protected].
We will retain your personal information where we have an ongoing legitimate business need to do so, such as to provide our Product or to comply with applicable legal, tax, or accounting requirements. When we no longer have an ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, where your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until it is deleted. In addition, we will retain your information for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Your data protection rights
In addition to any of the general rights granted to you under this Privacy Notice, you have the following data protection rights associated with the information that we process as a data controller:
- You may request access, correction, deletion, or updates to your personal information by emailing [email protected];
- You may object to our processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information by contacting us by email at [email protected];
- You may opt-out of our marketing communications at any time by clicking the “unsubscribe” or “opt-out” link in the marketing emails you receive from us. If you wish to opt-out of other forms of marketing, such as postal marketing or telemarketing, please email [email protected];
- If we collect and process your personal information with your consent, you can withdraw your consent at any time. However, please note that withdrawing your consent will not affect the lawfulness of any processing that we conducted prior to your withdrawal, nor will it affect the processing of your personal information where we have relied upon an alternate legal basis for the processing of your information; and
- You have the right to submit a complaint to your local data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA may be found here. Contact details for data protection authorities in Switzerland may be found here. Contact details for data protection authorities in Canada maybe be found here.
We will respond to all data protection rights requests that we receive in accordance with applicable data protection laws.
Accountability for Onward Transfers
RadarFirst engages trusted third-party providers to provide system infrastructure, email, and tools that are necessary for the orderly and efficient function of our business. Such third parties act in accordance with the terms of our agreements, which include data protection provisions and business associate agreements, as appropriate. These agreements require that these third parties use your personal information only in a manner consistent with our instructions and in accordance with the GDPR General principle for transfers. We further require that any such third parties notify us in the event of any use (intentional or unintentional) that is inconsistent with the GDPR principle or where the third-party provider determines that it is no longer able to meet such obligations.
When We Share Your Information
Once your personal information is collected by RadarFirst, as detailed above, we may share it with third parties for various reasons including to effectively operate our business and deliver the Services to you. These third parties support RadarFirst in delivery of the Services in the areas of marketing, finance, business administration, and computer hosting infrastructure and support, as well as those providers used by us to support our compliance with legal or regulatory requirements, such as legal and tax advisors. When we share your personal information with a third party provider, we require that third party to protect that information consistent with this Privacy Notice and limit use of that information to performing the services they provide to us.
In addition, we may share your personal information with third parties, such as webinar or other event co-sponsors, for the limited purpose of your participation in a webinar or other event. Where law requires, we will ensure we have your consent to share that information.
Eventual successors may access information
In the event of a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, any user information owned or controlled by us may be among the assets transferred to third parties as successors in interest. As part of this type of transaction, we reserve the right to transfer or assign your personal information to third parties. Other than to the extent ordered by a bankruptcy or other court, or as otherwise agreed to by you, the use and disclosure of all transferred user information will be subject to this Privacy Notice.
We need to comply with legal requirements
We may disclose your information to government authorities or other third parties if any lawful circumstances arise, including when:
- You have given us permission to share your information,
- We are required to do so by law, or in response to a subpoena or court order,
- We believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, or to protect our property or other rights or those of other users of the Website, Product, third parties, or the public at large; or
Information Security and Integrity
RadarFirst employs robust administrative, physical and technology-based security measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction reflective of the type of personal information and the risks associated with our processing of the information. For example, RadarFirst conducts annual third-party audits and penetration testing. We use encryption, passwords, security questions, multi-factor authentication, and other appropriate security measures to prevent unauthorized access to your personal information.
RadarFirst uses appropriate measures to ensure that your personal information is accurate and remains separate from another individual, customer, or Licensed User. These measures include: (i) updating records upon request; (ii) applying quality control procedures to software development; (iii) limiting employee access to personal information on the basis of need in order to perform job function; (iv) prohibiting sharing of user accounts; and (v) other appropriate administrative, quality assurance, and technical safeguards.
Recourse, Enforcement, and Liability
RadarFirst takes your privacy rights seriously. We provide mechanisms to resolve your concerns and any disputes that may arise under this Privacy Notice. If you have any questions or concerns regarding this Privacy Notice or how we use your personal information, please contact us via email at [email protected] or send a letter to:
520 SW 6th Avenue
Portland, OR 97204
RadarFirst will respond to your message within the time period required under applicable law.
For individuals in the European Economic Area, RadarFirst commits to cooperate with the panel of Data Protection Authorities in the European Union to provide recourse, free of charge.
For individuals in Switzerland, RadarFirst commits to cooperate with the Swiss Federal Data Protection and Information Commissioner to provide recourse, free of charge.
Lastly, for individuals in the United Kingdom, RadarFirst commits to cooperate with the Information Commissioner’s Office to provide recourse, free of charge.
Under certain conditions (more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
With respect to the personal information received or transferred pursuant to the Privacy Shield Frameworks, RadarFirst is subject to the investigative and enforcement powers of the U.S. Federal Trade Commission.
Third Party Sites & Services
Changes To This Policy
We reserve the right to modify this Privacy Notice at any time, so please review it frequently. When we make material changes to this Privacy Notice, we will notify you prior to the changes becoming effective.
How to Contact Us
If you have any questions about this Privacy Notice or RadarFirst’s commitment to your privacy, RadarFirst can be contacted via email at [email protected] or you may send a letter to:
520 SW 6th Ave
Portland, OR 97204