Black Kite Privacy Notice
Last updated June 21, 2023
Black Kite (“Black Kite,” “we” or “us”) offers a security and third-party risk technology platform. Black Kite also owns and operates several websites (e.g. blackkite.com cyber.riskscore.cards) (individually, “Website” and collectively the “Websites”). This Privacy Notice describes how we collect, use, share, disclose and store information when you:
- interact or use our Websites, including downloading materials from our resources page or requesting a demo,
- register and/or attend any of our events, webinars, or the conferences we attend (collectively “Events”), and
- if you use any of our products, services, or applications (including any trial) (collectively the “Services”) in any manner.
We recommend that you read this Privacy Notice in full to ensure you are fully informed regarding our privacy practices. If you have any questions about this Policy or our data collection, use, and disclosure practices, please contact us at [email protected].
What information does Black Kite collect?
Black Kite gathers various types of information, including information that identifies or may identify you as an individual (“Personal Information”) as explained in more details below.
Information You Provide to Us:
From Websites or Events:
We may collect any Personal Information that you choose to send to us or provide to us, for example, on our “Request a Demo” (or similar) online form or if you register for a Black Kite webinar. If you contact us through the websites, we will keep a record of our correspondence.
If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. We may also receive a confirmation when you open an email from us.
From the Services:
We receive and store information you provide directly to us. For example, when setting up new users, we collect Personal Information, such as name and email address, to provide the Services. The types of information we may collect directly from our customers and their users include names, usernames, email addresses, postal addresses, phone numbers, job titles, transactional information (including Services purchased), as well as any other contact information you choose to provide or upload to our systems in connection with the Services (“Contact Information”).
Further, if you have requested information or if you have purchased Services from us in the past, or you have downloaded or accessed any demonstrations or training with respect to the Services, we may use this information to provide you with news, offers for upgrades, discounts, and other marketing information. If you do not wish to receive such marketing communications from us, you can opt-out or “unsubscribe” in the manner designated in the marketing communication or by contacting us at [email protected]. However, please note that even if you opt-out or unsubscribe, we may still contact you for informational, transactional, account-related, or similar purposes.
If you use a blog, bulletin board or similar means of communication on or through our Websites, you should be aware that any data you submit there can be read, collected, or used by other users of these forums. We use industry standard measures, including administrative, technical, and physical safeguards, to help protect personal data from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. However, no data transmission over the Internet can be guaranteed to be entirely secure. As a result, while we always use all reasonable efforts to protect your personal data, we cannot guarantee the security of your information and the submission of data is at your own risk.
Surveys and Responsive Requests:
From time to time, we may use your Contact Information to request information from you via surveys or similar responsive requests. Participation in these surveys or responsive requests is completely voluntary and you have a choice whether to disclose any information requested. Information requested may include contact information (such as name, email, and address), and demographic information (such as zip code, age level, education, etc.). If you give us personal information about somebody else, such as a spouse or work colleague, we will assume that you have their permission to do so. Survey information may be used to monitor or improve the use and satisfaction of the Websites or the Services.
Information We Automatically Collect:
When you use the Websites:
When you visit the Websites, we collect certain information related to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our Website(s).
When you use the Services:
- Usage information – we keep track of user activity in relation to the types of Services our customers and their users use, the configuration of their computers, and performance metrics related to their use of the Services.
- Log information – we log information about our customers and their users when you use one of the Services including Internet Protocol (“IP”) address.
- Information collected by cookies and other similar technologies – we use various technologies to collect information which may include saving cookies to users’ computers, as more fully set forth in the Cookies and Other Tracking Technologies section below.
While using the Services, you may be asked to provide feedback (e.g., in the software directly or after receiving help from our support team). Providing this feedback is entirely optional.
We, for marketing or research purposes, may also receive contact details or other information about you from publicly and commercially available sources, which we may combine with other information we receive from or about you. We will use the information we collect from third party sources in accordance with this Privacy Notice.
How do we use the information?
We collect information/data for the following purposes:
Websites or Events:
We will use the information we collect via our Websites:
- To administer our Websites, events and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
- To improve our Websites to ensure that content is presented in the most effective manner for you and for your computer;
- For trend monitoring, marketing, and advertising.
- For purposes made clear to you at the time you submit your information – for example, to fulfill your request for a demo, to provide you with access to one of our webinars, whitepapers or to provide you with information you have requested about our Services; and
- As part of our efforts to keep our Websites secure.
Our use of your Personal Information may be based on our legitimate interest to ensure network and information security, and for our direct marketing purposes as requested or consented to by you.
We may use the information we collect from our customers and their users in connection with the Services to operate the Services, maintain and improve the performance and utilization of the Services, develop new features, protect the security and safety of our Services and our customers, and provide customer support, including to:
- Set up a user account.
- Provide, operate and maintain the Services.
- Process and complete transactions, and send related information, including transaction confirmations and invoices.
- Manage our customers’ use of the Services, respond to enquiries and comments, and provide customer service and support.
- Send customers technical alerts, updates, security notifications, and administrative communications.
- Investigate and prevent fraudulent activities, unauthorized access to the Services, and other illegal activities.
- For any other purposes about which we notify customers and users
We also use this data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business (see Third Party Analytics below).
We will normally collect Personal Information from you only (i) where we need the Personal Information to perform our obligations; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so. We use the information we collect in various ways, including to:
- Provide, operate, and maintain our Services.
- Improve, personalize, and expand our Services.
- Understand and analyze how you use our Services.
- Develop new products, services, features, and functionality.
- To inform our marketing strategy, including to define customers for our products and services.
- Keep our records up to date.
- Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes.
- Process your transactions.
- Send you text messages and push notifications.
- Find and prevent fraud; and
For compliance purposes or other legal rights, or as may be required in (a) the event of an emergency, (b) by applicable laws and regulations, (c) for the protection and safety of our employees and agents, our customers, or any other person or (d) requested by any judicial process or governmental agency.
Data Integrity and Security:
We use industry standard security measures to protect against the loss, misuse and/or alteration of data located on our systems. We implement appropriate measures and processes, such as using encryption when transmitting certain sensitive information, to help us to keep your information secure and to maintain its quality. We regularly review our security and related policies to adapt the technology as new threats evolve, and to monitor our systems to help ensure the highest level of availability of our Websites and Services. If you have any questions about the security of our Websites or Services, you can contact us at [email protected].
Retention of Data:
We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data by sending a request to [email protected]. To protect your privacy and security, we may take reasonable steps to verify your identity before updating or removing your information. The information you provide us may be archived or stored periodically by us according to backup processes conducted in the ordinary course of business for disaster recovery purposes. Your ability to access and correct your information may be temporarily limited where access and correction could: inhibit our ability to comply with a legal obligation; inhibit our ability to investigate, make or defend legal claims; result in disclosure of personal information about a third party; or result in breach of a contract or disclosure of trade secrets or other proprietary business information belonging to us or a third party.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
How do we share and disclose information to third parties?
With vendors, consultants and other service providers:
We may share your information with third party vendors, consultants, and other service providers who we employ to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies, product feedback or help desk software providers, CRM service providers, email service providers, and others. As a result, Personal Information could be transferred out of the European Economic Area (the “EEA”), Switzerland or the United Kingdom (“UK”). Whenever we transfer your personal data out of your jurisdiction, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- when the countries receiving your personal data have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- through the use of the standard contractual clauses adopted by the European Commission and/or the UK Information Commissioner’s Office (collectively, the “Standard Contractual Clauses”), as may be amended from time to time.
When you attend an event or webinar organized by Black Kite we ask your preferences on sharing your contact details with the event sponsor. Based on your choice, we may share your contact details (such as your name, email address, company name and phone number) with the event sponsor. If you’d like to opt-out of sharing your details with sponsors, you can always do so either at the time of registration, or by submitting a request to [email protected].
We may choose to buy or sell assets, and may share and/or transfer customer information (including Personal Information) in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.
Black Kite Group Companies:
We may also share your personal data with our parent companies, subsidiaries and/or affiliates for purposes consistent with this Privacy Notice.
We reserve the right to access, read, preserve, and disclose any information as necessary to comply with law or court order; enforce or apply our agreements with you and other agreements; or protect the rights, property, or safety of Black Kite, our employees, our users, or others.
Under certain circumstances, we may be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
We may work with third-party advertising partners to show you ads that we think may interest you. These advertising partners may set and access their own cookies, pixel tags, and similar technologies on our Sites and/or Services, and they may otherwise collect or have access to information about you which they may collect over time and across different online services. Some of our advertising partners are members of the Network Advertising Initiative or the Digital Advertising Alliance. To learn more about these programs, or opt-out of personalized ads, visit the Digital Advertising Alliance’s Self-Regulatory program for Online Behavioral Advertising at www.aboutads.info, or the Network Advertising Initiative at www.networkadvertising.org.
Cookies and Other Tracking Technologies
- Assisting you in navigation.
- Assisting in registration to our events, login, and your ability to provide feedback.
- Analyzing your use of our products, services or applications.
- Assisting with our promotional and marketing efforts (including behavioral advertising).
Our Websites are scanned with our cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies in the following categories:
- Strictly Necessary Cookies
- Performance Cookies
- Functional Cookies
- Targeting Cookies
Third Party Analytics
On some of our Websites, we also may utilize third party analytics to better understand your use of the Websites and Services. These third-party services collect information such as how often users visit the Websites, what pages they visit and what other sites they used prior to visiting. The data collected is used to track and examine the use of the Websites, to prepare reports on its activities and share them with other third-party analytics services. These parties may use the data collected on the Websites to contextualize and personalize the ads of their own advertising network.
Your Privacy Rights
What choices do I have?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.
- Marketing Communications: You can opt-out of receiving certain promotional or marketing communications from us at any time, by using the unsubscribe link in the email communications we send or email us at [email protected]. If you have any account for our Services, we will still send you non-promotional communications, like service-related emails.
Your Rights under the General Data Protection Regulation (“GDPR”)
Under certain circumstances, you have rights under data protection laws in relation to your personal data. We have explained your rights below; if you wish to exercise any of your rights, please contact us at [email protected]. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
You have the right to:
- access, correct, update, or request deletion of your personal information (note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request).
- object to the processing of your personal information. You may ask us to restrict the processing of your personal information, or request portability of your personal information (however, in some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms).
- request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you.
- withdraw your consent at any time for any personal data we have collected and processed with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent. If you would like to exercise your right to delete, please fill out this request form. Our privacy team will examine your request and respond to you as quickly as possible.
- complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, the UK, Switzerland and certain non-European countries (including the US and Canada) are available here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
- No Fee Usually Required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
- What We May Need from You. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
California’s “Shine the Light” law.
California’s “Shine the Light” law (Civil Code Section §1798.83) provides certain rights to California residents free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing purposes; such requests may be made once per calendar year for information about any relevant third party sharing in the prior calendar year (e.g., requests submitted in 2022 would be applicable to relevant disclosures (if any) in 2021). If you are a California resident and would like to make such a request, please submit your request in writing by emailing us at s[email protected] using the subject line “Request for California STL Information.” In your request, please attest to the fact that you are a California resident and provide a current California address. We will reply to valid requests by sending a response to the email address from which you submitted your request. Please note that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing and the relevant details required by the Shine the Light law will be included in our response.
The California Consumer Privacy Act
This section describes how we collect, use, and share Personal Information of California residents when we act as a “business” as defined under the California Consumer Privacy Act of 2018 (“CCPA”), and their rights with respect to their Personal Information. For purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA or information we collect from you while providing services to you or receiving services from you where you are an employee, controlling owner, director, officer or contractor of a company, partnership, sole proprietorship, non-profit or government agency. In some cases, we may provide a different privacy notice to certain categories of California residents, such as job applicants, in which case that notice will apply instead of this section. Personal Information We Collect.
We collect identifiers (such as name, address, email, phone number, job title, and transactional information), commercial information (such as a record of the services purchased or demos requested), and Internet or other electronic network activity information (such as usage information, IP address, cookie information, and customer feedback).
Why We Collect Your Personal Information
We use identifiers to provide the services requested, such as to fulfill a request for a demo, provide access to a webinar, or provide you with information about our services. We use identifiers and commercial information for general website administration, which includes record keeping, troubleshooting, data analysis, testing, and survey purposes. We use identifiers, commercial information, and Internet or other electronic network activity for trend monitoring, marketing, and advertising, as well as to ensure website security.
How We Collect Your Personal Information
We collect identifiers and commercial information directly from you. We collect Internet or other electronic network activity from your usage of the Websites and Services.
With Whom We Share and Your Personal Information. Black Kite shares personal information as necessary for certain “business purposes,” as defined by the CCPA (Cal. Civ. Code 1798.140(d)). This includes sharing identifiers, commercial information, and internet or other electronic network activity with providers of payment processing, customer relationship management, consulting, email, product feedback, and helpdesk services.
Right to Opt-out of the “sale” of Your Personal Information
Like many companies, we use services that help deliver interest-based ads to you. Our use of some of these services may be classified under California law as a “sale” of your Personal Information to the companies that provide the services because they collect information from our users (e.g., device data and online activity data) to help them serve ads more likely to interest you. You can request to opt-out out of this “sale” of your personal information here [email protected].
We reserve the right to confirm your California residency to process your requests and will need to confirm your identity to process your requests to exercise these rights. Government identification may be required. You may designate an authorized agent to make a request on your behalf. To designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
Right to Request Disclosure
You have the right to request disclosure about what categories of personal information Black Kite has disclosed for a business purpose about you and the categories of third parties to whom the personal information was disclosed. Additionally, you have the right to request disclosure of specific pieces of information. Below is a full list of the information that you can include in your request.
- The categories of personal information that Black Kite has collected about you.
- The categories of sources from which Black Kite collected the personal information.
- The categories of third parties with whom Black Kite shares personal information.
- The specific pieces of personal information Black Kite has collected about you.
- The categories of personal information that Black Kite disclosed about you for a business purpose.
- If you would like to exercise your right to request disclosure, please fill out this request form. Our privacy team will examine your request and respond to you as quickly as possible.
Right to Request Deletion
You have the right to request that Black Kite delete any personal information about you that Black Kite has collected from you. Please note that there are exceptions where Black Kite does not have to fulfill a request to delete information, such as when the deletion of information would create problems with the completion of a transaction or compliance with a legal obligation. If you would like to exercise your right to delete, please email our privacy team at [email protected]. Our privacy team will examine your request and respond to you as quickly as possible.
The Right to Non-Discrimination
Black Kite will not discriminate against you (e.g., through denying goods or services, or providing a different level or quality of goods or services) for exercising any of the rights afforded to you.
In compliance with the CCPA, we commit to resolve complaints about your privacy and our collection or use of your Personal Information. California residents with inquiries or complaints regarding this Privacy Notice should first contact Black Kite at:
Bob Maley, Chief Security Officer, [email protected].
California and Delaware “Do Not Track” Disclosures
California and Delaware law require Black Kite to indicate whether it honors “Do Not Track” settings in your browser concerning targeted advertising. Black Kite adheres to the standards set out in this Privacy Notice and does not monitor or respond to Do Not Track browser requests.
We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Information, please contact us at [email protected].
For your convenience, hyperlinks may be posted on the Websites that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Notice does not apply to, the privacy practices of any Linked Sites or of any companies that we do not own or control. Linked Sites may collect information in addition to that which we collect on the Websites. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the privacy notice of each Linked Site that you visit to understand how the information that is collected about you is used and protected.
Changes to the Privacy Notice
We’re constantly trying to improve our Websites and Services, so we may need to change this Privacy Notice from time to time as well. We will alert you to material changes by, for example, placing a notice on our Websites and/or by sending you an email (if you have registered your e-mail details with us) when we are required to do so by applicable law. You can see when this Privacy Notice was last updated by checking the date at the top of this page. You are responsible for periodically reviewing this Privacy Notice.
If you have any questions or concerns about this Privacy Notice, please feel free to email us [email protected], or at the following address: 800 Boylston St, Suite 2905 Boston, MA 02199