CIPHER respects your privacy and is committed to protecting the privacy of our visitors and clients. We uphold the highest industry standards in privacy and permission marketing.
Security and Privacy
CIPHER’s websites use reasonable commercial methods and security measures to protect against the loss, misuse, and alteration of the information under our control. We store the information in a database in a secure environment protected from unauthorized access, use, or disclosure. When personal information is transmitted, it is protected with encryption, such as the Secure Socket Layer (SSL) protocol. CIPHER shares information with our partners ONLY for the sole purpose of better supporting our current and future customers. We will never share, sell, or rent individual personal information outside of this partner arrangement unless ordered by a court of law. CIPHER enforces a strict internal policy regarding information protection requirements. Information submitted to CIPHER is restricted to employees managing this information for specific purposes only. These purposes include contacting you (via email, phone, etc.) in an effort to respond to a request or provide a service, and to notify you of CIPHER’s events and other CIPHER’s related activities such as training. CIPHER may also contact you with surveys in order to conduct research about your opinion of current services or of potential new services that may be offered.
Who Are We?
CIPHER is a global cybersecurity company that delivers highly accredited Managed Security Services and Security Consulting Services with ISO 20000 and ISO 27001, SOC I and SOC II, PCI QSA and PCI ASV certifications. We have received many awards including Best MSSP from Frost & Sullivan for the past five years. These services are supported by the best in class security intelligence lab: CIPHER Intelligence. Our offices are located in North America, Europe, and Latin America with 24×7×365 Security Operations Centers and R&D laboratories, complemented by strategic partners around the globe.
Our clients consist of Fortune 500 companies, world-renowned enterprises, and government agencies with countless success stories. CIPHER provides organizations with proprietary technologies and specialized services to defend against advanced threats while managing risk and ensuring compliance through innovative solutions.
How do we collect information?
What type of information is collected?
CIPHER collects the following information:
• Full Name
• IP address
• Email Address
• Job Title
• Company Name
• Telephone number
Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through CIPHER’s website and public message boards, this information may be collected and used by third-parties for marketing purposes.
How is information used?
We may use your information to:
• Improve your browsing experience by personalizing the website
• Send relevant information to you which we think may be of interest to you by blog post, email, or other means
• Send you marketing communications related to our business or the business of carefully selected third parties which we think may be of interest to you.
How is information secured?
After data is collected from the website, we use the Secure Socket Layer (SSL) protocol to protect information in transit. Additionally, we enforce access control to protect personal information from unauthorized access, use, or disclosure.
If you leave a comment on a CIPHER’s blog, you should be aware that any personally identifiable information you submit on our blog site can be read, collected, or otherwise used by anyone who reads the blog or who visits the URL of the blog post you comment on. We are not responsible for use of this information by non-CIPHER personnel. The name you leave will be published and is used as an identifier of the comment. The information provided will not be sold, rented, or shared unless ordered by a court of law. All blog content including posts, articles, and comments, are reviewed before being published.
Social Media Features
We post customer testimonials on our website. These testimonials may contain personally identifiable information, such as the customer’s name. We obtain the customer’s explicit consent prior to posting any testimonials.
The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize pages, or register on site, a cookie helps CIPHER to recall your specific information on subsequent visits. The information you previously provided can be retrieved, so you can easily use the features that you customized. If a user rejects the cookie, they may still use our sites; however, the user may not be able to access all areas of our sites.
These websites are not intended for people under the age of 13. CIPHER does not knowingly solicit or collect information from children or minors (under the age of 18).
Sharing Your Information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
We may disclose your personal information to third parties:
• if the third-party contracts with us to provide certain of the services you have requested and requires your personal information in order to do so;
• if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
• if Cipher or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or to protect the rights, property, or safety of Cipher, our customers, or others.
There are a number of rights available to you under GDPR:
1) Access to your data
You have the right to ask us to confirm that we process your personal data, as well as to have access to and receive copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this fair processing notice.
We will provide the information free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge you if you request more than one copy of the same information.
We will provide the information you request as soon as possible and in any event within one month of receiving your request. If we need more information to comply with your request, we’ll let you know.
2) Rectification of your data
If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it, unless we don’t feel it’s appropriate for us to do so in which case, we’ll let you know why. We’ll also let you know if we need more time to comply with your request.
3) Right to be forgotten
In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:
• where we no longer need your personal data for the purpose for which we collected it;
• where we have collected your personal data on the grounds of consent, and you withdraw that consent;
• where you object to the processing and we don’t have any overriding legitimate interests to continue processing the data;
• where we have unlawfully processed your personal data (i.e. we have failed to comply with GDPR); and
• where the personal data has to be deleted to comply with a legal obligation.
There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we’ll let you know.
4) Right to restrict processing
In some circumstances, you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data, but we don’t have to delete it. This right is available to you:
• if you believe the personal data we hold isn’t accurate – we’ll cease processing it until we can verify its accuracy;
• if you have objected to us processing the data (see below) – we’ll cease processing it until we have determined whether our legitimate interests override your objection;
• if the processing is unlawful; or
• if we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim.
Accountability for onward transfer
For all transfers of personal information to third parties acting as data controllers, Cipher complies with the Notice and Choice Principles by ensuring that all personal information processed by Cipher and its third parties in relation to controller / controller onward transfers will incorporate one of the following control mechanisms:
• A joint controller contract mandating that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation.
• The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
For transfers of personal data to a third party acting as an agent, Cipher will:
• ensure that the transfers of such data is only for limited and specified purposes;
• ensure that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles;
• take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles;
• require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
• take reasonable and appropriate steps to stop and remediate unauthorized processing; and
• provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.
Where Cipher acts as a Data Controller, you have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller. This right only applies:
• to personal data you provide to us;
• where processing is based on your consent or for performance of a contract (i.e. the right does not apply if we process your personal data on the grounds of legitimate interests); and
• where we carry out the processing by automated means.
We’ll respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we’ll let you know.
5) Right to object
You are entitled to object to us processing your personal data:
• if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;
• for direct marketing purposes (including profiling); and/or
• for the purposes of scientific or historical research and statistics.
In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
If you would like to exercise any of your rights in respect of your personal data, please contact us at:
Global Chief Information Security Officer
Applicable law allows certain exceptions to your ability to opt out, such as where we are parties to a contract that is still being performed, where law requires us to maintain information to warranty claims, or otherwise. Where applicable law permits us to retain and continue to use such information and we do so, we will do so only to the extent permitted or required by law. If you contact us to opt out, we will explain the options available and comply with your request as required by the Principles and applicable law.
The Federal Trade Commission has jurisdiction over Cipher LLC, a Prosegur Company’s compliance with the Privacy Shield. In compliance with the Privacy Shield Principles, Cipher LLC, a Prosegur Company, commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Cipher LLC, a Prosegur Company at:
Global Chief Information Security Officer
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Please refer to Annex 1 of the Privacy Shield via the following link:
Cipher LLC, a Prosegur Company, has further committed to refer unresolved Privacy Shield complaints to JAMS Mediation, Arbitration, and ADR Services, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit www.jamsadr.com for more information or to file a complaint. The services of JAMS Mediation, Arbitration, and ADR Services, are provided at no cost to you.
Notification of Changes
CIPHER welcomes your comments regarding this statement of privacy. If you believe that CIPHER has not adhered to this statement, please contact us at [email protected] We will use reasonable efforts to promptly determine and remedy the problem.