LIVE WEBINAR: The Big AppSec Shift of 2023 with Michael Coates & Adrian Ludwig on 20th OCT 2022, at 12:00pm CST. Register here!

Platform Privacy Policy

  1. Applicability.
    1.1. This privacy policy (“PP”) explains how Cider Security Ltd. and its affiliates (the “Company”) treat the information of users (“User”) of its platform and software services (the “Services”).
    1.2. By using or accessing the Services, User agrees to be bound by the PP. If User does not agree with the PP, User must not use or access the Services.
    1.3. The Company may from time to time modify this PP. If User does not agree with the PP, as amended, User must stop using the Services. The Company will notify User via the Services regarding material changes in the PP. User is advised that if User does not terminate all use of the Services, User will be deemed to have accepted the PP, as amended.

 

  1. Data collected by the Company.
    2.1. In this PP the Company uses the term “Personal Information” to mean any information about User that would allow a third party to determine User’s individual identity.
    2.2. The Company collects certain data, which does not constitute Personal Information via the Services and/or certain analytical tools embedded in the Services (see below). The Company, via the Services, neither collects any Personal Information, nor does it require or encourage any User to provide it with Personal Information. Nevertheless, Personal Information might be provided to the Company by the Users of the Services. It shall hereby be clarified that User is not under any legal obligation to submit Personal Information to Company.
    2.3. Data provided by User.
    2.3.1. User might choose to provide Company with the following Personal Information with respect to its users and/or employees and/or service providers or other third parties who interact with the User (“User Personnel”):
    2.3.1.1. Contact details (e.g. name, email address);
    2.3.1.2. User’s system code Passwords and other authentication and security credential information.
    2.3.1.3. Any other Personal Information that User may (i) post, submit, run on, or upload to the Platform, (ii) cause to interface with the Platform, or (iii) upload to the Platform under User’s account or otherwise transfer, process, use or store in connection with User’s account.
    2.3.2. User hereby represents and warrants that in providing the Company with the above Personal Information of User Personnel, (i) User fully complies with any applicable laws (including without limitation that User obtained and will continue to obtain the consents of User Personnel required by any applicable law); (ii) User will conspicuously display, maintain, and make accessible to User Personnel a privacy policy that complies with any applicable law.
    2.4. Data collected automatically.
    2.4.1. Company may utilize cookies and other industry standard analytic technologies and tools (collectively, “Tools”) in order to, amongst others, facilitate and customize the User’s experience of the Services and to track User’s use of the Services. A cookie is a small text file that is stored on a User’s computer for record-keeping purposes which contains information about that User. Most browsers automatically accept cookies, but User may be able to modify its browser settings to decline cookies. Please note that if User declines or deletes these cookies, some parts of the Services may not work properly.
    2.4.2. Using the Tools, the Company automatically collects mainly the following data when User and/or User Personnel visits, interacts with, or uses the Services, including but not limited to:
    2.4.2.1. Screening of navigation, usage and operational analytics and statistics;
    2.4.2.2. Statistical data with respect to the operation of the Services, including system performance statistics, such as CPU and memory usage;
    2.4.2.3. Data about the Services, including components counts, versions, and types;
    2.4.2.4. User/User Personnel summarized data, including overall risk level of the User environment, summarized into several key risk indicators.
    2.4.3. From time to time, the Company may use additional or alternative analytics services. The Company will notify its Users about any material changes via email.
    2.5. Without derogating from the foregoing, please note that the Company may use analytic tools such as Google Analytics. Please click on www.google.com/policies/privacy/partners/ in order to find out how Google Analytics collects and processes data.

 

  1. The Company’s Use of Data.
    3.1. The Company does not use any Personal Information except in case it would be necessary to perform the Services.
    3.2. The Company may ask for User’s consent to use User’s Personal Information for any use not specified herein.
    3.3. The Company uses anonymous, statistical or aggregated information, which may be based on Personal Information provided by User, for legitimate business purposes including for testing, development, control and operation of the Service.

 

  1. Sharing Data.
    4.1. The Company discloses, without notification, Personal Information that Company collected and/or was provided with, solely in the following cases:
    4.1.1. If required to do so by law according to its understanding of such law (including, but not limited to, in cases of court orders or subpoenas);
    4.1.2. To verify the information obtained by Company;
    4.1.3. To prevent or investigate suspected fraud, or any activity that Company believes may be illegal or may expose the Company to legal liability;
    4.1.4. Events involving potential threats to the physical safety of any person or property, if Company believes that the respective information in any way relates to that threat;
    4.1.5. If Company believes that User’s (or User Personnel’s) conduct on or in connection with the Services is inappropriate and inconsistent with generally accepted norms of behavior;
    4.1.6. In addition, Company may be required to disclose data to relevant national, state and local law enforcement authorities, whom may further disclose the data.
    4.1.7. In the event that Company, or any of its businesses, are sold or disposed of, whether by merger, sale of assets or otherwise, data may be one of the assets sold or merged in connection with such transaction. Data may also be disclosed in connection with a commercial transaction where Company or any of its businesses are seeking financing, investment, and support or funding.
    4.2. When Company shares data with third parties, as specified above, Company requires such recipients to agree to only use such Personal Information in accordance with this PP and Company’s contractual specifications and for no other purpose than those determined by Company in line with this PP. However, it is clarified that Company is not liable for such third parties’ use of the Personal Information.

 

  1. Security.
    Company has taken appropriate technical and organizational measures to protect information Company collects from loss, misuse, unauthorized access, disclosure, alteration, destruction, and any other form of unauthorized processing. User should be aware, however, that no data security measures can guarantee 100% security.

 

  1. Access to Information.
    6.1. Depending on applicable laws, User or User Personnel may be entitled to access User’s data held by Company with respect to such User or User Personnel. User’s or User Personnel’s right of access can be exercised in accordance with the relevant data protection legislation. Any request for access may be subject to a fee to meet Company’s costs in providing such User with details of the data the Company holds on User or User Personnel.
    6.2. Company will take reasonable steps to verify User’s or User Personnel identity before granting User or User Personnel access or enabling User or User Personnel to make corrections.
    6.3. If at all, Company will retain Personal Information only for the time period needed for business purposes or as required by applicable law and will securely destroy such information thereafter.

 

  1. Users in the European Economic Area (EEA).
    7.1. Legal Basis for Processing of Personal Data.
    Company will only process User’s or User Personnel’s Personal Data (as defined in the General Data Protection Regulation 2016 /679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”)), if it has one or more of the following legal bases for doing so:
    7.1.1. Contractual Necessity: processing of Personal Data is necessary to enter into a contract with User, to perform Company’s contractual obligations to User, to provide the Services, to respond to requests from User, or to provide User with customer support;
    7.1.2. Legitimate Interest: Company has a legitimate interest to process User’s or User Personnel’s Personal Data;
    7.1.3. Legal Obligation: processing of User’s or User Personnel’s Personal Data is necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
    7.1.4. Consent: processing of User’s or User Personnel’s Personal Data with User’s or User Personnel’s consent.
    7.2. User’s Rights regarding Personal Data.
    7.2.1. Subject to applicable law, User or User Personnel has certain rights with respect to User’s Personal Data, including the following:
    7.2.1.1. User or User Personnel may ask whether Company holds personal data about User or User Personnel and request copies of such Personal Data and information about how it is processed;
    7.2.1.2. User or User Personnel may request that inaccurate Personal Data is corrected;
    7.2.1.3. User or User Personnel may request the deletion of certain Personal Data;
    7.2.1.4. User or User Personnel may request Company to cease or restrict the processing of Personal Data where the processing is inappropriate;
    7.2.1.5. When User or User Personnel consents to processing User’s or User Personnel’s Personal Data for a specified purpose by Company, User or User Personnel may withdraw User’s or User Personnel’s consent at any time, and Company will stop any further processing of User’s Personal Data for that purpose.
    7.2.1.6. In certain circumstances, Company may not be able to fully comply with User’s or User Personnel’s request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, however, in those circumstances, Company will still respond to notify User or User Personnel of such a decision.
    7.2.2. User can exercise User’s or User Personnel’s rights of access, rectification, erasure, restriction, objection, and data portability by contacting Company at [email protected] In some cases, Company may need User or User Personnel to provide Company with additional information, which may include Personal Data, if necessary to verify User’s or User Personnel’s identity and the nature of User’s request.
    7.3. Transfer of User’s Personal Data outside of the EEA.
    7.3.1. Personal information may be processed outside User’s jurisdiction, and in countries that may not provide for the same level of data protection as User’s jurisdiction. The Company ensures that the recipient of User’s Personal Information offers an adequate level of protection, for example by entering into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).
    7.3.2. Company currently stores User and/or User Personnel data in Company’s data centers located in the USA and in Israel.
    7.3.3. Without derogating from the generality of the foregoing, when transferring data from the EEA to Israel, Company relies on the European Commission’s decision that Israel offers adequate data protection for transfers from the EEA.

 

  1. Users in California, USA.
    To the extent the California Consumer Privacy Act of 2018, Cal. Civ. Code 1798.100 et seq. (“CCPA”), including any subordinate or implementing legislation, is applicable the following shall apply:
    8.1. The Company will only process personal information on User’s behalf.
    8.2. The Company will (i) not collect, retain, use, or disclose personal information for any purpose other than for the specific purposes set out in the PP, or any other agreement between Company and User; (ii) not sell Personal Information (as defined under the CCPA); and (iii) put in place appropriate technical and organizational measures to protect personal information against unauthorized or unlawful processing or accidental destruction, loss or damage.

 

  1. Questions Regarding Privacy at Cider?
    If User or User Personnel has any questions about this PP or Company’s data practices in general, User may contact Company using the following information:

Email: [email protected]

 

Last update: August 2021.

 

******

TOP 10

CI/CD SEC RISKS

Learn More