Phone Number +1-202-802-9399 (US)

Privacy & Cookies Notice

Your privacy is important to us.  This Privacy Policy describes how Thycotic (“we” or “us”) collects and uses the personal data you provide to us through our interactions with you.  It also describes the choices available to you regarding our use of your personal data, as well as how you can access and update this information.

As described in more detail below, we collect, use, and disclose information about you to provide you with requested services and products, to improve the services and products we offer, and, as necessary, to respond to lawful requests for information.  We also take reasonable measures to ensure that we are protecting your data.  All of our practices are in accordance with applicable law, including applicable laws in the United States, United Kingdom, and the European Union.

 

Information we collect:

If you purchase a product or service from us, we collect your name, billing and shipping address(es), telephone number, company name, email address, credit card information, and information about the products you purchase.

When you set up your account, we will also collect password information associated with your account.

If you request a download, or complete a web form, we may collect your name, address, telephone number, title, company name, company size, company industry, IP address, and/or email address. With this request, you acknowledge that you are at least 16 years of age.

If you contact our Support Team, we collect information about the contact method you use, such as your email address or phone number, as well as information pertinent to resolving your case (including screen shots, custom SQL and Power Shell scripts, logs, etc.).

 

Information we use or share:

The primary purpose for which we use the information we collect about you is to perform the service or provide the product or information which you have requested. For example, we use that information to process your order, respond to queries, review past purchases, provide you with Product or User Support, etc.

We also use information we collect to improve our ability to meet your needs through the services and products we offer. For example:

Your order history enables us to tailor our product range and marketing information (e.g. promotions and special offers) to your requirements.

Your address and IP address help us route you to the correct Thycotic staff when you have questions.

We may use your information to keep you up to date with Thycotic, such as through emails, or providing you with customized content, targeted offers, information, newsletters, and advertising or other promotional material about Thycotic or its partners on the Website, other websites, or via telephone or email.

We may also use your information for marketing purposes, including products and services from Thycotic that you may be interested in and products or services offered by our parent, affiliates, or subsidiaries.

We also may use some information for internal training purposes. For example, we may use the information you provide as part of a Support request to help our Support staff learn about new issues and how to handle them.

We will treat your personal data as confidential, and will not share your personal data with any third parties except under the following circumstances:

With our parents, affiliated companies, and subsidiaries, a list of which can be found here.

To our trusted third-party service providers, partners, or distributors to enable the service provider, partner, or distributor to perform a business, professional, or technical support function for Thycotic.

In association with law enforcement, fraud prevention, a subpoena, or other legal or government investigatory action.

As required by law, rule, or regulation.

If Thycotic reasonably believes it is required to protect Thycotic, its customers, or the public; or

If Thycotic sells all or part of its business.

Controlling our use of your personal data:

You have the right to contact us about changing, deleting, or updating any of the personal data you have provided to us.

Exercise Your Rights

Powered by OneTrust

If you wish to unsubscribe from any of our mailing lists, or if you wish to stop receiving updates, targeted offers, or other customized content, there is a link at the bottom of every marketing email we send out that will allow you to reach a webpage where you can update your email preferences or fully unsubscribe.

 

Security of your personal data:

Your Thycotic account information is protected for your privacy in accordance with industry standards and practices that are available to Thycotic on a commercial reasonable basis. Thycotic safeguards the personal information you send us and takes reasonable physical, technical, and organizational measures to prevent unauthorized access, unlawful processing, and unauthorized or accidental loss, destruction, or damage to your personal information. Thycotic uses industry-standard SSL-encryption to enhance the security of sensitive data transmissions in most of our Sites. While we strive to protect your personal information, we need your cooperation to ensure the security of the information you transmit to us. The Internet, however, cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any personal information you provide to us. We urge you to take every precaution to protect your personal information while using the Internet. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your login and password private. Additionally, you should use a secure up-to-date Internet browser, follow the vendor suggestion and apply updates when required. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

 

Retention of Personal Information

We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.

 

Use of Cookies

We may also collect information about where you are on the Internet (for example, the URL you came from and the way in which you navigate the site) and other information using “cookies.”  A cookie is a small file that’s stored on your computer by a website to remember certain information. Cookies can be used for many purposes, and some are essential to the way our website works.

 

We use cookies for the following reasons:

To track visitor behavior on the site, such as the pages you visited and where you left our site. This helps us to improve the site and your browsing experience.

To track affiliate marketing referrals. This shows us which of our online marketing channels are effective and allows us to reward external sites for directing you to us. These cookies may be used to deliver adverts more relevant to you and your interests or to limit the number of times you see an advertisement.

For targeting and advertising to deliver advertisements more relevant to your interests and limit the number of times you see an advertisement. These cookies are placed by advertising networks with our permission. These cookies enable us to share personal information such as your name, address, telephone, IP address, or email for targeting purposes.

If you do not want us to use cookies, please adjust your browser settings to reject cookies.  By visiting thycotic.com with your browser settings adjusted to accept cookies, this tells us that you want to use our website and that you consent to our use of cookies.

 

NOTICE OF DATA PROCESSING

Please review this notice regarding the collection and processing of your business contact information by Thycotic Software, LLC.

 

Information Collection

Thycotic marketing uses DiscoverOrg, Lusha, LinkedIn, and other Direct Marketing Providers to obtain business contact information for individuals working in certain industries, companies, or countries. Each of these companies provides assurances to us that they have complied with applicable data privacy laws in obtaining the information they provide to us. You can contact these companies directly for information on your data collected at these companies.

 

The information Thycotic collects comprises:

Name, Company, Business Telephone Number, Business Email Address , Job Title, Job Function and Responsibilities

Thycotic does not collect any non-business-related data such as date of birth, home address, personal email or telephone number, or government identification number, and Thycotic does not collect sensitive personal data.

 

Purpose and Use

Thycotic processes your information only for direct marketing purposes, in the legitimate interest of itself as a B2B provider of products and services pertaining to your business or employer.

 

Access and Opt-Out Rights

With respect to the information Thycotic possesses about you, you have the rights of access, rectification, erasure, and restriction. You also have the right to object to processing. You may exercise any of these rights by contacting Thycotic using the information below under “Questions.” Thycotic will treat requests for access, correction, amendment, or deletion of information in accordance with all applicable legal requirements and our strict internal privacy policies. If you feel that we have not complied with your requests, you have the right to lodge a complaint with the appropriate supervisory authority in your country.

 

Children’s Policy

Thycotic encourages parents and guardians to take an active role in their children’s online activities. Thycotic’s Sites and Services, ad campaigns, and marketing materials are intended to be used or viewed by adults over 18 years of age. Accordingly, we do not knowingly collect personal information from anyone we know to be under 13 years of age. If we are made aware that information is or has been submitted by or collected from a child below 13, we will immediately delete their personal information.

 

Your California Privacy Rights

Consumers that are residents of the State of California, under the California Consumer Privacy Act of 2018, Civil Code sections 1798.100 et seq. (the “CCPA”), have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed personal information during the preceding year for direct marketing purposes. Alternatively, the law provides that if the company has a privacy policy that gives either an opt-out or opt-in choice for use of the consumer’s personal information by third parties (such as advertisers) for marketing purposes, the company may instead provide the consumer with information on how to exercise the consumer’s disclosure choice options.

Thycotic qualifies for the alternative option. We have a comprehensive privacy statement and provide you with details on how you may either opt-out or opt-in to the use of your personal information by third parties for direct marketing purposes. Therefore, we are not required to maintain or disclose a list of the third parties that received your personal information for marketing purposes during the preceding year.

If you are a California resident and request information about how to exercise your third-party disclosure choices, please contact us at privacy@Thycotic.com, or write us at Thycotic, Inc. Attn: Privacy 1101 17th ST. NW, Suite 1200, Washington, DC 20036 USA.

Generally, Thycotic processes personal data as a service provider for our customers and partners, many of whom are large enterprises who use the Services to monitor and secure their networks and communications. Thycotic generally does not directly communicate or interface with customer personnel whose personal data may processed by the Services. Therefore, it is the responsibility of the enterprise customer to obtain any consents from its personnel that may be necessary for use of personal data in connection with the Services. As part of the Services, Thycotic maintains transaction log data only for a limited period, after which the log data is deleted.

In addition to the personal information described elsewhere in this Privacy Policy, Thycotic may receive the following categories of personal data directly or indirectly in connection with Services (1) identifiers from the customer’s corporate directory, such as network/user IDs, group and department within the customer’s organization, public IP addresses, certificates and keys, customer employee authentication information, user email addresses, organization group and department information, in order to allow the customer to log transactions and create control policies; (2) billing and contact information, such as name, mailing address, phone number, email address; and (3) transaction information of internet or other network activity, such as transaction logs for HTTP/HTTPS and non-HTTP/HTTPS transactions conducted by the user and certificates and keys in order to allow the customer to monitor user communications. In addition, Thycotic may obtain or process other data provided by a customer, vendor, or partner in the performance of Services or to allow Thycotic to provide the Services or to receive services.

 

Right to Know

Under the CCPA, consumers that are California residents may have the right to disclosure of information about our collection, sale or disclosure for a business purpose of their personal information, including, to the extent applicable, the following:

The categories of personal information we have collected about such consumer.

The categories of sources from which such personal information has been collected.

The categories of third parties with whom we have shared such personal information.

The business or commercial purpose for collecting or selling such personal information.

The categories of such consumer’s personal information we have sold or disclosed for a business purpose, by category for each category of third parties to whom the personal information was sold or disclosed, or we will state that we have not sold or disclosed for a business purpose such consumer’s personal information.

The specific pieces of personal information we have collected about such consumer.

We will provide appropriate disclosures upon receipt of a verifiable request, to the extent required by law (or in our discretion if not required by law) and as permitted by our contracts, confidentiality obligations and applicable laws and regulations. We may not be able to provide all of the information requested, such as, for example: (i) if the personal information was collected for a single one-time transaction and if, in the ordinary course of business, such information was not retained; (ii) we would be required to reidentify or otherwise link any data that, in the ordinary course of business, was not maintained in a manner that would be considered personal information; (iii) the consumer used different browsers, devices or identifying information and we have not linked all such information together; or (iv) if the information was collected, sold or disclosed prior to January 1, 2019 or twelve (12) months prior to the receipt of such verifiable consumer request, whichever is later. If we receive more than two requests for disclosure from a particular consumer within a twelve (12)-month period, we may decline to respond to such additional requests to the extent permitted under applicable law and regulations.

 

Right to Opt-Out

Under the CCPA, consumers that are California residents may also have the right to opt out of the sale of their personal information by contacting us and providing the verification information and other details we need in order to handle the request appropriately. We may, to the extent permitted under applicable law and regulations, continue to process data: (1) that is not personal information, including aggregate information, deidentified information or publicly available information; (2) where such processing is otherwise permitted under the CCPA, including without limitation where we are acting as a “service provider” under the CCPA, or where the processing of data is otherwise exempt; (3) where such processing is required under applicable law or regulations; (4) to protect our legal rights; (5) to comply with our contractual requirements or other applicable laws or regulations; or (6) where information is not covered by CCPA or another CCPA exception applies. Due to technological limitations, we also may not be able to recognize opt-out requests if a consumer accesses our Site or our software, platforms or applications using a new browser, a new device or new or modified personal information. Although we do not sell your personal information, if you would like to fill out a form to opt-out of us ever doing so, click here

 

Right to Deletion

Under the CCPA, consumers that are California residents have the right to request deletion of their personal information by contacting us and providing the required verification information and other details we need in order to handle the request appropriately. We may, to the extent permitted under applicable law and regulations, retain and continue to process data: (1) that is not personal information; (2) where such processing is otherwise permitted under the CCPA, including without limitation where we are acting as a “service provider” under the CCPA, or where the data or processing is otherwise exempt under the CCPA; (3) where such processing is required under applicable law or regulations; (4) to protect our legal rights; (5) to comply with our contractual requirements or other applicable laws or regulations, or (6) where another CCPA exception applies.

 

Right to Non-Discrimination

Under the CCPA, consumers that are California residents have the right not to receive discriminatory treatment for exercising any of the privacy rights conferred by the CCPA, except as permitted under the CCPA. If you believe you have received discriminatory treatment for exercising your CCPA privacy rights, please contact us using the information provided in the “How to Contact Us” section below.

 

Information Security

Thycotic maintains suitable safeguards, including reasonable physical, administrative and technical safeguards to protect its database from unauthorized access, disclosure, alteration or destruction.

 

Changes to this Data Processing Notice

Thycotic reserves the right to change this Data Processing Notice and will provide a revised notice that reflects such changes as required by law.

 

Consent to Transfer, Processing and Storage of Personal Information

As Thycotic is a global organization, we may transfer your personal information to Thycotic in the United States of America, to any Thycotic subsidiary worldwide, or to third parties and business partners as described above that are located in various countries around the world. By using our Site or Services or providing any personal information to us, where applicable law permits, you consent to the transfer, processing, and storage of such information outside of your country of residence where data protection standards may be different. Thycotic safeguards and enables the global transfer of personal information in a number of ways. Privacy Shield and Standard Contractual Clauses are two of primary mechanisms.

 

PRIVACY SHIELD

Thycotic complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework(s) (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and/or Switzerland, as applicable to the United States in reliance on Privacy Shield. Thycotic has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visithttps://www.privacyshield.gov.

Thycotic has committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to JAMS, an alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

 

Oversight

For this Privacy Policy and its content, Thycotic is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). If Thycotic becomes subject to an FTC or court order based on non-compliance with this policy or Privacy Shield, Thycotic shall make public any relevant Privacy Shield related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements.

 

Arbitration

In the event of a dispute between You and Thycotic arising under or relating to the Privacy Policy, either party may choose to resolve the dispute by binding arbitration, as described below, instead of in court (the “Arbitration Agreement”). Thycotic has, as is described further in the Privacy Policy, committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to JAMS, an alternative dispute resolution provider. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. Any claim (except for a claim challenging the validity or enforceability of this arbitration agreement, including the Class Action Waiver) may be resolved by binding arbitration if either side requests it. If You or Thycotic submit choose arbitration, neither party shall have the right to litagate a claim in court or to have a trial, including discovery and appeal rights.

Customers/Controllers may update, delete, or change their registration information by editing their user or organization records where it is inaccurate or processed in violation of the Privacy Shield Principles. To update a user profile, please log in to thycotic.force.com with your Thycotic username and password. To update an organization’s information, please login to yourcompany.secretservercloud.com with your Thycotic username and password. Visitors may update or change their user registration information on Web site after logging in. To have your registration information deleted, please email privacy@thycotic.com. Requests to access, change, or delete your information will be handled within 30 days except where the burden or expense or providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where other individuals rights would be violated.

Thycotic shall remain liable under the Principle of Accountability for Onward Transfer if its sub-processors process your Personal Information in a manner inconsistent with the Privacy Shield Principles, unless Thycotic proves that it is not responsible for the event giving rise to the damage.

 

Questions

You may also contact Thycotic regarding privacy information, including requests for access, correction, amendment, or deletion of information, at privacy@thycotic.com

 

This Privacy Policy was last modified on June 22, 2021