10 Essential Steps to NYDFS Compliance
We’re looking for a seasoned Digital Marketing Lead to spearhead all paid digital advertising channels and turn them into a scalable revenue-generating machine
Own our production clusters on GKE. Get involved in scaling, monitoring and cloud architecture. Improve our Jenkins setup but also guide us in Cir...
Table of contents:
Specific personal data we collect
Why is the personal data collected and for what purposes?
Legal basis (GDPR only, if applicable)
Third parties with whom we share your personal data
Consequences of not providing the personal data
When you browse or visit our Website
Cookies, analytic tools and log files.
For more information, please read our cookies policy
Marketing, analytics and statistics.
Legitimate interest (e.g. essential cookies)
3rd party platforms such as for the following purposes:
For more information, please read our cookies policy
Certain Website features may not be available
Read more about the purposes of each cookie her
When you make use of, or interact with, our Website
When you request a demo
Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Legitimate interest (e.g. to provide a demo)
Your Personal Data will be stored until we no longer need the information and proactively delete it or you send a valid deletion request. Please note that we will retain it for a longer or shorter period in accordance with data retention laws. We have an internal data retention policy to ensure that we do not retain your Personal Data perpetually.
Cannot provide a demo
When you send us a request to receive your security profile in order to share your profile
Legitimate interest (e.g. to send you the requested link)
Cannot send you a link with your profile, per request
Cannot analyze cyber gaps and providing actionable insights requested by you
Cannot analyze your answers to the questionnaires
Cannot allow you to log-in to the Platform
Cannot send you marketing communications
When you send us a request to test the cyber posture some suppliers of your choice
Legitimate interest (e.g. to provide you with a sample security test of three suppliers)
Cannot provide you with a sample security test, as requested
Cannot communicate with you to share additional information about your request
When you request to read more of our case study, whitepaper, data sheet and any other resources that we have in our Website
Legitimate interest (e.g. to download our resources)
Cannot download our resources
When you publish reviews of Panorays services
Legitimate interest (e.g. to publish your review).
Cannot publish your review in our Website and Panorays’ social media channels
When you complete a survey
Legitimate interest (e.g. to allow you to complete the survey).
Cannot analyze your answers
Cannot send you the results of the survey
Cannot allow you to log-in to the Platform to respond the survey
When you subscribe to our newsletter(s) / blog(s)
Cannot send you more information about Panorays
Cannot send you Panorays’ updates, case studies, and other materials
When we process your job application
Legitimate interest (e.g. to assess a candidate)
Cannot process your job application
Cannot assess your suitability as a candidate
When you contact us (e.g. need help, submit a request)
Legitimate interest (e.g. provide support and answer your questions)
Cannot answer your questions
Cannot provide support
Cannot customize your experience
When you make use of, or interact with, our Platform
When you create an account, and log in to the Platform as a user (including, without limitation, customers or as a vendor/third party)
Any other information that you decide to supply/provide us
To allow you to communicate with other users of the Platform
Legitimate interest (e.g. to provide you with Panorays’ services).
Cannot provide you with the services
Cannot give you access to Panorays’ Platform
Cannot enjoy features available to registered users only
Cannot allow you to communicate with other users of the Platform
When you are a vendor and you enter with your guest/anonymous account
To give you access to Panorays’ Platform
Legitimate interest (e.g. to give you access to Panorays’ Platform).
When you attend a marketing event and provide Personal Data
Legitimate interest (e.g. to send you more information about Panorays)
Cannot establish a business connection
When you exchange business cards with us
When we acquire your Personal Data from third-party sources (such as lead-generation companies)
Contact details (e.g., email address)
Depending on the context, legitimate interest (B2B marketing), pre-contractual discussions or consent
When we use the Personal Data of our customers
Processing is necessary for the performance of a contract to which our customer is a party.
Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.).
Legitimate interest (e.g. send you contract-related communications).
Cannot provide the services
Cannot perform the agreement
Cannot communicate with you
Depending on the context, legitimate interest (B2B marketing) or consent
Cannot send you product updates and marketing communications
When we use the personal data of our resellers, distributors, agents and/or finders (e.g. contact details)
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Legitimate interest (e.g. perform the contract, send contract-related communications)
Cannot contact our reseller, distributors, agents and/or finders
Cannot perform the applicable agreement
Cannot send you updates and information about Panorays’ for you to share with the potential customers
When we use the personal data of our service providers
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Cannot contact our service providers and suppliers
Cannot perform the applicable agreement
When you interact with us on our social media profiles (e.g., Facebook, Twitter, LinkedIn)
Cannot reply or respond to your request
Cannot establish a business connection
Finally, please note that some of the abovementioned personal data will be used for fraud detection and prevention, and for security purposes. The abovementioned personal data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims. In certain cases, we may or will anonymize your personal data. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them).
2.1. Security. We have implemented appropriate technical, organizational and security measures designed to protect your personal data. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
In addition to the recipients described above, we may share your personal data as follows:
3.1. To the extent necessary, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
3.2. If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we will disclose your personal data to such third party (whether actual or potential) in connection with the foregoing events;
3.3. In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your personal data in connection with the foregoing events; and/or
3.4. Where you have provided your consent to us sharing or transferring your personal data (e.g., where you provide us with marketing consents or opt-in to optional additional services or functionality).
If you want to receive the list of the current recipients of your personal data, please make your request by contacting us to [email protected] .
4.1. Storage: Google Cloud, with servers in Belgium, and GSuite, with servers in US.
4.2. Access from Israel: Access from Israel is covered by the European Commission’s Adequacy Decision regarding Israel. You can read more here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en .
4.3. Access from US: Access from US is covered by Panorays’ privacy shield certification.
4.4. Internal transfers: Transfers within the Panorays group will be covered by an internal processing agreement entered into by members of the Panorays group (an intra-group agreement) which contractually obliges each member to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred to.
4.5. External transfers: Where we transfer your personal data outside of EU/EEA (for example to third parties who provide us with services), we will obtain contractual commitments from them to protect your personal data. Some of these assurances are well recognized certification schemes like the EU – US Privacy Shield for the protection of Personal Data transferred from within the EU to the United States.
: The following rights (which may be subject to certain exemptions or derogations) shall apply to certain individuals (some of which only apply to individuals protected by the GDPR:
5.2. Deleting your account: Should you ever decide to delete your account, you may do so by emailing [email protected] or [email protected]. If you terminate your account, any association between your account and personal data we store will no longer be accessible through your account. However, given the nature of sharing on certain services, any public activity on your account prior to deletion will remain stored on our servers and will remain accessible to the public.
We do not offer our products or services for use by children and, therefore, we do not knowingly collect personal data from, and/or about children under the age of eighteen (18). If you are under the age of eighteen (18), do not provide any personal data to us without involvement of a parent or a guardian. For the purposes of the GDPR, we do not intend to offer information society services directly to children. In the event that we become aware that you provide personal data in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at [email protected].
We enable you to interact with third party websites, mobile software applications and products or services that are not owned or controlled by us (each a “Third Party Service ”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services can collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service.
We use log files. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, clicked pages and any other information your browser may send to us. We use such information to analyze trends, administer the Website, track users’ movement around the Website, and gather demographic information.
10.1. California Privacy Rights: California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected]. Please note that we will respond to one request per customer each year, unless otherwise required by law.
10.2. Our California Do Not Track Notice: We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party web sites or online services. We may allow third parties, such as companies that provide us with analytics tools, to collect personally identifiable information about an individual consumer’s online activities over time and across different web sites when a consumer uses the Services.
10.3. Deletion of Content from California Residents: If you are a California resident under the age of 18 and a registered user, California Business and Professions Code Section 22581 permits you to remove content or personal information you have publicly posted. If you wish to remove such content or personal information and you specify which content or personal information you wish to be removed, we will do so in accordance with applicable law. Please be aware that after removal you may not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or personal information you have posted and that there may be circumstances in which the law does not require us to enable removal of content.
If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at [email protected].