Introduction

This Privacy Policy applies to collecting and processing of personal data by Thinkcurity (hereinafter "we", "us" or "our").

We know that our visitors, customers, experts, speakers, participants in the events we organize and anyone who provides us with personal data (hereinafter "you", "your"), regardless of the channel, are concerned about the security and confidentiality of your personal data. We are therefore committed to building a trusted relationship with you and being completely transparent about your personal data. We want you to know how we use and protect the personal data you provide to us.


In addition, we are part of a group of companies operating in several countries around the world. Therefore, we are committed to collecting and processing personal data in compliance with all applicable laws and regulations, including the California Consumer Privacy Act of June 2018 (CCPA) with an effective date of January 1, 2020, the NEVADA SB-220 of May 29, 2019 with an effective date of October 1, 2020 (NEVADA SB-220) as well as the European General Data Protection Regulation of 27 April 2016 (GDPR) with an effective date of May 25, 2018 and similar laws in other countries that concern collecting and processing personal data or information (hereinafter "Personal Data Protection Laws and Regulations").

According to Personal Data Protection Laws and Regulations, our privacy and security practices are explained in this document referenced as " Privacy Policy", intended to inform you about the technical and organizational commitments and measures we have put in place to ensure the protection of your personal data.

Unless you tell us otherwise, we shall assume that by using our website or our services, or submitting your data or information to Thinkcurity, you consent to the terms and conditions of this Privacy Policy.

This Privacy Policy supplements Thinkcurity's Terms of Use.

This Privacy Policy is not static; it may change according to any modification of Personal Data Protection Laws and Regulations.

  1. Data collection and processing

    We collect personal data from you, through our interactions with you when you visit our website, request us to contact you via our online web forms, register to use the products and services which we market for subscription available on our website (the "Service(s)"), attend or register to attend webinars or other events we may organize.

    You provide some of these data directly, and we get some of them by collecting data about your interactions, use, and experiences with our Services. The data we collect depend on the context of your interactions with us and the choices you make when you visit our website, submit forms, use our Services and participe to the events we organize.

    In any case, we only collect and process personal data necessary for the management of our relationship, the use of our Services and the improvement of your user experience. For this purpose, you may be requested to provide the following data for provision of Services:

    • Personal identification data, including: Email, First Name, Last Name, Phone Number, Job Function and other general information like your goals in watching a webinar among others;
    • Online identification data, including: IP address, cookies and other tracking technologies.

    To do this, Thinkcurity ensures it collects and processes only data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed. This is how we respect the principle of data minimization set by the Personal Data Protection Laws and Regulations.

  2. Purposes of data processing

    The data we collect has a specific purpose, and is not used for other purposes. Our purposes are determined, legitimate, explicit and compatible with our missions, in this case the management of our relationship, the use of our Services and the improvement of your user experience.

    In addition, we may also use your personal data to contact you regarding our future events.

    The defined purpose determines the relevance of the data to be collected: only data that is adequate and strictly necessary to achieve the purpose is collected and processed by Thinkcurity.

  3. Information of persons concerned

    According to the Personal Data Protection Laws and Regulations, Thinkcurity informs and encourages its employees to inform the person from whom personal data is collected:

    • the identity and the contact details of the controller and, where applicable, of the controller's representative;
    • the contact details of the data protection officer, where applicable;
    • the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
    • where applicable, the legitimate interests pursued by the controller or by a third party;
    • the recipients or categories of recipients of the personal data, if any;
    • where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the European Commission, or in the case of transfers referred to in Article 46 or 47 of GDPR, or the second subparagraph of Article 49(1) of the same, reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available;
    • the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
    • the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
    • where applicable, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
    • the right to lodge a complaint with a personal data supervisory authority;
    • whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
    • the existence of automated decision-making, including profiling.

    Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in this section 3.

  4. Recipients of the data

    We do not share your personal data with third parties; we do not trade them and we do not sell them.

    Your personal data is therefore intended only for specific recipients, entitled to receive it, in this case and according to the case, Thinkcurity and its affiliated companies, namely Trackforce (trackforce.com), Valiant (valiant.com) and Silvertrac (silvertracsoftware.com), as well as our subcontractors, but only for the purpose of providing our Services.

  5. Data retention

    We only retain your personal data for the time required for the operations for which it was collected and in compliance with the Personal Data Protection Laws and Regulations.

    Your personal data will be automatically deleted after a maximum of 5 years after the end of the contractual relationship.

    Data on prospects is retained for up to 3 years from the last contact between Thinkcurity and the prospect.

  6. Data security

    Thinkcurity determines and implements the means necessary for the protection of personal data to avoid risks resulting in particular from the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, retained or otherwise processed, or from unauthorized access to such data, accidentally or unlawfully.

    These means consist of appropriate technical and organizational measures to ensure a level of security adapted to the risk, and include inter alia, as required:

    • the pseudonymisation and encryption of personal data;
    • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
    • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
    • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

    In particular, access to data is secured by strong security systems.

    The protection policy for personal data processed by Thinkcurity is thus organized around logical, physical or organizational measures.

  7. Restricted access to data

    Thinkcurity defines and implements the rules of access and confidentiality applicable to personal data processed.

    Only duly authorized persons can therefore access certain data details, within the framework of a security policy in particular restricting access to only that data necessary for the activity.

    Access rights, granted in accordance with the user's function, are updated in case of an upgrade or change of function.

  8. Data transfer

    In principle, Thinkcurity does not transfer your personal data from one country or subsidiary to another worldwide.

    If such a transfer were to be necessary, in this case to a country outside the European Union, that transfer would be part of the purpose of the processing for which the data is intended.

    In this case, data recipients would only have communication of the categories of data necessary for the achievement of that purpose.

    More generally, Thinkcurity would transfer personal data only in accordance with the provisions of articles 44 to 50 of the GDPR.

  9. Rights of individuals concerned by the collection and processing of personal data

    Pursuant to the Personal Data Protection Laws and Regulations, any natural person whose personal data is subject to processing is entitled to oppose the collection and processing of their personal data, the right of access to said data, rectification or erasure thereof (the right to be forgotten), the right not to be the subject of a decision based exclusively on automated data processing, including profiling, the right to limitation of processing of data concerning them, the right to have information about the persons to whom the data controller has transmitted personal data concerning them, as well as the right to portability of said data as these rights are described in Personal Data Protection Laws and Regulations (in particular Articles 15 to 22 of the GDPR as well as similar provisions in other applicable laws and regulations). They may exercise these rights by sending their request to dpo@thinkcurity.com accompanied by proof of their identity and their signature.
  10. Children under 16

    Our website and Services are not directed to children under 16. We do not knowingly collect personal data from children under 16. If a parent or a holder of parental responsibility becomes aware that his or her child has provided us with personal data without the parent’s or the holder of parental responsibility’s consent, he or she should contact us at childreninfo@thinkcurity.com. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such data from our databases and files without any delay.
  11. Data Protection Officer

    Pursuant to the Personal Data Protection Laws and Regulations (in particular the GDPR), Thinkcurity has appointed a Data Protection Officer (DPO) directly reporting to its CEO.

    The DPO constantly ensures compliance of all processing of personal data by Thinkcurity and its affiliates.

  12. Complaint about collection and processing of your personal data

    Complaints on the use, retention and disposal of your personal data can submitted via email to dpo@thinkcurity.com accompanied by proof of your identity, your signature and the subject matter of your complaint.

    For European Union data subject, you have the right to lodge a complaint with a supervisory authority concerning Thinkcurity’s personal data processing activities. If you believe, after contacting Thinkcurity, that your rights on your personal data are not respected, you can lodge a complaint with the data supervisory authority of your country whose email address appears on its website.

  13. Updating your personal data and contacting us with any other questions

    If you want to update your personal data or if you have any questions about this Privacy Policy, please contact us at:
    https://www.thinkcurity.com/contact-us

    or

    Thinkcurity
    102 Cross Street Suite 220
    93401 San Luis Obispo, CA, USA
  14. Maintenance of non-contrary provisions of Thinkcurity’s Terms of Use
    This Privacy Policy complements the Thinkcurity Terms of Use, the non-contrary provisions of which remain applicable.

E-mail address

info@thinkcurity.com