Privacy Policy

GRIP SECURITY LTD. PRIVACY POLICY

Last Updated: January 2025

In order to ensure transparency and give you more control over your personal information, this privacy policy (“Privacy Policy”)governs how we, Grip Security Ltd. and our affiliates (“Grip Security”,“we”, “our” or “us”) use, collect and store personal information we collect or receive from or about you (“you”) inconnection with our website, http://www.grip.security/ (“Website”) and the services provided therein through the Grip Security platform/ application ( “Services”).

We greatly respect your privacy, which is why we make every effort to provide a platform that would live up to the highest of user privacy standards. Please read this Privacy Policy carefully, so you can fully understand our practices in relation to personal information. Important note:Nothing in this Privacy Policy is intended to limit in any way your statutory rights, including your rights to a remedy or other means of enforcement.

This Privacy Policy can be updated from time to time and, therefore, we ask you to check back periodically for the latest version of this Privacy Policy. If we implement significant changes to the use of your personal information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our Site or by other means.

Table of contents:

1.    What personal information we collect, why we collect it, and howit is used

2.    Customer Information

3.    How we protect and retain your personal information

4.    How we share your personal information

5.    Your privacy rights

6.    International transfers of personal information

7.    Use by children

8.    Interaction with third party products

9.    Analytic tools/ Cookies

10.  Contact us

1.    WHAT PERSONAL INFORMATION WE COLLECT, WHY WE COLLECT IT, AND HOW WE COLLECT IT

(i)            We Process the Following Personal Information:

a.     Personal information provided through the Services.

i.        As an individual user of the Services, we collect personal information that you voluntarily provide, including your name, email address, password, as well as any other personal information that you decide to provide us with.

ii.        As an organization using the Services, we also collect the contact and billing information of our customers. Additionally, through the Services, you may voluntarily provide us with access to personal information belonging to enterprise identities in your organization, such as their name, email address, organizational directory attributes (e.g.department, OU, manager), business application access and usage metadata and emails.

iii.        As an organization using the Services and voluntarily integrating the Services with other technologies in your organization, we may also collect data residing in other integrated technologies, such asServiceNow, SailPoint or SecurityScoreCard, in order to provide our joint services to you. Collection may include data describing applications, vendors, users, tickets, devices, assets, application usage metadata, network traffic, security risk metadata, and/or entitlements.

b.     Personal information provided through the Website. When you use the Website, we collect and process full name, email address, phone number, company name, job title, CV and cover letter, country and aswell as any other personal information that you decide to provide us with.

c.    Personal information automatically collected. We automatically collect certain information through your use of Grip Security's Services and Website, such as cookie, pixels, tracking technologies and similar identifiers (“Technologies”), your Internet protocol (IP)address, and other device identifiers that are automatically assigned to your device, browser type and language, geo-location information, hardware type, operating system, internet service provider and other personal information about actions taken through the use of the Services andWebsite.  

d.     Personal information from other sources. Grip Security also may obtain personal information about you from other sources, including publicly - or commercially- available information, and through third-party data platforms, partners and service providers.

e.    Personal information you provide to us in person. For example, when you visit one of our exhibition booths or attend one of our events and you provide us with your contact details.

f.     Personal information we collect from online interactions. For example, if you attend a webinar, contact us via social media or otherwise interact with our business, including as are presentative of a current / prospective customer, supplier or partner, we track and make a record of those interactions, which may contain your contact details, such as full name, email address, messages and any other personal information that you decide to provide us with.

 

(i)            We process personal information for the following purposes:

a.     To provide you with the Services. We will use the personal information, including, without limitation, for the following purposes: (i) allow you to create an account; (ii) to provide you the Services and to process your requests; (iii) communicate with you about your use of the Services and for support purposes; (iv) fulfill any instruction and/or request made by you in the context of the Services; (v) send you push notifications and/or emails and notifications regarding your account or certain features of the Services, including, updates pertaining to your subscription, and related to the services we provide you with; (vi) to personalize your experience with our Services;(vii) to allow you to create more users and administrate your users; and (viii)to generally administer and improve the Services;

b.    To allow you to make use of our Website. We will use your personal information to allow you to make use of our Website, including, (i) if you request a demo, we will use your personal information to process and answer your request for a demo; (ii) to process your job application; (iii)to answer your questions and to allow you to communicate with us; (iv) to analyze your use of our Website and to improve our Website; and (v) to customize your experience.

c.     For administrative purposes. GripSecurity uses your personal information(i) to respond to your questions, comments, and other requests for customer support, or information, including information about potential or future services; (ii) to provide you with the Services; (iii) for internal quality control purposes; (iv) to establish a business relationship; and (v) to generally administer the Services;.

d.    To Market our Website and Services. Grip Security uses personal information to market the Services. Such use includes(i) notifying you about offers and services that may be of interest to you;(ii) tailoring content, advertisements, and offers for you, including, targeting and re-targeting practices; (iii) conducting market research; (iv)developing and marketing new products and Services, and to measure interest in GripSecurity's Services; (v) other purposes disclosed at the time you provide information; and (vi) as you otherwise consent.

e.     Security purposes. Some of the personal information mentioned in this PrivacyPolicy will be used for detecting, taking steps to prevent and prosecuting fraud or other illegal activity; to identify and repair errors; to conduct audits; and for security purposes. Personal information may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.

f.     De-identified and aggregated information use. In certain cases, we may or will anonymize, aggregate and/or de-identify part or all of your personal information(including Customer Information, as defined below) This data may be used for both internal and external purposes, such as analyzing, enhancing, testing, training and improve Grip Security's Services (including through the use of artificial intelligence) and for research purposes. We may also share this aggregated information and/or disclose it to third parties without restrictions.

g.    Cookies and similar technologies. We use Technologies to automatically collect information through the Website and Services, which in certain cases could be considered personal information. We use Technologies that are essentially small data files placed on your device that allow us to record certain pieces of information whenever you visit or interact with the Website and Services. If you would like to opt out of the cookies and similar technologies we employ on the Website and Services, you may do so by blocking, deleting, or disabling them as your browser or device permits or by changing your setting and preferences here: http://www.grip.security/cookiepolicy.

 

(ii)           The lawful bases we rely on for processing personal information are (if and when applicable):

a.     The data subject has given consent to the processing of his or her personal information;

b.    Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c.     processing is necessary for compliance with a legal obligation to which the controller is subject; and/or

d.    Processing is necessary for the purposes of legitimate interest.

 

 

2.    CUSTOMER INFORMATION

2.1.       For the avoidance of doubt, Grip Security is processing Customer Information on behalf of the applicable customer. Therefore, the customer is the party responsible for the security, integrity and authorized usage of CustomerInformation in the context of the services and for obtaining consents, permissions and providing any required data subject rights and fair processing notices required for the collection and usage of such Customer Information. The customer is the sole responsible to ensure that the use of theServices is permitted under the applicable laws and jurisdictions.

2.2.       GripSecurity has a contractual relationship with its customers. In the context ofGrip Security's Services, the customer can decide which information, including full name, email address, IP address (“Customer Information”) the customer will allow Grip Security access to. Customer Information is not regulated by this Privacy Policy, and this paragraph is provided only for transparency purposes, since Grip Security is a data processor/service provider of Customer Information. If you have any questions related to the CustomerInformation, please contact the customer directly.

 

3.    HOW WE PROTECT AND RETAIN YOUR PERSONAL INFORMATION

3.1.       Security. We have implemented appropriate technical, organizational and security measures designed to protect your personal information. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration to our servers.As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.

 

3.2.       Retention of your personal information. Your personal information will be stored until we proactively delete it from our records, or until you send a valid deletion request. Please note that in some circumstances we store your personal information for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, and/or (iii) if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

4.    HOW WE SHARE YOUR PERSONAL INFORMATION

We may share your personal information with the following parties, for the purposes set forth above, as follows:

4.1.       With our partners and other third parties.

4.2.       We also share personal information about you with our affiliated companies.

4.3.       We use third party service providers to process your personal information for thepurposes outlined above, including, without limitation:

4.3.1.      With our cloud service providers (such as hosting providers);

4.3.2.      With websites and web content creation platforms in order to help us manage ourWebsite;

4.3.3.      With email providers, marketing, CRM, other similar tool providers;

4.3.4      With artificial intelligence tools and features; and

4.3.5     With analytic companies, to help us understand and analyze information we collect inaccordance with this policy.

4.4.       To the extent necessary, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order, as well as for internal compliance procedures and to protect the safety, security, and integrity of Grip Security, our Services, customers, employees, property, and the public. We may use or disclose the personal information we collect in order to ensure that our users are complying with all applicable aspects of our policies.

 

4.5.       We may disclose personal information with our lawyers, accountants, auditors and other professional advisors where necessary to obtain legal or other advice or otherwise protect and manage our business interests.

 

4.6.       We may use or disclose the personal information to investigate, prevent, or take action regarding illegal activities, suspected fraud, cybersecurity threats, situations involving potential threats to the physical safety of any person, violations of this policy, or as otherwise required or allowed by law and regulations.

 

4.7.       If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we may disclose your personal information to such third party(whether actual or potential) in connection with the foregoing events (including, without limitation, our current or potential investors). In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your personal information in connection with the foregoing events.

 

4.8.       Where you have provided your consent to us sharing or transferring your personal information.

 

5.    YOUR PRIVACY RIGHTS

5.1.       The following rights (which may be subject to certain exemptions or derogations) shall apply to certain individuals (some of which only apply to individuals protected by specific laws):

i.        You have the right to withdraw consent to theprocessing, where consent is the basis of processing.

ii.       You have the right to request access to your personal information held by us, along with details on how it is processed, subject to certain conditions. You have the right to demand the rectification of inaccurate personal information about you. We will promptly correct any information found to be incorrect.

iii.        You have the right to object to unlawful data processing under certain conditions.

iv.        You have the right to erasure past personal information about you (your “right to be forgotten”) under certain conditions.

v.        You have the right to demand that we restrict the processing of your personal information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, the processing is no longer necessary, or if you believe your personal information is inaccurate.

vi.        You have the right to data portability of personal information concerning you that you provided us in a structured, commonly used, and machine-readable format, subject to certain conditions.

vii.        The personal information we collect is not used for automated decision-making and profiling, except for automated processes in the context of marketing. As stated above, you can opt out of direct marketing by contacting Grip Security directly or by following the instructions through the unsubscribe options in our email messages.

5.2.       You can exercise your rights by contacting us at privacy@grip.security.You may use an authorized agent to submit a request on your behalf if you provide the authorized agent written permission signed by you. To protect your privacy, we may take steps to verify your identity before fulfilling your request. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfil your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initial requested, we will address your request to the maximum extent possible, all in accordance with applicable law.

 

5.3.       Deleting your account: Should you ever decide to delete your account, you may do so by emailing privacy@grip.security. If you terminate your account, any association between your account and personal information we store will no longer be accessible through your account. However, given the nature of sharing on certain services, any public activity on your account prior to deletion will remain stored on our servers and will remain accessible to the public.

 

5.4.       Marketing emails – opt-out: You may choose not to receive marketing email of this type by sending a single email with the subject "BLOCK" to privacy@grip.security. Please note that the email must come from the email account you wish to block. Alternatively, if you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails, and we will process your request within a reasonable time after receipt.

 

6.     INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

In order to run our business and provide our Website and Services to you, we transfer personal information to certain countries around the world, including to our affiliates and service providers, many of whom are located outside of your jurisdiction. Therefore, your personal information may be processed in countries with privacy laws that are different from privacy laws in your country. Whenever personal information is transferred internationally, we ensure it is protected by using Standard ContractualClauses or other lawful mechanisms:

i.      makingsure the destination country has been deemed by the European Commission toprovide an adequate level of protection for personal information;and/or

ii.      byexecuting data onward transfer instruments such as data processing andprotection agreements.

7.    USE BY CHILDREN

We do not offer our products or services for use by children and, therefore, we do not knowingly collect personal information from, and/or about children under the age of eighteen (18). If you are under the age of eighteen (18), do not provide any personal information to us without involvement of a parent or a guardian. In the event that we become aware that you provide personal information in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at privacy@grip.security.

 

8.    INTERACTION WITH THIRD PARTY PRODUCTS
We may enable you to interact with third party websites, mobile software applications and products or services that are not owned or controlled by us(each a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware thatThird Party Services can collect personal information from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of eachThird Party Service.

 

9.    ANALYTIC TOOLS

·      GoogleAnalytics. The Website uses a tool called “GoogleAnalytics” to collect information about use of the Website. GoogleAnalytics collects information such as how often users visit this Website, what pages they visit when they do so, and what other websites they used prior to coming to this Website. We use the information we get from Google Analytics to maintain and improve the Website and our products. We do not combine the information collected through the use of Google Analytics with personal information we collect. Google’s ability to use and share information collected by Google Analytics about your visits to this Website is restricted by theGoogle Analytics Terms of Service, available at https://marketingplatform.google.com/about/analytics/terms/us/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about howGoogle collects and processes data specifically in connection with GoogleAnalytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing theGoogle Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.

·      We reserve the right to remove or add new analytic tools.

·       We use log files. We use such personal information to analyze trends, administer the Website, track user movement around the Website, and gather demographic information.

·      Do NotTrack (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

10.    CONTACT US                

If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at privacy@grip.security.