Your privacy is important to us so we have developed this Privacy Statement that outlines our privacy practice on how we process, collect, use and share your personal information as well as your privacy rights under certain privacy laws.
This Privacy Statement (“Privacy Statement”) applies to RSA Security LLC (“RSA” “we” or “our”).
Overview of Our Privacy Practice
Information We Collect About You
We collect your personal information directly from you through your interactions, use, and experiences with our website, products and services. We also obtain your information indirectly from our Business Partners and third party sources. For more information about the types and sources of information we collect about you refer to: Information We Collect About You
SecurID Mobile App
To learn more about the information we may process during the use of our SecurID Mobile App, click here.
SecurID Text Message (SMS) Authentication
To learn more about the information we may process during the use of text message-based one-time passcode (OTP) authentication, click here.
How We Use and Share Your Information
We use your personal information to provide you with our products and services, improve our products and services, tailor your customer experience with RSA, personalize our products and services and make recommendations to you, advertise and market to you, and to comply with applicable laws. Also, we use your information to help improve the safety of our website, products and services, which includes detecting, preventing and responding to fraud and security risks that could harm you or RSA. We may share your personal information with our affiliated companies, and Business Partners to perform work for us, including completing any transaction, providing you with the latest information about our products and services, offering you our latest promotions. For more information refer to How We Use and Share Your Information.
Accessing, Deleting and Updating Your Information
You can exercise your Consumer Privacy Rights in relation to your personal information by sending an email to firstname.lastname@example.org.
For more information, refer to Your Consumer Privacy Rights. If you have a privacy question, concern or complaint, please contact us at email@example.com or write to us at:
RSA Security LLC
Attention: Law Department – Privacy
176 Middlesex Turnpike
Bedford, MA 01730 USA
Special Considerations for Californian Residents
As a California resident, you have certain consumer privacy rights which you can learn about and exercise as described here. If you want to learn more about the categories of the personal information we collect about you and how we share your personal information with our Business Partners, click here. We do not “sell” your personal information to any Business Partners as currently defined under the California Consumer Protection Act.
Your Marketing Choices
Means any contractor, supplier, service provider, debit or credit card processor with whom we have a business relationship to provide you with our offers, products, services, process your payment, better predict and deliver content and marketing offers that may interest you.
Changes To This Privacy Statement
We may make changes to this Privacy Statement when necessary to provide greater transparency or in response to:
Feedback from our customers, regulators, industry or other stakeholders.
Changes in our privacy practices, products or services. Changes in applicable privacy laws.
If there are material changes to the Privacy Statement, we will revise the “last updated” date at the bottom of the statement.
We encourage you to periodically review this Privacy Statement to learn how RSA is protecting your information.
What this Privacy Statement Covers
This privacy statement applies to personal information, which we define as any information relating to an identified or identifiable person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
This privacy statement applies to all personal information we collect when you access or use our websites, products, services, or otherwise interact with us or our representatives. This statement does not apply to data that is not personal information, including anonymous, deidentified, or aggregated data.
Information We Collect
The types of information we collect about you depends on your use of our products, services and the ways that you interact with us. This may include information about:
How you use or visit our websites, accounts with RSA or applications.
How you use our services and products and interact with us.
Contact, billing and other information you provide.
Improve and develop our products and services.
Personalize our products and services and make recommendations.
Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers.
We also obtain information from third party sources. We protect information obtained from third parties according to the privacy practices as described in this Privacy Statement. These third party sources vary over time and may include:
Data brokers from which we purchase demographic data to supplement the information we
have collected about you.
Communication services, including email providers and social networks, when you give permission to access your information on such third party services or networks.
Partners with which we offer co-branded products or services, or engage in joint marketing activities.
Publicly available sources, such as open government databases.
The personal information we collect can include the following:
Contact details such as your name, email address, mailing address, contact telephone numbers.
Employment information such as your job title and other business or company information.
Credentials such as your passwords, password hints, and similar security information used for authentication and MyAccount access.
Demographic information such as your age, gender, country, interests, and preferences;
Web form information you provide in our web forms (forms that you choose to complete will indicate whether the information requested is mandatory or voluntary);
Payment information to process payments, such as your payment instrument number (such as a credit card number) and the security code associated with your payment instrument.
Account history information related to the products or services you purchase, and the activities associated with your account.
Cookie and tracking information such as IP address, device identifier, location data, browser type and language, access times, the Uniform Resource Locator (URL), other unique identifiers and other technical data that may uniquely identify your device, system or browser.
Browse history information about the websites the websites you visit.
Error reports and performance information of the products and any problems you experience, including error reports.
Troubleshooting and help information when you contact RSA for technical support or customer support services, phone conversations or chat sessions with our representatives may be monitored and recorded.
Content consumption information about media content (e.g. T.V., apps and games) you access through our products.
Feedback and ratings information you provide to us such as customer survey feedback and product reviews you write.
How We Use and Share Your Information
We use and share your information to:
Deliver and maintain our products and services.
Establish and maintain your account.
Measure credit and payment risk.
Provide account related services and information.
Help you with customer service and technical support issues or questions.
Help us improve and personalize our products and services.
Better predict content and marketing offers that may interest you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers.
Detect and prevent fraud.
Manage and protect our networks, services and customers.
Meet our legal obligations and doing research.
Cookies. Cookies are alphanumeric identifiers that we transfer to your device’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our website and services, while others are used to enable a faster log-in process or to allow us to track your activities at our website and services. There are two types of cookies: session and persistent cookies.
Session Cookies. Session cookies exist only during an online session. They disappear from your device when you close your browser or turn off your device. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the website and services. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our website and services.
Persistent Cookies. Persistent cookies remain on your device after you have closed your browser or turned off your device. We use persistent cookies to track aggregate and statistical information about user activity.
Flash Local Storage Objects. We may use Flash Local Storage Objects (“Flash LSOs”) to store your website preferences and to personalize your visit. Flash LSOs are different from browser cookies because of the amount and type of data stored. Typically, you cannot control, delete, or disable the acceptance of Flash LSOs through your web browser. For more information on Flash LSOs, or to learn how to manage your settings for Flash LSOs, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions. To see the Flash LSOs currently on your computer, choose “Website Storage Settings Panel” and follow the instructions to review and, if you choose, to delete any specific Flash LSO.
Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web and application pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our website and services to, among other things, track the activities of website visitors and application users, help us manage content, and compile statistics about website usage. We and our third party service providers also use clear GIFs in HTML e-mails to our customers, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
Cross-Device Use. We and our third party service providers, including Google, may use the information that we collect about you (whether directly from our website, from our mobile applications, through your device(s), or from a third party) to help us and our third party service providers identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.). We, and our third party service providers also may use the cross-device use and other information we learn about you to serve targeted advertising on your devices and to send you emails. To opt-out of cross-device advertising, you may follow the instructions set forth in the Third Party Ad Networks section below. Please note: if you opt-out of these targeted advertising cookies, your opt-out will be specific to the web browser, application, or device from which you accessed the opt-out. If you use multiple devices or web browsers, you will need to opt-out each browser or device that you use.
Do-Not-Track. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies); you also may opt-out of targeted advertising by following the instructions in the Third Party Ad Network section.
Our Users in the United States may opt out of many third-party ad networks through the use of various trade association websites. Please refer to Ads and Emails for more information. You may also go to the Digital Advertising Alliance (“DAA”) ConsumerChoice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members.
Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our website, services, or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you attempt to exercise your right to opt out on the DAA or NAI websites, your opt out may not be effective. Additional information is available on the DAA’s website at www.aboutads.info or the NAI’s website at www.networkadvertising.org.
Ads and Emails
RSA and our partners may use information about your visit to this and other websites. The information could include pages you visit, the items you view, or your responses to our ads and emails. This information allows us to make the RSA ads you see more relevant to you. This is referred to as interest-based advertising. For this purpose, RSA has selected partners who are members of self-regulatory associations such as, the Internet Advertising Bureau (IAB), the Network Advertising Initiative (NAI) or the Digital Advertising Alliance (DAA).
To enable you to opt-out of interest-based advertising delivered by partners working with RSA, or to customize your experience on RSA websites, please visit Manage Cookies webpage hosted by Evidon to opt out. If you opt-out, you may still see RSA ads on RSA websites and other websites, but those ads will not be customized to you by RSA or our partners.
Please note that if you clear your cookies, or if you use a different browser or device, you may need to reset your opt-out selections.
You may learn more about interest-based advertising by visiting these links:
In order to help reduce the risk of COVID-19 infections and keep our communities safe, all RSA employees, contingent workers, and visitors must complete a daily health survey and pass a thermal body temperature screening in order to gain access to RSA premises. The thermal vision camera measures your body temperature on an anonymous basis and RSA does not retain your body temperature. If your body temperature is equal to or above 100 degrees Fahrenheit, you will be denied entry and/or asked to leave RSA premises.
The health survey screening tool, available via an app or web portal, collects your name, email address, and certain health data you voluntarily provide. This information will be retained on your device and not shared with RSA unless you self-report that you are COVID-19 positive. In that case, the tool will notify the appropriate RSA team, and your email address will be retained for up to 30 days (subject to local laws) so RSA may contact you as it takes appropriate action to protect the health and safety of individuals at RSA physical locations. Your COVID-19 positive status will be shared with the RSA team and applicable public health authorities (as required by law). Your status will also be shared on an anonymous basis with potentially infected individuals for contact tracing purposes.
Your Consumer Privacy Rights
You may have the following consumer privacy rights under applicable state laws, including California privacy laws:
Right to Know: you may have the right to request information about the personal information we have collected about you and for what purpose.
Right to Access: you may have the right to request information about how we process your personal information and to obtain a copy of that personal information.
Right to Portability: you may have the right to receive your personal information, in a structured, commonly used and machine-readable format and to have that information transmitted to another organization in certain circumstances.
Right to Deletion: you may have the right to request the deletion of your personal information that we have collected from you.
Right to be free from discrimination: RSA will not discriminate against you for exercising your consumer privacy rights.
CATEGORIES OF PERSONAL INFORMATION WHICH WE MAY HAVE COLLECTED ABOUT YOU AND DISLOSED FOR A BUSINESS PURPOSE TO OUR BUSINESS PARTNERS
Last Updated: January 1, 2020
CONTACT DETAILS AND IDENTIFIERS: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, service tag number, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
ONLINE, PERFORMANCE AND TECHNICAL INFORMATION: Cookie and tracking information such as Internet Protocol address, web beacons, device identifier, Uniform Resource Locator, geolocation data, browser type and language, access times, other unique identifiers and other technical data that may uniquely identify the device, system or browser, server log records (including page requests), data collected by automated means to measure consumer response to online content, error reports and performance information, credentials, telemetry data, Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement.
CUSTOMER SERVICES INFORMATION: Customer records containing personal information, such as name, address, telephone number, government issued IDs, education, employment, marital status, bank account number, credit card number, debit card number, or any other financial information, medical information, opinions and feedback collected from the various types of surveys, course attendance data, community site data.
PROTECTED CLASSIFICATIONS: Characteristics of protected classifications under California or federal law such as race, sex, age, date of birth, national origin, disability, citizenship status, and genetic information.
PURCHASE HISTORY AND ACCOUNT INFORMATION: Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
BIOMETRIC INFORMATION: physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, voice recordings, health, and visual information.
EMPLOYMENT INFORMATION: Professional or employment-related information.
PROFILES AND INFERENCES: Inferences drawn from any of the information identified above to create a profile about a resident reflecting the resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes, demographic information, social media data.
Submitting a Request
If you have any questions about the type of personal information we hold about you or if you wish to request deletion of personal information we may hold about you, or exercise any other consumer privacy right as set out above, contact us by:
Go to our List Removal Page to be removed from receiving marketing related communications.
Please be aware that it may take up to 10 business days for your email preferences to take effect.
How We Secure Your Information
We use appropriate technical, organizational and physical data security safeguards to help protect against unauthorized access to, use or disclosure of information we collect, use or store. The ways we do this include:
Using encryption when collecting or transferring sensitive information, such as credit card details.
Design our data security safeguards to ensure the ongoing security, integrity, availability and resilience of processing systems and services.
Limiting physical access to our premises.
Limiting access to the information we collect about you.
Ensuring that our Business Partners have appropriate technical and organizational security measures to keep your personal information protected.
As required by law, destroying or de-identifying personal information.
We encourage you to keep any passwords you use confidential and to be careful to avoid “phishing” scams where someone may send you an email that appears to be from RSA asking for your personal information. RSA will not request your ID or password through email.
Collection and Use of Children’s Information
We understand the importance of taking extra precautions to protect the privacy and safety of children using our products, services and our websites. Children under the age of 13 or equivalent minimum age in the relevant jurisdiction, must not share their personal information unless their parent or guardian provided verifiable consent. If at any time a parent or guardian needs to access or delete data associated with their child’s or guardian’s account, they may contact us through one of the options provided in this Privacy Statement.
Links to Third-Party Websites and Services
We may sometimes provide links to other websites, which if you click on them may collect personal information about you and direct you to those websites. The information practices of those third-party websites linked to our website are covered by the third party’s own privacy statements and we encourage you to read those.
RSA Security LLC
Attention: Law Department – Privacy
176 Middlesex Turnpike
Bedford, MA 01730 USA
Effective Date: January 1, 2020.
Last Updated: September 1, 2020
Acceptable Use Policy
The RSA Security LLC and its affiliates (“RSA”) Acceptable Use Policy (“AUP”) is intended to foster responsible use of RSA’s infrastructure, networks, cloud-based offerings, systems, services, websites , facilities and products (collectively, the “RSA Infrastructure and Services”) by our customers and other Users. Users consent to be bound by the terms of this AUP. RSA reserves the right to modify this AUP in its discretion at any time. Modifications will be effective when posted and Users are expected to check this page from time to time to take notice of any changes we make, as they are legally binding on each User. Users’ use of the RSA websites after we make modifications constitutes acceptance of our modifications.
If RSA determines that any User has violated any portion of this AUP, RSA may terminate the Users use of the website. RSA will suspend service for violation of the AUP on the most limited basis as RSA determines is reasonably practical under the circumstances to address the underlying violation. RSA will attempt to notify User prior to suspending service for violation of the AUP (which may be via email or any other notification). However, RSA may suspend service without notice if RSA becomes aware of a violation of this AUP or any applicable law or regulation that exposes RSA to criminal or civil liability, or that exposes RSA or any third party property to harm. Harm may include, but is not limited to, risk of having one or more IP addresses placed on blacklists. RSA may take any further action as RSA deems appropriate under the circumstances to eliminate or preclude repeat violations. RSA is not liable for any type of damages that Users or third parties may suffer resulting in whole or in part from RSA’s exercise of its rights under this AUP. This exclusion of liability does not include RSA’s liability for death or personal injury caused by its negligence, or any other liability that RSA cannot exclude or limit by law.
Users may only use the RSA websites for their intended purpose. Users must not use the RSA websites for any unlawful purposes.
Users must not use the RSA websites to transmit, distribute or store content: (a) in violation of any applicable law or regulation, including export or encryption laws or regulations; (b) that may adversely affect the RSA websites or other RSA customers; or (c) that may expose RSA to criminal or civil liability.
Users must not use the RSA websites to transmit, distribute or store material that is inappropriate, as reasonably determined by RSA, or material that is obscene (including child pornography), defamatory, libelous, threatening, abusive, hateful, racially or ethnically offensive, harassing, humiliating to other people (publicly or otherwise), or otherwise objectionable. To be absolutely clear, Users must not store (either permanently or temporarily), process or transmit through any of the RSA websites pornographic content of any kind.
Intellectual Property Rights
Material accessible through or contained within the RSA websites may be subject to protection under privacy, data protection or confidentiality laws and may contain intellectual property rights owned by RSA or third parties. The intellectual property may include, but is not limited to, copyright, patents, trademarks, trade names, trade secrets or other proprietary information. Users must not use the RSA websites in any manner that would infringe, dilute, misappropriate, breach or otherwise violate any of these rights or laws. Users are responsible for ensuring that they have all necessary rights and licenses for all content that they place on the RSA websites. Users must fully indemnify RSA with respect to any claims by third parties brought against RSA based on an allegation that User failed to comply with its obligations under this paragraph.
Malicious Content and Conduct
Users must not use the RSA websites to transmit, distribute, or store material that may be harmful to or interfere with the RSA websites or any third party’s networks, systems, services, or web sites. Malicious content includes, but is not limited to, viruses, worms, and Trojan horses.
Users must not use the RSA websites to conduct activities that may be harmful to or interfere with the RSA websites or any third party’s networks, systems, services, or Web sites, including, but not limited to, flooding, mail bombing, or denial of service attacks. Users are prohibited from violating or attempting to violate the security of the RSA websites or the computers, accounts, or networks of another party. Users are also prohibited from any activity considered a precursor to attempted security violations, including, but not limited to, any form of scanning, probing, or other testing or information-gathering activity. Inappropriate activity may result in civil or criminal liability. RSA may investigate such activity, and may involve and cooperate with law enforcement authorities in prosecuting Users involved in such activity.
Fraudulent and Misleading Content
Users must not use the RSA websites to transmit or distribute material containing fraudulent offers for goods or services, or any advertising, or promotional, or other materials that contain false, deceptive, or misleading statements, claims, or representations, or which does not comply with any applicable advertising laws or standard business practice. Users must not use the RSA websites to mask their true identity or to pretend to be someone or something that they are not.
Collecting Personal Information
Users must not use the RSA websites to collect, process, or store, or attempt to collect, process or store, personal data relating to any third parties in violation of applicable law. If Users collect third party personal data, then Users must comply at all times with applicable data protection laws and regulations.
Email and Unsolicited Messages
Users must not use the RSA websites to transmit unsolicited e-mail messages, including, without limitation, unsolicited bulk email (“spam”), or emails intended to harass or annoy others. Further, Users must not use the service of another provider to send spam to promote a website hosted on or connected to the RSA websites.
Responsibility for Content
RSA has no responsibility for any User-provided content or content that User may access on or through the RSA websites. RSA is not obligated to monitor or exercise editorial control over that content. If RSA becomes aware that any content may violate this AUP, expose RSA to civil or criminal liability, or both, then RSA may block access to that content and suspend or terminate provision of the RSA websites to any User creating, storing or disseminating such material. RSA may also cooperate with legal authorities and third parties in any investigation of alleged wrongdoing.
RSA requests that any person who becomes aware of a violation of this AUP reports this information to RSA by email to firstname.lastname@example.org or such other notice address that may be stated in the Supplemental Terms for the applicable service. RSA may take any appropriate action as it reasonably deems appropriate in its sole discretion in respect of such violations.
Notification of Copyright Infringement Concerns
If any User believes that its copyrighted work has been copied and is accessible on the RSA websites in a way that constitutes copyright infringement, please send a notice to:
Notices must include each of the following:
(1) The electronic or physical signature of the owner of the exclusive right that is allegedly infringed, or the electronic or physical signature of someone authorized to act on the owner’s behalf;
(2) Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site;
(3) Identification of the material, claimed to be infringing or to be the subject of infringing activity, for which disabling of access or removal is sought, and information reasonably sufficient to permit us to locate the material;
(4) If the infringement claimed is by reason of intermediate and temporary storage, or caching, of material, include also a statement confirming that the infringing material has been removed from the originating site or access to it has been disabled or that a court has ordered that the material be so removed or that access to such material be disabled;
(5) If the infringement claimed is by reason of referring or linking users to an online location containing infringing material or infringing activity, by using information location tools, then, instead of the identification under paragraphs (3) or (4), provide identification of the reference or link, to the claimed material or activity, that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit us to locate that reference or link;
(6) Information reasonably sufficient to permit us to contact you, such as an address, telephone number, and, if available, an electronic mail address at which you may be contacted;
(7) A statement that you has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and,
(8) A statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.