UPDATED: SEPTEMBER 1, 2020
This Privacy Statement applies to RSA Security LLC (“RSA” “we,” “us,” or “our”) to explain how information you provide to us is used and shared. Our privacy practices set forth here reflect RSA’s activity as a data controller. This Privacy Statement applies only to RSA’s websites (our “Websites”) and does not apply to any other Corporate Affiliates that have published their own privacy and security statements or Business Partners (as defined below); or to any other third parties, even if links to their websites are on our Websites. We recommend that you review the privacy statements of the other parties with whom you interact.
For purposes of this Privacy Statement, “Business Partners” means subcontractors, vendors or other entities with whom we have ongoing business relationships to provide products, services or information. “Personal Information” means information that can identify you, such as your name, telephone number, email address, Internet Protocol (“IP”) address and location data.
- The Information We Collect
- The Information We Automatically Collect
- Information from Third Party Sources
- Information We Process on Behalf of Our Customers
- How We Use Personal Information
- How We May Share Personal Information
- Legal Basis for Processing
- Retention of Your Data
- International Transfers
- Your EU Data Protection Rights
- Selecting Your Communication Preferences & Accessing Your Personal Information
- How We Secure Personal Information
- Collection and Use of Children’s Personal Information
- Analytics / Log Files
- Targeted Display Advertising by RSA and Others
- “Do Not Track” Signals
- Targeted Email Marketing by RSA
- How We and Our Partners use Web Beacons, Pixel, Tags, and Tracking Technology
- Social Media Widgets
- Link to External Websites
- Changes to this Privacy Statement
- Data Representative
- Acceptable Use
- How to Contact Us
THE INFORMATION WE COLLECT
We may ask you to provide Personal Information when you:
- Use our websites or applications;
- Request quotes, services, support, downloads, trials, whitepapers, training or information;
- Place orders for products or services or register for events or webinars;
- Create and manage an account;
- Apply for a credit card or financing;
- Participate in surveys, sweepstakes or other promotional activities online or in any other venue;
- Provide a testimonial;
- Subscribe to newsletters, RSA programs, marketing and promotional emails or other materials;
- Contact us.
We may collect information you choose to provide about you and your company, which may include your company name, your name, title, e-mail address, postal address, and telephone number. Forms that you choose to complete will indicate whether information requested is mandatory or voluntary.
THE INFORMATION WE AUTOMATICALLY COLLECT
We may automatically collect behavioral and usage information about your visits to our Website, including the pages you view, the links and advertisements you click, search terms you enter, and other actions you take in connection with our website and services. We may also collect certain information from the browser you use to come to our website, such as your IP address, device identifier, location data, browser type and language, access times, the Uniform Resource Locator (URL) of the website that referred you to our website and the URL to which you browse away from our site if you click on a link on our site.
Some RSA services may be co-branded and offered in conjunction with another company. If you register for or use such services, both RSA and the other company may receive information collected in conjunction with the co-branded services, and may use the information according to each company’s privacy statement and other agreements with you.
INFORMATION FROM THIRD PARTY SOURCES
We may obtain information about you from third party sources such as public databases, our Business Partners, joint marketing partners, social media platforms, and from other third parties. Examples of the information we may receive from other sources include: page-view information from some Business Partners with which we operate co-branded services or joint offerings, and credit history information from credit bureaus. We may use the information to better understand you to enhance our ability to provide relevant marketing, products and services to you and to help prevent and detect fraud.
INFORMATION WE PROCESS ON BEHALF OF OUR CUSTOMERS
In the course of using our products and services, RSA customers may choose to upload or submit information to RSA’s cloud services for hosting or storage. The customer data that we host on our cloud services is processed by RSA purely on behalf of the customer and our privacy practices will be governed by the contract that we have in place with our customers (who have their own privacy notices in place) and not this Privacy Statement. If you have any questions or concerns about how such information is handled or would like to exercise your rights, you should in the first instance contact the person or entity (i.e the data controller) who has contracted with RSA to use the RSA service to host or process this information (e.g. your employer or service provider). They control the personal information in these cases and determine the security settings within the account, its access controls and credentials. We will provide assistance to our customers to address any concerns that you may have, in accordance with the terms of our contract with them.
HOW WE USE PERSONAL INFORMATION
RSA may use your Personal Information to:
- Deliver the products and support or carry out the transactions you have requested;
- Send communications to you, such as your transaction status (for example, order confirmations), information about products and services available from RSA and its Corporate Affiliates, event announcements, important product notices including those announcing changes to our terms or policies, promotional offers and surveys;
- Facilitate the use of our website and communications from our Business Partners;
- Advertise and market RSA products and the products of our Corporate Affiliates by, for example, delivering targeted ads on this and other web sites, analyzing the effectiveness of ads, and determining whether you would be interested in receiving offers about new products or services;
- Administer, customize, personalize, analyze and improve our products, services (including the content and advertisements on our Website), technologies, communications and relationship with you;
- Enforce our conditions of sale, our Website terms and/or separate contracts (if applicable) with you;
- Prevent fraud and other prohibited or illegal activities;
- Protect the security or integrity of our Website, our business, or our products or services; or
- Perform other functions or serve other purposes, as disclosed to you at the point of collection or as required or permitted by law.
If RSA is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
HOW WE SHARE YOUR PERSONAL INFORMATION
We may share Personal Information with Corporate Affiliates to carry out transactions you request, to make our business or that of our Corporate Affiliates more responsive to your needs, including so that our Corporate Affiliates may provide you with information about those Corporate Affiliates’ products and services, or for research or analysis. We may also disclose Personal Information in connection with legal orders from law enforcement or other government bodies; as required by law or regulation; to protect the rights of RSA, its customers, the public, or others; to combat fraud or criminal activity; or with your consent.
In addition, we may share Personal Information to carry out transactions you request with Business Partners that help RSA or our Corporate Affiliates customize, analyze and/or improve our communication or relationship with you. This may include requests relating to RSA products or services. We will only share Personal Information with Business Partners who share RSA’s commitment to protecting your Personal Information. Except as described above, we will not disclose Personal Information to third parties for their own marketing purposes unless you have provided consent.
We may disclose your Personal Information for any purpose with your consent.
We may share information with a purchaser of all or part of RSA or our Corporate Affiliates.
LEGAL BASIS FOR PROCESSING
Our legal basis for collecting and using your Personal Information as described in this Privacy Statement will depend on the Personal Information concerned and the specific context in which we collect it. In general, we collect and process your Personal Information on one or more of the following bases:
- To comply with a contractual obligation (for example, using your shipment details to make delivery where you have bought a product from us or using your personal details where you have asked us to do something before making a purchase, such as providing you with a quote). We will advise you upon collection whether the provision of your Personal Information is mandatory and of the possible consequences if you do not provide us with your information.
- For compliance with RSA’s legal obligations where other laws require the processing of your Personal Information (for example, health and safety, taxation and anti-money laundering laws) or where we need your personal information to protect your vital interests or those of another person.
- RSA’s (and its Business Partners’) legitimate interests which include the provision of this website and/or relevant products and services, and/or the carrying out of marketing and profiling activities, provided always that our legitimate interests are not outweighed by any prejudice or harm your rights and freedoms.
If you have any questions or need more information concerning the legal basis on which we collect your Personal Information, please contact us at privacy@RSA.com.
RETENTION OF YOUR DATA
We will retain your Personal Information as necessary in connection with the purposes described in this Privacy Statement, where applicable for as long as your account is active, and in accordance with RSA’s retention policies and applicable law. For more information on the relevant timeframe or criteria to determine the retention period please contact privacy@RSA.com.
RSA may transfer your Personal Information to other companies within the RSA group and/or to our Business Partners, if required for the purposes described in this Privacy Statement. This may involve the transfer of your Personal Information to countries outside your home country or region, including outside the European Economic Area if that is your region, which may have a different level of data protection from your home country. Such countries may include, without limitation, the United States and other countries in which RSA or its parent company, Corporate Affiliates or Business Partners maintain facilities. In order to provide adequate protection for the transfer of your Personal Information, where appropriate. we have in place contractual arrangements (such as the European Commission’s Standard Contractual Clauses as appropriate) with our parent company, Corporate Affiliates and Business Partners in respect of such transfers. We will take all reasonable technical and organizational measures to safeguard Personal Information we transfer.
YOUR EU DATA PROTECTION RIGHTS
Where the processing of your Personal Information is subject to EU data protection laws, you have the following data subject rights. Please note that these rights are not absolute and in certain cases are subject to conditions as specified in applicable law:
- Access: you have the right to request information about how we process your Personal Information and to obtain a copy of that Personal Information.
- Rectification: you have the right to request the rectification of inaccurate Personal Information about you and for any incomplete Personal Information about you to be completed.
- Objection: you have the right to object to the processing of your Personal Information, which is based on our legitimate interests (as described above).
- Erasure: you have the right to request the erasure of your Personal Information (subject to certain conditions).
- Automated decision-making: you have the right not to have a decision made about you that is based solely on automated processing if that decision produces legal or similarly significant effects concerning you.
- Restriction: you have the right to ask us to restrict our processing of your Personal Information, so that we no longer process that information until the restriction is lifted.
- Portability: you have the right to receive your Personal Information, which you have provided to us, in a structured, commonly used and machine-readable format and to have that information transmitted to another organization in certain circumstances.
In addition to the above, you have the right to lodge a complaint with a supervisory authority if you consider that our processing of your Personal Information infringes applicable data protection law.
If you have any questions about the type of Personal Information we hold about you or if you wish to request deletion or correction of Personal Information we hold about you, or exercise any other data subject right, please send a written request to or to the postal address provided at the bottom of this Privacy Statement. While we will make reasonable efforts to accommodate your request, we reserve the right to reject such access requests or to impose restrictions or requirements upon such requests if required or permitted by applicable law.
SELECTING YOUR COMMUNICATION PREFERENCES & ACCESSING YOUR PERSONAL INFORMATION
You may choose to receive or not receive marketing communications from RSA by indicating your preferences. Opportunities to select your preferences include the following:
- You can click “unsubscribe” in any marketing email communications we send you, or
- The My Account section of RSA.com allows you to choose whether you wish to receive marketing communications from RSA, and to manage your communication preferences;
- You can send us an email at privacy@RSA.com to opt out;
- If you wish to change or update your Personal Information, please contact us at privacy@RSA.com.
Please allow up to 10 business days for your email preferences and any updates of your Personal Information to take effect. We will then retain your information for as long as your account is active or as needed to provide you services and as necessary to comply with our legal, regulatory or compliance obligations. If you opt out of receiving marketing communications, we may still communicate with you in connection with transactions you request and/or servicing your account.
Any marketing by RSA, or any third parties on behalf of RSA, will be conducted in accordance with applicable laws and include (where applicable) methods to allow you to express your preferences (including being removed from our advertising and marketing lists as set out above).
HOW WE SECURE PERSONAL INFORMATION
RSA is committed to protecting the security of your Personal Information. RSA takes all reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorized access, modification or disclosure. The ways we do this include:
- Using encryption when collecting or transferring sensitive information, such as credit card details;
- Having in place technical and organizational measures designed to ensure the ongoing integrity, availability and resilience of processing systems and services;
- Limiting physical access to our premises;
- Limiting access to the information we collect about you;
- Ensuring that we and our Business Partners have appropriate security safeguards to keep Personal Information secure; and
- Where required by law, destroying or de-identifying Personal Information.
We encourage you to keep any passwords you use confidential and to be careful to avoid “phishing” scams where someone may send you an email that appears to be from RSA asking for your personal information. RSA will not request your ID or password through email.
COLLECTION AND USE OF CHILDREN’S PERSONAL INFORMATION
RSA takes children’s privacy seriously. We do not knowingly collect Personal Information from children through our Website. If you are a child as understood by laws of your country, please do not submit any Personal Information through our Website without the express consent and participation of a parent or guardian.
A cookie is a piece of text that is placed on your computer’s hard drive. Depending on the settings you have selected, your browser adds the text to your device as a small file. Many browsers are set to accept cookies by default. You have the ability to accept or decline cookies as you prefer. The Help portion of your web browser, most likely found on the toolbar, typically tells you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Note that disabling or declining cookies may prevent the use of certain features of our website, including the ability to login to a site.
ANALYTICS / LOG FILES
As is true of most web sites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole. We may link this automatically-collected data to Personal Information in order to personalize our communications with you.
TARGETED DISPLAY ADVERTISING BY RSA AND OTHERS
These cookies assist the third parties in identifying the pages you view, the links and ads you click on, other actions you take on those web pages, and the site from which you came before arriving at a web page.
To enable you to opt-out of interest-based advertising delivered by partners working with RSA, or to customize your experience on our Website, please navigate to the main page and select “Cookie Consent” at the bottom of the page. If you opt-out, you may still see RSA ads on our Website and other websites, but those ads will not be customized to you by RSA or our partners.
“DO NOT TRACK” SIGNALS
TARGETED EMAIL MARKETING BY RSA
Some marketing you receive, including email marketing, may also be personalized based on your visits to our Website and your browsing and purchase history. In addition, when you click on some links in email marketing you receive, our email service provider may place a cookie on your browser. This cookie would be linked to your email address and used to gather information about the products and services you view on our Website. Information gathered may be used to personalize and customize future email marketing messages you receive. You may opt out of this use by clicking on the unsubscribe link provided in every personalized email marketing message you receive sent from or on behalf of RSA.
HOW WE AND OUR PARTNERS USE WEB BEACONS, PIXEL TAGS AND TRACKING TECHNOLOGY
RSA or its Business Partners may use web beacons on our website, in our email messages, in our advertisements on other websites, or in our advertisements in others’ email messages. Similarly, third parties whose content or ads appear on our Website, may also place web beacons in their ads or emails for purposes of measuring the effectiveness of the content, ads or email messages.
A web beacon is an electronic image that can be used to recognize a cookie on your computer when you view a web page or email message. Web beacons help us measure the effectiveness of our Website and our advertising in various ways. For example, web beacons may count the number of individuals who visit our Website from a particular advertisement, or who make a purchase from our Website after viewing a particular advertisement, or they may tell us when a web page is viewed and provide a description of the page where the web beacon is placed. Web beacons may also measure the effectiveness of our email campaigns, by counting the number of individuals who open or act upon an email message, determining when an email message is opened and determining how many times an email message is forwarded. Subject to local laws, we may combine the information that we collect through web beacons with other Personal Information we have collected from you.
The information we collect through web beacons may include some limited Personal Information, and web beacons allow us to recognize users by accessing RSA cookies. We use all of this information to better tailor our marketing to you and may use this information for other purposes, such as to enable a shopping cart, customize content on our Website and undertake internal research.
We may allow some of our Business Partners to compile individual information or aggregated statistics from the use of web beacons on our site by RSA, its agents or others, to determine the effectiveness of online marketing and to develop statistics on how often clicking on an advertisement results in a purchase or other action on the advertiser’s site. Aggregate information is anonymous and may include demographic and usage information. No Personal Information about you is shared with Business Partners for this research.
When you visit our Website or view one of our email messages, we may use pixel tags (also called “clear” gifs), tracking links and/or similar technology to note some of the pages you visit on our Website. We may also use pixel tags to determine what types of email your browser supports. We may use the information collected through web beacons, pixel tags, tracking links and similar technology in combination with your Personal Information to personalize your experience on our Website and to provide you with more useful and relevant advertisements.
SOCIAL MEDIA WIDGETS
Our Website includes social media features, such as a Facebook “Like” button and widgets, such as the “Share this” button or interactive mini-programs that run on our Website. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy statement of the company providing it and not by this Privacy Statement.
LINKS TO EXTERNAL WEBSITES
Our Website may contain links to third-party sites. RSA cannot control and is not responsible for the privacy practices of such third-party sites. RSA encourages users to be aware when they leave our Website, and to read the privacy statements of each website they visit. This Privacy Statement applies only to RSA.
BLOG / FORUM
Our Website offers publicly-accessible blogs or community forums. Please be aware that any information you provide in these blogs or forums may be read, collected, and used by others who access them. To request removal of your Personal Information from our blog or community forum, contact us at privacy@RSA.com.
CHANGES TO THIS PRIVACY STATEMENT
RSA reserves the right to change this Privacy Statement at any time. If RSA materially changes its Privacy Statement, we will either notify users via e-mail or via a prominent notice posted on our Website prior to the change becoming effective. (see https://www.RSA.com/privacy). Changes are effective as of the date we post them on the RSA Privacy Statement page. We encourage you to periodically review this Privacy Statement to be informed of how we are using and protecting your Personal Information.
For data subjects located in the EU:
Unless otherwise stated, RSA Security LLC is the data controller of your personal information. For the purposes of the General Data Protection Regulation, RSA can be contacted as noted in the Contac Us section.
Please read our Acceptable Use Policy in RSA Conference U.S. Privacy Statement or click here.
HOW TO CONTACT US
If you have questions about this Privacy Statement or would like to contact us for any reason regarding our privacy practices, you may:
- Contact RSA via e-mail at privacy@RSA.com or
- Send postal mail to the following address:
RSA Security LLC
Attention: Law Department – Privacy
174 Middlesex Turnpike