Why Mobile Devices are the Weakest Link in Your Organization’s Cybersecurity

Join our webinar on Wednesday, December 13 at 11 AM ET / 8 AM PT.

Register Now

Introduction

Your privacy is important to RSA Security LLC so we have developed this Privacy Policy that outlines our privacy practice on how we process, collect, use and share your personal data as well as your privacy rights under certain privacy laws. We may provide additional data privacy information by using a supplementary privacy notice(s).

In this Privacy Policy, “RSA,” “our,” “us,” or “we” refers to RSA Security LLC and its relevant affiliate(s) involved in the collection, use, sharing or processing of your personal data.

RSA is committed to protecting the privacy and security of all personal data we collect when you access, use, or interact with us via our websites, marketing communications and personal data we process in order to provide services to our customers. We receive limited personal data from our customers.

This Privacy Policy does not apply to:

  • customers with a Data Processing Addendum (DPA) in place, which describes how we process our customer’s personal data.
  • data that is not personal, which include anonymous and aggregated data; and,
  • information related to our job candidates.

This Privacy Policy is intended to apply to the extent RSA processes your data as a data controller. It is not intended to apply when RSA processes your data as a data processor on behalf of our customers. It also does not apply to information that has been aggregated, de-identified, or pseudonymized.

1. Information We Collect

We collect “personal data,” which means information relating to an individual who can be identified, directly or indirectly, by reference to an identifier, such as a name, identification number, location data, or an online identifier.

1.1 Information Collected from You

The types of information we collect about you depends on your use of our products, services and the ways that you interact with us, and includes information we obtain from third parties. This may include information about:

  • Contact information, such as your name, country, email address, phone number, time zone, mailing address.
  • Business information such as your job title, job level, job role/function and other business or company information.
  • Interest information such products or services you purchase, and the activities associated with your account and preferences.
  • Web form information you provide in our web forms (forms that you choose to complete will indicate whether the information requested is mandatory or voluntary).
  • Cookie and tracking information while you interact in our websites include your browser type, IP address, Pixel ID, unique device identification number, operating system, device type, and version information, language settings, webpages you view, the amount of time you spend on pages, the website URL that referred you to our pages, your geographic information derived from your IP address, other technical information and any hyperlinks or advertisements you select.
  • Browser referral information about the websites that led you to visit us.
  • Error reports and performance information of the products and any problems you experience, including error reports.
  • Content consumption information about media content (e.g. T.V., apps and games) you access through our offerings.
  • Feedback and ratings information you provide to us such as customer survey feedback and product reviews you write, unless anonymous.
  • Third party sources information may include personal data to supplement the information we have collected about you.
  • Third party websites and links. We may provide links to other websites, which if you click on them may collect information about you and direct you to those websites. The information practices of those third-party websites linked to our website are covered by the third party’s own privacy policies/statements and we encourage you to read those.
  • Credentials such as password hints, and similar security information used for authentication and MyAccount access.
  • Demographic information such as your age, gender, country, interests, and preferences.
  • Payment information to process payments, such as your payment instrument number (such as a credit card number) and the security code associated with your payment instrument.
  • Troubleshooting and help information when you contact RSA for technical support or customer support services, phone conversations or chat sessions with our representatives may be monitored and recorded.
  • Information necessary for us to provide services to you.
  • Any other personal data you choose to share with us.
1.2 Special Categories of Personal Data

We do not intentionally collect special categories of personal data which includes sensitive information such as:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Membership in a trade union
  • Genetic data
  • Biometric data
  • Physical or mental health or condition
  • Sex life or sexual orientation

You are not required to provide, nor should you disclose this information as we do not intend to process sensitive information. However, if you do disclose, you acknowledge that you consent to our collecting and processing of these special categories of data.

2. How We Collect Your Personal Data

The types of personal data we collect about you depends upon your use of our products and services and the ways that you interact with us.

2.1 Personal Data Collected Directly from You

We ask for and collect personal data from you in the following instances:

  • When you express interest in our products and services and request additional information; when you request a demo; when you request customer support; when you use our Contact Us page; when you register to receive communications from us; when you participate in a program or a survey; when you download content from our websites; when you are an authorized user of our products and services.
    • We may collect your name, job title, company name, address, country, phone number, email address, username, and password.
  • When you make a purchase using our websites.
    • We may collect your name, job title, company name, address, country, phone number, email address, and financial information for billing and payment, such as billing name and address, payment instrument such as credit card number and the security code associated with your payment instrument, or bank account information.
  • When you register for one of our events.
    • We may collect your name, job title, company name, address, country, phone number, email address, and financial information for billing and payment, such as billing name and address, payment instrument such as credit card number and the security code associated with your payment instrument, or bank account information. If you attend an in-person event and are issued a badge, we may scan the badge and access your information, such as name, job title, company name, address, country, phone number, and email address. We may also collect your image.
  • When you communicate with us by phone.
    • We may collect information to verify your identity and may record the call for training purposes, in accordance with applicable laws.
  • When you visit our offices.
    • We may collect name, job title, company name, address, country, phone number, email address, and time and date of your arrival. We may also collect your image.
  • When you interact with our websites or emails.
    • We may collect information about your device, your usage of our websites and/or emails using cookies, web beacons, or other similar technologies.
  • When you interact with our products and services.
    • We may collect account history information and the activities associated with your account, such as information about your device and your usage of our products and services through log files and other technologies.
  • When you voluntarily fill out a web form, participate in a survey, respond to a questionnaire, or share data with us in another form of research.
    • We may collect information you voluntarily choose to provide and any mandatory information we request.

If you provide personal data relating to another individual, you represent that you have the authority to do so, and where required, you represent that you have obtained the necessary consent to share such data. You acknowledge that the personal data of the other individual may be used in accordance with this Privacy Policy.

If you believe your personal data has improperly been provided to us, or if you want to exercise your rights relating to your personal data, please contact us at privacy@rsa.com.

2.2 Personal Data Collected from Others

We may collect your personal data from other sources such as publicly available information and third-party sources that we purchase personal data from. The third-party sources may change over time and may include:

  • Data brokers from whom we purchase demographic data to supplement the personal data we have collected about you
  • Communication services, including email providers and social networks when you give us permission to access your information from such third-party services or networks
  • Partners with whom we offer co-branded products and services, or with whom we engage in joint marketing activities.

The personal data may include identifiers, professional or employment related information, education information, commercial information, visual information, internet activity information, social media profiles, and inferences about preferences and behaviors. We may combine information from other sources with the personal data provided by you.

This data helps us keep our records updated, identify new customers, and create tailored advertising for products and services that may be of interest to you.

3. Device and Usage Data We Process

We use information gathering tools such as cookies, web beacons, pixels, and similar technology to automatically collect information that might contain your personal data when you use our websites and services or interact with emails we send you.

3.1 Automatic collection

Most websites automatically collect data about you when you visit the site. This information may include:

  • Identifiers
  • Commercial information
  • IP address
  • Proxy Server information
  • Device and application information
  • Identification numbers
  • Location
  • Browser type
  • Plug-ins
  • Integrations
  • Internet service provider
  • Mobile carrier
  • Pages and files viewed
  • Searches
  • Referring website, app, or advertisement
  • System configuration information
  • Advertising preferences
  • Language preferences
  • Date and time stamps of your usage
  • Frequency of visits to the websites

We use this information to analyze overall trends, help us improve our websites, offer a personalized experience for website users, and secure and maintain our websites.

We also automatically collect information as part of your use of our products and services. This information may include:

  • Identifiers
  • Commercial information
  • IP address
  • Proxy server information
  • Mobile device number
  • Device identification number
  • Application identification number
  • Location
  • Browser type
  • Internet service provider
  • Mobile carrier
  • Pages and files viewed
  • Website and webpage interactions
  • Search information
  • Operating system type and version
  • System configuration information
  • Data and time stamps of your usage
  • Details of products and product versions you use

We use this information to maintain the security of our websites and our products and services, provide necessary functionality, improve the performance of services, assess and improve customer and user experience, validate that you are an authorized user, review compliance with usage terms, identify future opportunities for service development, assess capacity needs and requirements, and identify customer opportunities.

Device and usage data is primarily used to identify the unique uses of our websites instead of identifying specific individuals unless identity is required for security purposes or to provide services to the individual.

3.2 Tracking Technologies

Our websites, online services, interactive applications, email messages, and advertisements may use tracking technologies such as web beacons, pixels, tags, and cookies to help us tailor your experience, better understand your preferences, tell us which parts of our websites you have visited, and facilitate and measure the effectiveness of our interest-based advertisements and web services, and gather information about the use of our websites and the interactions with our emails.

Web beacons and pixels are used on our websites and in our emails to help deliver cookies, gather usage and performance data, and operate and improve our websites and marketing emails.

Cookies are alphanumeric identifiers that are stored on your device’s local storage through your web browser for recordkeeping purposes. Some cookies allow us to make it easier for you to navigate our websites and services, improve and customize your browsing experience, and infer your browsing preferences, while others are used to enable a faster log-in process or allow us to track your online activities over time and across our webpages.

We use both session-based and persistent cookies.

  • Session-based cookies only exist during a single session and will disappear from your device when you close your browser or turn off your device. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the websites or our services. This allows us to process your online transactions and requests and to verify your identity after you have logged in, as you move through our webpages and services.
  • Persistent cookies will remain on your device even after you close your browser or turn off your device. We use persistent cookies to track aggregate and statistical information about user activity on our websites.

There are four categories of cookies:

  • Strictly Necessary: These cookies allow core website functionalities. The website cannot function properly without these cookies.
  • Functionality: Functionality cookies are used to remember visitor information on the website, eg. language, timezone, enhanced content.
  • Advertising: Advertising cookies track your activity across our websites to understand your interests and to show you personalized marketing.
  • Analytics: These cookies help improve our website by analyzing and reporting information on how visitors use it.
3.3 Disabling Cookies on Your Browser

Besides using our Privacy Settings, you can opt out from the collection of non-essential device and usage data on your web browser. Depending on your personal preferences, you can edit your browser options by using the “Help” function in your browser toolbar. You can prevent your computer from accepting new cookies, have the browser notify you when you receive a new cookie, or disable all cookies. However, it is important to note that if you block or delete cookies that we use on our websites, you will still be able to browse certain areas of the websites, but some features may not function properly.

3.4 Flash Local Storage Objects

We may use Flash Local Storage Objects (Flash LSOs) to store your website preferences and to personalize your visit. Flash LSOs are different than browser cookies because of the amount and type of data stored. Typically, you cannot control, delete, or disable acceptance of all Flash LSOs through your web browser.
For more information about Flash LSOs and to learn how to manage your settings for Flash LSOs, go to the Adobe Flash Player Help Page.

3.5 Invisible Images

Invisible Images are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your device’s local storage, these images are embedded invisibly on web and application pages.

We may use invisible images, which are also known as web beacons, web bugs, or pixel tags in connection with our websites and service offerings to, among other things, track the activities of website visitors and application users, help us manage content, and compile statistics about website usage.

We, and our third-party service providers, also use invisible images in HTML emails to our customers to help us track email response rates, identify when our emails are viewed, and to track whether our emails are forwarded.

3.6 Behavioral or Interest Based Advertising

We, and our third-party service providers, may use information about your visit to our websites, such as pages you visit, items you view, and your responses to our advertisements and emails. This information allows us to make the advertisements you see more relevant to you. To update your preferences, you may click “unsubscribe” in any email marketing communication that is sent to you.

It may take up to ten (10) business days for your email preferences to take effect.

You may also visit the opt out pages to opt out of many third-party advertising networks through various trade association websites such as:

However, using these opt out pages does not mean that you will no longer receive advertising through our websites or services, or on other third-party websites.

3.7 Third Party Advertising Networks

From time to time, we may give unaffiliated network advertisers information, including your personal data. These network advertisers provide advertisements on our websites, applications, and on other parties’ websites and media, such as social networking platforms.

Our shared use of your personal data with these network advertisers enables us to offer the products and services that will be of most interest to you. Non-affiliated ad network providers, network advertisers, sponsors, and/or traffic measurement services may use cookies, JavaScript, web beacons, Flash LSOs, and other tracking technologies to measure the effectiveness of their advertisements and to personalize advertising content to you. Other parties’ cookies and technologies are governed by each company’s specific privacy policy, and not by this Privacy Policy.

When we work with third party advertising networks, we require them to restrict their data processing to only what is necessary to provide us with the advertising services we request.

Website users located in the United States may learn more about opting out and opt out of many third-party advertising networks through various trade association websites such as:

However, it does not mean that you will no longer receive advertising through our websites, services, or on other third-party websites.

3.8 Cross Device Use

We, and our third-party service providers, including Google, may use the information that we collect about you, whether directly from our website, from our mobile applications, through your device, or from a third party, to help us and our third-party service providers identify other devices that you use, such as a mobile phone, tablet, or other computer.

We, and our third-party service providers may also utilize the cross-device use information we learn about you to serve targeted advertising on your devices and to send you emails.

To opt out of cross device use, you may opt out of third-party advertising (see Section 3.7). However, if you opt out of these advertising cookies, your opt out will be specific to the web browser, application, or device from which you accessed the opt out. If you use multiple devices or web browsers, you will need to opt out of each device and each browser on each device that you use.

3.9 Do Not Track Option

Some internet browsers offer a “Do Not Track” option that allows you to tell websites that you do not want your online activities tracked. There is currently no industry common standard, therefore, we do recognize these Do Not Track signals on our websites. We take privacy and your preferences seriously and will continue to monitor Do Not Track developments and the adoption of a standard.

However, you may disable certain tracking by clicking on “Privacy Settings” at the bottom of our website located at: RSA.com by disabling cookies on your browser (see Section 3.3), or by opting out of advertising (see Sections 3.6 and 3.7).

3.10 Social Media

We are responsible for the content we publish using social media platforms, but we are not responsible for managing the social media platforms or the data they collect and process. Our websites have social media sharing plugins. These widgets may allow you to post information about your activities on our websites on outside platforms and social networks. You may also be able to like or share information we have posted on our websites or our branded social media pages. If the social media pages are hosted by the individual platforms and you click through to the site from our websites, the platform may receive information showing that you visited our websites. If you are logged into the social media site at the time you click through, the social media site may be able to link your visit to our websites with your social media profile.

3.11 Telephony Information

If you use features of our services on your mobile device, we may collect telephony log information, including phone numbers, time and date of the calls, duration of the call, SMS routing information. We may collect device event information, such as system activity, hardware settings, and browser language. We may also collect location information through GPS, IP address, WiFi access points and cell towers, and other sensors that provide us with information on nearby devices.

4. Purposes and Legal Bases for Processing Personal Data

We collect and process your personal data for the following purposes:

  • To provide and promote our websites, products, and services. We will process your personal data to perform our obligations under any contract we have with you or your employer for the use of our websites and services.
    • If no contract exists, the legal basis for processing your personal data is to operate and administer our websites and services to provide you with access to content.
  • To provide and promote the security of our websites. We will process your personal data when we track your use of our websites and services; when we create aggregated, de-identified, pseudonymized data; when we verify accounts and activity; when we investigate suspicious activity; when we enforce our terms and conditions and policies.
    • The legal basis for processing your personal data is to promote the safety and security of our websites, services, systems, and applications and to protect our rights and the rights of others.
  • To manage users. We will process your personal data when you register for an account with us, to establish and manage the user account, and to allow us to perform our obligations to you in accordance with the applicable contract or terms and conditions.
    • The legal basis for processing your personal data is to allow us to confirm and authenticate your identity and prevent unauthorized access to restricted areas of our websites.
  • To provide support. We will process your personal data when you request technical support or customer support services to review error reports, performance information of the products, and the problems you experience, and to troubleshoot and provide help information.
    • The legal basis for processing your personal data is to allow us to confirm the issue and provide the assistance you need to resolve the issue.
  • To respond to your requests. We will process your personal data when you fill out a “Contact Us” form, request a demo, or contact us in any other manner, including chatbot, email, or phone.
    • The legal basis for processing your personal data is to perform our obligations to you, fulfill your requests, and communicate with you.
  • To manage payments. We will process your personal data when you make a purchase and provide financial information to us.
    • The legal basis for processing your personal data is to collect payments as necessary pursuant to the contracts we have with you.
  • To record phone conversations and chat sessions. We will process your personal data if you call us, and we monitor and record the call or if you open a chat session and we monitor and record the conversation.
    • The legal basis for processing your personal data is for training, quality assurance, and administrative purposes. We will obtain your prior consent or allow you to object to a phone call being recorded if required under applicable law.
  • To send communications. We will process your personal data to send you marketing information, product recommendations, and other communications, such as newsletters or push notifications.
    • The legal basis for processing your personal data is to provide information about promotions, news, or events for direct marketing purposes.
  • To manage event registration. We will process your personal data to plan and host events for which you register or attend, including sending communications to you.
    • The legal basis for processing your personal data is to fulfill our obligations to you.
  • To develop and improve our websites and services. We will process your personal data to analyze trends and track your usage of and interactions with our websites, as necessary.
    • The legal basis for processing your personal data is for our legitimate interest in developing and improving our websites and services and providing users with more relevant content and service offerings.
  • To assess and improve user experience. We will process your device and data usage, which may be associated with your personal data, and content consumption information about media content such as television, apps, and games you access through our products.
    • The legal basis for processing your personal data is to analyze trends, assess and improve the user experience, and improve our websites and service offerings.
  • To assess capacity requirements. We will process your personal data to assess the capacity requirements of our services.
    • The legal basis for processing your personal data is to ensure we have the necessary capacity for our service offerings.
  • To review compliance with our terms of use. We will process your personal data to validate that you are an authorized user and to ensure compliance with the terms which grant your use.
    • The legal basis for processing your personal data is to ensure adherence to the relevant terms.
  • To identify customer opportunities. We will process your personal data to assess new opportunities for our customers.
    • The legal basis for processing your personal data is to ensure we meet the demands of our customers and their user experience.
  • To display personalized advertisements and content. We will process your personal data to advertise to you and provide other personalized content based on your interests and activities.
    • The legal basis for processing your personal data is to tailor your experience with us and make appropriate recommendations.
  • To administer surveys and conduct research. We will process your personal data to conduct market research, obtain product reviews, and collect feedback and ratings information as part of a customer survey.
    • The legal basis for processing your personal data is to improve our products and services and meet the goals and purpose of the research.
  • To comply with legal obligations. We will process your personal data to cooperate with public and government authorities, courts, or regulatory authorities to meet our legal obligations under applicable laws, to protect our rights, protect against misuse or abuse of our websites or services, protect personal property, protect the safety of others, pursue remedies available to us, limit our damages, comply with judicial proceedings or court orders or legal processes, respond to lawful requests, and to conduct audits.
    • The legal basis for processing your personal data is to comply with applicable laws, rules, and regulations.

Where required by law, we will obtain your prior consent to use and process your personal data, or we will rely on another authorized legal basis, such as performing a contract or having a legitimate interest.

5. Who Do We Share Your Personal Data With?

We may share your personal data with our business partners, which include:

  • Affiliates. We will share your personal data with our affiliates to the extent it is required on the basis of the affiliate’s contract with you.
  • Service Providers. We will share your personal data with our contracted service providers who provide services such as hosting, email, customer relationship management (CRM), IT and system administration, credit card and payment processing, research and analytics, and customer support.
  • Professional Advisors. We will share your personal data with our professional advisors, such as lawyers, bankers, auditors, and insurers, to the extent we are legally obligated to share or have a legitimate interest in sharing your personal data.
  • Third Party Networks and Websites. We will share your personal data with social media networks and advertising websites so we can market and advertise on third party platforms.
  • Third Party Accounts. We will share your personal data if you connect your third-party accounts through our products in order to authenticate you and fulfill any requests you have through the third-party account.
  • Third Parties in a Corporate Transaction. We will share your personal data if we are involved in a merger, acquisition, reorganization, dissolution, or other corporate change.

6. International Transfers of Personal Data

We may collect, transfer, and store your personal data in the United States. We may also collect, transfer, and store your personal data in other countries. This includes countries outside the European Economic Area (EEA) and countries with laws that have not been determined to provide an adequate level of protection under the laws of the European Union (EU) or other jurisdictions.

This means that your personal data may be processed outside your jurisdiction in countries that are not subject to an adequacy decision of the European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR) or regulatory authority. However, we will ensure that your personal data is subject to an adequate level of protection and security by entering into appropriate agreements, including the UK standard contractual clauses and the EU standard contractual clauses, or an alternative mechanism for the transfer of your personal data.

7. Children’s Data

Our websites, products, and services are not for children. We do not knowingly collect and process personal data of children under the age of sixteen (16). If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at privacy@rsa.com and we will take the necessary steps to delete their personal data from our systems.

8. Data Retention

We will retain your information no longer than is necessary for RSA’s purposes. We will retain your personal data for different periods of time depending on the category of personal data it is collected for. Some personal data may be deleted automatically, and some will be retained longer consistent with the original purpose for collecting it, for as long as required to fulfill our obligations, or as required by law.

When the retention period expires, we will delete your personal data. If there is any data that cannot be completely deleted for technical reasons, we will implement appropriate measures to prevent any further processing of such data.

9. Your Rights

You may have certain rights relating to your personal data, subject to data protection laws. These rights may include:

  • Access to your personal data
  • Information regarding our processing of your personal data
  • Rectification of inaccurate personal data
  • Erasure or deletion of your personal data
  • Restrictions on our processing of your personal data
  • Objection to our processing of your personal data
  • Opting out of certain disclosures of your personal data
  • No retaliation or discrimination for exercising your rights
  • Not being subject to decisions solely based on automated processing
  • Withdrawing consent for future processing

We do not currently use automated decision making on our websites or in our services.

9.1 How to Exercise Your Rights

To exercise your rights, please contact us at privacy@rsa.com.

Your personal data may be processed by us when we respond to these rights. We attempt to respond to all legitimate requests within thirty (30) days, unless otherwise required by law, and will contact you if we need additional information in order to honor your request or verify your identity. At times, it will take longer than thirty (30) days, considering the number and the complexity of the requests we receive. We will contact you if we need additional time to fulfill your request.

Some authorized users may update their settings and profiles by logging into their accounts.

Please be aware that your request does not guarantee complete access or comprehensive removal as the law may not permit or require removal in certain circumstances.

9.2 Your Rights in Customer Data

We may process your personal data if submitted by or for a customer of our products and services. We are the processor on behalf of our customer, who is the controller. We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those in our Privacy Policy.

If your data has been submitted to us by or on behalf of a customer and you wish to exercise any rights you have over your personal data under the applicable data protection laws, please inquire directly with our customer.

We may only access your personal data based upon our customer’s instructions. If you wish to make your request to exercise your rights with us, please provide us the name of the customer who submitted your data to us. We will refer the request to that customer and provide any support they need to respond to your request within a reasonable time.

9.3 Your Preferences for Email and SMS Communications

You have choices about how we reach you with marketing offers and about other uses of your information. To update your preferences, you can:

Please be aware that it may take up to 10 business days for your email preferences to take effect.

Opting out of marketing communications will not opt you out of receiving important business communications related to your current relationship with us, such as information about your products or services, event registrations, service announcements, or security information.

10. How we Secure Your Personal Data

We take appropriate organizational, technical, and physical measures to help safeguard against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the personal data we collect and process. The way we do this includes:

  • Using encryption when collecting or transferring sensitive data, such as credit card or banking information
  • Designing our data security safeguards to ensure the ongoing security, integrity, availability, and resilience of processing systems and services
  • Limiting physical access to our premises
  • Limiting access to the personal data we collect about you
  • Ensuring our business partners have appropriate technical and organizational security measures in place to keep your personal data protected
  • Destroying, pseudonymizing, or de-identifying personal data as required by contractual obligations and by law

We follow generally accepted standards to protect your personal data. However, no method of collection, storage, or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions.

We encourage you to keep any passwords you use confidential and to be careful to avoid “phishing” scams where someone may send you an email that appears to be from RSA asking for your personal information. RSA will not request your ID or password through email.

11. Linked Sites

For your convenience, there may be hyperlinks on our websites that link to other websites. We are not responsible for, and this Privacy Policy does not apply to the privacy practices of any linked websites or of any companies that we do not own or control. The website links may collect information in addition to the information we collect.

We do not endorse any of these linked websites, their products, services, or any of the content on their websites. We encourage you to seek and read the Privacy Policy of each linked website that you visit to understand how the information that is collected about you is used and protected.

12. California Privacy Rights Act Disclosures

The California Privacy Rights Act (CPRA) requires businesses to disclose whether they sell personal data, which the CPRA calls “personal information.” For the purposes of this Section 12, “personal data” includes all “personal information” as defined by the CPRA.

As a business covered by the CPRA, we do not sell personal data for monetary consideration. We may share personal data with others or allow them to collect personal data from our websites or services if they are affiliates, third parties authorized by us, or business partners who have agreed to our contractual requirements regarding retention, use, and disclosure of personal data, or if you use our products or services to interact with third parties or direct us to disclose your personal data to third parties.

If there is any conflict between this Section 12 and the rest of our Privacy Policy, the terms of Section 12 shall prevail as to the personal data of California residents that is subject to the CPRA.

12.1 Categories of Personal Data Disclosed

The CPRA requires us to detail the categories of personal data that we disclose for certain business purposes. In the preceding twelve (12) months, we may have collected the following categories of personal data listed:

  • Identifiers: name, mailing address, email address, IP address, and other similar identifiers
  • Commercial information: records of products and services purchased and other consumer history or tendencies
  • Internet or network activity information: browsing or search history, interaction with our websites
  • Geolocation data: physical location of an internet connected device
  • Financial information: bank account number, credit card number, and other similar pieces of financial data
  • Professional and employment-related information: job history, job titles
  • Inferences drawn from any of these categories
12.2 Business Purposes

In the preceding twelve (12) months, we may have collected and processed your personal data for various business purposes, including:

  • Performing professional services
  • Selling a product
  • Detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity
  • Debugging to identify and repair errors that impair functionality
  • Undertaking activities to verify or maintain the quality or safety of our products and services, and to improve, upgrade, or enhance our products and services

In the preceding twelve (12) months, we may have shared your personal data with our affiliates, vendors, and suppliers that provide services on our behalf, and other third parties such as business partners, advertising networks, internet service providers, data analytics providers, operating systems and platforms, providers of identity verification services, regulatory bodies, and government authorities.

12.3 CPRA Rights

California’s laws grant state residents certain rights under certain circumstances in relation to their personal data:

  • Right to Opt-Out of Sale: we do not sell your personal data for monetary consideration. However, we do share personal data, which could be considered a “sale” under the definition provided in the CPRA. You have the right to direct us not to sell your personal data by notifying us at privacy@rsa.com. You also have the right to opt-out of targeting advertising when you opt-out of the sale of personal information. We may still use aggregated, pseudonymized, and de-identified personal data that does not identify you or any individual. We may also retain your personal data as needed to comply with our legal obligations, to enforce agreements, and to resolve disputes.
  • Right to Access: you may request disclosure about our collection and use of your personal data in the past twelve (12) months. This includes the categories of personal data we have sold or disclosed for a business purpose about you, and the categories of third parties to whom the personal data was sold or disclosed. This includes your right to request disclosure of specific pieces of your personal data such as:
    • The categories of personal data that we have collected about you
    • The categories or sources from which we collected the personal data
    • The business or commercial purpose for collecting or selling the personal data
    • The categories of third parties with whom we share personal data
    • The specific pieces of personal data we have collected about you
    • The categories of personal data we have disclosed about you for a business purpose
    • The categories of personal data that we have sold about you
    • The categories of third parties to whom we sold the personal data

    The information may be delivered by mail or electronically. If it is provided electronically, it will be portable and in a readily usable format so you can transmit the information to another entity or person.

  • Right to Request Deletion: you may request that we delete any personal data that we have collected from you. We will not delete the personal data if it will create problems with the completion of a transaction or compliance with a legal obligation. This right to request deletion is subject to our right to maintain your personal data for specific purposes allowed under the CPRA.
  • Right to Non-Discrimination: we will never discriminate against you by denying goods or services or providing a different level or quality of goods or services if you exercise any of these rights that have been granted to you.
  • Right to Correct Inaccuracies: you may request a business that maintains inaccurate personal information about the consumer to correct that inaccurate personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.
  • Right to Limited Usage: you may limit how your sensitive personal information is used and who it is shared with.
12.4 How We Handle Your Requests

As part of processing your request, we will require you to provide certain personal data about you to verify your identity in accordance with CPRA requirements. This information may include your first and last name, email address, physical address, telephone number, account number, and the nature of your relationship with us.

You may also designate an authorized agent to make a request on your behalf. To comply with such a request, we will require the personal data referenced above for identification verification purposes as well as the first and last name, email address, and telephone number of your authorized agent.

Once we verify your request, we will make every attempt to respond within forty-five (45) days. If we require more time, we will inform you of the reason and the extension period in writing. If we cannot comply with your request, we will respond in writing with the reasons why.

Any disclosure will only cover the twelve (12)-month period preceding the receipt of the request.

We do not charge a fee to process or respond to your request unless there are excessive, repetitive, or manifestly unfounded requests. If we determine that your request warrants a fee, we will tell you why, in writing, along with a cost estimate before completing your request.

You may only make a personal data access request up to two (2) times in any twelve (12) month period.

12.5 Residents Under 18

If you are a California resident under the age of eighteen (18) and have registered for an account with us, you may request that we remove content or information that you have posted to our websites. This request does not ensure that we will completely remove the content or information as some of your content may have been reposted by another user. If you are a California resident under the age of thirteen (13) must get permission from a parent or guardian to opt-in.

13. Changes to This Privacy Policy

We will update this Privacy Policy from time to time to reflect changes in our practices, technologies, and legal requirements. We will update the effective date at the end of this document.

If we make a material update, we may provide you with notice prior to the update taking effect by posting a notice on our websites or contacting you directly. We will seek your consent to these changes where required by applicable law if feasible.

We encourage you to periodically review this Privacy Policy to stay informed about our collection, processing, and sharing of your personal data.

By accessing or using the Site in any manner, shall be considered acceptance of this Privacy Policy.

14. COVID-19 Screening Tool and Thermal Vision Camera

In order to help reduce the risk of COVID-19 infections and keep our communities safe, all RSA employees, contingent workers, and visitors must complete a daily health survey and pass a thermal body temperature screening in order to gain access to RSA premises. The thermal vision camera measures your body temperature on an anonymous basis and RSA does not retain your body temperature. If your body temperature is equal to or above 100 degrees Fahrenheit, you will be denied entry and/or asked to leave RSA premises.

The health survey screening tool, available via an app or web portal, collects your name, email address, and certain health data you voluntarily provide. This information will be retained on your device and not shared with RSA unless you self-report that you are COVID-19 positive. In that case, the tool will notify the appropriate RSA team, and your email address will be retained for up to 30 days (subject to local laws) so RSA may contact you as it takes appropriate action to protect the health and safety of individuals at RSA physical locations. Your COVID-19 positive status will be shared with the RSA team and applicable public health authorities (as required by law). Your status will also be shared on an anonymous basis with potentially infected individuals for contact tracing purposes.

15. Notification of Copyright Infringement Concerns

If any User believes that its copyrighted work has been copied and is accessible on the RSA websites in a way that constitutes copyright infringement, please send a notice to:

RSA Security LLC
Attn: RSA Legal
176 Middlesex Turnpike
Bedford, MA 01730
Email: Legalnotices@rsa.com

Notices must include each of the following:

  1. The electronic or physical signature of the owner of the exclusive right that is allegedly infringed, or the electronic or physical signature of someone authorized to act on the owner’s behalf;
  2. Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site;
  3. Identification of the material, claimed to be infringing or to be the subject of infringing activity, for which disabling of access or removal is sought, and information reasonably sufficient to permit us to locate the material;
  4. If the infringement claimed is by reason of intermediate and temporary storage, or caching, of material, include also a statement confirming that the infringing material has been removed from the originating site or access to it has been disabled or that a court has ordered that the material be so removed or that access to such material be disabled;
  5. If the infringement claimed is by reason of referring or linking users to an online location containing infringing material or infringing activity, by using information location tools, then, instead of the identification under paragraphs (3) or (4), provide identification of the reference or link, to the claimed material or activity, that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit us to locate that reference or link;
  6. Information reasonably sufficient to permit us to contact you, such as an address, telephone number, and, if available, an electronic mail address at which you may be contacted;
  7. A statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and,
  8. A statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

16. Acceptable Use Policy

16.1 Generally

RSA and its affiliates Acceptable Use Policy (“AUP”) is intended to foster responsible use of RSA’s infrastructure, networks, cloud-based offerings, systems, services, websites, facilities and products (collectively, the “RSA Infrastructure and Services”) by our customers and other users. Users consent to be bound by the terms of this AUP. RSA reserves the right to modify this AUP in its discretion at any time. Modifications will be effective when posted and users are expected to check this page from time to time to take notice of any changes we make, as they are legally binding on each User. Users’ use of the RSA websites after we make modifications constitutes acceptance of our modifications.

16.2 Suspension; Termination

If RSA determines that any User has violated any portion of this AUP, RSA may terminate the User’s use of the website. RSA will suspend service for violation of the AUP on the most limited basis as RSA determines is reasonably practical under the circumstances to address the underlying violation. RSA will attempt to notify User prior to suspending service for violation of the AUP (which may be via email or any other notification). However, RSA may suspend service without notice if RSA becomes aware of a violation of this AUP or any applicable law or regulation that exposes RSA to criminal or civil liability, or that exposes RSA or any third party property to harm. Harm may include, but is not limited to, risk of having one or more IP addresses placed on blacklists. RSA may take any further action as RSA deems appropriate under the circumstances to eliminate or preclude repeat violations. RSA is not liable for any type of damages that Users or third parties may suffer resulting in whole or in part from RSA’s exercise of its rights under this AUP. This exclusion of liability does not include RSA’s liability for death or personal injury caused by its negligence, or any other liability that RSA cannot exclude or limit by law.

17. RSA Mobile App

To learn more about the information we may process during the use of our Mobile App, click here.

18. RSA Text Message (SMS) Authentication

To learn more about the information we may process during the use of text message-based one-time passcode (OTP) authentication, click here.

19. Miscellaneous

To learn more important information about the Terms of Use of this website, click here.
This website may contain links or frames of other websites, which may or may not be affiliated with RSA. These links and frames are available with the sole purpose of providing further benefits to users. The inclusion of these links and frames does not mean that RSA has knowledge of, agrees or is responsible for them or their content. Therefore, RSA cannot be held liable for any loss or damage suffered as a result of using such links or frames.

20. Contacting Us

To exercise your rights regarding your personal data, or if you have questions about this Privacy Policy or our privacy practices, please email us at privacy@rsa.com or write to us at:
RSA Security LLC
Attention: Law Department – Privacy
176 Middlesex Turnpike
Bedford, MA 01730 USA

Please be aware that your request may have limitations, according to applicable law.

Effective Date: January 12, 2023.

©2023 RSA Security LLC or its affiliates. All rights reserved. RSA Conference logo, RSA and other trademarks are trademarks of RSA Security LLC or its affiliates. Other trademarks may be trademarks of their respective owners.