RSA is committed to protecting the privacy and security of all personal data we collect when you access, use, or interact with us via our websites, marketing communications and personal data we process in order to provide services to our customers. We receive limited personal data from our customers.
We collect “personal data,” which means information relating to an individual who can be identified, directly or indirectly, by reference to an identifier, such as a name, identification number, location data, or an online identifier.
The types of information we collect about you depends on your use of our products, services and the ways that you interact with us, and includes information we obtain from third parties. This may include information about:
We do not intentionally collect special categories of personal data which includes sensitive information such as:
You are not required to provide, nor should you disclose this information as we do not intend to process sensitive information. However, if you do disclose, you acknowledge that you consent to our collecting and processing of these special categories of data.
The types of personal data we collect about you depends upon your use of our products and services and the ways that you interact with us.
We ask for and collect personal data from you in the following instances:
If you believe your personal data has improperly been provided to us, or if you want to exercise your rights relating to your personal data, please contact us at firstname.lastname@example.org.
We may collect your personal data from other sources such as publicly available information and third-party sources that we purchase personal data from. The third-party sources may change over time and may include:
The personal data may include identifiers, professional or employment related information, education information, commercial information, visual information, internet activity information, social media profiles, and inferences about preferences and behaviors. We may combine information from other sources with the personal data provided by you.
This data helps us keep our records updated, identify new customers, and create tailored advertising for products and services that may be of interest to you.
We use information gathering tools such as cookies, web beacons, pixels, and similar technology to automatically collect information that might contain your personal data when you use our websites and services or interact with emails we send you.
Our websites automatically collect data about you when you visit the websites. This information may include:
We use this information to analyze overall trends, help us improve our websites, offer a personalized experience for website users, and secure and maintain our websites.
We also automatically collect information as part of your use of our products and services. This information may include:
We use this information to maintain the security of our websites and our products and services, provide necessary functionality, improve the performance of services, assess and improve customer and user experience, validate that you are an authorized user, review compliance with usage terms, identify future opportunities for service development, assess capacity needs and requirements, and identify customer opportunities.
Device and usage data is primarily used to identify the unique uses of our websites instead of identifying specific individuals unless identity is required for security purposes or to provide services to the individual.
Our websites, online services, interactive applications, email messages, and advertisements may use tracking technologies such as web beacons, pixels, tags, and cookies to help us tailor your experience, better understand your preferences, tell us which parts of our websites you have visited, and facilitate and measure the effectiveness of our interest-based advertisements and web services, and gather information about the use of our websites and the interactions with our emails.
Web beacons and pixels are used on our websites and in our emails to help deliver cookies, gather usage and performance data, and operate and improve our websites and marketing emails.
Cookies are alphanumeric identifiers that are stored on your device’s local storage through your web browser for recordkeeping purposes. Some cookies allow us to make it easier for you to navigate our websites and services, improve and customize your browsing experience, and infer your browsing preferences, while others are used to enable a faster log-in process or allow us to track your online activities over time and across our webpages.
We use both session-based and persistent cookies.
There are four categories of cookies:
Depending on your personal preferences, you can edit your browser options by using the “Help” function in your browser toolbar. You can prevent your computer from accepting new cookies, have the browser notify you when you receive a new cookie, or disable all cookies. However, it is important to note that if you block or delete cookies that we use on our websites, you will still be able to browse certain areas of the websites, but some features may not function properly.
We may use Flash Local Storage Objects (Flash LSOs) to store your website preferences and to personalize your visit. Flash LSOs are different than browser cookies because of the amount and type of data stored. Typically, you cannot control, delete, or disable acceptance of all Flash LSOs through your web browser. For more information about Flash LSOs and to learn how to manage your settings for Flash LSOs, go to the Adobe Flash Player Help Page.
Invisible Images are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your device’s local storage, these images are embedded invisibly on web and application pages.
We may use invisible images, which are also known as web beacons, web bugs, or pixel tags in connection with our websites and service offerings to, among other things, track the activities of website visitors and application users, help us manage content, and compile statistics about website usage.
We, and our third-party service providers, also use invisible images in HTML emails to our customers to help us track email response rates, identify when our emails are viewed, and to track whether our emails are forwarded.
We may use information about your visit to our websites, such as pages you visit, items you view, and your responses to our advertisements and emails. This information allows us to make the advertisements you see more relevant to you. To update your preferences, you may click “unsubscribe” in any email marketing communication that is sent to you.
It may take up to ten (10) business days for your email preferences to take effect.
You may also visit the opt out pages to opt out of many third-party advertising networks through various trade association websites such as:
However, using these opt out pages does not mean that you will no longer receive advertising through our websites or services, or on other third-party websites.
We, and our third-party service providers, including Google, may use the information that we collect about you, whether directly from our website, from our mobile applications, through your device, or from a third party, to help us and our third-party service providers identify other devices that you use, such as a mobile phone, tablet, or other computer.
We, and our third-party service providers may also utilize the cross-device use information we learn about you to serve targeted advertising on your devices and to send you emails.
To opt out of cross device use, you may opt out of third-party advertising (see Section 3.7). However, if you opt out of these advertising cookies, your opt out will be specific to the web browser, application, or device from which you accessed the opt out. If you use multiple devices or web browsers, you will need to opt out of each device and each browser on each device that you use.
We do not engage in “sales,” “shares,” or targeted advertising as those terms are defined under applicable laws and therefore, our websites do not recognize the Global Privacy Control (“GPC”) signal. For more information and to download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.
Some internet browsers offer a “Do Not Track” option that allows you to tell websites that you do not want your online activities tracked. There is currently no industry common standard, therefore, we do recognize these Do Not Track signals on our websites. We take privacy and your preferences seriously and will continue to monitor Do Not Track developments and the adoption of a standard.
We are responsible for the content we publish using social media platforms, but we are not responsible for managing the social media platforms or the data they collect and process. Our websites have social media sharing plugins. These widgets may allow you to post information about your activities on our websites on outside platforms and social networks. You may also be able to like or share information we have posted on our websites or our branded social media pages. If the social media pages are hosted by the individual platforms and you click through to the site from our websites, the platform may receive information showing that you visited our websites. If you are logged into the social media site at the time you click through, the social media site may be able to link your visit to our websites with your social media profile.
If you use features of our services on your mobile device, we may collect telephony log information, including phone numbers, time and date of the calls, duration of the call, SMS routing information. We may collect device event information, such as system activity, hardware settings, and browser language. We may also collect location information through GPS, IP address, WiFi access points and cell towers, and other sensors that provide us with information on nearby devices.
We collect and process your personal data for the following purposes:
Where required by law, we will obtain your prior consent to use and process your personal data, or we will rely on another authorized legal basis, such as performing a contract or having a legitimate interest.
We may share your personal data with our business partners, which include:
We may collect, transfer, and store your personal data in the United States. We may also collect, transfer, and store your personal data in other countries. This includes countries outside the European Economic Area (EEA) and countries with laws that have not been determined to provide an adequate level of protection under the laws of the European Union (EU) or other jurisdictions.
This means that your personal data may be processed outside your jurisdiction in countries that are not subject to an adequacy decision of the European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR) or regulatory authority. However, we will ensure that your personal data is subject to an adequate level of protection and security by entering into appropriate agreements, including the UK standard contractual clauses and the EU standard contractual clauses, or an alternative mechanism for the transfer of your personal data.
Our websites, products, and services are not for children. We do not knowingly collect and process personal data of children under the age of sixteen (16). If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at email@example.com and we will take the necessary steps to delete their personal data from our systems.
We will retain your information no longer than is necessary for RSA’s purposes. We will retain your personal data for different periods of time depending on the category of personal data it is collected for. Some personal data may be deleted automatically, and some will be retained longer consistent with the original purpose for collecting it, for as long as required to fulfill our obligations, or as required by law.
When the retention period expires, we will delete your personal data. If there is any data that cannot be completely deleted for technical reasons, we will implement appropriate measures to prevent any further processing of such data.
You may have certain rights relating to your personal data, subject to data protection laws. These rights may include:
We do not currently use automated decision making on our websites or in our services.
To exercise your rights, please contact us at firstname.lastname@example.org.
Your personal data may be processed by us when we respond to these rights. We attempt to respond to all legitimate requests within thirty (30) days, unless otherwise required by law, and will contact you if we need additional information in order to honor your request or verify your identity. At times and as permitted by applicable law, it may take longer than thirty (30) days, considering the number and the complexity of the requests we receive. We will contact you if we need additional time to fulfill your request.
Some authorized users may update their settings and profiles by logging into their accounts.
Please be aware that your request does not guarantee complete access or comprehensive removal as the law may not permit or require removal in certain circumstances.
If your data has been submitted to us by or on behalf of a customer and you wish to exercise any rights you have over your personal data under the applicable data protection laws, please inquire directly with our customer.
We may only access your personal data based upon our customer’s instructions. If you wish to make your request to exercise your rights with us, please provide us the name of the customer who submitted your data to us. We will refer the request to that customer and provide any support they need to respond to your request within a reasonable time.
You have choices about how we reach you with marketing offers and about other uses of your information. To update your preferences, you can:
Please be aware that it may take up to 10 business days for your email preferences to take effect.
Opting out of marketing communications will not opt you out of receiving important business communications related to your current relationship with us, such as information about your products or services, event registrations, service announcements, or security information.
We take appropriate organizational, technical, and physical measures to help safeguard against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the personal data we collect and process. However, no method of collection, storage, or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions.
The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information or lawfully obtained, truthful information that is a matter of public concern. For purposes of this “Notice to California Residents” section we will refer to this information as “Personal Information.”
We currently collect and in the preceding twelve (12) months, we have collected the following categories of Personal Information:
We collect Personal Information directly from California residents and from data brokers, email service providers, social networks, and joint marketing partners. We do not collect all categories of Personal Information from each source.
In addition to the purposes stated above in the section “Purposes and Legal Bases for Processing Personal Data” we currently collect and have collected the above categories of Personal Information for the following business or commercial purposes:
Identifiers (name, postal address, email address, IP address, and other similar identifiers)
Operating systems and platforms; customer relationship management platforms; identity verification providers; regulatory bodies; government authorities; internet service providers
Personal information described in California’s Customer Records statute (California Civil Code § 1798.80(e)) (bank account number, credit card number, debit card number, or any other financial information)
Commercial information (records of products and services purchased and other consumer history tendencies)
Operating systems and platforms; customer relationship management platforms; internet service providers
Internet or other electronic network activity information (browsing or search history, and information regarding consumer’s interaction with our websites)
Operating systems and platforms; customer relationship management platforms; internet service providers
Operating systems and platforms; customer relationship management platforms; internet service providers
We disclosed Personal Information for the following business or commercial purposes:
We retain your Personal Information in accordance with Section 8 “Data Retention” above.
If you are a California resident you have the following rights with respect to your Personal Information:
You may submit a request to know, delete, and/or correct by calling us toll free at 1.800.995.5095 or by emailing us at email@example.com.
We will comply with your request upon verification of your identity, and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable. To do so, we will ask you to verify date points based on information we have in our records concerning you.
We do not disclose personal information obtained through our websites and services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.
If we make a material update, we may provide you with notice prior to the update taking effect by posting a notice on our websites or contacting you directly. We will seek your consent to these changes where required by applicable law if feasible.
In order to help reduce the risk of COVID-19 infections and keep our communities safe, all RSA employees, contingent workers, and visitors must complete a daily health survey and pass a thermal body temperature screening in order to gain access to RSA premises. The thermal vision camera measures your body temperature on an anonymous basis and RSA does not retain your body temperature. If your body temperature is equal to or above 100 degrees Fahrenheit, you will be denied entry and/or asked to leave RSA premises.
The health survey screening tool, available via an app or web portal, collects your name, email address, and certain health data you voluntarily provide. This information will be retained on your device and not shared with RSA unless you self-report that you are COVID-19 positive. In that case, the tool will notify the appropriate RSA team, and your email address will be retained for up to 30 days (subject to local laws) so RSA may contact you as it takes appropriate action to protect the health and safety of individuals at RSA physical locations. Your COVID-19 positive status will be shared with the RSA team and applicable public health authorities (as required by law). Your status will also be shared on an anonymous basis with potentially infected individuals for contact tracing purposes.
To learn more about the information we may process during the use of our Mobile App, click here.
To learn more about the information we may process during the use of text message-based one-time passcode (OTP) authentication, click here.
RSA Security LLC
Attention: Law Department – Privacy
2 Burlington Woods Drive Suite 201
Burlington, MA 01803 USA
Please be aware that your request may have limitations, according to applicable law.
Effective Date: February 1, 2024.
©2024 RSA Security LLC or its affiliates. All rights reserved. RSA Conference logo, RSA and other trademarks are trademarks of RSA Security LLC or its affiliates. Other trademarks may be trademarks of their respective owners.