For EclecticIQ B.V. and/or its group member companies ("EclecticIQ", “Controller”) it is an essential goal to ensure that we protect the information entrusted to us by you, our customers, and the users of our company websites, services and extensions, including the EclecticIQ Threat Scout browser extension. At EclecticIQ, we are unwavering in our commitment to the highest standards of privacy and data protection, recognizing that such measures are essential for the maintenance of your privacy and for the professional standards to which EclecticIQ is holding itself.
We believe it is important to be transparent about our information handling practices. We are committed to fulfilling the requirements under the General Data Protection Regulation ("Algemene Verordening Gegevensbescherming") (hereafter referred to as "GDPR") and ensuring that you can exercise your rights thereunder.
Our collection and processing of personal information varies by context. Below you can find information regarding how we process different categories.
In this Privacy Notice we will use the terminology as defined in the GDPR. This Privacy Notice does not extend to third party websites or services linked through our offerings that are not affiliated with EclecticIQ.
How we collect your data?
Most of the data we collect is provided directly by you. We collect data and process data when you:
- Register online or place an order for any of our products or services.
- Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
- Use or view our website or extensions via your browser’s cookies.
- Provide us with information in relation to your attendance at any of our hosted events.
- Fill in forms on our website.
- Contact us for enquiries about our services or job applications.
Types of data collected
The specific data we collect depends on your use of our website, products, services, or extensions. This includes:
- Contact details such as name, address, telephone number and email to respond to any queries that you may have or to comply with the legal obligations we are subject to in the Netherlands or in other jurisdictions. Some of these legal obligations are related to the processing of so-called special categories of personal data.
- Employment and financial information for service provision or contractual relationships.
- Professional information such as job titles, previous roles, and professional experience and qualifications, where you provide the information to us, information concerning your interests both business and personal and content you have uploaded to handle your job application.
- Details regarding your attendance at our events, or an event where we met you, details of your visits to our website including, but not limited to, traffic data, location data, and web logs; Feedback, comments or questions about EclecticIQ, or concerning our programs and services, clickstream behavior such as which links you click and when. We may obtain personal data about you from other sources, such as public registers or other publicly available information. We collect those to optimize your use of the website or services in order to have an experience which is truly tailored to you based on your personal data and for marketing and business development activities, such as newsletters, invitations or registration for our events and other marketing communications that may be of interest to you;
- Unique user information such as login ID, IP address, username, password and security question and photos or video of you recorded at our premises. We might collect those in the context of prevention and mitigation of cyber incidents and threats and to verify your identity in the event of a data subject request or a security incident.
- For all EclecticIQ Threat Scout users (browser extension): OpenAI API keys are collected for authentication and functionality with OpenAI services, and for our customers, we also collect the Intelligence Center API key.
Legal basis for processing
We process your personal data based on performance of a contract, compliance with a legal obligation, legitimate interest, and/or your consent.
For EclecticIQ Threat Scout users, processing is based on explicit consent provided when submitting API keys, and for customers, also to perform a contract. Consent can be withdrawn at any time by removing the API key from the browser extension. Your use of EclecticIQ Threat Scout will then be limited to the basic extraction of observables which does not require your API keys for OpenAI and our Intelligence Center.
Data retention
We are committed to retaining your personal data only as long as necessary to serve the purposes for which it was collected, comply with legal obligations, or protect and exercise our legal rights. For instance, your email address used for newsletter subscriptions will be retained until you choose to unsubscribe. Similarly, personal data from job applications is deleted automatically after 120 days, or sooner if you request.
Additionally, for users of EclecticIQ Threat Scout, we retain your OpenAI API keys and, for customers, the Intelligence Center API keys, until you decide to delete these keys from the browser extension.
Data sharing practices
In our commitment to transparency and privacy, we detail our practices regarding the sharing of your personal data. This is in line with our Privacy Notice and Cookie Notice, which guide how we manage the personal information entrusted to us.
Your personal data may be shared within EclecticIQ’s group of member companies, including affiliates, agents, and service providers. This collaboration enables us to present you with products or services that might capture your interest or to process information on our behalf. It's important to note that personal data submitted for job applications through our corporate website is exclusively shared with our recruitment and hiring team, maintaining confidentiality and dedicated handling.
For broader operational and strategic needs, we may also share your personal data with the following entities and their successors:
- Group Member Companies: Including but not limited to EclecticIQ North America, Inc., to facilitate a unified approach to offering services and support.
- Agents, Partners, and Vendors: This includes distributors, resellers, and other partners who play a role in the distribution and provision of our products and services.
- Suppliers, Processors, and Service Providers: Entities that assist with our operational needs, from processing information to providing essential services, along with our legal representatives and auditors.
- Strategic Transactions: In scenarios involving investments, mergers, acquisitions, divestitures, or other forms of corporate restructuring, we might share personal data with third parties. Such sharing occurs only under legitimate circumstances.
- Regulatory and Law Enforcement Agencies: Including local, European, and international supervisory authorities. We share data when it's necessary to comply with legal obligations, defend our legal rights, or protect the vital interests of individuals.
Our approach to data sharing is designed to respect your privacy while ensuring we can offer valuable services and comply with our legal obligations. We take careful measures to ensure that any sharing of personal data aligns with the high standards of data protection and privacy you expect from us.
Data security and data transfers
To safeguard your personal information, we employ stringent security protocols. These measures are designed to protect your data against unauthorized access, alteration, disclosure, or destruction.
Our handling of personal data, as outlined in this Privacy Notice, potentially involves transferring such data across international borders to countries whose data protection regulations may not offer the same level of protection as those within the European Union. We commit to transferring personal data only to entities that provide a sufficient level of data protection, in compliance with European legal standards. To this end, we enter into contractual agreements that ensure the protection of your personal data according to European data protection norms.
Specifically for users of EclecticIQ Threat Scout, the sharing of your OpenAI API key with OpenAI necessitates an international data transfer to the United States. We have implemented appropriate data protection measures to guarantee that your information remains secure and is treated in a manner that meets European data protection requirements.
Marketing
EclecticIQ would like to send you information about products and services of ours that we think you might be interested in and you might like, as well as those of our partners.
If you have agreed or have subscribed to receiving our marketing materials, you may always opt out at a later date. You have the right at any time to stop us from contacting you for marketing purposes or giving your data to other members of our company group.
Your rights under the GDPR
You have rights including the right to be informed, access, rectification, erasure, restrict processing, data portability, object, and rights related to automated decision making and profiling. If you wish to exercise your rights or have questions, remarks or complaints regarding the collection or use of your personal data or regarding this Privacy Notice, please contact the relevant website or service provider or at EclecticIQ you may contact legal@eclecticiq.com. If you believe that we do not comply with applicable privacy and data protection regulations, you may file a complaint to legal@eclecticiq.com or alternatively with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
Cookies
Cookies are small files that record and store on your device the details of your activity when visiting a website. Cookies help to analyze web traffic and allow web applications to respond to you as an individual. Check our Cookie Notice.
Updates to this Privacy Notice
We will update this Privacy Notice regularly to reflect changes in compliance obligations and advancements. We advise you to check our website regularly for updates.
Contact information
The details for contacting us are available at www.eclecticiq.com/contact. If you wish to exercise your rights or have questions, remarks or complaints regarding the collection or use of your personal data or regarding this Privacy Notice, please contact legal@eclecticiq.com.
Personal Data of Children
EclecticIQ does not direct any of its pages, products or services to children, as defined under applicable law, and we do not knowingly collect personal data from children. We are committed to protecting the privacy needs of children and we encourage parents to monitor their children’s online activities and interests.
If you become aware that your child has provided us with their personal data without your consent, please contact us at legal@eclecticiq.com and we will delete his/her data from our files.