MetaAccess Privacy Policy

Last Update: 8 June 2022

Version: 3.0

Summary

This privacy policy explains what information OPSWAT Inc. and all of its subsidiaries worldwide (referred to as “OPSWAT,” “we,” “us,” and “our”) gather about individuals who provide us with personal information. It outlines what we use that information for and who we give that information to. It also sets out your privacy rights in relation to your own personal information, and it tells you who to contact for more information about this policy.

In this privacy policy, your personal information is sometimes called “personal data.” We collectively refer to collecting, handling, using, protecting, or storing your personal information as “processing.”

Although you do not have to provide any of your personal information to us, if we ask you to do so and you refuse, we may be unable to provide you with the information, goods, or services you want from us.

IMPORTANT

Please do not provide us with your personal information unless we ask you for it.

Scope

We take data protection very seriously, and we are fully committed to protecting your personal information. This privacy policy describes how we handle the personal information we collect and process through MetaAccess.

It is our policy to collect only the minimum information required from you. If you believe that we have gone beyond that, please contact us to raise any concerns you may have. A list of contact methods is provided at the bottom of this privacy policy.

Personal information (personal data) is anything that enables you to be identified or identifiable including but not limited to:

First and last name
Email address, postal and IP addresses
Telephone numbers
National identification/social security and national insurance numbers
Job titles and occupation
Bank accounts
Any contact information

IMPORTANT

We only collect personal information through MetaAccess that we believe to be relevant and required to provide you with requested information and services and to conduct our business.

As you use MetaAccess, you may link to third-party sites not controlled by us and which do not operate under our privacy practices. When you link to third-party sites, our privacy practices no longer apply. We encourage you to review each third-party site's privacy policy before disclosing any personally identifiable information.

We do not intend to collect special category (also known as sensitive) personal information through our website(s) (unless we are legally required to do so). Examples of special category information are: race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and criminal records.

We ask that you do not provide us with special category personal information when using MetaAccess.

Cookies and similar technologies

With respect to your use of an Internet browser to interact with MetaAccess you should be aware that like many businesses with websites and cloud services, we may also use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. You can control our use of cookies with respect to your device by changing options in the Internet browser you use. We will display notices to you about cookies and prompt you to accept or reject a cookie from us. If you do not accept cookies, however, you may not be able to use all portions or features of MetaAccess. For more information about our use of cookies, please visit OPSWAT Cookies Policy.

Rights in relation to your information

You have the following rights regarding your Personal Data which you can invoke by going to https://go.opswat.com/myuserright and following the steps described there:

Right of Access.

You have the right to access your Personal Data that we hold about you, i.e. the right to require free of charge:

information whether your Personal Data is retained,
access to duplicates of the Personal Data retained,

Upon your request, along with a duplicate of the data we retained, we will provide you information related to – purpose of the processing, personal data we collect, entities to which we transferred them, time we keep your Personal Data, if possible, and the criteria we used to decide the period, your rights as European Union Citizen, unless the data was collected directly from you, the source of the data, and whether there is an automated decisional process,

If the effort of identifying data may be too much, or it may infringe the rights of other people, we have the right to refuse your request, in which case You may file a complaint with a supervisory authority or invoke a dispute resolution process as described below.

Right to Rectification.

When we process your Personal Data, we shall try to ensure that your Personal Data is accurate and up-to-date for the purposes for which it was collected. If your Personal Data is inaccurate or incomplete, you can change the information.

Right to suspend the processing

You have the right to request the termination of the processing with or without deletion of the data we have collected where one of the following applies:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability

You have the right to receive the Personal Data concerning you, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance us.

Right to delete.

You have the right to obtain deletion by us of Personal Data concerning you.

If we delete your Personal Data, you may lose access to OPSWAT services which require creation and registration with us of a user account ("User Account") by you.

In some cases, deletion of Personal Data used to create the User Account, is complicated. Namely, if your User Account has a commercial business relationship with OPSWAT (in other words, a relationship where you are making payments to us or we are making payments to you), you will only be able to obtain deletion by us your Personal Data after you and OPSWAT have dissolved the commercial business relationship associated to that User Account. In some cases, considering the complexity and number of the requests, the period of time we take to delete your Personal Data may be extended, but for no longer than two further months after the dissolution of the commercial business relationship.

Right to Object.

When our processing of your Personal Data is based on legitimate interests according to Article 6(1)(f) of the GDPR, you have the right to object to this processing. If you object we will no longer process your Personal Data unless there are compelling and prevailing legitimate grounds for the processing as described in Article 21 of the GDPR; in particular, if the data is necessary for the establishment, exercise or defense of legal requirements.

You also have the right to lodge a complaint at a supervisory authority.

Contact Information:

If you are a resident of the European Economic Area, our lead supervisory authority is the Romanian Data Protection Agency which may be contacted at:

Autorității Naționale de Supraveghere a Datelor cu Caracter Personal

B-dul G-ral. Gheorghe Magheru 28-30, sector 1, 010336, București,

anspdcp@dataprotection.ro,

Phones: +40.318.059.211, +40.318.059.212

www.dataprotection.ro

You can also contact our data protection officer at the address below. Our European representative for data protection questions is:

OPSWAT Romania SRL

Timișoara, România

If you are a resident of the United Kingdom, you may contact the United Kingdom's Information Commissioner Office (ICO). The ICO can be contacted by the following means:

Form: www.ico.org.uk/global/contact-us/email/
Telephone: 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers).
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

If you are a resident of Switzerland, you may contact the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html).

Again, if you would like to exercise these rights or determine what, if any, personal information we have about you, please go to https://go.opswat.com/myuserright and follow the steps as described.

Automated decision making

We will not use your personal information for automated decision making or profiling.

Children

We understand the importance of protecting children's privacy and we never knowingly collect personal information about individuals under the age of 16. We adhere to laws regarding marketing to children.

IMPORTANT

If you are under 16 years of age, we ask that you do not use MetaAccess.

How we process your personal information through MetaAccess

If you create an account:

Account Information
Data We Collect	First name Last name Email address Company name Phone number
How We Use Your Data	Validate that you are human and not a robot when you create an account Authenticate your secure access to your account when you log-in Create an OPSWAT Portal account for you Associate your requests for support with your account Troubleshoot an issue that you are reporting
Your Choices	Refer to Rights in relation to your information section for your choices with respect to: Deleting your account Restricting our use of your data Correcting or updating data in your account Accessing your data Restricting access to your account (or later restoring access) Obtaining a new password if you forget your current password
Service Providers With Which We Share Data	Amazon AWS where we host user management services such as login and registration. Salesforce, which provides the platform through which you submit requests for support. We also respond to your support requests through Salesforce. Coastal Cloud which we use for Salesforce account consulting. As a Salesforce consultant, Coastal Cloud may have access to information hosted within our Salesforce account. Hubspot, which we use to document and to follow up your requests to be contacted by us or to subscribe to our newsletter. For example, we maintain our newsletter subscriber base in Hubspot and use Hubspot to notify relevant OPSWAT representatives of the details of your request for contact. Slack, which Hubspot uses to notify proper OPSWAT representatives via Slack notification. For example, if you subscribe to our newsletter, the appropriate OPSWAT representatives will be notified via a Slack message. Microsoft Office 365, which Hubspot uses to notify proper OPSWAT representatives via email notification. For example, if you subscribe to our newsletter, the appropriate OPSWAT representatives will also be notified via email.
Retention Policy	If your account remains inactive for 6 months, we will deactivate it. Unless you ask us to reactive it, after another 6 months following deactivation, we will delete your account.

Monitoring Information
Data We Collect	IP address Hostname
How We Use Your Data	For dynamic tracing and metrics analysis to improve the services we provide
Your Choices	Refer to User Rights section for your choices with respect to: Deleting your account Restricting our use of your data Correcting or updating data in your account Accessing your data Restricting access to your account (or later restoring access) Obtaining a new password if you forget your current password
Service Providers With Which We Share Data	Datadog, which provides the tools we use to monitor our services
Retention Policy	Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your user rights.

If you are invited to your organization account:

User Information
Data We Collect	First name Last name Email address Password IdP Group information
How We Use Your Data	To provide login and authentication including integration with your Single Sign-On service
Your Choices	Your administrator can integrate your organization Single sign-on service for user authentication
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Will only be removed when you request OPSWAT to delete it.

Monitoring Information
Data We Collect	IP address Hostname
How We Use Your Data	For dynamic tracing and metrics analysis to improve the services we provide
Your Choices	Refer to User Rights section for your choices with respect to: Deleting your account Restricting our use of your data Correcting or updating data in your account Accessing your data Restricting access to your account (or later restoring access) Obtaining a new password if you forget your current password
Service Providers With Which We Share Data	Datadog, which provides the tools we use to monitor our services
Retention Policy	Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your user rights.

If you log into MetaAccess platform (MetaAccess console or OPSWAT Client) through your Single sign-on service:

User Information
Data We Collect	Email address
How We Use Your Data	To provide your administrators the ability to monitor user sessions/access activities.
Your Choices	You can choose whether to log into MetaAccess platform or not. Please note that you may not be able to manage your organization account and access to protected applications/resources if you don't log into MetaAccess platform.
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	If you log into MetaAccess console, it will be stored forever or until you request us to delete it. If you log into OPSWAT Client, it's configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

Monitoring information
Data We Collect	IP address Hostname
How We Use Your Data	For dynamic tracing and metrics analysis to improve the services we provide
Your Choices	Refer to User Rights section for your choices with respect to: Deleting your account Restricting our use of your data Correcting or updating data in your account Accessing your data Restricting access to your account (or later restoring access) Obtaining a new password if you forget your current password
Service Providers With Which We Share Data	Datadog, which provides the tools we use to monitor our services
Retention Policy	Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your user rights.

If your device is monitored by an administrator:

Cloud app user info
Data We Collect	Application user id
How We Use Your Data	To provide the administrator auditing capability which user is logging in
Your Choices	This is disabled by default. Your administrator can enable you to allow the OPSWAT Client to record your user id when accessing an application.
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

Device information
Data We Collect	Hostname Mobile device name Device serial number Network adapter info such as DNS and media state Local IP address MAC address Active Directory such as AD domain and OU/Group name
How We Use Your Data	To identify your device(s) associated with your administrator's account To provide your administrator with a way to locate those devices associated with his or her account
Your Choices	You or your administrator can uninstall the OPSWAT Client from your device. Please note that uninstalling the OPSWAT Client may violate your company's security policy resulting in your device being blocked from company assets which use MetaAccess to perform a security compliance check.
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

Other Devices
Data We Collect	If your administrator chooses the option within MetaAccess to collect information regarding other devices you connect to the network with an OPSWAT client installed, MetaAccess will collect the following information regarding such devices: Local IP address MAC address Hostname Device type OS type
How We Use Your Data	To allow your administrator to monitor other devices you connect to the network with an OPSWAT client installed
Your Choices	You or your administrator can uninstall the OPSWAT Client from your device. Please note that uninstalling the OPSWAT Client may violate your company's security policy resulting in your device being blocked from company assets which use MetaAccess to perform a security compliance check.
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Retention of the aforementioned data is controlled by your administrator.

System and application Information
Data We Collect	OS information such as OS name and language Missing patches Lock screen timeout Hard disk information Installed products (or packages) information Running processes Logged-in user name
How We Use Your Data	To determine if each device associated with your administrator's account is compliant with the security policy that your administrator set
Your Choices	You or your administrator can uninstall the OPSWAT Client from your device. Please note that uninstalling the OPSWAT Client may violate your company's security policy resulting in your device being blocked from company assets which use MetaAccess to perform a security compliance check.
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

Anti-malware log
Data We Collect	File path and file signature Threat name Anti-malware product name
How We Use Your Data	To determine if your device is compliant with the security policy your administrator set
Your Choices	You or your administrator can uninstall the OPSWAT Client from your device. Please note that uninstalling the OPSWAT Client may violate your company's security policy resulting in your device being blocked from company assets which use MetaAccess to perform a security compliance check.
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

Devices in the network
Data We Collect	All devices connect to a network segment
How We Use Your Data	To discover devices in the network, including those which are not running the OPSWAT Client
Your Choices	This is disabled by default. Your administrator can enable the "discovery device" function from their MetaAccess console.
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

Custom check information
Data We Collect	Undefined information which administrator collects from the device using scripts
How We Use Your Data	To provide your administrator with customized information to be used for the purpose your administrator has determined
Your Choices	This is disabled by default. Your administrator can decide not to allow scripts to run on devices running the OPSWAT Client
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

User entered information
Data We Collect	Undefined information which end-users will input
How We Use Your Data	To provide your administrator with a way of prompting you to input information requested by your administrator
Your Choices	This feature is disabled by default. Your administrator can disable the custom information feature. You or your administrator can uninstall the OPSWAT Client from your device. Please note that uninstalling the OPSWAT Client may violate your company's security policy resulting in your device being blocked from company assets which use MetaAccess to perform a security compliance check.
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

OPSWAT Client crash dump and logs
Data We Collect	Any process information above
How We Use Your Data	To provide your administrator with a method to fetch logs from your devices running the OPSWAT Client. To provide your administrator or OPSWAT support representatives with a method to troubleshoot issues reported by your devices running the OPSWAT Client.
Your Choices	You can choose whether to provide the logs or not.
Service Providers With Which We Share Data	Microsoft Office 365: Email with app log file from mobile phone for troubleshooting errors Salesforce: Provides the system we use to interact with you concerning your support inquiries and to troubleshoot any specific error reported within a device Coastal Cloud which we use for Salesforce account consulting. As a Salesforce consultant, Coastal Cloud may have access to information hosted within our Salesforce account. Atlassian, which provides the platform through which our support team can share the submitted information with our engineering team for investigations
Retention Policy	Configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

Mobile device status
Data We Collect	Connected IP addresses Rooted or jail-broken state OS information Encryption state Lost and Found enable state Ad tracking enable state Hardware specification such as CPU and storage Installed apps and application binary
How We Use Your Data	To determine if your device is compliant with the security policy set by your administrator.
Your Choices	You or your administrator can uninstall the OPSWAT Mobile App from your device. Please note that uninstalling the OPSWAT Mobile App may violate your company's security policy resulting in your device being blocked from company assets which use MetaAccess to perform a security compliance check.
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

Mobile device installed app
Data We Collect	App file signature App binary itself
How We Use Your Data	To analyze apps installed on your mobile device by multiple anti-malware engines to determine if one or more engines report any installed app as "malicious"
Your Choices	You can control this feature by starting "Applications scan" from the OPSWAT Mobile App menu on your mobile device, provided the OPSWAT Mobile App is installed on your device.
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

Session Info
Data We Collect	Device public IP address and port number User name
How We Use Your Data	To provide MetaAccess SDP administrators the ability to monitor user sessions
Your Choices	You can choose whether to access protected applications/resources via SDP or not.
Service Providers With Which We Share Data	Amazon AWS: Provides the systems we use to store and process this information
Retention Policy	Configurable based on your choice if have a commercial subscription. By default, data is retained for 30 days.

Monitoring Information
Data We Collect	IP address Hostname MAC address Information relating to your device type
How We Use Your Data	For dynamic tracing and metrics analysis to improve the services we provide
Your Choices	Refer to User Rights section for your choices with respect to: Deleting your account Restricting our use of your data Correcting or updating data in your account Accessing your data Restricting access to your account (or later restoring access) Obtaining a new password if you forget your current password
Service Providers With Which We Share Data	Datadog, which provides the tools we use to monitor our services
Retention Policy	Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your user rights.

NOTE: The following data is collected but they are de-identified and stored separately (so called, pseudonymised)

Running processes
Data We Collect	File signature of process File signature of loaded modules File properties such as version and descriptions Digital signature info Running processes and their network connections Network connectivity: IP addresses and domain names Information about the application to which the process belongs
How We Use Your Data	To determine whether the behavior of processes running on your device is safe or malicious (in other words to assess whether or not your device has been compromised by malware).
Your Choices	Software vendors which embed OESIS SDK into their applications have the option to enable this data submission process. By default, this submission feature is disabled. Either your software vendor embedding OESIS SDK will make a specific API call to enable data submission, or you (as an end user) specifically click the data submission button in our free OESIS Endpoint Assessment application to trigger the submission process.
Service Providers With Which We Share Data	Amazon AWS provides us with the systems that analyze running process information and store the results of the analysis.
Retention Policy	30 days

High-level OS / device information
Data We Collect	Operating system name Service pack version Computer type (e.g., laptop) OS language
How We Use Your Data	OS information is for classifying the relative distribution or concentration of operating systems and versions across all data which is submitted to us. Network information is for classifying the relative distribution or concentration of various network adapters as well as the distribution or concentration of Wi-Fi vs. Ethernet connections across all data which is submitted to us.
Your Choices	Software vendors which embed OESIS SDK into their applications have the option to enable this data submission process. By default, this submission feature is disabled. Either your software vendor embedding OESIS SDK will make a specific API call to enable data submission, or you (as an end user) specifically click the data submission button in our free OESIS Endpoint Assessment application to trigger the submission process.
Service Providers With Which We Share Data	Amazon AWS provides us with the systems that analyze running process information and store the results of the analysis.
Retention Policy	30 days

Application list
Data We Collect	Product name and product version Vendor name
How We Use Your Data	To identify endpoint security products besides anti-malware (such as personal firewalls and disk encryption) installed on your device and determine whether your device is running the latest version made available by its vendor.
Your Choices	Software vendors which embed OESIS SDK into their applications have the option to enable this data submission process. By default, this submission feature is disabled. Either your software vendor embedding OESIS SDK will make a specific API call to enable data submission, or you (as an end user) specifically click the data submission button in our free OESIS Endpoint Assessment application to trigger the submission process.
Service Providers With Which We Share Data	Amazon AWS provides us with the systems that analyze running process information and store the results of the analysis.
Retention Policy	30 days

Anti-malware product
Data We Collect	Anti-malware definition info
How We Use Your Data	To specifically identify anti-malware product(s) installed on your device and see whether or not these product(s) have their real-time protection feature enabled, whether their definition database is up-to-date, and the last time the product(s) scanned the device for malware infection.
Your Choices	Software vendors which embed OESIS SDK into their applications have the option to enable this data submission process. By default, this submission feature is disabled. Either your software vendor embedding OESIS SDK will make a specific API call to enable data submission, or you (as an end user) specifically click the data submission button in our free OESIS Endpoint Assessment application to trigger the submission process.
Service Providers With Which We Share Data	Amazon AWS provides us with the systems that analyze running process information and store the results of the analysis.
Retention Policy	30 days

Installed system driver
Data We Collect	Driver information such as name and status
How We Use Your Data	To determine whether the OPSWAT driver made available to software vendors for embedding in their application is able to function correctly based on other drivers already installed on your device.
Your Choices	Software vendors which embed OESIS SDK into their applications have the option to enable this data submission process. By default, this submission feature is disabled. Either your software vendor embedding OESIS SDK will make a specific API call to enable data submission, or you (as an end user) specifically click the data submission button in our free OESIS Endpoint Assessment application to trigger the submission process.
Service Providers With Which We Share Data	Amazon AWS provides us with the systems that analyze running process information and store the results of the analysis.
Retention Policy	30 days

OESIS Framework account token
Data We Collect	OESIS Framework account token
How We Use Your Data	If you are a software vendor embedding OESIS SDK and enabling the data submission process, this token identifies your company as an authorized user of the data submission process.
Your Choices	Software vendors which embed OESIS SDK into their applications have the option to enable this data submission process. By default, this submission feature is disabled. Either your software vendor embedding OESIS SDK will make a specific API call to enable data submission, or you (as an end user) specifically click the data submission button in our free OESIS Endpoint Assessment application to trigger the submission process.
Service Providers With Which We Share Data	Amazon AWS provides us with the systems that analyze running process information and store the results of the analysis.
Retention Policy	30 days

Web analytics (if and while you are using OPSWAT Portal)


Data We Collect	Page visiting history IP address Browser type and operating system Data and time of visit to the website
How We Use Your Data	Better understanding user behavior and browser agent performance. Improve website performance. Improve website content quality.
Your Choices	You can disable cookies and see more details at OPSWAT Cookies Policy
Service Providers With Which We Share Data	Google Analytics: Provides the system we use to track and analyst user browsing history.
Retention Policy	Data is retained for 26 months.

The third-party service providers identified above may use their own third-party subcontractors who have access to personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors.

IMPORTANT

We do not collect personally identifying information for sale to third parties.

Disclosures to third parties

OPSWAT may disclose personal information to third parties under the following circumstances:

When explicitly requested by you
As otherwise set out in this MetaAccess Privacy Policy

We may also disclose your personal information to law enforcement, regulatory and other government agencies, and to professional bodies and other third parties as required by and/or in accordance with applicable laws or regulations. This includes disclosures outside the country where you are located.

Finally, we will disclose personal information if required in urgent circumstances, to protect the personal safety of individuals or the general public, or to maintain the uptime or stability of MetaAccess.

International transfers of personal information

OPSWAT’s global organizational structure requires the global transfer of personal information to OPSWAT’s affiliates. Consequently, the personal information you provide to us will be transferred across state or country borders, including to countries outside the country in which you reside (including to countries outside the European Economic Area (“EEA”), the United Kingdom, and Switzerland). OPSWAT also transfers your personal information internationally to service providers, business partners, and other third parties (as described in the “Disclosures to Third Parties” section above). Some of these recipients may process your personal information outside of countries considered “adequate” by certain supervisory authorities, including the European Commission. If such an international transfer occurs, we will protect your personal information by taking contractual or other steps in accordance with applicable law. For transfers from the EEA, the United Kingdom, or Switzerland to non-adequate countries, we have implemented the European Commission’s Standard Contractual Clauses.

Security of personal information

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing your personal information, we have implemented technical and organizational measures to ensure a level of security appropriate to the risk of unauthorized or unlawful processing of personal data. These measures also help us guard against accidental loss, destruction of, or damage to personal data.

Only authorized persons are provided access to the personally identifiable information we have collected, and such individuals have agreed to maintain the confidentiality of this information.

We safeguard the security of the personal information provided to us with physical, electronic, and managerial procedures. Inside OPSWAT, data is stored in secure and controlled servers with limited access.

Where we share your personal information with third-party providers, they may use subcontractors that have access to your personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors.

Note that your information may be stored and processed in the United States or any other country where OPSWAT, its subsidiaries, or service providers are located.

IMPORTANT

While we strive to protect personal data, we cannot guarantee the security of the personal information provided to us. Although we use appropriate security measures, once we have received your personal information, the transmission of data over the Internet (including via email) is never completely secure. We urge you to protect your personal information when using the Internet by, for example, changing passwords often, using a combination of letters, numbers, and special characters (for example, % and $ and +) , and making sure to use a secure browser.

Data retention

If you create a User Account to use services associated with MetaAccess, we will retain your personal information while the User Account you’ve created remains active. We will also retain your information for as long as we have a legitimate business purpose to do so, and thereafter, for no longer than is required or permitted by law. This includes data you or others have provided to us, as well as data generated or inferred from your use of MetaAccess.