Unify - Data Protection Statement

This Data Protection Statement applies to the collection, processing, maintenance and disclosure of all information gathered by Living Security and its affiliates as it works to serve its customers and data subjects via the Unify offering. Living Security’s responsibility and mission is to work alongside partner companies and allow them to choose how their data is managed, archived, retrieved and deleted. Great care is taken to identify only the required information necessary to operate our tools in the manner desired by our clients. This means we prioritize the secure collection of data, limited to only what is needed to provide the user with a better experience on the Unify offering. Living Security extensively documents security practices and policies to align with GDPR, NIST, PCI, COBIT and HIPAA, and strives to improve methods to outpace industry standards. Living Security tolerates only those justifications which enable them to communicate responsibly with company representatives, manage applications at scale, facilitate access to its Offerings, and provide quality customer service. It is unambiguous client consent which gives Living Security the ability to collect and process this information. It is a sense of duty and responsibility which gives Living Security the privilege to protect data like their own. 

DATA COLLECTION and USE 

Living Security Unify Offering 

Living Security Unify offering provides a SaaS platform for users to measure the Human Risk Index (HRI) of its employee base. When an individual uses our Websites and Web Portals, Living Security gathers information, some of which is personal information. Personal Information collected and used by Living Security may include, among other things, name, department, mailing address, email, job title, as well as data provided through API integrations setup by a user's employer. Information collected is logically segregated and is only used for the services agreed upon and is not sold to any third parties.

Living Security’s mission is managing human risk - the greatest cyber security risk enterprises face - through immersive and intelligence-driven training solutions. Our science-based approach drives user engagement and reinforces positive security behaviors. We apply threat intelligence to train on the most relevant user-facing threats and deliver metrics that enable companies to measure the effectiveness of the program. 

How We Protect Your Information

The security of customer data and your personal information is not only important to us, it is our mission. We adopt data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of customer data and your personal information. We follow industry best practices to protect customer data and the personal information collected and submitted to us, both during transmission and once we receive it. If you have questions about the security of your personal information collected through our Offerings or Websites, you can contact us at privacy@livingsecurity.com.  

Retention of Personal Information 

We will retain your personal information for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, or legal requirements. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law. We may retain personal information preserved in automatically generated computer back up or archival copies generated in the ordinary course of our information technology systems procedures. 

User Access and Choice 

You may request Living Security provide you with information about whether we hold any of your personal information received or transferred from the EU and/or Switzerland in reliance on each Privacy Shield Framework. You may also request us to correct, update, amend, or remove your personal information that you know or have reason to believe is in our possession by emailing us at privacy@Livingsecurity.com or by contacting us by postal mail at the contact information listed below. This process for submitting a request applies to all and is not reserved solely for EU or Switzerland entities.

When contacting us, please provide us with detailed information about the personal information you are requesting we correct, update, amend, or remove, and the timeframe and manner in which you believe we came to collect it. We will respond to your request within a reasonable timeframe. If we obtained your personal information from a customer or third party acting on your behalf, you should contact the company or person you provided your information to. In certain circumstances, we may be required by law, our auditors, or other legitimate business purposes to keep information about you. 

Sharing Your Personal Information

We use third party sub-processors to help us provide the Unify offering. It may be necessary to provide or allow access to your personal information to these third party service providers for those purposes. A portion of the third party sub-processors used are specific to optional features. The following list details the current base third party sub-processors as well as the sub-processors associated with an optional feature that receive end user data:

Base Sub-Processors

Auth0 is utilized for identity and user management within the platform. This data is stored on AWS US East-1 and encrypted with AES 256. Please refer to this hyperlinked article for more information on Auth0’s compliance and security.

AWS is the Platform as a Service (PaaS) provider for the Unify Platform. The data held within AWS is stored in AWS US East-1. However, environments are able to be setup elsewhere to improve compliance with GDPR. Please refer to the following hyperlink for further information on AWS compliance and security.

LaunchDarkly is used to conduct Feature Flagging within the Unify product. This allows us to deploy new features within our Production Environment without those features impacting customer’s experiences. Additional functionality includes ensuring specific roles see only what content they need, such as customer-requested features only being viewable by that customer. Please refer to the following hyperlink for further information on LaunchDarkly compliance and security.

Optional feature Sub-Processors

OpenAI is used as the AI model behind UnifyAssist. This allows for quick and accurate answers to platform specific inquiries. The OpenAI API connection made does not use the data submitted or generated to train their models. All data is encrypted at rest and in transit. Please refer to the following hyperlink for further information on OpenAI compliance and security.

Living Security may also disclose your personal information as required by law, such as to comply with a subpoena or similar legal process; or when we believe that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets. 

Changes to This Privacy Notice 

Living Security may update this Privacy Notice at any time to reflect changes to our information practices. If we make significant changes in how we use your personal information, we will notify you by email if feasible or by means of a notice on this Website. We encourage you to periodically review this page for the latest information on our privacy practices.

Your Agreement to This Privacy Notice 

Except to the extent otherwise specified in a specific agreement with you, such as for specific products and services, the terms of this Notice shall govern. By using our Offerings and Websites, you are agreeing to our practices described in this Notice, which includes the collection and use of your personal information worldwide. 

Your continued use of our Unify offering following the posting of changes to this Privacy Notice will be deemed your acceptance of those changes.

Contacting Us 

If you have any questions about this Privacy Notice or our privacy practices, please contact us at: 

LIVING SECURITY

9901 Brodie Lane

Suite 160 PMB1470

Austin, TX 78748

(512) 920-0422 

privacy@livingsecurity.com