.png)
Privacy and Cookie Policy
Effective Date: January 2023
At Breach Monkey LLC, we take the privacy of our users and customers seriously. This Privacy and Cookie Policy outlines how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or interact with us in any other manner. By accessing or using our services, you consent to the practices described in this policy. Please read this policy carefully to understand our practices regarding your personal information.
​
Definitions:
​
"Applicable Laws" shall mean data protection laws applicable to Breach Monkey LLC, including European Union (EU) Privacy Laws and any other relevant privacy or data protection regulations that apply to Breach Monkey LLC.
​
"EEA" shall mean the European Economic Area.
​
"EU Privacy Laws" shall mean the General Data Protection Regulation (GDPR) and/or laws, rules, and guidelines of EU member states implementing or supplementing the GDPR.
​
"GDPR" shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, and any amendments, replacements, or superseding regulations.
​
"Israeli Data Protection Legislation" shall mean the Israeli Privacy Protection Law 5741 - 1981 ("PPL"), the regulations promulgated pursuant thereto, and the relevant guidelines issued by the Israeli Privacy Protection Authority, and any amendments, replacements, or superseding laws.
​
"Personal Data" shall have the meaning ascribed to it in the GDPR and shall also include the terms “Information” and “Sensitive Information” as defined under the PPL. In simple terms, this information may identify an individual or contain private and/or sensitive details, such as an individual’s name, address, or bank account information.
"Non Personal Data" shall mean information that does not personally identify a natural person and does not reveal a natural person’s specific identity, such as anonymized information.
​
The terms "Client," "Client IT Systems," "Services," and "Website" shall have the same meaning as described in Breach Monkey LLC's Terms of Service, which can be accessed at this link: Terms of Service.
​
"Visitor" shall mean a visitor of our Website whose Personal Data Breach Monkey LLC processes in the capacity of a Controller.
​
"User" shall mean an individual who is registered to the Services, has access to and makes use of the Services (whether during a trial period for testing the Services or under a contract with Breach Monkey LLC); and whose Personal Data Breach Monkey LLC processes in the capacity of a Controller.
​
"Client's User" means an individual who has access to and makes use of a Client’s IT Systems; and whose Personal Data Breach Monkey LLC processes in the capacity of a Processor.
​
"Data Subject" shall have the meaning ascribed to it in the GDPR and the PPL and shall include all types of individuals defined in this Policy, such as a Visitor and a User.
​
"Controller" shall have the meaning ascribed to it in the GDPR and shall include the term “Database Owner” under the PPL.
​
"Processor" shall have the meaning ascribed to it in the GDPR and shall include the term “Database Holder” under the PPL.
​
"Subprocessor" shall mean any entity appointed by us or by one of our Processors/Subprocessors, to Process Personal Data on our behalf or on behalf of that Processor/Subprocessor; excluding any employee of Breach Monkey LLC or of Breach Monkey LLC’s Processor/Subprocessor or of any such appointed person but including any contractor or affiliate of the foregoing.
​
"Database Owner," "Database Holder," "Database," "Database Manager," and "Information Security Event" shall have the meanings ascribed to them in the Israeli Data Protection Legislation.
​
The terms "Processing," "Supervisory Authority," and "European Commission" shall have the meaning ascribed to them in the GDPR.
​
"Personal Data Breach" shall mean a breach of security or other incident leading to the accidental or unlawful destruction, loss, alteration, the unauthorized disclosure or use of, or access to, or harm to the integrity of Personal Data transmitted, stored, or otherwise Processed, as defined in the GDPR and shall also include all types of Information Security Events detailed in Israeli Data Protection Legislation.
​
"Business Contact" means an employee, contractor, or any other individual affiliated with and authorized by a potential Client or a Client to inquire for information regarding our Services and/or to engage us for the provision of our Services.
​
1. Information We Collect:​
a. Personal Information: When you interact with Breach Monkey LLC, we may collect certain personal information that you voluntarily provide to us. This may include your name, email address, phone number, company information, and any other information you choose to provide.
​
b. Automatically Collected Information: We may automatically collect certain information about your device and usage patterns when you visit our website. This information may include your IP address, browser type, operating system, referring URLs, and the pages you accessed on our website.
​
c. Cookies and Similar Technologies: We use cookies and similar technologies to collect information about your browsing activities. Cookies are small text files that are stored on your device when you visit our website. These cookies help us to provide a better user experience and improve our services.
​
2. Use of Information:
a. We may use the information we collect for various purposes, including but not limited to:
-
Providing and improving our services.
-
Responding to your inquiries and support requests.
-
Sending you marketing communications, updates, and newsletters (you can opt-out at any time).
-
Analyzing website usage and trends to enhance our website's performance.
-
Preventing fraud and ensuring the security of our services.
​
b. We will not use your personal information for purposes other than those described in this policy without obtaining your consent.
​
3. Disclosure of Information:
a. We may share your personal information with trusted third-party service providers that assist us in delivering our services and conducting our business operations. These service providers are obligated to maintain the confidentiality of your information.
​
b. We may disclose your personal information if required to do so by law or if we believe such action is necessary to protect our rights, safety, or property, as well as that of our users or the public.
​
c. In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity.
​
TRANSFER OF DATA OUTSIDE YOUR TERRITORY
​
We may store, process, or maintain information in various sites worldwide, including through cloud-based service providers worldwide. Where applicable data protection laws apply, and we transfer Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to Personal Data being transferred outside of the EEA, for example, this may be done in one of the following ways:
​
The country that we send the Personal Data to might be approved by the relevant data protection authorities as offering an adequate level of protection for Personal Data (Israel is an approved country);
​
The recipient might have signed a contract based on approved "model contractual clauses," obliging them to protect Personal Data;
​
Where the recipient is located in the US, it might be in compliance with the necessary data protection regulations, including frameworks such as the EU-US Privacy Shield scheme, where applicable; or
Through the use of other mechanisms permitted by Applicable Laws to otherwise transfer your Personal Data outside the EEA.
​
Data Subjects can obtain more details about the protection given to their Personal Data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of the Personal Data) by contacting us as described in Section 19 "CONTACT US" below.
​
If a Data Subject is located in a jurisdiction where the transfer of its Personal Data to another jurisdiction requires its consent, then the Data Subject provides us with its express and unambiguous consent to such transfer or the storage, processing, or maintenance of the Personal Data in other jurisdictions by using the Website and/or Services.
Note to our Data Subjects in the EU:
​
We hereby inform Visitors, Business Contacts, and Users from the EU, and any other EU Data Subjects whose Personal Data we may Process (in this section "You," "Your"), of the following rights (by virtue of EU Privacy Laws) with respect to the Processing of your Personal Data:
​
Right to access: You may have the right to request a review of your Personal Data held by Breach Monkey LLC.
Right to rectification: if the Personal Data Processed by Breach Monkey LLC is incorrect, incomplete, or not Processed in compliance with Applicable Law or this Privacy and Cookie Policy, You may have the right to have your Personal Data rectified.
​
Right to erasure: under certain conditions, You may be entitled to require that Breach Monkey LLC would delete or "block" your Personal Data (e.g., if the continued Processing of specific data is not justified or if the lawful basis for Processing is consent).
​
Right to Portability: under certain conditions, You may have the right to transfer the Personal Data that you have provided to us between data Controllers (i.e., to transfer your Personal Data to another entity).
​
Right to object: where the lawful basis for Processing Your Personal Data is either "public interest" or "legitimate interests," those lawful bases are not absolute, and You may have a right to object to such Processing.
​
Right to withdraw consent: If the Processing of your Personal Data is based on Your consent, You have the right to withdraw Your consent to such processing at any time. If you are a Client’s User, please refer to our Client to withdraw Your consent. If you are a Visitor, a Business Contact, or a User, You may contact Us through the following email: contactus@breachmonkey.com
​
The right to restrict Processing: under certain circumstances, You may have the right to object to the Processing of your Personal Data due to your particular situation.
​
Right to lodge a complaint: You have the right to lodge a complaint before the relevant data protection authority or supervisory authority of Your jurisdiction.
Note to our Data Subjects in Israel:
​
We hereby inform you of the following rights (by virtue of Israeli Data Protection Legislation) with respect to the Processing of your Personal Data:
​
Right to access: unless a specific exemption applies under Israeli Data Protection Legislation, You may have the right to request a review of your Personal Data held by Breach Monkey LLC and obtain a copy thereof.
​
Right to rectification or deletion: if the Personal Data Processed by Breach Monkey LLC is incorrect, incomplete, unclear, or outdated, You may have the right to have your Personal Data rectified or deleted.
​
Right to withdraw consent: If the Processing of your Personal Data is based on Your consent, You have the right to withdraw Your consent to such Processing at any time. If you are a Client’s User, please refer to our Client to withdraw Your consent. If you are a Visitor, Business Contact, or a User, You may contact Us through the following e-mail: contactus@breachmonkey.com.
​
If you are a Client’s User, we Process your Personal Data as a Processor, and therefore you must refer to the Client with which you are employed or otherwise affiliated to exercise your rights. If you cannot get in touch with the relevant Client, you may contact us, and we will make commercially reasonable efforts to assist you.
​
If you are a Data Subject in another jurisdiction - other rights may apply.
​
To exercise these rights, where applicable, please contact Our Client or, if applicable, use the appropriate functionality available on the Website or within the website dedicated to the Services or in Section 8 "CONTACT US" of this Policy.
​
4. Data Security:
a. Breach Monkey LLC employs industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.
​
b. Despite our best efforts, no data transmission or storage system can be guaranteed to be 100% secure. Therefore, we cannot guarantee the absolute security of your information.
​
5. Third-Party Links:​​
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.
​
6. Children's Privacy:
Our services are not intended for children under the age of 13. We do not knowingly collect or solicit personal information from children. If you believe that we may have collected personal information from a child under 13, please contact us immediately.
​
7. Changes to this Policy:
We may update this Privacy and Cookie Policy from time to time. When we make changes, we will revise the "Effective Date" at the top of this policy. Your continued use of our services after such changes signifies your acceptance of the revised policy.
8. Contact Us:
If you have any questions, concerns, or requests regarding this Privacy and Cookie Policy or our privacy practices, please contact us at:
​
​
By using our services, you agree to the terms outlined in this Privacy and Cookie Policy. Thank you for entrusting Breach Monkey LLC with your privacy and for choosing us as your External Attack Surface Management provider.