GamaSec Ltd. ("GamaSec" or "We"), a limited liability company duly established and registered in Israel, is the owner and operator of www.gamasec.com (the "Website"), which is intended to supply various services as more fully described in the Website (the "Services").
What Information Do We Collect?
When visiting the Website and/or using the Services, you may provide us with two types of information:
(i) Personally identifying information about you that is collected on an individual basis, including your first name, last name, e-mail address, mail address, company name, job function, phone number, mobile number, IPs address, URLs address, information related to your use of the Website (such as the pages you have visited, the links that you have entered into from any of the pages on the Website and/or about any transaction performed with any 3rd party which you entered into its website through the Website) and/or the Services, payment information (such as credit card number, expiration date), and such other information about you that you voluntarily choose to disclose or that may be automatically collected whenever you use the Website and/or the Services;
(ii) Website use and/or Services-related information gathered on a collective basis as you and others browse our Website and/or use our Services.
- What personally identifying information GamaSec collects.
- What personally identifying information third parties collect through the Website.
- Which organization collects the information.
- How GamaSec uses the information.
- With whom GamaSec may share the information.
- What choices are available to users regarding collection, use and distribution of the information.
- What types of security procedures are in place to protect the loss, misuse or alteration of information under GamaSec's control.
- How users can correct any inaccuracies in the information.
Except for personally identifying information that may be automatically collected whenever you use the Website and/or the Services, GamaSec never collects personally identifying information from user sunless the user explicitly and intentionally provides it, or attempts to violate our security measures.
In order to use the Services, a user must first complete the registration form. During registration, a user is required to give contact information such as first and last name, company name, address, email address, job function, phone number, mobile number, URL and/or IP addresses. We use this information to verify the ownership of servers, URL, and IP addresses, to do non-invasive informational testing of users' servers, and to contact the user about Services for which they have expressed interest. In order to use the Services, users must provide a username and password.
In addition to personally identifying information, a user must provide payment information (such as credit card number, expiration date). This information is used for one-time and recurring billing purposes according to the type of Services ordered and the terms pertaining thereto , and to fulfil users' orders. If we have trouble processing an order, personal information is used to contact the user.
Delivery of Services
GamaSec's Services collect information about servers connected to the IPs or URLs given by the users during the registration process. IP's and URL's are checked to verify users' authority to require security vulnerability testing. No security vulnerability data is collected until the user requests it. Users can start and stop the GamaSec's scan and data collection process by changing their settings in their Account Settings web page available on the Website to users. GamaSec only collects information that can be accessed from the internet about users' computer(s) and/or that is provided by users via phone and/or e-mail and does not install software on the users' computer for this purpose.
We store personally identifying information that we collect, and log files to create a profile of our users. Users' profile is used, inter alia, to tailor users' visit to our Website and to direct pertinent marketing promotions to them. Users must opt to receive such marketing and can opt-out at any time.
User Payment Information
When users order Service, they must provide payment information. Payment information is stored in encrypted format, as more fully detailed below (see Security) and is used only to send to our credit card processor, currently Plimus, for the purposes of collecting payment for Services rendered or to be rendered. We never make this information visible to anyone other than our credit card processor and never communicate it over a non-encrypted connection. The full credit card number is never seen by anyone inside our company, once entered and submitted, except by the credit card processor for the purposes of authorizing, clearing and reversing charges to your credit card.
We use only session cookies and do not use persistent cookies. A session cookie is a cookie that is stored temporarily and is simply destroyed once users close the browser.
Session cookies are used to track preferences and record session information. We store information in the cookie such as session mid, user personally identifying information, such as the internal account ID, account settings, and information needed to generate a new page requested by the user. Session cookies containing personally identifying information are created when a user logs in or completes the registration process. The session cookie obtains the personally identifying information from the user's account stored on our computers during the registration process. Information that would allow others to obtain access to the users' account is not stored in session cookies. Session cookies are terminated upon closure of the last browser window associate with the user session.
Like most standard Web site servers we use log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user's movement in the aggregate, and gather broad demographic information for aggregate use. Session'sIds, IP addresses, etc . are not linked to personally identifying information in our database, except as entered by the user during registration. Session IDs and IP addresses entered during registration time by the user are tied to personally identifying information to enable the provision of our Services.
Clear Gifs (Web Beacons/Web Bugs)
A clear GIF is an invisible image which can be used to capture session or user behaviour information without the user's knowledge or consent. We do not employ the use of Clear Gifs on our Website.
We send all new users a welcoming email to verify email address entry as an identity check. It is often necessary to send out a strictly Service-related announcement. For instance, if our Service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account. However, these communications are not promotional in nature.
Special Offers and Updates
Users can elect to (opt-in) to receive information on Services, special deals, and a newsletter. Out of respect for the privacy of our users we present the option to not receive these types of communications. Please see the Choice/Opt-out section.
If a user wishes to subscribe to our newsletter, we ask for contact information such as name and email address. Out of respect for our users privacy we provide a way to opt-out of these communications. Please see the Choice/Opt-out sections.
Customer Service Communications
We communicate with users on a regular basis to provide requested Services and in regards to issues relating to their account we reply via email or phone.
From time-to-time our Website requests information from users via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code). Survey information will be used for purposes of monitoring or improving the use and satisfaction of the Website and/or the Services.
Aggregate Information (non-personally identifying)
We share aggregated demographic and security vulnerability information with our users, partners and advertisers. This is not linked to any personally identifying information.
Information Sharing and Disclosure
We do not commercialize or share any personally identifying information with 3rd parties, unless:
- Such information is shared and/or commercialized following receipt of specific request and/or permission from users;
- Such information is shares with affiliated companies and/or potential investors (in any form of business transaction, including purchase or merger) pursuant to an agreement which contains reasonably confidentiality arrangements;
- Such information is shares with trusted business partners who work with us (in order to facilitate our business) pursuant to an agreement which contains reasonably confidentiality arrangements;
- Such information is shared in order to comply with or in accordance with any applicable law and/or court orders and/or in order to prevent suspected illegal acts, frauds, situations involving potential threats to the safety of any person, or as otherwise required by law;
- Such information is shared in order to help GamaSec defend against claims and/or establish or exercise any legal right that GamaSec may have;
In the event that GamaSec goes through a business transition, such as a merger, being acquired by another company, or selling all or part of its assets, users' personally identifying information will, in most instances, be part of the assets transferred.
Our users are given the opportunity to opt-out of having their personally identifying information used for certain purposes at the point where we ask for such information. For example, our order form has an opt-out mechanism so users who order a Service from us, but don't want any marketing material, can keep their email address off our marketing lists. For any non-Service related communications, our opt-out mechanism defaults to the opted-out status until users explicitly Opt-In for the first time.
The Website contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our Website and to read the privacy statements of each and every Web site that collects personally identifying information. This privacy statement applies solely to information collected by the Website.
GamaSec takes reasonable measures in order to safeguard users' personally identifying information.
Payment information (such as credit card number and/or social security number) and information about the security vulnerability of users' website is protected, by using Secure Sockets Layer (SSL) software, which encrypts the aforementioned information when viewed online.
While on a secured page, such as our order form, the lock icon on the bottom of Web browsers such as Netscape Navigator and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or open, when users are just surfing.
In addition, we limit access to personally identifying information to employees who we believe reasonably need to receive such information to provide our Services or in order to do their jobs and take other precautions we deem reasonable to protect the security of users' personally identifying information.
However, users should be aware that we cannot fully guarantee the security of their personally identifying information. As in many computer systems, internet applications and software programs, unauthorized use, failure of hardware or software, etc. may be injuriousness to the confidentiality of users' personally identifying information.
If users have any questions about security, users can send an email to: email@example.com
Supplementation of Information
In order for the Website to properly function, it is necessary for us to supplement the information we collect with information from 3rd party sources.
We use Plimus as both a certificate authority and Payment Gateway to process our users' credit card and virtual check transactions. (See Plimus policy link)
Correcting/Updating/Deleting/Deactivating Personal Information
If a user's personally identifying information changes (such as zip code, phone, email or postal address), or if a user no longer desires our Service, we provide a way to correct, update or delete/deactivate users'personally identifying information. This can usually be done at the Registered User account settings page or by emailing our Customer Support at firstname.lastname@example.org.
Notification of Changes
If, however, we are going to use users' personally identifying information in a manner less protective from that stated at the time of collection we will notify users via email to the email address set forth in the existing users' profiles. Users will have a choice as to whether or not we use their personally identifying information in this different manner. However, if users have opted out of all communication with the Website, or deleted/deactivated their account, then they will not be contacted, nor will their personally identifying information be used in a less protective manner.