the new GDPR regulations have been in place since the end of May
1. Information Collection
General. When you visit the Site, you can browse without submitting any personal information about yourself. We will, however, receive and store some non-personally identifiable information about you, as described below. In order to participate in certain functionalities, you may be asked to provide personally identifiable information. Personally identifiable information is information that can identify you, including, for example, your name or email address.
Communications; Email Address Collection. In order to receive certain communications from us, such as responses to user inquiries, you will be required to submit your email address to us. You may also provide your email address to us in order to receive security updates and news even if you do not sign up for an account or make a purchase. Any non-Service related email you receive from us will include an unsubscribe link that will allow you to opt-out of receiving future emails. It may be necessary to send you Service-related announcements. For example, if the Service is temporarily suspended for maintenance, we may send users an email. You may not opt-out of Service-related emails which are not promotional in nature.
User Content. The Service may allow you to post or submit comments or other information, such as in response to our blog content (www.wordfence.com/blog) (“User Content”). We may use User Content to improve the Service and we may save User Content or other content you post indefinitely.
Site Cleaning Service. If you purchase our site cleaning service we may download portions of your site to secure servers in order to analyze and clean the site. As part of the site cleaning service we also require: access to your database, access to your site control panel, and server credentials to log into your site. The server credentials are transmitted via an encrypted page and stored using PGP encryption. We may also retain a backup of portions of your site for a limited amount of time after the cleaning for quality assurance purposes.
Automatically Collected Information. Similar to other websites, we may collect some information automatically from you and store it in log files. This collection may include, but is not limited to: your domain name and host for Internet access, the Internet address of the site from which you came, the date and time of your access, your computer’s IP address and information about its operating system, browser, and host, the date and time you access the Service and the pages you visit. We collect this non-identifying information in order to help diagnose problems and to administer the Service. We also use it to help identify you and to gather broad demographic information. We may automatically collect information using various mechanisms, including but not limited to cookies and pixels.
“Pixels” are tiny graphics with a unique identifier that are used to track the online movements of web users. Unlike cookies, which are stored on a computer’s hard drive, pixels are small graphics that are about the size of the period at the end of the sentence that are embedded invisibly on web pages or in HTML-based emails. Our third-party analytics providers may place pixels on the Site that track what other websites you visit (both before and after visiting the Site). Our third-party analytics providers use information obtained from pixels to help us improve our business and the Service. We do not control the use of pixels by third parties.
“Do Not Track” Settings. Because we track website usage information as described above, your selection of the “Do Not Track” option provided by your browser may not have any effect on our collection of certain information. The only way to completely “opt out” of the collection of information through cookies or other tracking technologies is to actively manage the settings on your browser to delete and disable cookies and other tracking/recording tools. However, getting a “Do Not Track” signal to work as you might want is difficult. Using browsers as an example, not all tracking technologies can be controlled by browsers; unique aspects of your browser might be recognizable even if you disable a tracking technology; not all settings will necessarily last or be effective; even if a setting is effective for one purpose, data still may be collected for another; and even if one website observes a “Do Not Track” signal, that website may not be able to control other websites.
2. Information Use
Use of Non-Personally Identifiable and Aggregate Information. We may use non-personally identifiable information and aggregate information for any lawful purpose, including, but not limited to, analyzing trends, managing and administering the Service, tracking users’ movements, for research purposes, or to improve our business and the Service. In addition, we may share aggregate statistical information with our business partners. We may also combine your non-personally identifiable information and aggregate information with other non-personally identifiable information and aggregate information collected from other sources.
Information Retention. We will retain your information indefinitely, or as long as legally required or allowed. We may dispose of any information in our discretion without notice, subject to applicable law. We do not undertake any retention obligations through this statement.
3. Information Disclosure
Affiliated Entities and Service Providers. We may disclose your information, including personal information, to any affiliated entity or organization, business partner, and to agents and service providers to help us operate the Service, improve our business or the Service, and to provide services to us. These third parties may include customer service providers, business or sales service providers, or providers that provide support for the Service.
Insolvency or Business Transition. If we should ever file for bankruptcy or engage in a business transition such as a merger with another company, or if we purchase, sell, or reorganize all or part of our business or assets, we may disclose your information, including personal information, User Content, and user data or information, to prospective or actual purchasers in connection with one of these transactions.
Disclaimer. Due to the complexity and open nature of the Internet, no transmission of data over the Internet can be 100% secure. There is always a risk that information collected by and/or displayed on the Service may be compromised or accessed notwithstanding the steps we take to secure your information. For example, a third party may unlawfully intercept or access transmissions or private communications, or other users of the Service may abuse or misuse your personal information. Accordingly, you agree that you are providing such information at your own risk.
Keeping your information secure is of great concern to us. We exercise care in facilitating the transmission of information between your device or computer and our servers (or the third party servers that operate and store information for the Service). Any personally identifiable information collected by the Service is stored in operating environments that are not available to the public. While we have mechanisms in place to safeguard your personal information after we receive it, no transmission of data over the internet can be 100% secure.
5. International Use
Our servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy, including offering a data processing agreement for European Union (“EU”) customers.
To comply with EU General Data Protection Regulation (“GDPR”), our EU customers must sign our Data Processing Agreement (“DPA”) and the Standard Contractual Clauses to establish the respective responsibilities between the Defiant customer (as the data controller) and Defiant itself (as the data processor). If the GDPR applies to you please download, sign, and email both the DPA and the Standard Contractual Clauses to email@example.com. Both the DPA and Standard Contractual Clauses are available in one document in our GDPR Help section. Note you must sign in two places.
By using the Services, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this policy.
6. Children’s Privacy
California Shine the Light Law. California Civil Code Section 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to firstname.lastname@example.org or write us at: Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104.
California Minors. While the Service is not intended for anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: email@example.com. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information is located, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the Content or information. Removal of your content or information from the Service does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.
8. Accessing, Updating, or Deleting User Content and Your Personal Information
You may access, update, or delete your personal information by contacting us at firstname.lastname@example.org or write us at: Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104. We will make good faith efforts to resolve requests to correct inaccurate information except where the request is unreasonable, requires disproportionate technical effort or expense, jeopardizes the privacy of others, or would be impractical.