Prism Microsystems, Inc. (“EventTracker” or “We,” “Us,” “Our” or similar pronouns), created this Privacy Statement to demonstrate our firm commitment to your privacy. This Privacy Statement discloses our information gathering and disseminating practices for use of the services we provide at www.eventtracker.com
- Change to This Privacy Statement
- What Information is Collected?
- General Use of the Service
- Security of Personal Identifiable Information
- Updating your Personal Information and Contacting us
- Secure use of TeamViewer
We strongly believe in protecting the privacy and confidentiality of personally identifiable information that refers or relates to our remote access users (“You” or “Your”) and Your customers. We explain what information We collect about You, how We use the information We collect, how We protect the security and confidentiality of such information, and what You should do if You have any questions or comments. Our commitment to You is clear: We do not sell, license or rent any personally identifiable information about You, Your customers, Your information or any other information about your affiliates to any third party without Your express consent and We will take reasonable measures to protect the confidentiality of personal identifiable information You provide to Us.
Changes to This Privacy Statement
What Information is Collected?
General Use of the Service
We continually seek to improve the quality of the Service, products and services so that We may better meet Your needs. As part of this process, the information We collect from our Service users and data regarding Your use of this Service is used in the following ways:
- By Us – We use personally identifiable information that You provide to Us (such as Your name, address, phone and fax numbers, email address and other similar types of information specific to You) to statistically analyze the Service usage and to improve the Service and our product and service offerings. We may use Your email address, mailing address, phone or fax number to contact You regarding comments that You may have provided or information that You actively requested from Us. Further, We may be required to disclose personally identifiable information by court or administrative order such as a law, regulation, search warrant, or subpoena. We may also provide third parties with aggregate information regarding users of the Service. For example, We might inform third parties regarding the number of unique users of our Service, and aggregate information on the types of the activities such users conducted while on the Service. This aggregate information will not contain information that can identify You, and will not contain any personally identifiable information that refers or relates to You.
- By Third Parties – We provide no personally identifiable information about You or Your customers to any third party without Your express consent. Further, without Your consent, no third party will contact You using personally identifiable information You gave to Us through the Service (but note, that if We obtain or are provided information about you from other sources, this rule does not apply).
- We use standard browser technology such as cookies, locally stored objects, clear GIFs, beacons and other methods of tracking the use of our Service so that we can improve the Service. Some of our third party partners, such as advertisers and information sharing partners, may also employ these technologies that store information about your use of the Site. We do not share our information about you with such third party partners (nor do they with us) unless you opt in to such sharing – which opt in may be via an electronic form submission. You may use available technologies to limit or restrict the amount of content that is stored on your computer. There are also opt out tools available such as http://www.networkadvertising.org/choices/
Security of Personal Identifiable Information
We take the security of personal identifiable information seriously. Commercially reasonable efforts are made to secure servers, networks, host operating systems and databases against unauthorized access. Please remember that the security measures taken above are not foolproof; no hosted service can guarantee that personally identifiable information will be protected in all situations. Therefore We can only state that We will make a reasonable effort to protect from unauthorized access the information that You provide. You must also recognize Your role in security and maintain all access and login credentials, and we are not liable or responsible for any failure by You to maintain such security.
Updating Your Personal Information and Contacting Us
You can always contact Us in order to: (i) update the personally identifiable information You have provided; or (ii) direct Us to render inactive on our systems all personally identifiable information that refers or relates to You. We may be reached by email at email@example.com
Secure use of TeamViewer
When permitted by customers, we may use the secure corporate version of TeamViewer to access installations of EventTracker at customer location in order to provide technical support and the SIEM Simplified services. Recent news articles in the IT Security press and on discussion forums have described users of TeamViewer being hacked and the service being used to gain unauthorized access to remote computers. Prism Microsystems has carefully followed these reports; this note is to describe the security precautions we undertake to safeguard remote access. These precautions are grouped in to Technical, Administrative and Physical Controls.
- Technical Controls
- All access to TeamViewer is by named users only and via the portal located at teamviewer.com.
- To access this portal, the device from which access is being sought must be registered to the user.
- Named users must have an account in the corporate Prism Active Directory Federation Service which is synchronized with TeamViewer
- All logins to the EventTracker TeamViewer portal require two-factor authentication, including one or more dynamic session credential generation methods; user/password credentials will not enable access absent the two-factor session credential
- All access to the TeamViewer portal by our users is audited and reviewed regularly
- The above steps regulate access to the remote EventTracker instance. Technicians that can successfully connect to the instance are presented with the login prompt to the machine. This requires an account provisioned by the machine owner. Credentials for these accounts are stored in a password manager vault. Access to this vault is also audited and controlled via integration with the corporate Active Directory instanc
- Administrative Controls
- All employees undergo a background check as a prerequisite to employment
- All employees execute confidentiality and non disclosure agreements
- Access control and safety procedures are reviewed regularly
- Physical controls
- Physical access to the Security Operations Center is controlled by biometric access which is also audited and reviewed.
- Cameras are used to monitor the environment.
We take our IT Security very seriously. If you have any concerns or questions, please contact your sales representative or firstname.lastname@example.org
Updated Date: June 8, 2016