Privacy Statement

Effective date: April 2, 2024

This HYAS Infosec Inc. Privacy Statement describes how we handle information we collect, including information that personally identifies you or could reasonably be used to identify you (“personal information”) and what privacy rights you may have in relation to your personal information. 

Carefully read this Privacy Statement to familiarize yourself with our privacy practices. It applies to our Website (www.hyas.com), when we provide you our products and services, when you attend our events or webinars, or when you otherwise interact with us. When you use our Website or interact with us you consent to the collection and handling of your information as described below. If you do not agree with the practices described in this Privacy Statement, do not use our Website or interact with us.

Types of information we collect

We may collect the following categories of information: 

•    identifiers (e.g., name, account information, online and government issued identifiers)  
•    contact information (e.g., telephone number, email address, physical address) 
•    payment information
•    characteristics of protected classifications 
•    commercial information (e.g., products or services purchased or considered)
•    internet, network, device, malware infrastructure intelligence, and other technical information (e.g., IP address, device identifier, and browser type, operating system, log data, passive DNS data, network traffic, malware data)
•    geolocation data
•    audio, electronic, visual, or similar information  
•    professional, employment, or education related information 
•    inferences drawn from categories of information identified here
•    sensitive personal information

The classification of this information as personal information under applicable law depends on various factors, including the type of information and any other information that is linked or linkable to it, the jurisdiction in which the information is collected, and the purpose for which it is collected and processed. For example, we may combine your personal information with technical information, which by itself does not identify you. If we do so, we treat the combined information as personal information under this Privacy Statement. Personal information does not include deidentified or anonymous information. We may use such information without limitation.

Information sources
We obtain the above categories of information from the following sources: 

•    from you when you directly provide it to us or our service providers
•    from your use of our Website, products, or services
•    from cookies and other automatic means and tracking technologies 
•    from publicly available sources 
•    from third parties including reputable providers of licensed information  
•    from business partners 

As mentioned above, we may obtain information related to you from third parties that obtained your prior consent to share such information with us through their privacy statement, a contract, or other mechanism allowed by applicable privacy regulations. We restructure information as we receive it and combine it with other information we collect, forming a separate and discrete data set, which is a part of our products or services. Our products and services may be offered on a paid, unpaid, or trial basis, but in all such instances must be solely used for the purpose of preventing, detecting, investigating, or remediating malicious digital threats, activities, or incidents.  

Cookies
Cookies are small files which may be stored on your computer or mobile device. We use four general types of cookies which are described in more detail in the Cookie Settings link found at the base of our Website. We use cookies and similar technologies to secure our Website, personalize your experience on our Website, gather information about how you are using our Website; and to market our products and services. These technologies do not identify you to us unless you have voluntarily identified yourself to us through another method on our Website (e.g., by requesting a product demonstration).

We use third-party analytics and service providers such as Google Analytics and HubSpot to track Website visitors to assist us for the above-mentioned purposes. If you do not want information via cookies or similar technologies to be collected and used by us or our service providers for marketing or advertising purposes, you can modify your cookie preferences at any time through our Cookie Settings link at the base of our Website. You may also prevent Google Analytics processing here. In addition, you can opt out of internet-based advertising served by companies that participate in the Digital Advertising Alliance Consumer Choice tool here, and the Network Advertising Initiative here. To learn how to limit ad tracking on your iOS device visit here, and for an Android device visit here

Children’s personal information

Our Website and products and services are not intended for use by children under 16. If you have reason to believe that a child has provided information to us, please contact us at privacy@hyas.com. We will use commercially reasonable efforts to delete such information. 

How we use collected information

We may use the information we collect for the following purposes:    

•    administering day-to-day business operations 
•    creating, verifying, and managing user accounts and features
•    communicating with you and fulfilling your requests
•    providing, maintaining, and improving our products and services
•    testing, researching, and developing new products and services
•    personalizing, advertising, and marketing our products and services 
•    researching, detecting, investigating, preventing, and responding to digital threats, activities, or incidents 
•    responding and supporting law enforcement investigations
•    complying with applicable laws or responding to lawful requests and processes, complying with or enforcing agreements, protecting our rights and property, and protecting the personal safety of ourselves, our clients, or third parties
•    in connection with a business or financial transaction, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, securities offering, or sale of all or a portion of our assets 
•    as described to you at the point of data collection or handling or as otherwise permitted by law

The legal bases we rely on to process your personal information depends on our interactions with you, but they consist of (i) contractual necessity, (ii) legitimate interests, (iii) legal obligations, and (iv) consent. 

Why we disclose information

We may disclose all the categories of information listed above when: 

•    you consent to the disclosure
•    the disclosure is related to a business purpose
•    the disclosure is in connection with a business or financial transaction
•    the disclosure is required by law 
•    the disclosure is not inconsistent with this Privacy Statement or our description at the point of collection or handling

We may disclose information to the following categories of third parties:

•    internally and with our affiliates, subsidiaries, and business partners
•    our service providers working on our behalf 
•    our clients
•    to an entity related to a business or financial transaction
•    anyone to whom you authorize us to disclose your information
•    when we believe we must to comply with the law or to protect you, or others (e.g., as part of an investigation of fraud or other malicious activity) 

When we disclose personal information for a business purpose, we enter a contract with the recipient that describes the business purpose for handling the information and requires the recipient to keep the information secure and confidential, to not use it for any purpose except performing the contract, and to comply with all applicable laws. 

We are a British Columbia Corporation and provide products and services around the world. We may transfer your personal information outside of your country as necessary to fulfill the purposes described in this Privacy Statement. These areas may not be subject to laws that provide the same level of protection for personal information as the country that you are in. Therefore, we execute data processing agreements to help ensure the adequate protection of personal information during a transfer across jurisdictions. 

Information security and storage

We implement policies and procedures that include reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, and disclosure. Unfortunately, no website, server, or database is completely secure. We therefore cannot guarantee that your information will not be disclosed, misused, or lost by unauthorized acts of others. If you have reason to believe that your account has been compromised, or if you suspect someone else is using your account, please let us know immediately. 

We may retain your personal information for as long as required to fulfill the original purpose for which it was collected and to comply with our obligations herein.  

Your browser may allow you to set a Do Not Track signal indicating that you do not wish your online activity to be tracked. We do not respond to such signals and cannot act on them. 

Privacy choices

This section describes privacy rights you may have. The specific rights available to you often vary depending on the exact nature of our relationship with you. Examples include:  

•    right to request information about our collection and use of your personal information 
•    right to request that we delete your personal information
•    right to rectify the personal information we have if it is inaccurate or incomplete
•    right to restrict our processing of your personal information 
•    right to data portability 
•    right to not be subjected to automated individual decision-making 

To exercise your privacy rights, send us your request using the Contact section below. The request must (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. You may designate an authorized agent to make a request on your behalf subject to proof of identity and authorization. We may request that your authorized agent have written permission from you to make requests on your behalf and may need to verify your authorized agent’s identity. We will only use the personal information provided to verify the requestor’s identity or authority to make the request. Depending on the jurisdiction you are in, if you are unsatisfied with our response to your request, you may also have the right to submit a complaint against us to your local supervisory for data protection. We would appreciate the chance to address your concerns before you contact a supervisory authority, however, and ask that you first direct your complaint to us. 

To stop receiving marketing messages from us, you can use the instructions provided at the bottom of our emails or reach out to us using the details found in the Contact section below. However, even after unsubscribing, you will still receive non-marketing communications related to your use of our products and services until you stop using them.

Our Website may include links to third-party websites, products, or services. Your access to and use of these third-party websites, products or services may result in the collection of or sharing of your personal information. These third parties have separate and independent privacy statements and we are not responsible for your interactions with such third parties.  

Changes to this Privacy Statement

We may amend this Privacy Statement at our discretion and at any time, with or without notice to you. Any changes will be posted on this Website page with an updated effective date. By using the Website or interacting with us you agree to be bound by the Privacy Statement posted on our Website. 

Contact

If you have any questions, comments, or requests, please contact us by email at privacy@hyas.com or via postal mail (marked “Attn: Legal Department”) to HYAS Infosec Inc., located at 408 – 55 Water Street, Office 8536, Vancouver, BC V6B 1A1, Canada.