Privacy Notice

Effective as of 16-Dec-2023, REMEDY. and its affiliates (collectively, "REMEDY", "we", "us", or "our") have updated our Privacy Notice

Welcome to REMEDY, your trusted partner in safeguarding digital integrity and promoting cybersecurity excellence. At REMEDY, we are committed to maintaining the highest standards of privacy and data protection as we offer cutting-edge solutions in the realm of hacker-powered security.

As an industry leader, REMEDY operates a bug bounty and vulnerability disclosure platform. We collaborate with a global community of security researchers, affectionately known as "Hunters", β€œSecurity Experts”, β€œWhitehats” to empower businesses with access to top-tier talent capable of identifying and addressing security issues in products and services.

This Notice serves as your guide to understanding how we handle your personal data when you engage with REMEDY's services. We strive to ensure clarity and transparency in our data processing practices, aligning with industry standards and legal requirements.

References to "Personal Data" within this Notice pertain to information that, either independently or in combination with other data, identifies, relates to, or could reasonably be linked directly or indirectly to an individual or household. In adherence to applicable law, "Personal Information" holds the same meaning as terms such as "personal data" or "personally identifiable information."

At REMEDY, our commitment to privacy entails responsible and ethical practices in collecting, using, processing, storing, transferring, protecting, and disclosing Personal Information. This Notice is crafted with your trust in mind, reflecting our dedication to ensuring that your data is handled only as explicitly outlined herein.

By engaging with our Platform, you agree to the terms and conditions outlined in this Notice.

WHAT DO WE COLLECT?

PERSONAL DATA

The types of personal information we collect depend on your relationship with REMEDY and applicable law. Ways we may collect personal information include:

  • Directly from you through interaction with the Services, surveys, sweepstakes, and requests for information.

  • Passively during your visit to the Services, using technologies like cookies, as described below.

We endeavor to collect only that information which is relevant for the purposes of processing. Below are the ways we collect personal information and how we use it.

Additionally, we may collect the following categories of Personal Data from you in the course of business, including through your use of the Website, when you contact or request information from us, when we provide services to you or receive services from you. We collect the following personal data.

ACTIVITY
PERSONAL INFORMATION COLLECTED MAY INCLUDE

Visiting Our Website

● Device identifiers (including IP address), browser type, operating system, and other technical information and

The domain name of the Website that directed you to our Website; and

● The number of times you have visited our Website; and

● The average time spent on a page; and

● What pages you viewed; and

● The links you click

Registering on the Platform/Account Data

● Username, profile name, password, email address. photographs, if you choose, your name, social media and other third-party affiliations, profile picture and any other information you include in β€œAbout me” or β€œIntro” fields user preferences, communications preferences, other biographical information, such as your occupation, location, social media profiles, company name, areas of expertise and interests.

Professional Events

● Contact information, including potentially your name, mailing address, phone number, email address, contact preferences, and any other information you choose to provide

Third-Party Sites or Platforms

● Contact information, including potentially your name and email address;

● Any username you may have on that other site or platform; and

● Any other information you may make available to the public or authorized users on that site or platform.

Customer Service

● Contact information; and

● Information about the question or problem you are contacting us about which you choose to provide to us voluntarily.

Payment data

● payment (such as account or card information, address, and other information necessary to transfer funds, for example Coinbase or PayPal account information) information;

● amounts due or paid, and associated transaction details

We will only use your Personal Data if and to the extent that applicable law allows. Aside from publicly available information, Personal Information that REMEDY collects is a function of how you interact with us.

Your Personal Information will be stored only for the time period necessary to fulfill the purposes outlined in this Notice, unless otherwise required or permitted by law.

Bug Submission Information:

When you submit a bug report, we collect information related to the vulnerability, including detailed descriptions, proof-of-concept code, and other relevant details necessary for us to understand and address the reported issue.

Communications

We may collect and store any communications made through the Platform, including messages related to bug reports, discussions, and feedback.

WHY DO WE COLLECT PERSONAL DATA?

We use the Personal Information we collect for the following purposes:

  • To provide advice and administer our client relationships, we use Personal Data that you voluntarily submit to us on the Website or during the course of our engagement, regardless of the media used, such as identification data, contact details, and other data that we may process in connection with the provision of services.

  • To provide relevant marketing for example, we may use Personal Information to provide marketing and promotional information about products and services that REMEDY offers. Information you have provided to third parties may be combined with information we already have about you and may be used to create more tailored advertising and products. For information about how you can opt-out of receiving marketing communications from us at any time, or withdraw your consent to receive such communications, see the section titled "Your Data Privacy Rights."

  • To manage user registrations: If you have registered for an account with us, we process your Personal Data by managing your user account for the purpose of performing our contract with you according to applicable terms of service; In the Know Your Customer (KYC) process and/or AML/CTF purposes, the company to involve companies providing analogous outsource services. If deemed necessary, the company retains the right to transfer your personal data to these entities, thereby authorizing them for partial and/or complete processing of this data.

  • To improve our Website. For example, we may use Personal Information to administer our Website and for internal operations of the Website, including troubleshooting, data analysis, testing, research, and statistical purposes, to improve user experience and as a part of our efforts to keep our websites safe and secure. We use cookie and device data. This processing is necessary for our legitimate interests to constantly monitor the functionality and user-friendliness of our Website and improve our online presence and services to you.

  • Fraud Prevention. For example, we may use Personal Information to prevent, protect against, investigate, or prosecute any fraud, abuse, or other misuse or illegal activity using our products or services.

  • To identify customer opportunities: We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure that we are meeting the demands of our customers and their users’ experiences;

  • To protect our Customers from External Threat Information: We may collect and utilize information related to external threats to enhance the protection of our customers. This information is gathered for the sole purpose of identifying and mitigating potential risks, ensuring the security of our products and services.

Except for publicly available information or information we collect via cookies and similar technologies , all the above-mentioned Personal Information is collected from you. In some cases, it is collected from you directly by REMEDY (such as when you input the information into our Website to download certain materials); in other cases, it is collected by a REMEDY partner and shared with REMEDY (such as when (i) you register for an industry conference where REMEDY is a sponsor, (ii) you click on a REMEDY advertisement on a third party platform, (iii) you purchase a product from an authorized reseller of REMEDY products and the order is provided to REMEDY, or (iv) you register for a course related to REMEDY software and/or seek certification from REMEDY). Please note that the websites, applications and services of third parties (including affiliates, partners, sponsors, advertisers or other persons) will be governed by the privacy settings, policies, and/or procedures of the third party, which may differ from this Notice. This Notice does not address, and we are not responsible for or able to control, the privacy, security, or other practices of such third parties. Please refer to the section on Third Party Sites below.

DATA SHARING

We may disclose your Personal Data in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality and professional secrecy.

In instances mandated by law, government directives, competent authorities, or court orders, we may disclose personal data. Such disclosures may be made to establish, exercise, or defend our legal rights or to prevent crime and fraud. For instance, we reserve the right to share personal data with professional advisors, investigators, or credit reference agencies for these purposes. Furthermore, disclosures may occur as a precautionary measure to mitigate liability, safeguard the rights, property, or safety of Hexens, Remedy, our affiliates, our users, other individuals, or the public. This includes actions taken to uphold the security and integrity of our services or infrastructure, to shield Hexens and/or Remedy and our services from fraudulent, abusive, or unlawful use, and to investigate and defend Hexens and Remedy against third-party claims or allegations.

We may disclose your Personal Data to:

  • legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;

  • accountants, auditors, lawyers and other outside professional advisors to the Firm, subject to binding contractual obligations of confidentiality.

  • if we believe it is necessary to comply with a legal obligation, protect our rights or the safety of others, investigate fraud, or respond to a government request.

We may process this data in accordance with the terms of our contract with you (where we need this information to provide Services to you) or to take steps at your request prior to entering a contract.

We also use this to pursue our legitimate interests, including: (a) our interest in responding to enquiries to ensure smooth operation of our business and services; and (b) to understand Finders and customers and improve our Services, by taking on-board your feedback.

We may store the information we collect in servers located in countries where we or our service providers have facilities. Therefore, we may transfer information to countries outside of your country of residence which may have data protection laws and regulations that differ from those in your country. Information regarding data transfer mechanisms will be made available upon your request.

DATA SUBJECT RIGHTS

Under certain circumstances and in compliance with applicable laws, you have the right to:

  • Access. Subject to certain exceptions, you have the right to request a copy of the Personal Data we are processing about you, which we will provide to you in electronic form. At our discretion we may require you to prove your identity before providing the requested information. If you require multiple copies of your Personal Data, we may charge a reasonable administration fee.

  • Rectification. You have the right to require that any incomplete or inaccurate Personal Data that we process about you is amended.

  • Deletion. You have the right to request that we delete Personal Data that we process about you, unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.

  • Restriction. You have the right to request that we restrict our processing of your Personal Data where:

    • you believe such data to be inaccurate;

    • our processing is unlawful; or

    • we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.

  • Portability. You have the right to request that we transmit the Personal Data we hold in respect of you to another data controller, where this is:

    • Personal Data which you have provided to us;

    • and we are processing that data on the basis of your consent or in order to perform our obligations under contract to you (such as to provide legal services).

  • Objection. Where the legal justification for our processing of your Personal Data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.

  • Withdrawing Consent. If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge.

    • Opt-Out of Direct Marketing: You have the right to opt out of receiving direct marketing communications from us. If you no longer wish to receive promotional materials or updates from Hexens or Remedy, you can exercise this right by contacting us at support@r.xyz. We respect your preferences, and upon receipt of your request, we will promptly cease sending you direct marketing communications.

    • Please note that even if you choose to opt out of receiving direct marketing communications, you may still receive non-promotional communications, such as transactional emails related to your account or our ongoing business relationship.

Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal information or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.

DATA SECURITY

REMEDY takes the security of Personal Information seriously. To protect Personal Information against accidental or unlawful destruction, loss or alteration, REMEDY uses risk-based technical and organizational security measures reasonably designed to prevent any unauthorized disclosure or access. For example, REMEDY has implemented strict security controls, intrusion detection software and processes to alert us in the case of a potential or actual intrusion of our information systems. We endeavor to implement technical and organizational security measures in an effort to safeguard the Personal Data in our custody and control. Such measures include, for example, limiting access to Personal Data only to our staff and authorized service providers on a need-to-know basis for the purposes described in this Notice, as well as other administrative, technical, and physical safeguards including, when required or appropriate, obtaining written assurances from third parties that may access your personal information that they will provide a level of protection equivalent to that adopted by REMEDY.

CHILDREN'S PRIVACY PROTECTION

While we welcome Hunters of all ages to engage with REMEDY, we adhere to applicable laws regarding the collection of personal information, especially from minors. If you are under 18 and wish to submit a vulnerability report, kindly have your parent or guardian assist you. Rewards/payments are available only to adults who have accepted our Terms of Use.

REMEDY, does not knowingly collect Personal Information from minors, and our Services are not directed at individuals under 18. If we unintentionally collect information from a minor, we will promptly take corrective action, either by deletion or obtaining parental/guardian consent.

Our Platform is not intended for children aged 13 or younger, and we do not intentionally collect information from this age group. If you have questions about our Children's privacy protection Clause, please contact us for clarification. Your cooperation ensures a secure and responsible online environment.

DATA RETENTION

We will only retain your personal information for as long as necessary for the purposes for which that information was collected as set out in this Notice or for longer as required under any applicable legal, regulatory, accounting, or reporting requirements.

The length of time for which we will retain your personal information will depend on the purposes for which we need to retain it. After we no longer need to retain your personal information, it will be deleted or securely destroyed. We understand the importance of transparency, and information regarding data retention, will be made available upon your request.

You can always request to remove your personal data. However, please note that for individuals who have obtained access to Glider and passed KYC, we will retain personal information for a minimum of 3 years. This retention period is necessary to ensure that we can track and investigate any queries made through Glider in the event of a security incident. During this period, requests for data removal may be denied to comply with this policy and ensure legal compliance.

THIRD PARTY SITES

Our Website may contain links to other sites which are controlled by third parties, for example in the "Insights" section. We also use social media sites, such as LinkedIn and Facebook and third party platform to host events, training and seminars. You should review these other sites' privacy policies. We do not accept any responsibility for the information you provide on those sites or their collection and use of your personal information.

CONTACT DETAILS

If you have any questions or concerns about this Notice or our practices, please contact us at support@r.xyz.

CHANGES TO THIS PRIVACY NOTICE

We may occasionally update this Notice as our services and privacy practices change, or as required by applicable legal or regulatory requirements. Where it is practicable, we will notify you by email of any significant changes. The β€œLast updated” legend at the end of this Notice indicates when this Notice was last revised. Any changes are effective when we post the revised Notice on the Services. We may provide you with disclosures and alerts regarding the Notice or Personal Data collected by posting them on our website and, if you are a User, by contacting you through our services.

We hope that this Notice can resolve any query or concern you raise about our use of your Personal Data.

How do you contact us?

If you feel, we have not handled your query or concern, to your satisfaction, you can contact us by sending an email or by our contact us form. We make every effort to promptly address legitimate requests and aim to respond within 30 days of receiving your request. While we typically meet this timeframe, there may be occasions when additional time is required. In such cases, we will inform you of the delay, provide an explanation, and keep you updated on the progress of our response.

If you reside in European country, you have the right to submit a complaint to the supervisory authority in your respective country.

In accordance with the provisions of the GDPR, you have several rights regarding your personal data that we process.

For more information see https://edps.europa.eu/data-protection/our-work/our-work-by-type/legislation_en

Please note that the exercise of your rights may be subject to additional legal conditions. To exercise any of your rights, please send us a written request, using the contact details above.

Last updated: 10-June-2024

Last updated