Privacy Policy
PRIVACY POLICY
Last updated September 26, 2024
This Privacy Notice relates to the processing of personal data on http://secureinternet.org on behalf of the joint controllers, Abusix, Inc. & CleanDNS, Inc. (“Controllers”, “we,” “us,” or “our”), describes how and why we might access, collect, store, use, and/or share (“process”) your personal Information when you sign the Secure Internet Pledge, including when you.
◦ Visit our website at secureinternet.org or any website of ours that links to this Privacy Notice
◦ Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].
1. What Information Do We Collect?
We collect personal information that you voluntarily provide to us when you sign the Secure Internet Pledge.
Personal Information Provided by You: The personal information that we collect depends on the context of your interactions with us. The personal information we collect may include the following:
◦ Names
◦ Phone Numbers
◦ Addresses
◦ Email addresses
◦ Job titles
◦ contact preferences
Sensitive Information. We do not intentionally process sensitive information, and any input forms on our site should not be used to disclose and sensitive information, as per applicable law, to us.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
2. How Do We Process Your Information?
We process your information to provide, improve, and administer the Secure Internet Pledge, to communicate with you, for security and fraud prevention, and to comply with law. We envisage the following purposes for the processing of data you provide:
(i) To verify the identities of the participants and ensure the legitimacy of the pledge signatories.
(ii) To facilitate communication with participants to keep them informed about updates, events, or initiatives related to the Secure Internet Pledge.
(iii) To build a community of committed individuals and organizations working together to enhance internet security.
(iv) To track engagement and measure the impact of the pledge, fostering accountability and transparency among participants.
(v) Any purpose not incompatible with the above stated purposes as may be agreed by the parties.
(vi) Research and Analysis: To analyze engagement, participation trends, and the impact of the pledge to improve the initiative and develop strategies for promoting a secure internet environment.
(vii) Community Building: To facilitate networking among participants, fostering collaboration and the sharing of best practices to support the broader objectives of the pledge.
(viii) Compliance and Legal Obligations: If required by law or regulatory authorities, data may be used to comply with legal obligations, including responding to lawful requests from public authorities or law enforcement.
3. What Legal Bases Do We Rely On To Process Your Information?
We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with support services related to the Secure Internet Pledge (if applicable), to enter into or fulfil any obligations, to protect your rights, or to fulfil our legitimate business interests.
Il you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such,
we may rely on the following legal bases to process your personal information:
Consent. We may process your information it you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Note that a withdrawal of consent may affect your Company’s signature of the Secure Internet Pledge. All signatories must ensure that a contact is provided in order to for us to administer and monitor the Pledge and signatories.
Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in
order to:
· To ensure efficacy of the Secure Internet Pledge
· Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
· Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
Statement of Joint Controllership
In legal terms, Both Abusix, Inc. and CleanDNS, Inc. are Joint Controllers. Under European data protection laws we jointly determine the means and/or purposes of the data processing we perform.
The duties of each controller in such processing are as follows:
Responsibility to inform the data subjects at the | Collection shall be carried out via a jointly created “Secure Internet Pledge” website. The infrastructure of the website is primarily controlled by Abusix. |
Responsibility to inform data subjects when data is not collected directly from the data subject, Art. 14 GDPR | Collection shall only be carried out via the Secure Internet Pledge website only. Notifications shall be sent through means associated with the website infrastructure, and thus shall be the primary responsibility of Abusix. |
Processing the right of access requests, Art. 15 GDPR | Abusix, with relevant notification and cooperation of CleanDNS where data are shared. |
Processing right of rectification requests, (Art. 16 GDPR) | Abusix, with relevant notification and cooperation of CleanDNS where data are shared. |
Processing right to erasure (Art. 17 GDPR) | Abusix, with relevant notification and cooperation of CleanDNS where data are shared. |
Processing right to restriction of processing requests (Art. 18 GDPR) | Abusix, with relevant notification and cooperation of CleanDNS where data are shared. |
Responsibility to fulfil the obligation to notify regarding the rectification or erasure of personal data or restriction of processing (Art. 19 GDPR) | Abusix, with relevant notification and cooperation of CleanDNS where data are shared. |
Processing right to data portability requests, (Art. 20 GDPR) | Abusix, with relevant notification and cooperation of CleanDNS where data are shared. |
Processing objections (Art. 21 GDPR) | Abusix, with relevant notification and cooperation of CleanDNS where data are shared. |
Drafting and maintaining the record of processing activities (Art. 30 GDPR) | Both Parties shall be responsible for maintaining their own Record of Processing Activities. |
Description of and updating a record of technical and organizational measures (Art. 32 GDPR) | Both Parties are responsible for the creation of and maintenance of suitable records relating to technical and organizational measures relating to the Data Processing. |
Notifications to authorities and data subjects (Art. 33, 34 GDPR) | Parties shall be responsible for their own notifications to Authorities as may be applicable, but with prior notification to the other party where necessary, and where not otherwise prevented by applicable law or relevant court/administrative body directive. |
Responsibility to determine whether data protection impact assessments need to be carried out, (Art. 35 GDPR) | Both Parties shall be responsible for maintaining their own DPIA, where deemed necessary under applicable law |
4. When And With Whom Do We Share Your Personal Information?
Data provided related to Signatories of the Secure Internet Pledge shall be published on the Secure Internet Pledge website. Data that shall be made publicly available, shall be appropriately identified in the signature / sign-up process.
The categories of third parties we may share personal information with are as follows:
· Abusix shall share details relating to Signatories with our Joint Controller, CleanDNS, Inc for the purposes of administrating and monitoring the Secure Internet Pledge and other purposes as outlined above.
· Email and Cloud computing services (collection and storage) (Amazon and Microsoft)
General Disclosure
We may also disclose Personal Information and/or non-personally-identifiable information if required to do so by law, or in the good faith belief that such action is necessary to comply with state and federal laws or respond to a court order, subpoena, or search warrant. The Controllers reserve the right to disclose Personal Information and/or non-personally-identifiable information that they believe, in good faith, is appropriate or necessary to take precautions against liability, to investigate and defend itself against any third-party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of our Website, and to protect the rights, property, or personal safety of the Controllers, our users or others.
Analytics
We may share non-personally-identifiable information (such as anonymous user usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to assist us in understanding the usage patterns for certain content, services, advertisements, promotions, and/or functionality on the Website.
Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
For further information , visit allaboutcookies.org.
How do we use cookies?
Secureinternet.org website uses cookies in a range of ways to improve your experience on our website , including:
• Understanding how you use our website
• Performance and error monitoring
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses:
Functionality – the website uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Data Subject Requests: Access to PII
Where, by applicable legislation, you have the right to obtain from us a confirmation as to whether or not Personal Information concerning you is processed by us. In addition, where such processing is confirmed, and you request it, we will arrange access to the Personal Information along with the following information where applicable:
• the categories of Personal Information collected and processed
• the recipients or categories of recipients to whom the Personal Information has been or will be disclosed, in particular recipients in third countries (outside of the European Economic Area (“EEA”), the State of California in the United States of America or international organizations)
• the period for which the Personal Information will be stored or, if not possible to be determined, the criteria used to determine that period
• the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
• the right to lodge a complaint with a supervisory authority where applicable
• where Personal Information was not collected directly from you, any available information as to its source; an
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and in other relevant legislation, as well as the significance and the envisaged consequences of such processing for the data subject.
Where your Personal Information is transferred to a third country, you also have the right to be informed of the appropriate safeguards we have put in place pursuant to Article 46 of the GDPR relating to the transfer and other applicable legislation.
The Controllers may provide, where requested, a copy of that data relating to you, which is being processed by them, subject to the restrictions as noted in Article 23 of the GDPR and per other applicable legislation.
Rectification
Should you believe we hold incorrect or inaccurate data relating to you, please provide us with all relevant details relating to this inaccuracy, so that we may make the necessary updates to your data, where appropriate to do so.
Deletion / Erasure
Where you, as the data subject, wish the erasure of your Personal Information, The Controllers shall fulfill your request should one of the following grounds apply:
• the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed (e.g., the provision of our Services);
• where processing is based solely upon your required consent, and you withdraw this consent on which the processing is based;
• where you object to the processing, and where there are no overriding legitimate grounds for the processing;
• where you can demonstrate that the Personal Information has been unlawfully processed;
• where you provide notice that the Personal Information must be erased for compliance with a legal obligation as contained in a stated Union or Member State law to which the controller is subject; or
• where the Controllers are unable to demonstrate proper reliance on an exception under 17 (3) of the GDPR or applicable legislation.
Supplemental Erasure
Where the Controllers hav publicly disclosed your data and where you have made a valid request to erase your Personal Information, the controllers will, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform any controllers which are processing that personal data, of your request for erasure, in accordance with applicable legislation.
Data Portability
The controllers where necessary under law, shall ensure the portability of all relevant categories of PII.
Contact:
For assistance with Data Subject Requests, please primarily contact Abusix at [email protected]. Please be aware that deleting your Personal Information may result in your company’s withdrawal from the Safer Internet Pledge. Such a withdrawal may be only temporary until another contact is provided and verified for your entity.
Redirection of Data Subject Requests: The Controllers have identified Abusix as the primary recipient of Data Subject Requests. Please ensure that you forward all such requests to Abusix in the first instance. Where a data subject request is forward to the incorrect Controller in the first instance, that Controller shall provide notice to the relevant Controller, without undue delay.
FOR EUROPEAN ECONOMIC AREA (EEA), SWISS & UNITED KINGDOM CITIZENS
Transfer of data outside of the European Economic Area (“EEA”):
Both Controllers have entered into a suitable Joint Controller Agreement as is required under the GDPR regarding the collection, use, and retention of personal information. Although both Abusix and CleanDNS are US registered entities, and all our primary servers are located within the USA, we have signed a suitable version of the Standard Contractual Clauses, covering the transfer of such data from the European Union, the United Kingdom, and Switzerland to the United States as may be appropriate.
Exercising your Data Subject Rights
The Controllers complies with the requirements of data privacy law as may be applicable to us, and as agreed by the parties under our agreements.
Access, correction or deletion
Note that you continue to have the right to access, correct, or delete your Personal Information processed by us, in accordance with applicable legislation.
For assistance with accessing, correcting, or deleting your personal data, please primarily contact Abusix at [email protected]. Please be aware that deleting your Personal Information may result in your company’s withdrawal from the Safer Internet Pledge. Such a withdrawal may be only temporary until another contact is provided and verified for your entity.
Choice
You also have right to limit the use and disclosure of your personal data by the Controllers, in accordance with applicable legislation, where such data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. To exercise this right to opt out, please either:
– Use the provided link that we provide in any marketing communication to you to unsubscribe; or
– Send an email to [email protected] requesting your opt out; or
– contact our Legal Department by certified mail (return receipt requested) at: CleanDNS Inc., Attn: Data Privacy Contact, One Boston Place 201 Washington Street Boston, MA 02108. USA
Please note that when CleanDNS is processing your data as a controller, Abusix shall liaise with CleanDNS to ensure fulfilment of your request as per applicable law.
The Controllers do not ordinarily or knowingly process or receive Sensitive Personal Data in the provision of its services, however, any such processing would only be carried out with express consent. If you believe the controllers are processing Sensitive Personal Data relating to you, and wish to opt-out, please send an email to [email protected] with details as to such a request, so we may review, and carry out such a request where applicable and appropriate.
Timing
If you make a request, we have one month to respond to you. Should your request be specifically complex, or we are of the belief it may take longer than one month, we shall advise you of this, providing all required reasoning.
Onward Transfers
In the context of an onward transfer of data, we shall remain liable under the applicable law for the onward transfer to sub-processors/agents lwhere our agent processes such personal information in a manner inconsistent with applicable law, unless the third party acting as an agent on our behalf can prove that it is not responsible for the event giving rise to the alleged damage.
Cooperation with the Data Protection Authorities
The Controllers shall cooperate in full, where appropriate, with the Data Protection Authorities (“DPAs”), as a recourse for individuals to whom the data we process relates. These include the EU DPAs in Germany (Abusix) and Ireland (CleanDNS).
Note regarding Website Use
Our website is hosted in the United States and is hosted within the United States. If you are accessing the Website from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use of the Website, which is governed by U.S. law, this Privacy Policy, and our Website Terms of Use, you are transferring your personal information (as outlined above) to the United States and you consent to that transfer.
California Consumer Privacy Act (CPRA)
The California Consumer Privacy Act (CPRA) gives California residents certain rights over their personal information. These rights include the right to know what personal information is collected about them, the right to delete their personal information, and the right to opt out of the sale of their personal information.
We collect and use your personal information for a variety of purposes, including to provide you with our services, to improve our services, and to communicate with you. We may share your personal information with third parties, but we will only do so with your consent or as permitted by law.
You have the following rights under the CPRA:
· The right to know what personal information is collected about you, the sources of that information, the purposes for which it is used, and the third parties to whom it is disclosed.
· The right to access your personal information.
· The right to delete your personal information.
· The right to opt out of the sale of your personal information.
Contact:
To exercise any of these rights, please contact us at [email protected].
Sale of Data
For the avoidance of doubt, any personal data processed for the purpose of the Secure Internet Pledge, whether relating to CA residents or not, is not sold (or disclosed in a manner considered a sale of data), by either controller, as would attract additional obligations under the CPRA.
Privacy policies of other websites
This website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
How to contact us?
If you would like to exercise any of these rights, please contact us at our Data Privacy Contact
Primary Contact:
email: [email protected]
or write to us: Data Privacy Contact, Abusix, Inc. One Boston Place 201 Washington Street Boston, MA 02108. USA
Secondary Contact:
Email: [email protected]
Or write to us : Data Privacy Contact, CleanDNS, Inc, PO Box 364, Yardley, PA 19067 USA
CleanDNS and Abusix developed the Safer Internet Pledge to address the growing need for enhanced security and accountability within the digital ecosystem. Recognizing the critical role that ISPs, Hosting Providers, and Domain Registries and Registrars play in maintaining a secure internet, they created this pledge to foster industry-wide collaboration, promote best practices, and ensure transparency in abuse management. The goal is to empower these key stakeholders to proactively safeguard their networks and customers, ultimately contributing to a safer, more trustworthy internet for all users.