ProtectNetwork

Secure Single Sign-On Cloud Service

Policy: Privacy Policy

At ProtectNetwork, the privacy and security of our customer’s personal information is of the utmost importance. We never take for granted the trust our customers have placed in us and we honor that trust by managing our customer’s personal information with the highest level of care.

Safeguarding the privacy and security of customer information is a complex and dynamic process. We understand that the information you furnish to ProtectNetwork in the course of applying for and managing a SAML based Shibboleth digital identity needs to be treated responsibly. ProtectNetwork does not now, nor does it intend to in the future, disclose any nonpublic personal information without your consent, other than as is necessary to provide the services which you request. Furthermore, in a number of cases ProtectNetwork is affirmatively prohibited from the disclosure of personal information we obtain from you to unrelated third parties. Nevertheless, ProtectNetwork is required to provide all customers with this Privacy Policy and the means for you to inform ProtectNetwork whether your non-public personal information may be shared with unrelated third parties. The principles and polices stated herein are consistent with ProtectNetwork’s Digital Identity Management Policies, End-User Digital Identity Request Applications and Identity Management Service Level Agreements with our enterprise customers.

Throughout the End-User Customer Privacy Policy, “we”, “us” and “our” refer to the ProtectNetwork team at 9STAR Research, Inc. “You” and “your” refer to the end-user customers of ProtectNetwork. ProtectNetwork digital identity or digital identity refers to Shibboleth and/or SAML based digital identity.

  1. Privacy Principles. ProtectNetwork has adopted Privacy Principles that reflect our commitment to safeguarding your personal information. Therefore, we pledge to:

    • Recognize end-user customer’s expectation of privacy. We recognize and respect the privacy expectations of our end-user customers and want to explain principles of privacy to our customers in an appropriate fashion. These principles and the accompanying policy statement are provided to explain how we continuously work to meet our customers’ expectation of privacy.
    • Collect, use and retain a customer’s information only if we believe that the customer will benefit. We collect, retain and use information about individual end-user customers only where required by law, regulation or we reasonably believe it is useful and allowed by law in order to administer our business, to provide products and services, enhance existing services, and support customer inquiries.
    • Maintain accurate information. We have established procedures so that the customer’s personally identifying information we collect for the purpose of providing Shibboleth identities with levels of assurance of 2, 3 or 4 is accurate, current and complete in accordance with reasonable commercial standards. We will respond to requests from our customers to correct inaccurate information under our control in a timely manner.
    • Limit access by Employees and Agents. We limit employee and agent access to personally identifiable information to those with a business reason for knowing such information. Our employees and agents are trained to understand the importance of confidentiality and customer privacy and security. We have privacy and security guidelines in place and will take the appropriate disciplinary measures to enforce these guidelines. In addition, we specially negotiated additional privacy protection with our nationally-recognized web-hosting provider so that none of their employees or agents will access our data.
    • Protect information via established security procedures. We have adopted commercially reasonable security standards and procedures to guard against unauthorized access to customer information.
    • Restrict the disclosure of account information. We will not reveal specific information disclosed by or in the process of applying for a digital identity or personally identifiable data to unaffiliated third parties for their independent use with the following exceptions: (1) the information is provided to help complete a end-user customer initiated transaction; (2) the customer requests it; (3) the disclosure is required by or is allowed by law (e.g., subpoena, investigation of fraudulent activity, etc.); (4) the customer has been informed about the possibility of disclosure for marketing or similar purposes through a prior communication and has not exercised the right to opt out; (5) the information is exchanged with reputable information reporting agencies to maximize the accuracy and security of such information; or (6) in the performance of bona fide corporate due diligence for merger or asset sales or transfer of accounts to another entity for the purpose of continued operation of the ProtectNetwork service.
    • Make our privacy principles and policies known to the customer. We will always provide our customers with reasonable access to our privacy policy. With the above-stated privacy principles as a foundation, the policy language that follows is a detailed explanation of how and why we collect, use and share information.
  2. Information Collection and Use. 2.1. We collect the information we believe necessary to deliver our products and services according to your specifications and expectations. Due to the complex nature of Shibboleth and SAML based digital identities, online transactions and the technology services we provide, we must collect certain types of nonpublic personal information about you in order for us to deliver the products and services you request. We collect nonpublic personal information about you in a variety of ways, including:
    • Information we receive from you on applications or other forms to obtain a digital identity. Depending on the product or service requested, the information we may request could include (but is not limited to) your name, address, driver’s license number, passport details, date of birth, credit card billing data, employment, taxpayer identification number, telephone and fax numbers, and email address. ProtectNetwork does not however, collect, request, or otherwise access the password or private signing key associated with your public ProtectNetwork digital identity. Furthermore, no employee representative of ProtectNetwork will ever request a copy of your password or private signing key, or request that you disclose any access password or passphrase.
    • Information about your transactional experience and digital identity use with us, our affiliates, or others. This information helps us to identify and protect your account against unauthorized access as well as enhancing the products and services that are offered to you. (c) Information from commercial databases, or other publicly available sources. This information includes ProtectNetwork’s accessing of databases maintained by consumer reporting agencies to verify the initial information provided that may establish your identity or verify your employment. This information enables us to determine your eligibility to obtain a ProtectNetwork digital identity at LOA-2 or higher. We will not access credit-reporting information in a manner that might affect your credit rating unless you grant us express permission to do so.
    • When you visit ProtectNetwork web sites, we may collect transaction, site navigation, customer contact and optional survey information. We use this information to enhance and personalize our online services.
    • If you choose not to provide the information necessary for us to fulfill a request for a specific product or service, we may not be able to process your request.
  3. Information Sharing. ProtectNetwork does not disclose any nonpublic personal information about our customers or former customers to anyone, except as permitted or required by law or as described below.

    3.1. Information sharing with authorized Application Service Providers. The Single Sign On service provided by ProtectNetwork works by releasing your attributes on-demand to authorized Application Service Provider (“ASP”) sites based on your request. After you register with ProtectNetwork and attempt to access an authorized APS’s website, a popup window will identify which of your information the website will request from ProtectNetwork and whether you agree to release that information. If you agree, ProtectNetwork will provide that information to the website. If you do not agree, then your information will not be provided. For more information, please refer to the ProtectNetwork Attribute Release Policy (“ARP”) at www.protectnetwork.org/policies/arp.html.

    3.2. Information sharing with unaffiliated third parties. In order to provide the products and services you request, we may disclose the following information to reputable organizations that perform outsourced operational support, provide marketing services or other services assisting in the administration of ProtectNetwork digital identity and related e-commerce services provided by ProtectNetwork.

    • Information we receive from you on applications or other forms, such as your name, address, driver’s license number and passport details
    • Information about your transactions with us, our affiliates, or others, such as your identity application and validation history, parties to transactions; and
    • The information we furnish to outside organizations can only be used for providing the specific services they are hired to perform. All outside organizations hired to perform specific services on our behalf are prohibited by contract from disclosing or using the information in any manner other than to fulfill the products or services requested by our customers.

    3.3. Information sharing with unrelated third parties. Currently, ProtectNetwork does not share any of your non-public personal information with unrelated third parties. In the future, we may become aware of companies that offer products and services that may be of interest to you. If so, we may share your name, address, transaction experience and other identifying information with these companies for purposes of marketing their products or services to you. If you do not want us to share your information with non-affiliated companies for their marketing purposes, refer to “Respecting Your Preferences” section below for more information on preventing such sharing.

    3.4. Information sharing due to reorganization or acquisition. While currently we do not foresee a reorganization or acquisition, if either is proposed or actually occurs, 9STAR reserves the right to provide the information that was submitted to 9STAR to the acquiring business.

    3.5. Information sharing with outside parties – other situations. There are certain situations where we may, in good faith, disclose information requested by government agencies, consumer reporting agencies and other outside parties as permitted or required by law. Examples include:

    • Enabling legal process or to complying with federal, state or local laws, rules and other applicable legal requirements (e.g., a court order or subpoena for information);
    • Providing information to facilitate a fraud investigation;
    • Facilitating an audit or examination by a government regulatory agency or other request in accordance with the Right to Financial Privacy Act or other applicable law;
    • Enforcing an obligation, including filing lawsuits or bankruptcy claims;
    • In the case of ProtectNetwork acting as a service provider to a Federal Government agency, in which we maintain information within a system of records as that term is used by the Privacy Act of 1974, ProtectNetwork may disclose such information in any manner consistent with the Privacy Act of 1974.
  4. Former customers and applicants. ProtectNetwork provides the same private and secure treatment for the nonpublic personal information of applicants and former customers as it provides for existing customers. Information previously collected from former customers is maintained on file in accordance with state and federal regulatory requirements for record retention.
  5. Employee Access to Customer Information. ProtectNetwork trains its employees and agents to adhere to policies regarding customer information privacy and security. ProtectNetwork employees and agents are bound by this policy and are trained on privacy requirements. Only employees and agents having an appropriate business reason have authorized access to customer information.
  6. Information Accuracy. ProtectNetwork strives to maintain the accuracy of the information you provide. If you have reason to believe that the information we have about you and your account is inaccurate or incomplete, please contact us through the following email address: helpdesk AT ProtectNetwork DOT ORG. We will take immediate action to correct any inaccuracy under our control.
  7. Children Ages Thirteen and Under. Currently, ProtectNetwork does not offer products or services to children age thirteen and under. If in the future ProtectNetwork offers digital identities and authentication services to children thirteen and under, we will do so in compliance with all applicable laws. We recognize our responsibility to protect the privacy and security of any information we collect from children. In accordance with the Children’s Online Privacy Protection Act of 1998, should ProtectNetwork provide this kind of service, ProtectNetwork pledges to:
    • Obtain verifiable parental consent prior to collecting personally identifying information from children;
    • Upon request, provide parents with a description of the types of information collected from their child, or the actual information obtained from their child, and an opportunity to refuse to permit further use or future collection of such information;
    • Not condition a child’s participation in games, contests or any other activity upon the disclosure of more information than is reasonably necessary to participate; and
    • Maintain reasonable procedures to protect the confidentiality, security and integrity of personal information collected from children.
  8. Respecting Your Preferences. ProtectNetwork offers a range of technology products and services to help you securely, safely and efficiently realize the true economic potential of the Internet. On occasion, ProtectNetwork may want to contact you to offer information on products and services that could benefit you. We understand that to some, such solicitations may be unwanted. Although ProtectNetwork does not currently share information with unrelated third parties, you can inform us of your preferences, for our future reference.
  9. Reserve the Right to Change our Privacy Policy. From time to time, we may revise this Privacy Policy to reflect changes in technology, privacy law or changes in our operations and practices.
  10. Conflict. In the event that the Privacy Policy and the Service Agreement conflict, the Service Agreement governs the parties’ agreement. For further information, please do not hesitate to contact us. Please email to: privacy@protectnetwork.com.
© 2017 | 9STAR | All Rights Reserved
Find us on Facebook | Follow us on Twitter