Information Collection and Use
- Mandiant collects PERSONAL INFORMATION when you register for Mandiant information such as whitepapers and reports, newsletters or webcasts, visit Mandiant pages, and enter promotions. This PERSONAL INFORMATION may include your name, email address, and telephone number.
- Mandiant also automatically receives and records information on our server logs from your browser including your IP address, Mandiant cookie information, and the page(s) you requested.
- Mandiant may collect any additional information relating to you that you voluntarily provide to us directly through our websites or indirectly through our representatives or business partners. Mandiant may also provide you with functionality to submit files that Mandiant may use for the purpose of research and development of Mandiant’s offerings.
- Mandiant may use PERSONAL INFORMATION received from you in connection with: to fulfill your requests for information on products and services or any specific questions sent to us, to respond to any complaints, to contact you about offers and new products, to follow up on marketing initiatives and to generally manage your relationship with us.
Information Sharing and Disclosure
- Mandiant will not sell or rent your PERSONAL INFORMATION to anyone.
- Mandiant will send PERSONAL INFORMATION about you to other companies or people when:
• We have your consent to share the information;
• We need to share your information to provide the product or service you have requested;
• We need to send the information to companies who work on behalf of Mandiant (e.g. affiliates, distributors or resellers) to provide a product or service to you or for further follow-up related to your interests. The information shared does not constitute a sale of your PERSONAL INFORMATION.
• We have to disclose your PERSONAL INFORMATION in response to a lawful request by public authorities and agencies, to meet any applicable law and regulation or to protect Mandiant’s assets as permitted by law.
• We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose personal information that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- Mandiant complies with the requirements of the EU-U.S. Privacy Shield Framework, and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Mandiant adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access and recourse, enforcement and liability with respect to all personal information transferred from the EU or Switzerland to the US within the scope of its Privacy Shield certification. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.
- Certain PERSONAL INFORMATION may be subject to more specific privacy policies of Mandiant, which are also consistent with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield Framework.
- Unless we tell you differently, companies who work on behalf of Mandiant do not have any right to use the PERSONAL INFORMATION we provide to them beyond what is necessary to assist us. Mandiant ensures that those companies are contractually bound to confidentiality and use the data received on behalf of Mandiant in line with this Policy and guarantee an adequate level of data protection. Mandiant will remain liable for any failure by the third party that receives PERSONAL INFORMATION on behalf of Mandiant, unless we prove that the event giving rise to the damage was solely caused by the third party.
IP Information Collection and Use Practices
- Mandiant receives IP addresses from all users because this information is automatically reported by your browser each time you view a Web page.
- When a Mandiant Web page is requested and viewed, that request is logged on our servers with information including the IP address of the computer that requested the page.
- IP addresses may be used for various purposes, including estimating the total number of users visiting Mandiant from specific countries or regions of the world.
A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a website's computers and is stored on your computer's hard drive.
Each website can send its own cookie to your browser if your browser's preferences allow it, but to protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites.
Mandiant Practices Regarding Cookies
- Provide you with customized content.
- Keep track of preferences you specify while you are using Mandiant's products and services.
- Estimate and report our total audience size and traffic.
- Conduct research to improve Mandiant content and services.
- Require you to reenter your Mandiant password after a certain period of time has elapsed to protect you.
In addition to the first-party cookies we set, we use external services that set third-party cookies to:
- Enable information sharing across social media services.
- Provide you with targeted advertising in relevant contexts on external sites.
- Keep track of preferences you specify while you are using third-party services.
- Enable third parties to aggregate anonymous user behavior data and provide such research data to Mandiant.
- Monitor and report on site and service usage across Mandiant websites.
- Query third-party services such as Twitter for recently changed information.
Similar Technologies We Use
In addition to cookies, we use Web beacons (also known as "clear GIFs" and "1x1" pixels) and coded URLs. These techniques may be used:
- In online advertising to determine which advertisements you have viewed.
- In our promotional emails to track whether an email has been viewed and subsequent clicks on hyperlinks.
- To support remarketing for AdWords Ads on the Google Display Network. Remarketing technology serves you ads across multiple websites based on your browsing interest and behavior.
In addition, you may choose not to open emails or download images in emails you receive from Mandiant.
To opt out of tracking via coded URLs, you may choose not to click on hyperlinks embedded in marketing emails you receive from Mandiant.
Data Storage and Security
- When you submit information to Mandiant, a temporary copy of that information is routinely made to prevent accidental loss of your information through a computer malfunction or human error.
- Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request. This may be the case even though no information about your account remains in our active user databases.
- Mandiant does not react to Do Not Track signals because there is no standard for how those signals are sent.
- The Mandiant computers (called "servers") that send your Web pages process and store an enormous amount of information every day. These computer records are called "log files."
- Log files are used for analysis, research, auditing, and other purposes, as described above. After this information has been used, it is stored and is inaccessible. Until the information is stored, your Mandiant ID may remain in our active server log files.
- Appropriate technical and physical safeguard measures are in place to protect against unauthorized or unlawful access, misuse, accidental loss, destruction and alternation of any Personal Information which are shared with us in the course of using our website services.
Your Data Privacy Rights
You have a number of rights under relevant data privacy laws, which may include the General Data Protection Regulation (EU) 2016/679 and the California Consumer Privacy Act. Depending on where you are based, those rights may include the right to (i) request access or copies of your personal data Mandiant processes, (ii) rectify incorrect personal data, (iii) delete your personal data, (iv) restrict the processing of your personal data, (v) determine the portability of your personal data, (vi) lodge complaints with competent authorities in your country, and/or (vii) request a list with the names and addresses of any potential recipients of your personal data. To exercise one or more of these rights, or to ask questions or relay concerns, please contact Mandiant’s Data Protection Officer:
11955 Freedom Drive, Suite 300
Reston, Virginia 20190
Mandiant will verify requests that it receives and respond in the time period required under the relevant data privacy laws.
- If you believe your PERSONAL INFORMATION has been used in a way that is not consistent with this Policy, we invite you to contact Mandiant first at [email protected]. We will make all efforts to resolve your complaints in a timely and accurate manner. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S. based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
- Further, Mandiant has committed to cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and to comply with the information and advice provided to it by an informal panel of EU DPAs and the Swiss FDPIC respectively in relation to such unresolved complaints as determined by the Privacy Shield Principles.
- Under certain conditions, EU individuals and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
We may update our Policy from time to time. We will post the updated version in this section of the website. If the revision is significant and may materially change our data privacy practices, we will notify you by using other means, e.g. via email. We will also keep prior versions of this Policy in an archive for your review (see Change History).