Privacy Policy

Effective starting: January 01, 2024

CM Security GmbH (“CM Security”) comply with the Privacy Shield Framework and the Privacy Shield Principles regarding the collection, use, and retention of personal information transferred from the European Union. CM Security will ensure that the Privacy Shield principles apply to all personal data that is subject to this Privacy Policy and is received from the European Union.

Under the Privacy Shield Framework, CM Security is responsible for the processing of personal data it receives from the EU and then transfers to a third party acting as an agent on its behalf. We remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such personal data on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage. CM Security will share your personal information with third parties (i.e., vendors whose services CM Security uses to deliver, maintain, or operate our services or business, including to market our services to you). If you wish to limit or restrict the use or sharing/disclosure of your personal information, you can email us at privacy@cm-security.com.

As further explained in the “International Users; Privacy Shield” section below, we encourage you to contact us should you have a Privacy Shield-related (or general privacy-related) complaint. For any complaints that cannot be resolved with CM Security directly, CM Security has chosen to cooperate with EU data protection authorities (DPAs) and comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints (as further described in the Privacy Shield Principles). If you are an EU resident and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us. Under certain conditions, more fully described on the Privacy Shield website, if you are an EU resident, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Please contact us to be directed to the relevant DPA contacts. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. CM Security is subject to the investigatory and enforcement powers of the European Federal Trade Commission.

Introduction

This Privacy Policy explains what information CM Security and its related entities collect about you and why, what we do with that information, how we share it, and how we handle the content you place in our products and services. It also explains the choices available to you regarding our use of your personal information and how you can access and update this information.

Scope of Privacy Policy

This Privacy Policy applies to the information that we obtain through your use of “CM Security Services” via a “Device” or when you otherwise interact with CM Security.

CM Security Services” include our:

◦         Websites & e-shop

◦         Software as a Service (SaaS) Products

◦         Software products and mobile applications

◦         Downloadable Products and mobile applications

but does not include:

◦         CM Security products or services for which a separate privacy policy is provided.

◦         Third Party Products. These are third party products or services that you may choose to integrate with CM Security product or services, such as third-party Add-Ons available in the CM Security Marketplace. You should always review the policies of third-party products and services to make sure you are comfortable with the ways in which they collect and use your information.

A “Device” is any computer used to access the CM Security Services, including without limitation a desktop, laptop, mobile phone, tablet, IoT sensors or other consumer electronic device. Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.

By registering for or using CM Security Services you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy.

Definitions

Add-On: a bundle of code, resources and configuration files that can be used with an CM Security product to add new functionality or to change the behavior of that product’s existing features.

Content: any information or data that you upload, submit, post, create, transmit, store or display in an CM Security Service. This information has been anonymized such that it does not allow for the ready identification of specific individuals.

Downloadable Products: CM Security’s downloadable software products and mobile applications (iAlert PLUS, iAlert Facility), including Add-Ons created by CM Security, that are installed by customers on an infrastructure of their choice. Downloadable Products do not include Add-Ons created by third parties, even when they are accessed through Cm-security.com or available through the CM Security Marketplace.

Information: all the different forms of data, content, and information collected by us as described in this Privacy Policy.

Personal Information: information that may be used to readily identify or contact you as an individual person, such as: personal data (name, address, email address, or phone number), geographical location, microphone’s recordings, photos, phone’s sensor status, sensitive data (health notes, insurance name – contract number) and geographical location history. Personal Information include information that has been anonymized such that it does not allow for the ready identification of specific individuals.

SaaS Products: CM Security’s “Cloud” hosted solutions, as well as other CM Security hosted solutions that display a link to this Privacy Policy (such as Realview CRM 4Security). For the avoidance of doubt, if an CM Security hosted solution displays a link to a different privacy policy, then that other privacy policy shall apply.

Websites: CM Security’s websites, including but not limited to cm-security.com, cm-security.*, and any related websites, sub-domains and pages.

 

Changes to our Privacy Policy

We may change this Privacy Policy from time to time. If we make any changes, we will notify you by revising the “Effective Starting” date at the top of this Privacy Policy. If we make any material changes, we will provide you with additional notice (such as by adding a notice on the CM Security Services homepages, login screens, or by sending you an email notification). We encourage you to review our Privacy Policy whenever you use CM Security Services to stay informed about our information practices and the ways you can help protect your privacy. If you disagree with any changes to this Privacy Policy, you will need to stop using CM Security Services and deactivate your account(s), as outlined below.

Information you provide to us

We collect the following information:

Account and Profile Information: We collect information about you and your company as you register for an account, create, or modify your profile, make purchases through, use, access, or interact with the CM Security Services (including but not limited to when you upload, download, collaborate on or share Content). Information we collect includes

◦         Contact information such as name, email address, mailing address, and phone number

◦         Billing information such as taxation number and billing address

◦         Profile information such as a username, profile photo, and job title

◦         Preferences information such as notification and marketing preferences

You may provide this information directly when you enter it in CM Security Services.

In some cases, another user (such as a system administrator) may create an account on your behalf and may provide your information, including Personal Information (most commonly when your company requests that you use our products). We collect Information under the direction of our customers and often have no direct relationship with the individuals whose personal data we process. If you are an employee of one of our customers and would no longer like us to process your information, please contact your employer. If you are providing information (including Personal Information) about someone else, you must have the authority to act for them and to consent to the collection and use of their Personal Information as described in this Privacy Policy.

Content: We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our SaaS Products, or Websites.

Furthermore, we collect and store content that your mobile phone, can create, input, submit, post, upload, transmit, store or display, while using our Mobile applications, with your consent. These applications have been developed only for safety purposes and can transfer (upon your request), your personal information to a Security Operations Center (S.O.C). These data are transmitted, using encrypted industry standard protocol (TLS), if the three (3) following rules have been fulfilled: a) You must personally apply for a job or for a subscription as an individual to a S.O.C., b) You must enable the above mentioned data on the application’s setting board, c) You must press any of the panic buttons (e.g. alert, fire, medical, take a photo, take position). Mobile applications use location services in the background so as to track your position and send these data to a S.O.C.. The aim of this action is the immediate response, by the SOC team for your safety and only. In case you don’t apply for a subscription or for a job to a S.O.C., you might be able to send some of the above mentioned data to one or two relatives via email protocol, using the e-mail feature (if the mobile application is capable of doing so).

Other submissions: We collect other data that you submit to our websites or as you participate in any interactive features of the CM Security Services, participate in a survey, contest, promotion, activity or event, apply for a job, request customer support, communicate with us via third party social media sites or otherwise communicate with us. For example, information regarding a problem you are experiencing with an CM Security product could be submitted to our Support Services or posted on our public forums.

Information we collect from your use of CM Security Services

Web Logs: As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and SaaS Products. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your Devices, your mobile carrier, and system configuration information. In the case of our SaaS Product, the URLs you accessed (and therefore included in our log files) include usernames as well as elements of Content (such as Jira project names, project keys, status names, and JQL filters, and Confluence page titles and space names) as necessary for the SaaS Product to perform the requested operations. Occasionally, we connect Personal Information to information gathered in our log files as necessary to improve CM Security Services for individual customers. In such case, we would treat the combined Information in accordance with this privacy policy.

Analytics Information from Website and SaaS Products: We collect analytics information when you use our Websites and SaaS Products to help us improve our products and services. In the SaaS Products, this analytics information consists of the feature and function of the CM Security Service being used, the associated license identifier and domain name, the username and IP address of the individual who is using the feature or function (which will include Personal Information if the Personal Information was incorporated into the username), the sizes and original filenames of attachments, and additional information required to detail the operation of the function and which parts of the CM Security Services are being affected. As such, the analytic information we collect may include Personal Information or sensitive business information that the user has included in Content that the user chose to upload, submit, post, create, transmit, store or display in a CM Security Services.

As of the date this policy went into effect, we use Google Analytics as an analytics provider. To learn more about the privacy policy of Google Analytics, refer to Google’s Policies and Principles. Use the Google Analytics Opt-out Browser Add-on to prevent analytics information from being sent to Google Analytics.

Analytics Information Derived from Content. Analytics information also consists of data we collect because of running queries against Content across our user base for the purposes of generating Usage Data. “Usage Data” is aggregated data about a group or category of services, features or users that does not contain Personal Information. For example, we may query Content to determine the most common types of workflows that users use (e.g. what percentage of all instances use ITIL style workflows?) by searching for the most common workflow names, or we may query Content to determine the most popular job titles for Confluence users in order to better understand the composition of our user base.

Though we may happen upon sensitive or Personal Information as we compile Usage Data from Content across user instances, this is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the Content of any customer.

Analytics Information from Downloadable Products: We collect analytics information when you use our Downloadable Products to help us improve our products and services. Our Downloadable Products contain a feature that sends information about the technical operation of the Downloadable Products on your systems (“System Information”) to us. System Information includes information about (a) the server environment in which the Downloadable Product is operating OS type and version, JVM version, Java environment properties, CPU type, RAM allocation, language and locale settings, database type and version, and disk utilization, as well as (b) user client information, for example: browser type and version, native client type and version, and client device specifications (e.g. screen resolution, OS version, device type, etc.). In addition, we collect analytics information from Downloadable Products that is a subset of the analytics information described above for Websites and SaaS Products.

Installer Analytics, Software Updates & License Information from Downloadable Products: During the installation of our Downloadable Products, the installer sends analytics information to CM Security to allow us to understand where in the installation process users are experiencing trouble or dropping out. Our Downloadable Products also communicate with CM Security servers for licensing purposes, as well as to check for updates, patches, and compatibility with Add-Ons. Examples of information we collect for these purposes include the name and version of the Downloadable Product and the server ID, SEN, and IP address of the customer instance.

 Cookies and Other Tracking Technologies: CM Security and our third-party partners, such as our advertising and analytics partners, use various technologies to collect information, such as cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory. We use cookies to improve and customize CM Security Services and your experience; to allow you to access and use the Websites or SaaS Products without re-entering your username or password; and to count visits and understand which areas and features of the Websites and SaaS Products are most popular. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our websites or SaaS Products. CM Security and our third-party partners also collect information using web beacons (also known as “tracking pixels”). Web beacons are electronic images that may be used in our Websites or SaaS Products or in emails that help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.

CM Security and our third-party partners also use JavaScript, e-tags, “flash cookies”, and HTML5 local storage to collect information about your online activities over time and across different websites or online services. Many browsers include their own management tools for removing HTML5 local storage objects.

Information we collect from other sources

Information from third party services: We also obtain information from third parties and combine that with Information we collect through CM Security Services. For example, we may have access to certain information from a third-party social media or authentication service if you log into CM Security Services through the service or otherwise provide us with access to Information from the service. Any access that we may have to such Information from a third party social or authentication service is in accordance with the authorization procedures determined by that service. By authorizing us to connect with a third-party service, you authorize us to access and store your name, email address(es), current city, profile picture URL, and other information that the third-party service makes available to us, and to use and disclose it in accordance with this Privacy Policy. You should check your privacy settings on these third-party services to understand and change the information sent to us through these services.

 

How we use Information we collect

General Uses: We use the Information we collect about you (including Personal Information to the extent applicable) for a variety of purposes, including to:

◦         Provide, operate, maintain, improve, and promote CM Security Services

◦         Enable you to access and use CM Security Services, including uploading, downloading, collaborating on and sharing Content

◦         Process and complete transactions, and send you related information, including purchase confirmations and invoices

◦         Send transactional messages, including responding to your comments, questions, and requests; providing customer service and support; and sending you technical notices, updates, security alerts, and support and administrative messages

◦         Send promotional communications, such as providing you with information about services, features, surveys, newsletters, offers, promotions, contests, events and sending updates about your team and chat rooms; and providing other news or information about us and our select partners. You have the ability to opt out of receiving any of these communications as described below under “Your Choices”

◦         Process and deliver contest and rewards

◦         Monitor and analyze trends, usage, and activities in connection with CM Security Services and for marketing or advertising purposes

◦         Investigate and prevent fraudulent transactions, unauthorized access to CM Security Services, and other illegal activities

◦         Personalize CM Security Services, including by providing content, features, or advertisements that match your interests and preferences

◦         Enable you to communicate, collaborate, and share Content with users you designate

◦         For other purposes about which we obtain your consent

Notwithstanding the foregoing, we will not use Personal Information appearing in our Analytics Logs or Web Logs for any purpose. The use of Information collected through our CM Security Services shall be limited to the purposes disclosed in this policy.

Compiling aggregate analytics information: Because our SaaS Products and Downloadable Products are some of the most configurable in the market, we make extensive use of analytics information (including log and configuration data) to understand how our products are being configured and used, how they can be improved for the benefit of all of our users, and to develop new products and services. As such we generate Usage Data (as defined above) from the web logs and analytics logs described above, including the Content elements captured in such logs, as well as from the Content stored in the Websites and SaaS Products.

Information sharing and disclosure

We will not share or disclose any of your Personal Information or Content with third parties except as described in this policy. We do not sell your Personal Information or Content.

Your Use: When you use CM Security Services, Content you provide will be displayed back to you. Certain features of CM Security Services allow you or your administrator to make some of your Content public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you input into CM Security Services.

Collaboration : As a natural result of using CM Security Services, you may create Content and grant permission to other CM Security users to access it for the purposes of collaboration. Some of the collaboration features of CM Security Services display your profile information, including Personal Information included in your profile, to users with whom you have shared your Content. Where this information is sensitive, we urge you to use the various security and privacy features of the CM Security Services to limit those who can access such information. Your sharing settings may make any Information, including some Personal Information, that you submit to the CM Security Services visible to the public, unless submitted to a restricted area.

Access by your system administrator: You should be aware that the administrator of your instance of CM Security Services may be able to:

◦         access information in and about your CM Security Services account.

◦         access communications history, including file attachments, for your CM Security Services account.

◦         disclose, restrict, or access information that you have provided or that is made available to you when using your CM Security Services account, including your Content; and

◦         control how your CM Security Services account may be accessed or deleted.

CM Security Community: Our Websites offer publicly accessible community services such as blogs, forums, bug trackers, and wikis. You should be aware that any Content you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account. To request removal of your Personal Information from the CM Security Community, please contact us using the information listed below. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to and why.

Service Providers, Business Partners and Others: We work with third party service providers to provide website, application development, hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis, and other services for us. These service providers may have access to or process your Information for the purpose of providing those services for us. Some of our pages utilize white-labeling techniques to serve content from our service providers while providing the look and feel of our site. Please be aware that you are providing your Information to these third parties acting on behalf of CM Security.

Third Party Add-Ons: You may choose to make use of third-party Add-Ons in conjunction with CM Security Services. Third party Add-Ons are software written by third parties to which you grant access privileges to your Content (which may include your Personal Information). When access is granted, your Content is shared with the third party. Third party Add-On policies and procedures are not controlled by CM Security even though the third-party Add-On may be available through CM Security Services. Third parties who have been granted access to your Content through Add-Ons could use this data to contact you and market services to you and could share your data with other third parties. This Privacy Policy does not cover the collection or use of your data by third party Add-Ons, and we urge you to consider the privacy policies governing third party Add-Ons. If you object to your Personal Information being shared with these third parties, please uninstall the Add-On (in the event installed from the CM Security Marketplace) or terminate your agreement with the third-party Add-On provider (in the event you have purchased a direct integration).

Links to Third Party Sites: The CM Security Services may include links to other websites whose privacy practices may differ from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Social Media Widgets: The CM Security Services may contain social media features, such as the Twitter “tweet” button. These features may collect your IP address, which page you are visiting on the CM Security Services, and may set a cookie to enable the feature to function properly. Social media features and Widgets are either hosted by a third party or hosted directly on our CM Security Services. Your interactions with these features are governed by the privacy policy of the company providing it.

Testimonials: We may display personal testimonials of satisfied customers on the CM Security website. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using this email appsupport@cm-security.com.

Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your Information (including your Personal Information) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of CM Security’s products and services, (d) to protect CM Security, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.

Business Transfers: We may share or transfer your Information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the CM Security Services of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.

Aggregated or Anonymized Data: We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.

With Your Consent. We will share your Personal Information with third parties when we have your consent to do so.

Information we do not share. We do not share Personal Information about you with third parties for their marketing purposes (including direct marketing purposes) without your permission.

Data storage, transfer and security

CM Security hosts data with hosting service providers in numerous countries including the United States and Australia. The servers on which Personal Information is stored are kept in a controlled environment. While we take reasonable efforts to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any incidentally collected Personal Information you choose to store in Websites or SaaS Products are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.

Where data is transferred over the Internet as part of a Website, SaaS Product or mobile, the data is encrypted using industry standard SSL/TLS.

Where Downloadable Products are used, responsibility of securing access to the data you store in the Downloadable Products rests with you and not CM Security. We strongly recommend that administrators of Downloadable Products configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage used to hold data.

Your Choices

You may opt out of receiving promotional communications from CM Security by using the unsubscribe link within each email, updating your email preferences at my.Cm-security.com or within your CM Security Service account settings menu, or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding CM Security’s Services. You can opt-out of some notification messages in your account settings.

Accessing and updating your information

You may often correct, update, amend, or remove your Personal Information in your account settings or by directing your query to your account administrator. You may also contact Support Services or contact us by postal mail using the address listed below. We will respond to your request for access within 30 days.

You can often remove Content using editing tools associated with that Content. In some cases, you may need to contact your administrator to request they remove the Content. You can contact us to request removal of Personal Information from CM Security Community services.

You or your administrator may be able to deactivate your CM Security Services account. If you can deactivate your own account, you can most often do so in your account settings. Otherwise, please contact your administrator. To deactivate an organization account, please contact Support Services. To deactivate an account made for you without authorization, please contact us at the contact information below. We will retain your account information for as long as your account is active, or as reasonably useful for commercial purposes or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If your account is managed by an administrator, that account administrator may have control with regards to how your account information is retained and deleted.

Our policy towards children

CM Security Services are not directed to individuals under 13. We do not knowingly collect Personal Information from children under 13. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact our Support Services at appsupport@cm-security.com.

International users; Privacy Shield Related Complaints

If you are visiting from other regions outside the European Union, with laws governing data collection and use, please note that you are agreeing to the transfer of your Personal Information to us. By providing your Personal Information, you consent to any transfer and processing in accordance with this Policy.

We encourage you to contact us if you have any question or concerns about this Policy using the contact information below. Even If you have an unresolved privacy or data use concern that we have not addressed satisfactorily.  CM Security has also chosen to cooperate with EU data protection authorities (DPAs) and comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints (as further described in the Privacy Shield Principles).

Please contact us to be directed to the relevant DPA contacts. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. CM Security is subject to the investigatory and enforcement powers of the European Union Trade Commission.

Contact Us

CM Security GmbH

Otto-Hahn-Str. 3, D-72406 Bisingen

Landline: +49 (0) 7476 / 9495-0

e-mail: info@cm-security.com