Your privacy is important to us. This privacy statement explains the personal data CISO Online processes, how CISO Online processes it, and for what purposes.
CISO Online offers a wide range of products and services to help enterprises operate securely. References to CISO Online products and services in this statement include CISO Online professional services and products supplied by CISO Online or by our partners including but not limited to Microsoft, KnowBe4 and Ninjio.
For individuals in the Australia and United States, please refer to privacy ACT laws.
Personal data we collect
CISO Online collects data from you, through our interactions with you and through our services and products. You provide some of this data directly, and we get some of it by collecting data about your interactions, use, and experiences with our services and products. The data we collect depends on the context of your interactions with CISO Online and the choices you make, including your privacy settings and the services and products features you use. We also obtain data about you from CISO Online affiliates, subsidiaries, and third parties.
You have choices when it comes to the technology you use and the data you share. When we ask you to provide personal data, you can decline. Many of our services and products require some personal data to provide you with a service. If you choose not to provide data -required to provide you with a service, product or feature, you cannot use that service, product or feature. Likewise, where we need to collect personal data by law or to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or if this relates to an existing service or product you are using, we may have to suspend or cancel it. We will notify you if this is the case at the time. Where providing the data is optional, and you choose not to share personal data, features such as personalisation that use such data will not work for you.
How we use personal data
CISO Online uses the data we collect to provide you with rich, interactive experiences. In particular, we use data to:
We also use the data to operate our business, which includes analysing our performance, meeting our legal obligations, developing our workforce and doing research.
In carrying out these purposes, we combine data we collect from different or obtain from third parties to give you a more seamless, consistent and personalised experience, to make informed business decisions, and for other legitimate purposes.
Our processing of personal data for these purposes includes both automated and manual (human) methods of processing. Our automated methods often are related to and supported by our manual methods. For example, to build, train, and improve the accuracy of our automated methods of processing (including artificial intelligence or AI), we manually review some of the output produced by the automated methods against the underlying data.
As part of our efforts to improve and develop our products, we may use your data to develop and train our AI models.
Reasons we share personal data
We share your personal data with your consent or to complete any transaction or provide any service and product you have requested or authorised. We also share data with CISO Online-controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our services and products; and to protect the rights and property of CISO Online and its customers.
How to access and control your personal data
You can also make choices about the collection and use of your data by CISO Online. You can control your personal data that CISO Online has obtained, and exercise your data protection rights, by contacting CISO Online or using various tools we provide. In some cases, your ability to access or control your personal data will be limited, as required or permitted by applicable law. How you can access or control your personal data will also depend on which services or products you use.
Cookies and similar technologies
Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honouring your preferences and settings, enabling you to sign-in, providing interest-based advertising, combating fraud, analysing how our services and products perform and fulfilling other legitimate purposes. CISO Online and our partners apps use additional identifiers, such as the advertising ID for similar purposes.
We also use “web beacons” to help deliver cookies and gather usage and performance data. Our websites may include web beacons, cookies, or similar technologies from CISO Online affiliates and partners as well as third parties, such as service providers acting on our behalf.
Third party cookies may include: Social Media cookies designed to show you ads and content based on your social media profiles and activities on our websites; Analytics cookies to better understand how you and others use our websites so that we can make them better, and so the third parties can improve their own products and services; Advertising cookies to show you ads that are relevant to you; and Required cookies used to perform essential website functions. Where required, we obtain your consent prior to placing or using optional cookies that are not (i) strictly necessary to provide the website; or (ii) for the purpose of facilitating a communication.
You have a variety of tools to control the data collected by cookies, web beacons, and similar technologies. For example, you can use controls in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies.
Products provided by your organisation – notice to end users
If you use a CISO Online or our partners product with an account provided by an organisation you are affiliated with, such as your work or school account, that organisation can:
If you lose access to your work or school account (in event of change of employment, for example), you may lose access to products and the content associated with those products, including those you acquired on your own behalf, if you used your work or school account to sign in to such products.
Many products are intended for use by organisations, such as schools and businesses. If your organisation provides you with access to products, your use of the products is subject to your organisation’s policies, if any. You should direct your privacy enquiries, including any requests to exercise your data protection rights, to your organisation’s administrator. When you use social features in products, other users in your network may see some of your activity. CISO Online is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.
When you use a CISO Online service or product provided by your organisation, CISO Online’s processing of your personal data in connection with that service or product is governed by a contract between CISO Online and your organisation. CISO Online processes your personal data to provide the service or product to your organisation and you, and in some cases for CISO Online’s business operations related to providing the service or product. As mentioned above, if you have questions about CISO Online’s processing of your personal data in connection with providing products to your organisation, please contact your organisation. If you have questions about CISO Online’s business operations in connection with providing services or products to your organisation as provided in the Product Terms, please contact CISO Online.
CISO Online account
With a CISO Online or our partner’s account, you can sign in to your services and products, as well as those of select CISO Online partners. Personal data associated with your account includes credentials, name and contact data, payment data, device and usage data, your contacts, information about your activities, and your interests and favourites. Signing in to your account enables personalisation and consistent experiences across services, products and devices, permits you to use cloud data storage, allows you to make payments using payment instruments stored in your account and enables other features.
There are three types of account:
If you sign into a service offered by a third party with your account, you will share with that third party the account data required by that service.
Collection of data from children
For users under the age of 13, or as specified by law in their jurisdiction, certain CISO Online products and services will either block users under that age or will ask them to obtain consent or authorisation from a parent or guardian before they can use it, including when creating an account to access CISO Online services. We will not knowingly ask children under that age to provide more data than is required to provide for the product.
Once parental consent or authorisation has been granted, the child’s account is treated much like any other account.
Artificial Intelligence
CISO Online leverages the power of artificial intelligence (AI) in many of our services and products, including by incorporating generative AI features such as Microsoft Copilot capabilities. CISO Online’s deployment and use of AI is subject to CISO Online’s collection and use of personal data in developing and deploying AI features is consistent with commitments outlined in this privacy statement.