1) Why, How and What Personal Data is collected?
HEXACT collects data in order to develop and offer Services dedicated to research, testing and monitoring of websites and domain names. In the context of our Services, we may collect Personal Data about you in several ways and may include:
Personal Data provided by you.
You may provide us with Personal Data voluntarily in connection with purchasing our Services, registering for a HEXACT user account, requesting information or support from HEXACT via phone, email, or our website. We may collect your name, company name, email address, phone number, geographic location and industry, information from correspondence with you, your account alias and password for user log-in, information related to the use of our Services, payment information such as billing address or credit card information, and additional Personal Data you provide to us. While you are free to choose what information you provide to us, some information, such as your name, address, payment information, and information about your Services usage or subscription may be necessary for the performance of our contractual obligations. If you do not provide such information to us, you will not be able to license or use certain Services.
Personal Data collected via technology.
Personal Data we receive from third parties.
We may receive Personal Data about you from third parties such as social media sites, law enforcement agencies, promotional partners, and other marketing vendors. This information may include your name, address, email address, and phone number.
Personal Data associated with internet domain names.
We collect publicly-available domain and DNS related information (often referred to as Open Source Intelligence or OSINT) from entities tasked with coordinating the internet’s global domain name system. This information (“DNS related information”) may include the name, address, phone number, and email address of a domain registrant, administrative contact, or technical contact.
2) The reasons to collect and use your Personal Data?
The reasons we collect and use Personal Data differ depending on the purpose of the collection.
We use your Personal Data in order to offer or provide Services to you.
If you license Services from HEXACT or contact us to request Services or Services support, we use your Personal Data to provide Services to you. Personal Data we use for this purpose includes information we need to contact you and communicate with you, information to provide you with individualized offers, information to manage and execute your requests, and information necessary to obtain payment.
We use your Personal Data when supported by legitimate business interests.
We may use Personal Data in connection with a legitimate business interest, such as to evaluate and review our business performance or to identify potential cybersecurity threats to our Services, networks, or systems. If necessary, we may also use your Personal Data to pursue or defend ourselves against legal claims. If you use our Services, we may use your Personal Data to provide and improve those Services.
We collect and use DNS related information that is publicly available at the time of collection, and that may contain Personal Data, to provide Services to users, to maintain and improve those Services, and to develop new Services. These Services include tools to help our users prevent, detect, investigate, or mitigate cybersecurity threats, fraud, and misuse; protect intellectual property rights; research the history of a domain; or contact the registrant, administrative contact, or technical contact of a domain.
We use your information after obtaining your consent.
In some cases, we may ask you to grant us separate consent to use your information, for example, in connection with our marketing campaigns. In that event, you are free to deny your consent or withdraw your consent at any time without any negative consequences. If you have granted us consent to use your information, we will use it only for the purposes specified in the consent. You may unsubscribe from our marketing communications at any time by sending an email to [email protected] or clicking the “unsubscribe” link in communications you receive from us.
We use your information to comply with legal obligations.
We may be legally obligated to retain certain Personal Data.
We will only use your Personal Data for the purposes for which we have collected it. We will not use your Personal Data for other purposes. Your Personal Data will not be used for automated individual decision-making.
3) Does HEXACT share your Personal Data with third parties?
We share your Personal Data with your consent or as necessary to provide you with Services you have requested or purchased. Additionally, we may share Personal Data with our affiliates; vendors working on our behalf; where required by law; to maintain the security of our Services; or to protect the rights or property of HEXACT. We also share DNS-related information obtained from publicly available sources via our Services to our customers and users. Specifically, we may share Personal Data in the following circumstances:
Service providers and advisors.
Third party vendors and other service providers may have access to your Personal Data if they perform services for us or on our behalf. These providers may support our marketing efforts (including sales outreach, communications management, and event support), provide business productivity solutions and applications to us (such as tools for messaging, email, and document creation, accounting and payment processing, or customer relations management), offer professional services (such as tax, accounting, or legal services), or assist with network or systems support, maintenance, and security. These third party vendors include: Amazon Web Services, Inc., Google LLC, Stripe, Inc., Slack Technologies, Inc., Cisco Systems, Inc.
Purchasers and third parties in connection with a business transaction.
Personal Data may be disclosed to third parties in connection with a HEXACT-related transaction, such as a merger, sale, reorganization, financing, change of control or acquisition of all or a portion of our business, or in the event of a bankruptcy or similar proceedings.
Law enforcement, regulators, and other parties for legal reasons.
We may disclose Personal Data to third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) enforce our legal claims or to protect the security or integrity of our Services; or (c) exercise or protect the rights, property, or personal safety of HEXACT, Services users, or others.
Certain Services make DNS related information available to the public without charge. Other Services, such as reporting, monitoring, and analysis of DNS related information are provided to registered customers for a fee.
4) How your Personal Data is kept?
We will store Personal Data as long as necessary to fulfill the purposes for which we collect it, in accordance with our legal obligations and legitimate business interests. We retain Personal Data related to a customer until the expiration of any legal retention requirement or limitations period for claims related to that relationship. We retain marketing-related information for potential customers until the conclusion of our relationship with that individual or the receipt of a request to delete such Personal Data. We retain DNS-related information for as long as it is used in connection with the delivery, maintenance, support, and development of our Services.
5) How do we protect your Personal Data?
We implement appropriate technical and organizational security measures to protect your Personal Data against accidental or unlawful destruction, loss, change, or damage, as well as any unauthorized access to or disclosure of Personal Data on our systems. All Personal Data we collect will be stored on our secure servers. When you provide sensitive information to us (such as payment information when purchasing a Service via our website), we undertake to encrypt this information using secure socket layer (“SSL”) or similar technology. In order to benefit from these protections you must use an SSL-enabled web browser.
6) How do we safeguard your Personal Data when there is an international transfer?
Because HEXACT is located in the United States, Personal Data provided to us will be processed and stored in the United States. If you are in the European Union, Switzerland, or European Economic Areas, this may mean that your Personal Data will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective than the jurisdiction in which you reside.
7) What cookies and tracking technologies do we use?
We, and our third-party partners, automatically collect certain types of usage information when you visit our Services or otherwise engage with us. We typically collect this information through a variety of tracking technologies, including cookies, web beacons, embedded scripts, location-identifying technologies, file information, and similar technology (collectively, “tracking technologies”). You may use browser controls or tools made available by third parties to control tracking technologies.
8) What rights and choices do you have?
If you are a resident of the European Union and we hold your Personal Data, you have specific rights under applicable privacy law:
Right of access.
The right to obtain access to your Personal Data.
Right to rectification.
The right to obtain rectification of your Personal Data without undue delay where that personal information is inaccurate or incomplete.
Right to erasure.
The right to obtain the erasure of your Personal Data without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
Right to restriction.
The right to restrict us from processing your Personal Data in certain circumstances, such as where you contest the accuracy of the Personal Data.
Right to object.
You have a right to object, on grounds relating to your particular situation, to processing based on our legitimate interests. You can object to marketing activities for any reason.
Additionally, EU residents have the right to lodge a complaint with their local data protection authority. Further information about how to contact your local data protection authority is available at https://ec.europa.eu/info/law/law-topic/data-protection_en.
9) How to contact us