) the "Service").
YOUR USE OF THE SERVICES OFFERED BY PHISHINGBOX IS CONDITIONED UPON YOUR ACCEPTANCE OF THE TERMS OF SERVICE LOCATED AT WWW.PHISHINGBOX.COM
NOT INTENDED FOR CHILDREN
PhishingBox is a company focused on serving the needs of businesses. Our services are not intended for children. PhishingBox does intentionally obtain information from persons under 18 years of age.
COMPLIANCE WITH PRIVACY SHIELD FRAMEWORK
TYPE AND PURPOSE OF DATA COLLECTED
Personal Data: If you choose to sign up for the Service, we collect the following personal information from you: your name, email address, and phone number. We use this information to establish an account on our system for clients to use our Service. We will also use this information to respond to service requests, and send activity, security, training, or feature notices to users and administrators.
Payment Information: We may collect and process payment information from you when you subscribe to the Service, including credit cards numbers and billing information. We process credit card information using third party PCI-compliant service providers.
Customer Data: PhishingBox provides an online system that our customers use to send simulated phishing emails. In providing this service, PhishingBox processes data our customers submit to our services or instruct us to process on their behalf. PhishingBox processes data submitted by customers for the purpose of providing simulated email phishing campaigns, training, and reports to our customers.
Cookies: We use session cookies to enable certain features of the Service. Session cookies usually expire and are deleted when you close your web browser. Session cookies must be enabled to use the Service.
Log Files: As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
IP Address: In addition to above, the client administrator may configure the system to restrict access to the Service to specific IP addresses, such as an approved corporate network.
Single Sign On: Client administrators may configure the Service to import and authenticate users with various Single Sign On providers, including name and email address. It is the client’s responsibility to understand the privacy policies of their Single Sign On provider.
GSuite Plugin: If our Inbox plugin for GSuite is enabled, PhishingBox system will have access to the authorized account's emails header, body, and attachments. This information is solely used to identify suspicious emails, such as phishing attempts. Based on user actions, these emails may be forwarded or deleted.
PhishingBox takes reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. The security principles that govern our Service are outlined in our Security Summary, available at https://www.phishingbox.com/resources
SHARING DATA / ACCOUNTABILITY FOR ONWARD TRANSFER
Your privacy is important to us. We do not sell or otherwise disclose your personal information we obtain through the Services to third parties, except as described here.
PhishingBox uses a limited number of third-party service providers to assist us in providing our services to customers. These third-party providers offer customer support to our customers, perform database monitoring and other technical operations, assist with the transmission of data, and provide data storage services. These third parties may access, process, or store personal data in the course of providing their services. PhishingBox maintains contracts with these third parties, restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations, and PhishingBox may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).
We reserve the right to disclose your personal information as required by law or legal process, in response to a request by law enforcement authorities, when we believe that disclosure is necessary or appropriate to protect our rights or to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity.
RIGHTS TO ACCESS PERSONAL DATA
Where appropriate, PhishingBox provides Consumers with reasonable access to the Personal Data PhishingBox maintains about them. PhishingBox also provides a reasonable opportunity for Consumers to correct, amend or delete that information where it is inaccurate, as appropriate. PhishingBox may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Privacy Shield principles. The right to access personal information also may be limited in some circumstances by local law requirements. Consumers may request access to their Personal Data by contacting PhishingBox as indicated below.
In circumstances in which PhishingBox maintains Personal Data about Consumers with whom PhishingBox does not have a direct relationship because PhishingBox obtained or maintains the Consumers' data as a service provider for its Customers, PhishingBox’s' Customers are responsible for providing Consumers with access to the Personal Data and the right to correct, amend or delete the information where it is inaccurate. In these circumstances, Consumers should direct their questions to the appropriate PhishingBox Customer. When a Consumer is unable to contact the appropriate Customer, or does not obtain a response from the Customer, PhishingBox will provide reasonable assistance in forwarding the individual's request to the Customer.
In circumstances in which PhishingBox collects Personal Data directly from Consumers, it offers Consumers the opportunity to choose whether PhishingBox may (i) disclose their Personal Data to certain third parties or (ii) use their Personal Data for a purpose that is incompatible with the purpose for which the information was originally collected or subsequently authorized by the individual. Consumers may contact PhishingBox as indicated below regarding the company's use or disclosure of their Personal Data.
In circumstances in which PhishingBox maintains Personal Data about Consumers with whom PhishingBox does not have a direct relationship because PhishingBox obtained or maintains the Consumers' data as a service provider for its Customers, PhishingBox’s' Customers are responsible for providing the relevant individuals with certain choices with respect to the Customers' use or disclosure of the individual's Personal Data.
FILING A PRIVACY COMPLAINT
PhishingBox has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
RECOURSE, ENFORCEMENT AND LIABILITY
PhishingBox is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. PhishingBox complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred to the Privacy Shield Framework, PhishingBox is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, PhishingBox may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
DATA INTEGRITY & PURPOSE LIMITATION
PhishingBox takes reasonable steps to ensure that the Personal Data the company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current. In this regard, PhishingBox depends on its Consumers and Customers (with respect to Personal Data of Consumers with whom PhishingBox does not have a direct relationship) to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals. Consumers (and Customers, as appropriate) may contact PhishingBox as indicated below to request that PhishingBox update or correct relevant Personal Data.
LINKS TO OTHER SITES
This service may contain links to other websites that are not owned or controlled by PhishingBox. The linked websites may have their own privacy policies which we strongly suggest you review. To the extent such websites are not owned or controlled by PhishingBox, we are not responsible for the website’s content or privacy practices, or for any use of the websites.
CHANGES TO POLICY
From time to time, and without prior notice to you, PhishingBox may update this Policy to reflect changes in our personal information practices. We will post the updated version on this page and indicate at the top of the Policy when it was most recently updated.
If we make any material changes, we will notify you by email (sent to the email address specified in your account) or by means of a notice within the Service. We encourage you to periodically review this page for the latest information on our privacy practices.
CONTACT US ABOUT PRIVACY
If you have any questions or concerns with regards to these our privacy policies, please contact us by mail, email, or phone.
Attention: Data Privacy Officer
400 East Vine Street, Suite 301
Lexington, KY 40507
Email : email@example.com