TALON PRIVACY POLICY

Last Revised: November 20, 2022

Talon Cyber Security Ltd (“Talon”, “our”, “we” or “us”) offers its customers (“Customers”) an online Software-as-a-Service solution comprised of the TalonWork™ browser (“TalonWork Browser”) and related services which are intended to enable Customers to monitor, detect and remediate online and remote work security risks and related services (collectively, the “Services”). This privacy policy (“Privacy Policy”) explains how we collect and process information you may provide us when you access and use our Services. “Users” or “you” refer to: (I) Customer’s first user of the Services or otherwise End User (as defined below) who was designated by Customer as admin (“Customer Admin”), and (II) end users invited by Customer and/or by Customer Admin (e.g., employees and contractors) who access the Services under Customer’s account (the “End User(s)”).

This Privacy Policy supplements and shall be read in conjunction with our Terms of Use (the “Terms of Use”), and may be supplemented by additional privacy statements, terms or notices provided to you. Capitalized terms that are not defined herein, shall have the meaning ascribed to them in our Terms of Use.

This Privacy Policy is applicable to your use of our desktop version of the TalonWork Browser. If you use Talon’s mobile application, the Mobile Privacy Policy shall govern the collection and processing of personal data.  

1. YOUR CONSENT

PLEASE READ THIS PRIVACY POLICY BEFORE ACCESSING AND USING THE SERVICES. BY ACCESSING THE SERVICES, YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS PRIVACY POLICY, INCLUDING TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION (AS DEFINED BELOW). IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS OR USE THE SERVICES.

IMPORTANT – PLEASE NOTE THAT THE TALONWORK BROWSER IS INTENDED FOR BROWSING ACTIVITIES WHICH ARE STRICTLY AFFILIATED TO YOUR WORK AND\OR ENGAGEMENT WITH CUSTOMER. UNLESS PERMITTED OTHERWISE BY CUSTOMER, THE TALONWORK BROWSER IS NOT INTENDED TO BE USED FOR ANY BROWSING ACTIVITIES WHICH ARE CONSIDERED AS ‘PRIVATE’ NON-WORK RELATED ACTIVITES. IN PARTICULAR, YOU MAY NOT PROVIDE, MAKE AVAILABLE OR DISPLAY ANY SENSITIVE PERSONAL DATA SUCH AS PERSONAL DATA CONCERNING HEALTH, RELIGIOUS BELIEFS AND SEXUAL ORIENTATION (WHETHER SUCH PERSONAL DATA PERTAINS TO USER OR TO A THIRD PARTY) WHEN USING THE TALONWORK BROWSER.

Please note: you are not obligated by law to provide us with any Personal Information. You hereby acknowledge and agree that you are providing us with Personal Information at your own free will. You hereby agree that we may collect and use such Personal Information pursuant to this Privacy Policy and any applicable laws and regulations.

TO THE EXTENT THAT YOU PROVIDE US WITH ANY PERSONAL INFORMATION RELATED TO ANY THIRD PARTY OR ANY OTHER PERSON OR ENTITY WHICH IS NOT YOU, INCLUDING INFORMATION RELATED TO ANY OF YOUR PERSONNEL OR COLLEAGUES, YOU ARE SOLELY RESPONSIBLE TO RECEIVE AND HEREBY REPRESENT THAT YOU HAVE AND UNDERTAKE THAT YOU SHALL HAVE AT ALL TIMES, MAINTAINED AND RECEIVED, THE CONSENT, AUTHORITY, PERMISSION AND APPROVAL OF SUCH PERSONS AND PROVIDED THEM WITH SUFFICIENT DISCLOSURES, TO ALLOW TALON TO ACCESS, STORE, COLLECT, ANALYZE AND PROCESS SUCH PERSONAL INFORMATION AS DETAILED HEREIN.

2. WHAT TYPES OF INFORMATION DO YOU COLLECT?

We divide the information we access and collect into two categories: Personal Information and Non-Personal Information. In this section, we describe each of the two categories of information which we may collect, and the applicable circumstances under which such collection is performed.

2.1.  Non-Personal Information: “Non-Personal Information” is un-identified and non-identifiable information pertaining to a user, which may be made available to us, or collected automatically via your use of the Services. Such Non-personal Information does not enable us to identify the person from whom it was collected, and mainly consists of technical and aggregated usage information which is not linked to an identifiable individual, such as system data related to your operating system and browser (including browser type, language and extensions), CPU architecture, hardware concurrency etc.

2.2.  Personal Information: “Personal Information” is information that identifies an individual or may with reasonable efforts or together with additional information we have access to, enable the identification of an individual, or may be of a private or sensitive nature relating to an identified or identifiable natural person. Identification of an individual also includes the association of such individual with a persistent identifier such as a name, an identification number, persistent cookie identifier etc.  Personal Information does not include information that has been anonymized or aggregated; provided, that, such information can no longer be used to identify a specific natural person. Such Personal Information that is collected by us consists of the following types of information:

•         Personal Information that you actively provide to Talon.

This category refers to any information, data or content you actively and voluntarily create or provide through the Services such as:

• Basic personal information which you may provide upon registration to the Services, such as your name, workplace email and your picture (optional).

• Personal Information that we collect or generate in connection with your use of the Services.

The information we obtain through the Services when Users access or interact with the Services, which is derived, learned, or detected as a result of such access and/or interaction, such as:

• Data concerning your browsing activity, such requests sent out from your browser to visited websites, and respective responses including related metadata (e.g. IP addresses from which web requests are sent to Talon, filled forms, cookies and other tracking technologies, IP-based location), including error reports (i.e. when browser crushes).
• Certain metadata concerning files downloaded and uploaded from and to your browser (i.e. we do not collect the underlying data or materials contained in such files, but only technical details pertaining such file, such as type, title, size, source and additional related information).
• URL and extension attributes of websites visited through your browser (e.g. URL, protocol, HTTP/S).

• Personal Information collected from other sources.

•        We may also collect personal information concerning you, from third parties who have assured us that they have obtained your consent for such provision of information. For example, we may collect and use your contact information from a Customer or Customer Admin if they used the Services to invite you to their Customer’s account as an End User, as allowed by applicable laws.

We do not collect any Personal Information from you or related to you without your approval, which is obtained, inter alia, through your acceptance of this Privacy Policy.

3. WHY DO YOU COLLECT AND PROCESS MY INFORMATION?

We may use information that we collect and receive about you for the following purposes:

• To provide Customer with an overview of its network activity and SaaS application usage.
• To prevent potential risks to Customer which may be presented by certain requests, downloads or other End User behavior through the Services.
• To investigate security incidents, if and to the extent such has occurred.
• To be able to deliver and enhance our Services, and to provide users with technical assistance and support.
• To send you updates, notices, notifications, newsletters, and additional information related to the Services.
• To create cumulative statistical data and other cumulative information that is non-personal, with which we and/or our business partners might make use in order to operate and improve our Services and related products.
• To comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.

4. WHAT ARE YOUR LEGAL GROUNDS FOR COLLECTING MY PERSONAL INFORMATION?

With your consent: We ask for your agreement to process your information for the specific purposes stated in this Privacy Policy and you have the right to withdraw your consent at any time;

Legitimate interests: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for purposes like detecting, preventing or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our Services; protecting against harm to the rights, property or safety of our properties, our users or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; and in order to comply and/or fulfil our obligations under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request.

5. WHO DO YOU SHARE MY INFORMATION WITH AND WHY?

We may share information with third parties (or otherwise allow them access to it) only in the following manners and instances:

Internally – We may share information with our family companies, as well as our employees, for the purposes described in this Privacy Policy and in accordance with Section 3 above. In addition, should Talon or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your information may be shared with the parties involved in such event under strict security conditions, for the purpose of evaluating such event and in accordance with the terms of this Privacy Policy. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have, through prominent notice on our Services.

Protecting Our Rights and Safety – We may share your information to enforce this Privacy Policy, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security or technical issues; or otherwise if we believe in good faith that this will help protect the rights, property or personal safety of any of our users, or any member of the general public.

Third Parties & Business Partners – We may share your information with a number of selected service providers, whose services and solutions are required or otherwise facilitate achievement of the purposes of processing set forth under Section 3 above. These third parties services include among others, cloud hosting services (e.g. AWS), and user authentication management (e.g. Frontegg). Our third party services providers act as our sub-processors and may only process your information according to our instructions (which are given in accordance with the terms hereof). We remain responsible for any processing of your information done by such third party service providers on our behalf not in accordance with the terms hereof, except for events outside of such service providers’ reasonable control.

Law Enforcement – We may cooperate with government and law enforcement officials to enforce and comply with the law. We may therefore disclose any information to government or law enforcement officials as we believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and legal rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.

For avoidance of doubt, we may share anonymized or de-identified information with any other third party, at our sole discretion.

6. WHERE DO YOU TRANSFER OR STORE MY INFORMATION?

Your information may be transferred to, maintained, processed and stored by us and our authorized affiliates and service providers in the EU, USA and in Israel. Please note that USA and Israeli data and privacy laws may not be as comprehensive as those in your country of residence. Residents of certain countries may be subject to additional protections, as set forth in below.

GDPR (EEA Users): This section applies only to natural persons residing in the European Economic Area (for the purpose of this section only, "you" or "your" shall be limited accordingly). It is Talon's policy to comply with the EEA's General Data Protection Regulation (“GDPR”). In accordance with the GDPR, we may transfer your Personal Information from your home country to Israel, the U.S. and/or other countries, provided that the transferee has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Specifically, we may cause such transfer if we ensured that at least one of the following applies:

• The country to which Personal Information has been transferred, has been determined by the EU Commission to be a country providing adequate protection to the privacy rights of EU residents.
• Application of Standard Contractual Clauses (also known as "Model Clauses") where appropriate.

You have additional rights regarding your personal data under the GDPR, please refer to Section 7 below.

7. WHAT ARE MY RIGHTS?

If applicable to you under your country’s jurisdiction, you may have certain rights in connection with your Personal Information and how we handle it. You can exercise your rights at any time by contacting us via the contact details set out under Section 15 below. Those rights may include, but are not limited to, the following:

• Right of access. You may have a right to know what information we hold about you and in some cases to have the information communicated to you. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information.
• Right to correct Personal Information. We endeavor to keep the information that we hold about you accurate and up to date. Should you realize that any of the information that we hold about you is incorrect, please let us know and we will correct it as soon as we can.
• Data deletion. In some circumstances you have a right to request that some portions of the Personal Information that we hold about you be deleted or otherwise anonymized.
• Data portability. In some circumstances, you may have the right to request that data which you have provided to us is provided to you, so you can transfer this to another data controller.
• Restriction of processing. In some cases, you may have the right to request a restriction of the processing of your Personal Information, such as when you are disputing the accuracy of your information held by us.

8. DO YOU USE COOKIES OR SIMILAR TRACKING TECHNOLOGIES?

We use certain monitoring and tracking technologies, including ones offered by third party service providers. These technologies are used in order to maintain, provide and improve our Services on an ongoing basis, and in order to provide a better experience to our users. For example, these technologies enable us to: (i) keep track of our users’ preferences and authenticated sessions, (ii) secure our Services by detecting abnormal behaviors, (iii) identify technical issues and improve the overall performance of our Services, and (iv) create and monitor analytics.

We may use cookies in connection with our Services. A “Cookie” is a small data file that is downloaded and stored on your computer or mobile device when you visit our Services. We use the following third-party Cookies:

• Frontegg - Frontegg uses a cookie to authenticate your session after your initial sign-in to the Services https://frontegg.com/privacy-policy.

Learn more about your choices and how to opt-out of tracking technologies:

In order to delete or block any tracking technologies, please refer to the “Settings” area on your TalonWork Browser for further instructions, or you may also opt out of third party tracking technologies by following the instructions provided by each third party service provider in its privacy policy listed above or visiting www.youronlinechoices.eu or www.aboutads.info/choices. Please note however that deleting any of our tracking technologies or disabling future tracking technologies may prevent you from accessing certain areas or features of our Services, or may otherwise adversely affect your user experience.

9. HOW DO YOU KEEP MY INFORMATION SECURE?

We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Information. Your information is stored on secure servers and isn’t publicly available. We limit access of your information only to those employees, third party service providers or partners on a “need to know” basis, and strictly in order to enable us to perform the agreement between you and us.

Despite these measures, Talon cannot provide absolute information security or eliminate all risks associated with Personal Information, and security breaches may happen. If there are any questions about security, please contact us at talon.devs@talon-sec.com.

10. HOW LONG WILL YOU RETAIN MY INFORMATION?

We will retain your Personal Information only for as long as necessary to achieve the purposes for collection and processing set forth above. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. If you withdraw your consent to our processing your Personal Information, we will delete your Personal Information from our systems (except to the extent retaining such data in whole or in part is necessary to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates).

11. HOW DO YOU PROTECT THE PRIVACY OF CHILDREN?

To use our Services, users must be over the age of eighteen (18). Therefore, we do not knowingly collect Personal Information from individuals under the age of eighteen and do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that individuals under the age of eighteen are not using the Services. If you believe that we might have any information from or about an individual under the age of eighteen, please contact us at legals@talon-sec.com.

12. HOW DO YOU USE THE INFORMATION OF JOB CANDIDATES?

We welcome qualified Candidates to apply to any of the open positions posted at our Website or social media channels (e.g. Linkedin) by sending us your contact details and CV or resume (“Candidate Information”). Since privacy and discreetness are very important to our Candidates, we are committed to keep Candidate Information private and will use it solely for our internal recruitment purposes (including for identifying Candidates, evaluating their applications, making hiring and employment decisions, and contacting Candidates by phone or in writing).

Please note that we may retain Candidate Information submitted to us even after the applied position has been filled or closed. This is done so we could re-consider Candidates for other suitable positions and opportunities at Talon; use the Candidate Information as a reference for future applications; and in case the Candidate is hired, for additional employment and business purposes related to their employment with us.

If you previously submitted your Candidate Information to us, and now wish to access it, update it or have it deleted from our systems, please contact us at legals@talon-sec.com.

13. UPDATES TO THIS PRIVACY POLICY

This Privacy Policy is subject to changes from time to time, in our sole discretion. The most current version will always be posted on our Services (as reflected in the “Last Revised” heading). You are advised to check for updates regularly. By continuing to access and use our Services after any updates become effective, you accept and agree to be bound by the updated Privacy Policy.

14. GENERAL INFORMATION

This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the laws of the State of New York, without respect to its conflict of law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in New York, New York.

This Privacy Policy was written in English and may be translated into other languages for your convenience. If a translated (non-English) version of this Privacy Policy conflicts in any way with the English version, the provisions of the English version shall prevail.

15. HOW CAN I CONTACT YOU?

If you wish to exercise any of the aforementioned rights, or receive more information, please contact us using the details provided below:

Talon Cyber Security

Email: legals@talon-sec.com 

Address: 80 Menachem Begin St, Tel Aviv, Israel