Securitas Critical Infrastructure Services, Inc. Policy
Effective Date: January 1, 2020
Securitas Critical Infrastructure Services, Inc. and our subsidiaries, (“SCIS” “us”, “we”, or “our”) operates the https://www.scisusa.com and the https://www.parasys.com websites (“Website”), and provides various services to clients in a wide range of industries and customer segments. We offer security solutions including on-site guarding, electronic security, fire and safety services, and corporate risk management (hereinafter collectively referred to as the “Services”).
- Personal Information (also known as “Personal Data”): Personal Information means data about a particular individual or household that identifies, relates to, describes, could be reasonably linked with, or could be used to identify that person or household (or from those and other information either in our possession or likely to come into our possession). It also includes other information that may be associated with your Personal Information, such as your Usage Data (defined below), location, preferences or interests, if that information can be used to identify you or your household.
- Services: As noted above, our Services include the https://www.scisusa.com and https://www.parasys.com websites owned and operated by SCIS as well as any services provided, including, but not limited to, on-site guarding, fire and safety services, and corporate risk management.
- Cookies: Cookies are small files stored on your device (computer or mobile device).
- Data Processors: Any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
- User (or “Data Subject”): Any individual who uses our Services and is the subject of Personal Information collected and/or processed.
II. Information Collection and Use
Included below is a list of several different types of information for various purposes to provide and improve our Service to you.
- Personal Information. While using our Services, we may ask you to provide us with or otherwise obtain certain personally identifiable information that can be used to contact or identify you (“Personal Information,” as defined above). Such Personal Information may include, but is not limited to, your name, address, email address, username, payment card information, and any other information that may identify you.
- Generic Information. Generic information is information that does not directly reveal the identity of a SCIS customer, or visitor to the Website. This information may include Usage Data and other aggregate usage metrics such as total number of Website visitors, pages viewed, and usage patterns within the Website, etc. This may also include information about your device. We may automatically gather some Generic Information from our members, customers, and Website visitors. At times, the combination of various types of data, including Generic information and Usage Data, may enable you to be identified, and may therefore qualify as Personal Information.
- Usage Data: We may also collect information on how you access and use our Services (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Examples of Cookies and other technologies we may use include, but are not limited to:
- _ga cookies: These are used by Google Analytics and sends information to Google which is used to distinguish users. A unique identifier associated with each user is sent with each hit in order to determine which traffic belongs to which user. This allows the website’s owner to track a user’s behavior and monitor website performance. These cookies are stored for two (2) years.
- _gat: These are used by Google Analytics to throddle request rates and do not store any information. Rather, they are used to improve the website’s performance. These cookies are only stored for ten (10) minutes and sends information back to Google.
- _gid: These are used by Google Analytics. This is used to distinguish users and enables SUSA to track a visitor’s behavior and measure the website’s performance. These cookies are stored for twenty-four (24) hours and sends information back to Google.
- NET: These cookies are session identifiers and are used to keep track of a user’s navigation through the SCIS website. Moreover, it is used to transfer information between pages and to store information that the user might reuse on different pages. These are only stored during the session, while the user is browsing the site.
- CookiesAccepted: These are used to keep track of whether the user has accepted the cookie usage or not. This is not set unless the visitor clicks “Accept” in the cookie banner at the top of the website. There is no limit to how long these cookies may be stored for.
Your Cookie Choices
III. How We Collect Information
SCIS collects and obtains your information in a few ways: there is information that you choose to give to us, information we obtain through your use of our Services – including our Website – and information we obtain from third parties.
Information You Give Us
We collect information that you decide to share with us. At times, we may require you to provide certain information – including Personal Information – in order to use certain parts of our Website, fulfill your requests with us, or provide you with certain Services. For instance, we may require you to provide your name, email address or other contact information when you contact us with a question or comment. Additionally, we may need you to provide certain Personal Information to use other portions of our Services.
Information We Obtain When You Use Our Services
As noted above, we collect certain information from you through your use of our Services, such as Usage Data. For instance, in using our Website, we may collect information about the device you use to log into, access, and use the Website. We may collect other Generic Information in relation to how you use our Website or other Services (for example, aggregate metrics on how often certain pages on our Website are accessed and viewed).
We also may collect information through the use of cookie, pixel tags, or other technologies, as described above.
Information We Obtain from Third Parties
We may also obtain information about you from our third party service providers who help us provide our Services to you.
IV. Purposes for Collecting, Processing, and Using Your Information
Business and Other Purposes for Collection
SCIS collects, processes (or asks our service providers to process on our behalf), and uses your information to provide the Services we make available to you. We therefore will collect and use your information for a variety of reasons, including, but not limited to:
- To perform a contract with you, or provide those Services you have requested of SCIS.
- You have otherwise given us your consent and permission to do so.
- The collection and processing is in our legitimate interests or the legitimate interests of a third party, and is not outweighed by any applicable rights you may have. For instance, we may use your information to assist with fraud prevention, improve the security of our networks, assist with enhancing the physical security of our customers, and reporting suspected criminal activity to law enforcement. We may also use your information in relation to certain direct marketing events.
- To comply with applicable laws, in response to a lawful and enforceable request by a law enforcement, judicial, or other public authority, or in connection with an applicable legal obligation.
V. How We Use Your Information
Such general uses include, but are not limited to:
- To fulfill your information request and to receive information and materials from us, such as brochures or reports.
- To provide and maintain our Services.
- To notify you about changes to our Services.
- To gather analysis or valuable information so that we can improve our Services.
- To monitor the usage of our Services.
- To detect, prevent and address technical issues.
- Various aspects of the Website, such as content on the Website, and email messages we send you in connection with your use of the Website may include advertisements that may be selected for you based on your demographic information, interests, preferences, and usage patterns within the Website.
- We may also use “automatically collected” information and “cookies” information to:
- personalize our services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you visit the Website;
- provide customized third party advertisements, content, and information;
- monitor and analyze the our effectiveness and third party marketing activities;
- monitor aggregate usage metrics such as total number of visitors, pages viewed, etc.; and
- track your entries, submissions, and status in any promotions or other activities.
VI. How We Disclose or Share Your Information
SCIS does not sell your information to any third party without your permission, and will not sell the Personal Information of anyone under the age of 16 without applicable consent. We will only provide your personal data if it is necessary in order to provide you with the information you have requested. However, SCIS may disclose your information in a number of ways in order to provide our Services to you. For instance, we may share your information with our subsidiaries or affiliated companies for the purpose of processing your personal data to respond to your request.
We may also provide your Personal Information to third party service providers who assist SCIS to facilitate or to provide certain services in relation to SCIS business and therefore process Personal Information on SCIS’s behalf. These include:
- IT service companies that host our website or assist us in developing our website;
- IT support service providers; and
- Other third party service providers, such as software providers.
These third party service providers are authorized to use your personal data only as necessary to provide its service to us.
We may also disclose or share your information for the following purposes:
- To comply with a legal obligation.
- To protect and defend SCIS’s rights or property.
- To prevent or investigate possible wrongdoing in connection with the Services.
- To protect the personal safety of users of the Services or the public.
- To protect against legal liability.
- When there is a good faith belief that such action is necessary to investigate or protect against harmful activities to our guests, visitors, associates, or property (including the Website), or to others (including SCIS itself). This may include disclosures to law enforcement to investigate potential criminal activity or other civil violations.
Categories of Third Parties that Receive Personal Information from SCIS
We share or otherwise disclose individuals’ personal information to the following categories of third parties:
- Service Providers: We employ third party service providers, companies, individuals, and agents to facilitate and help us provide our Services to you. Such Service Providers perform tasks or functions on our behalf, provide Services-related services, or assist us in analyzing how our Services are used or delivered. These third parties are granted access to your information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
- Other SCIS Entities: We may share or disclose your information to SCIS subsidiaries or affiliated companies.
VII. Retention of Data
SCIS will keep your personal data as long as necessary for us to respond to your request or forward your request to the relevant individual. However, your data will not be kept for longer than three (3) months from your request and will delete it after that time except when needed in order to comply with legal obligations or enforce agreements.
VIII. Transfer of Data
Securitas Group Companies. We may share your personal data to our subsidiaries or affiliated companies for the purpose of that the relevant subsidiary or affiliated company will process your personal data to respond to your request. We will only transfer your personal data to the subsidiary or affiliated company that needs to receive your personal data in order to provide you with the information you have requested. By submitting the request form you consent to our transfer of your personal data to our subsidiaries or affiliated companies that may be established in a country outside the EU/EEA (i.e. a so-called third country), including countries which may not maintain an adequate level of protection for personal data. Please be aware that countries which are outside the EU/EEA may not offer the same level of data protection as the EU/EEA and, thus, you may not have the same rights as under the laws applicable to us.
Third Party Service Providers. The personal data that we collect from you may be transferred to and processed by a third party service provider established in a country outside the EU/EEA (i.e. a so-called third country), including countries which the EU Commission does not consider to have an adequate level of protection for personal data. All necessary steps will be taken as required under applicable law in order for such transfer of your personal data across borders to be compliant with applicable law. We will only transfer your personal data to a country outside the EU/EEA where; (i) the EU Commission has decided that the third country ensures an adequate level of protection, or (ii) where the transfer is being safeguarded by the use of EU model clauses (under Article 46.2 in the General Data Protection Regulation (2016/679) (“GDPR”)) or where the recipient is certified under the US-EU Privacy Shield Framework (under Article 45 in the GDPR).
We may transfer your personal data to third party service providers established in the following countries outside the EU/EEA: India. You can find further information about the rules on data transfers outside the EU/EEA, including the mechanisms that we rely upon, on the European Commission website.
IX. Security of Data
All reasonable technical, organizational, and otherwise, measures are taken by SCIS to protect Personal Information collected on our Website and elsewhere from being subject to accidental or unlawful destruction, accidental loss or alteration, disclosure without authorization, and any other unlawful actions taken against otherwise protected information. Moreover, SCIS takes all judicious legal, technical, and organizational measures to ensure that all Personal Information is handled with a sufficient level of security. Furthermore, SCIS takes all reasonable measures to protect Personal Information during transfers of said information to a third party. SCIS does not retain responsibility for Personal Information solely in the control of a third party.
Despite the security measures taken, SCIS cannot guarantee the protection of the data you provide us.
X. Your Data Protection & Privacy Rights
California residents and data subjects in the European Union (“EU”) / European Economic Area (“EEA”). SCIS aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information, and exercise other rights available under applicable law. SCIS therefore informs you that, where applicable under relevant law, you are entitled to the following:
- Right to Access / Disclosure: to have access to your Personal Information upon simple request – that is, you may receive a copy of such data upon receipt of a verifiable request, along with other information related to the processing.
- Disclosure of Direct Marketers: to have access upon simple request, and free of charge, the categories and names of addresses of third parties that have received Personal Information for direct marketing purposes. Please see the “Your California Privacy Rights” section below for more information.
- Selling, Sharing, or Disclosing Personal Information: upon receipt of a verifiable request, to obtain a list of:
- The categories of Personal Information collected about you, sold to third parties, or disclosed to third parties for business purposes;
- The categories of Personal Information sold within the last 12 months;
- The categories of sources from which Personal Information is collected;
- The business or commercial purpose for collecting or selling Personal Information; and
- The categories of third parties with whom Personal Information is shared, sold, or disclosed for a business purpose.
- Right to Opt-Out of the Sale of Personal Information: As noted, elsewhere, SCIS may sell Personal Information in some situations. California residents have the right to opt-out of the sale of their Personal Information under certain circumstances.
- Right to Correction: to correct your Personal Information if you find it is inaccurate, incomplete or obsolete.
- Right to Deletion / “Right to be Forgotten”: to obtain the deletion of your Personal Information in the situations set forth by applicable data protection law.
- Withdraw of Consent to Processing: to withdraw your consent to the data processing without affecting the lawfulness of processing, where your Personal Information has been collected and processed based on your consent and not any other basis.
- Right to Object: to object to the processing of your Personal Information under certain circumstances, in which case we may ask you to justify your request by explaining to us your particular situation.
- Right to Restrict Processing: to request limits to the processing of your data, when allowed by and in circumstances set forth under applicable law.
- Right to Data Portability: to have your Personal Information directly transferred by us to a third-party processor of your choice (where technically feasible; may be limited to situations when processing is based on your consent).
- Right to Non-Discrimination. As defined under relevant law, you have a right to non-discrimination in the Services or quality of Services you receive from us for exercising your rights.
Please contact us at the information in “Contact Us” Section below in relation to exercising these rights. Note that we may ask you to verify your identity before responding to such requests.
XI. Exercising Your CCPA Rights
Access to Specific Information
California residents have the right to request information from us regarding the manner in which we share certain categories of personal information with this parties for their direct marketing purposes, in addition to the rights set forth above. Under California law, you have the right to send us a request at the designated address at the conclusion of this policy. You may request the following information:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to limited exceptions. Once we receive a verifiable request, and determine that it is not subject to an exceptions, we will delete your personal information from our records.
However, we may deny your deletion request if retaining the information is necessary for us or any applicable third party to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation;
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Making a Request
To exercise the access or deletion rights elaborated upon above, please submit a verifiable consumer request to us by either:
- Calling us at 844-SCIS-USA
- Making a request at firstname.lastname@example.org
Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests initiated by means other than those provided above.
XII. Links to Other Sites
We exercise no control over and assume no responsibility for the content, privacy policies or practices of any third party site or services.
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you through a notice on our website homepage.
XIV. Contact Information
If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Mail: Ethics Officer, SCIS, 13900 Lincoln Park Drive, Suite 370, Herndon, VA 20171