Privacy Policy

Effective Date: April 11, 2022
Last Reviewed: April 11, 2025
Version: 1.5

1. INTRODUCTION

Klavan Security ("Klavan Security," "we," "us," or "our") is committed to protecting the privacy and security of personal information we collect and process. This Privacy Policy describes our practices regarding the collection, use, disclosure, and protection of personal information in accordance with applicable privacy laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

This Privacy Policy applies to all personal information collected through our website (www.klavansecurity.com), our services, and any other means of collection.

2. DEFINITIONS

For purposes of this Privacy Policy:

  • "Personal Information" means any information relating to an identified or identifiable natural person

  • "Processing" means any operation performed on personal information, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction

  • "Data Controller" means the entity that determines the purposes and means of processing personal information

  • "Data Processor" means the entity that processes personal information on behalf of the Data Controller

  • "Service Provider" means a third party that processes personal information on our behalf

3. INFORMATION WE COLLECT

3.1 Categories of Personal Information

We collect the following categories of personal information:

a) Identity and Contact Information:

  • Full name

  • Email address

  • Phone number

  • Mailing address

  • Job title

  • Company name

  • Professional credentials

b) Technical Information:

  • IP address

  • Browser type and version

  • Operating system

  • Device identifiers

  • Network information

  • Access logs

  • Session data

  • Cookies and similar tracking technologies

c) Service-Related Information:

  • Service preferences

  • Communication preferences

  • Support tickets and inquiries

  • Feedback and survey responses

  • Contract details

  • Project specifications

d) Security Assessment Data:

  • Vulnerability assessment results

  • Security audit findings

  • Incident response data

  • Risk assessment information

  • Compliance documentation

e) Financial Information:

  • Billing address

  • Payment method details (processed through PCI-compliant third parties)

  • Invoice history

  • Tax identification numbers

3.2 Methods of Collection

We collect personal information through:

  • Direct interactions (forms, emails, phone calls)

  • Automated technologies (cookies, logs, analytics)

  • Third-party sources (business partners, public databases)

  • Client-provided data during service delivery

4. LEGAL BASIS FOR PROCESSING

We process personal information based on the following legal grounds:

  • Consent: Where you have given clear consent for processing

  • Contract: Where processing is necessary for contract performance

  • Legal Obligation: Where we must process data to comply with laws

  • Legitimate Interests: Where processing is necessary for our legitimate business interests, except where overridden by your rights

  • Vital Interests: Where processing is necessary to protect someone's life

  • Public Task: Where processing is necessary for tasks in the public interest

5. PURPOSES OF PROCESSING

We process personal information for the following purposes:

5.1 Service Delivery

  • Providing security assessment services

  • Conducting vulnerability assessments

  • Performing security audits

  • Incident response management

  • Risk assessment and mitigation

5.2 Business Operations

  • Account management

  • Billing and payment processing

  • Customer support

  • Quality assurance

  • Service improvement

5.3 Legal and Compliance

  • Regulatory compliance

  • Legal defense

  • Audit requirements

  • Tax obligations

  • Contract enforcement

5.4 Security and Safety

  • Network security monitoring

  • Fraud prevention

  • Access control

  • Incident detection and response

  • Business continuity

5.5 Communications

  • Service updates

  • Security advisories

  • Marketing (with consent)

  • Training and education

  • Industry insights

6. DATA SHARING AND DISCLOSURE

6.1 Categories of Recipients

We may share personal information with:

a) Service Providers:

  • Cloud infrastructure providers

  • Payment processors

  • Communication platforms

  • Analytics providers

  • Security tool vendors

b) Professional Advisors:

  • Legal counsel

  • Auditors

  • Consultants

  • Insurance providers

c) Government Entities:

  • Law enforcement (with valid legal process)

  • Regulatory authorities

  • Tax authorities

  • Courts and tribunals

d) Business Transfers:

  • Potential acquirers

  • Merger partners

  • Asset purchasers

6.2 Data Sharing Safeguards

All data sharing is subject to:

  • Confidentiality agreements

  • Data processing agreements

  • Security assessments

  • Minimum necessary principles

  • Purpose limitations

7. DATA SECURITY

7.1 Technical Safeguards

We implement industry-standard security measures including:

  • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit

  • Access Controls: Multi-factor authentication, role-based access, principle of least privilege

  • Network Security: Firewalls, intrusion detection/prevention systems, network segmentation

  • Monitoring: 24/7 security monitoring, anomaly detection, security information and event management (SIEM)

  • Vulnerability Management: Regular scanning, penetration testing, patch management

7.2 Organizational Safeguards

  • Security awareness training for all personnel

  • Background checks for employees

  • Confidentiality agreements

  • Clean desk policy

  • Incident response procedures

  • Business continuity planning

7.3 Physical Safeguards

  • Secure facilities with controlled access

  • Environmental controls

  • Media disposal procedures

  • Equipment security

  • Visitor management

8. DATA RETENTION

8.1 Retention Periods

We retain personal information for the following periods:

  • Client Data: Duration of contract plus 7 years

  • Security Assessment Data: 3 years or as required by applicable regulations

  • Financial Records: 7 years per tax requirements

  • Marketing Data: Until consent withdrawn or 3 years of inactivity

  • Technical Logs: 90 days for operational logs, 1 year for security logs

8.2 Deletion Procedures

Upon expiration of retention periods:

  • Secure deletion using NIST-approved methods

  • Certificate of destruction when applicable

  • Verification of deletion from all systems

  • Documentation of deletion activities

9. INTERNATIONAL DATA TRANSFERS

When transferring personal information internationally, we ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions

  • Binding Corporate Rules (where applicable)

  • Explicit consent (where appropriate)

  • Data residency options

10. YOUR RIGHTS

10.1 Rights Available

Subject to applicable law, you have the right to:

  • Access: Obtain confirmation and copies of your personal information

  • Rectification: Correct inaccurate or incomplete information

  • Erasure: Request deletion of your information ("right to be forgotten")

  • Restriction: Limit processing of your information

  • Portability: Receive your data in a structured, machine-readable format

  • Object: Oppose processing for certain purposes

  • Automated Decision-Making: Not be subject to solely automated decisions

  • Consent Withdrawal: Withdraw consent at any time

10.2 Exercising Your Rights

To exercise your rights:

Email: privacy@klavansecurity.com

We will respond within 30 days (or as required by law). We may request identity verification before processing requests.

11. COOKIES AND TRACKING

11.1 Types of Cookies

We use the following categories of cookies:

  • Essential: Required for website functionality

  • Performance: Analyze site usage and performance

  • Functional: Remember preferences and settings

  • Targeting: Deliver relevant content (with consent)

11.2 Cookie Management

You can manage cookies through:

  • Browser settings

  • Cookie preference center on our website

  • Industry opt-out tools

  • Email preferences

12. CHILDREN'S PRIVACY

We do not knowingly collect personal information from individuals under 16 years of age. If we become aware of such collection, we will promptly delete the information.

13. CALIFORNIA PRIVACY RIGHTS

California residents have additional rights under the CCPA:

  • Right to know categories and specific pieces of personal information collected

  • Right to know purposes of collection and categories of third parties with whom information is shared

  • Right to delete personal information

  • Right to opt-out of sale (we do not sell personal information)

  • Right to non-discrimination for exercising privacy rights

14. PRIVACY PROGRAM GOVERNANCE

14.1 Privacy Officer

Our Privacy Officer oversees privacy compliance:

  • Regular privacy assessments

  • Privacy by design implementation

  • Training program management

  • Incident response coordination

  • Regulatory monitoring

14.2 Privacy Controls

We maintain:

  • Data inventory and mapping

  • Privacy impact assessments

  • Vendor risk assessments

  • Privacy metrics and reporting

  • Continuous improvement processes

15. DATA BREACH NOTIFICATION

In the event of a data breach:

  • Assessment: Immediate investigation and containment

  • Notification: Within 72 hours to authorities (where required)

  • Individual Notice: Without undue delay to affected individuals

  • Documentation: Comprehensive breach records

  • Remediation: Corrective actions to prevent recurrence

16. CONTACT INFORMATION

For privacy-related inquiries:

Privacy Officer
Klavan Security
Email: privacy@klavansecurity.com

Data Protection Officer (if applicable)
Email: dpo@klavansecurity.com

17. COMPLAINTS

If you have concerns about our privacy practices:

  1. Contact our Privacy Officer

  2. File a complaint with your local data protection authority

  3. Seek remedies through applicable courts

EU Residents: You may lodge a complaint with your supervisory authority
UK Residents: Information Commissioner's Office (ICO)
Other Jurisdictions: Contact us for relevant authority information

18. CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect:

  • Legal or regulatory changes

  • New technologies or practices

  • Service modifications

  • User feedback

Notification Methods:

  • Website posting

19. ACCESSIBILITY

This Privacy Policy is available in:

  • HTML format on our website

  • PDF download

  • Alternative formats upon request

For accessibility accommodations, contact privacy@klavansecurity.com

20. SEVERABILITY

If any provision of this Privacy Policy is found unenforceable, the remaining provisions will continue in full force and effect.

Acknowledgment

By using our services or website, you acknowledge that you have read and understood this Privacy Policy.

Last Updated: April 2025
Next Review Date: April 2026

© 2025 Klavan Security, Inc. All rights reserved.