Hybrid Analysis Privacy Notice – Hybrid Analysis GmbH
Preamble
This Hybrid Analysis Privacy Notice will illustrate the types of personal data we collect, save, process and for which purposes Hybrid Analysis GmbH and its affiliates (“Hybrid Analysis” or “we”) use the personal data for which you are responsible in order to provide you the Service. All terms used herein and not defined herein shall have the definitions set forth in the “Terms and Condition of Use – Hybrid Analysis.”
Hybrid Analysis is a public-facing community platform which analyses, crowdsources, aggregates, and publicly shares submitted data to enhance cybersecurity. Files, URLs, comments, queries, YARA rules, and any other content that you submit to our Service (the “Submitted Content”) may be retained, used, and distributed at Hybrid Analysis’s sole discretion for any purpose, including but not limited to contributing to our and our affiliates’ products and services, research, product development and/or improvement, enhancing cybersecurity, and integration into other product and/or service offerings.
You must ensure that the Submitted Content contain no personal data or if so, that you have the full and informed consent of the individual, a legitimate interest, or another lawful basis to transfer such personal data. You shall be responsible for any conflict arising out of your submission of personal data of third parties involved in your Submitted Content.
If you have any questions relating to this Hybrid Analysis Privacy Notice or the usage of personal data for which you are responsible, feel free to contact us by email or by postal at the (Email) addresses stated below at clause 10.
1. Collection and processing of personal data, newsletter
We collect and process data, including personal data for a variety of reasons, including: to the extent it is necessary to administer our agreements, provide you with the Service, to further our business relationship with you, to protect the legitimate interests of you, Hybrid Analysis, an affiliate or a third party, comply with legal obligations, and/or to the extent you consent to such processing.
Potentially confidential or personal data collected from a file in Submitted Content.
You deliver Submitted Content to the Service so that we can analyse it for potential Malware and if you have not checked the box that states “do not share my sample with the community,” you understand that the Submitted Content will become available for download by others, subject to these Terms. Regardless of whether you select “do not share my sample with the community,” screenshots and associated metadata data, which may incidentally reveal file contents, will still be shared with the community.
You should not deliver Submitted Content that contains personal data to the Service, or if you deliver Submitted Content that contains personal data, you agree either to have received the explicit consent from the individual to whom the personal data relates or you have another lawful basis for the delivery of such personal data.
We collect and process your Internet Protocol (IP) address, browser recognition, the file, URL, string, query, YARA rule, or other submission, in the Submitted Content and generate a Report based on the analysis conducted in an isolated environment. By executing your file on the isolated environment, you acknowledge that any artefact of that environment (e.g. the Windows license key), submitted files/ URL or any downloaded, generated or extracted data as laid out in memory or on disc may be transmitted to a third party if the isolated environment is connected to the Internet. By default, all isolated environments are connected to the Internet.
Personal information that is collected when you visit our website
Our webserver collects and processes guest information every time you submit a file or visit our website. When submitting a file, this guest information contains the time of submission, the file name, your IP-address, status, amount of data transferred and the website from which you came to the requested page (referrer), product and version information of the browser (user agent), operating system and language settings.
Personal information that is collected when you create an account
If you create an account with us, then you understand that it is necessary for Hybrid Analysis and its affiliates to process personal information you provide, such as your name and email address, to create, maintain, protect, and provide the account.
How we use personal data
We may use personal data, in our sole discretion, to meet any applicable legal requirement, investigate and prevent potential fraud, abuse, or other unlawful activity, enforce our terms and conditions, enhance cybersecurity, study usage metrics, provide the Service or other products and services, protect the legal interests of Hybrid Analysis, our affiliates and our users, or develop and improve our and our affiliates’ products and services.
When we share personal data
We may share personal data we process to the extent it is necessary, in our sole discretion, to meet any applicable legal requirement, legal process, enforceable government request, investigate and prevent potential fraud, abuse, or other unlawful activity, enforce our terms and conditions, enhance cybersecurity, analyse trends, provide the Service or other products and services of our affiliates, or protect the legal interests of Hybrid Analysis, our affiliates and our users.
We may share personal data with our affiliates and contracted third parties to process, consistent with the terms of this policy and the adoption of adequate technical and organisational measures.
We may publish or share anonymised or aggregated data derived from personal data with our affiliates or partners or make such data public as part of research analysis.
How we use personal data to contact you
Moreover, we may process your personal data in order to
- provide an individual service and support for you
- inform you about our or our affiliates’ new products and services
- make personal and individual advertisements to you
- modify our websites with regard to your interests
- contact you in cases of troubleshooting and requests
In the event that we are involved in a merger, acquisition or asset sale, we may disclose your personal data to the prospective seller or buyer of such business or assets.
Newsletter
With your special consent in line with the double opt-in procedure, we use your e-mail address you have entered to send out our newsletter, from which you can unsubscribe at any time by clicking on the deactivation link provided in every newsletter.
The text of the consent is as follows: I would like to subscribe to the Hybrid Analysis newsletter.
Rights
Pursuant to applicable data protection laws, you may have the right of information, notification, blocking or deletion and revocation (see below at clause 8).
2. Consent to Terms and Transfers
By uploading Submitted Content, such as when submitting a file or URL and expressing your explicit consent by activating the checkbox (see below) at the click of a mouse, you are giving your consent that we can process and use your personal data and acknowledge that we will process the submitted file consistent with our legitimate interests for the execution of the malware analysis and processing the data in order to generate a report and any other uses specified in the Hybrid Analysis Terms and Conditions of Use and Hybrid Analysis Privacy Notice.
Furthermore, you consent to the transfer of such data, including any personal data you provide, to jurisdictions outside of where you are located, including but not limited to the European Economic Area and the United States of America. We will apply the terms of this Hybrid Analysis Privacy Notice regardless of where the personal data is transferred, but please note that data protection laws vary by jurisdiction. You may withdraw your consent to the processing or international transfer of your personal information, to the extent that the activity is based upon consent, at any time by deleting your account.
The text of the consent is as follows: I agree to the Hybrid Analysis Terms and Conditions of Use and have read the Hybrid Analysis Privacy Notice explaining the processing of personal data.
3. Use of cookies
In order to make visiting our website and using our Service attractive, efficient and enable the use of specific functions, we use what are known as cookies on various pages. These are small text files which are stored on your computer or end device. Some of the cookies we use are deleted at the end of the browser session, i.e. when you close your browser (known as session cookies). Other cookies are stored on your computer or end device and allow us to recognise your browser next time you visit (persistent cookies). You can configure your browser such that you are informed about the saving of cookies and can decide on an individual basis whether to accept cookies in individual cases or not. Not accepting cookies can limit the functionality of using our website.
4. Data security and data integrity
The security of your personal data has highest priority for us. Your personal data is transmitted in encrypted form over the internet via an SSL process (Secure Socket Layer). We use adequate technical and organisational measures designed to secure our Service and the personal data for which you are responsible against loss, destruction, access, modification or distribution by unauthorised personnel. Your customer account can only be accessed by your authorised personnel entering their personal passwords. You are responsible for maintaining the confidentiality of all passwords, which should not be shared among your employees. You should always keep your password and access information confidential and close the browser window once you have finished communicating with us, especially if your personnel share a single computer with others.You have the below explained rights in order to control personal data for which you are responsible. We ensure that you have access to the personal data you provided us and that you can review and correct them if necessary. For further rights with regard to personal data (see below at clause 8).
5. Google Analytics
The Service uses functions of the Google Analytics web analysis service. This is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses what are known as “cookies”. These are text files which are stored on your computer to enable an analysis of website use by you. The information generated by the cookie about your use of this website is generally transferred to a Google server in the USA and saved.
More information on the handling of user data by Google Analytics can be found in the Google guidelines on safeguarding your data: https://support.google.com/analytics/answer/6004245?hl=en
6. Objecting to data recording - Browser plugin
You can prevent cookies being saved by changing a setting in your browser software, but please be aware that this may mean you are not able to use all the website functions to their full extent. You can also prevent the recording of the data generated by the cookie relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin from the link below. https://tools.google.com/dlpage/gaoptout?hl=en
Further information on the use of data for advertising purposes by Google and configuration and opt-out options can be found on Google’s website: https://www.google.com/policies/privacy/partners/ (“How Google uses data when you use our partners' sites or apps”), http://www.google.com/policies/technologies/ads (“How Google uses cookies in advertising”), http://www.google.com/settings/ads (“Control the information Google uses to show you ads”) and http://www.google.com/ads/preferences/ (“Determine which ads Google shows you”).
7. Use of Twitter and its social media plugin
Our website uses social media plugins (“plugins”) from the social network twitter.com operated by: Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, United States of America (“Twitter”)
The Twitter plugins can be identified by the Twitter logo (a flying bird) on the bottom of our website. For more information visit this site https://dev.twitter.com/web/overview
Moreover, we have embedded windows with tweets from our Twitter account (@Hybrid Analysis) showing the latest of our tweets in a chronological way.
When you enter a page on our website that contains a Twitter plugin your browser will directly connect to Twitter’s servers where the plugin is loaded from. The information that you (including your IP address) have visited our online services will be transmitted to Twitter, even if you are not logged into your account. If you are actively using a Twitter plugin, Twitter may even process more data and publish content that you are entering into the dialogue box. This allows Twitter to map the visit of our pages to your user account. We would like to point out that as a provider of the pages we are not aware of the content of the transmitted data as well as their use by Twitter.
If you want to prevent the assignment of your visit of our websites to Twitter, you must log out of your Twitter account before you visit our site and delete any cookies placed by Twitter.
For more information on your rights and on how Twitter is recording and processing data please see Twitter’s Hybrid Analysis Privacy Notice which is available here: https://twitter.com/privacy/. You can change your privacy settings in the account settings of your Twitter profile at http://twitter.com/account/settings.
8. Right of information; notification, blocking or deletion; revocation; making contact
In accordance to the applicable statutory data protection regulations, and subject to overriding legitimate interests, individuals have the right to obtain their personal data stored by Hybrid Analysis and understand the purposes for which we process it. In the secure area of our website, you can view your account-related personal data. Please address your request to the (Email) address stated below at clause 10.
You are entitled to request the correction of any incorrect personal data about you which Hybrid Analysis processes. To do this, please contact us and let us know the correct personal data, which may require us to request additional information to verify your identity.
You also have the right to request the deletion of personal data held about you. For example, if the personal data was saved without your authorisation or knowledge or if the personal data is no longer required in order to fulfill the purpose for which it was saved or to fulfil the role for which the relevant (public) body is responsible.
Consistent with applicable data protection law, Hybrid Analysis will consider any overriding legitimate interests related to your request. Instead of deletion, Hybrid Analysis may block your personal data, if deletion would contravene mandatory storage periods, deletion is not possible or would require disproportionate effort or it is not possible to determine whether the personal data is correct or incorrect. Where such personal data is blocked, it will no longer be used by us.
You may exercise your right to request the deletion of your personal data processed to provide you with a Hybrid Analysis account by deleting your account.
If there are any additional questions on the collection, processing or use of your personal data, if you wish to obtain information on or to correct, block or delete your data, if you wish to revoke previously issued consents, please contact privacy@hybrid-analysis.com.
9. Applicability; Changes to this Hybrid Analysis Privacy Notice
This Hybrid Analysis Privacy Notice is applicable for the websites www.hybrid-analysis.com. This Hybrid Analysis Privacy Notice shall not apply to external websites linked on our websites.
If we update this Hybrid Analysis Privacy Notice we will provide the updated version with the revision date here on our website. If we make substantial material changes to this Hybrid Analysis Privacy Notice, we may inform you such as via your Hybrid Analysis account, an email, or a notification on the website.
10. Contact us
This is the Hybrid Analysis Privacy Notice of Hybrid Analysis GmbH, Mainzer Landstraße 41, c/o Citco Deutschland GmbH, 60329 Frankfurt am Main, Germany (Hybrid Analysis): www.hybrid-analysis.com.
If you have questions or requests regarding to or arising from this Hybrid Analysis Privacy Notice feel free to contact us by post or writing an email to privacy@hybrid-analysis.com.
Hybrid Analysis Privacy Notice Effective Date: 21 August 2018