Security & Compliance

Liongard GDPR Compliance Statement

Last updated: April 25, 2019

Our Commitment to GDPR

The General Data Protection Regulation (GDPR) became effective May 25, 2018, with the purpose of strengthening security and regulation of data protection across the European Union, giving people greater rights to access and control their personal information. Liongard is committed to providing the best customer service and security to our customers, while also ensuring compliance with all laws and regulations. As part of that commitment, we would like to provide you with the following information in accordance with GDPR.

GDPR Data Processing Policy

Liongard recognizes that strict protections are in place to protect the handling of EEA (European Economic Area) personally identifiable information. Due to the importance of GDPR, Liongard has established the following GDPR Data Processing Policy.

This policy is meant to explain the following: (a) the entity that is collecting personal data; (b) the purposes for which personal data is collected; (c) how and why personal data will be used; (d) the period during which data will be retained; and (e) how you can contact Liongard regarding your data.

This policy supplements the existing Liongard Privacy Policy and unless specifically defined in this policy, defined terms in this policy have the same meaning as they do in the Privacy Policy.

Data Processor/Controller Role

Per GDPR definitions, a data controller has knowledge of why and how data is processed. Whereas a data processor processes the data on behalf of the controller.

With respect to customer data collected on our websites via forms, email, and other communication methods, Liongard is considered the data controller. In these instances, our customers provide their information to sign up for our services. We may utilize compliant third-party data processors for this data, such as HubSpot.

With respect to customers’ data hosted on our Roar platform and our portfolio of solutions sold to customers, Liongard has minimal knowledge about data collected by its customers, and Liongard only processes data in accordance with customers’ instructions. In these instances, Liongard is considered a data processor, and our customers are considered data controllers.

GDPR Roles and Employees

Liongard has a data privacy team to continuously improve security and compliance. The team is responsible for promoting awareness of the GDPR across the organization and improving GDPR policies and procedures.

Liongard understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans.

If you have any questions about our GDPR compliance policies, please contact our Data Privacy Team using one of the methods below:

Liongard
Attn: Data Privacy
1301 Fannin, Ste. 2440
Houston, TX 77002

You may also contact the Data Privacy Team via our support email at compliance@liongard.com.

Categories of Data Subjects and Data Processed

Liongard collects data from users who join or engage with, the Liongard websites and products. The Liongard Privacy Policy describes the categories of data that Liongard may receive in this instance and how we protect that data. The types of data we may collect when you join or engage with, the Liongard website and products may include: (a) name, (b) postal address, (c) e-mail address, (d) telephone number, or any other information that is defined as personal or personally identifiable information under any applicable law or any other identifier by which you may be contacted online or offline. We may also use analytics, tracking, and marketing platforms to process data, including Google Analytics, Intercom, MixPanel, Beamer, and LinkedIn.

Additionally, Liongard serves in the role of a data processor for our customers. In this role, we may receive personally identifiable information of our customers, their employees, and their customers or other parties, including: (a) name, (b) postal address, (c) e-mail address, (d) telephone number, or any other information the Liongard products collect that is defined as personal or personally identifiable information under any applicable law or any other identifier by which you may be contacted online or offline.

Depending on which services you choose to use, Liongard may require additional information, such as a company name, billing information (including billing address, phone number, credit card information), a mobile telephone number, a physical mailing address, and/or payment information. Liongard may require information such as your social security number, or the equivalent, applicable tax ID, date of birth, bank account information and/or credit card information to verify your identity and provide this service to you.

Basis for Processing

Liongard processes data based on (a) consent of the user or customer; and (b) the necessity of the data for providing the services that users are contracting for when they become members of the Liongard websites and products. IF YOU DO NOT CONSENT TO THE PROCESSING OF YOUR DATA OR YOUR CUSTOMERS’ DATA IN ORDER TO ACCESS AND USE THE LIONGARD WEBSITES AND PRODUCTS, PLEASE DO NOT USE, OR ENGAGE WITH, THE LIONGARD WEBSITES OR PRODUCTS.

We offer our customers a GDPR-compliant Data Processing Addendum (DPA), enabling you to comply with GDPR contractual obligations.

Cross-Border Transfer

Data centers hosting Liongard’s data and our customers’ data, including user data, are located within the United States and the European Union. Accordingly, as an EU citizen, to access the services and content provided by Liongard, your data may be transferred outside of the EU. By using the Liongard websites and products, you consent to the cross-border transfer of your data to receive access to the Liongard websites and products.

Where sub-processors are located outside of the EU, Liongard confirms that such sub-processors: (i) are located in a third country or territory recognized by the EU Commission to have an adequate level of protection; or (ii) have entered into Model Contractual Clauses with Liongard; or (iii) have other legally recognized appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.

Data Subject Rights

We are happy to provide easy-to-access information via our website and customer support processes of an individual’s right to access any personal information that Liongard processes about them and to request information about:

what personal data we hold about them
the purposes of the processing
the categories of personal data concerned
the recipients to whom the personal data has/will be disclosed
how long we intend to store your personal data for
if we did not collect the data directly from them, information about the source
the right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
the right to request the erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
the right to lodge a complaint or seek judicial remedy and who to contact in such instances.

Sub-Processors

We do not provide your data or your customers’ data to any third parties that do not require access to support our products and services. Third parties who may receive your data so that Liongard can provide services include our cloud infrastructure provider (Amazon Web Services).

All sub-processors who process personal data in the provision of the services to the customer must comply with the obligations of Liongard set out in our DPA.

Use of Data

Liongard measures and analyzes visits, engagement, and requests of content on our sites and software. This allows us to improve user experiences and scope of marketing communications for the user. In addition, we may process personal data for our customers as part of our suite of tools to perform cloud, network, and on-premise discovery, documentation, detection, and assessment services. These services include logging and monitoring of our customers’ data in IT environments, which may include personally identifiable information of users in our customers’ IT environments.

Data Retention

Liongard will retain customer information for as long as the customer account is active or as needed to provide services. If you no longer want Liongard to use your information to provide you services, you may follow the “Withdrawal of Consent/Erasure” provision below. After closing your account, Liongard will solely use your information as necessary to comply with any applicable legal obligations.

How We Protect Your Data

Liongard takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure to protect and secure the personal data that we process. We have information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction.

We implement a variety of security measures and processes to protect your personal information. We offer the use of a secure server. All information you provide is transmitted via Transport Layer Security (TLS) and stored securely by our third-party providers. Only authorized personnel are allowed access to the data and required to keep the information confidential.

We commit to having physical and logical controls to ensure the information we collect is limited to authorized users only.

We also rely on you (our customers) to implement best practice IT security safeguards, including password protection and use of strong passwords for your account. We also assign our customers sole responsibility for the data quality, legality and accuracy, and assurance that they have obtained any and all necessary permissions and authorizations necessary to permit Liongard, its affiliates, and sub-processors, to execute their rights or perform their obligations under our DPA.

Withdrawal of Consent/Erasure

If, at any point, you no longer wish to have your personal data processed by Liongard, simply send an email to compliance@liongard.com with the phrase “consent withdrawn” or “erase” in the subject line. Your request should include your name, company name, email address and physical address. Liongard will move expeditiously to stop the processing of your personal data and to remove your personal data from its systems. Please understand that, without access to your personal data, Liongard may not be able to provide certain services.

Right to Correct, Access or Portability of Data and Associated Procedure

You have the right to have any inaccurate data corrected by a data controller or processor. You also have the right to request access to your data or request that Liongard makes your data portable. To request such action, you should send the request to compliance@liongard.com. Your request should include your name, company name, email address and physical address. Liongard will attempt to correct the data or to provide you your data in a simplistic and easily readable format as quickly as possible but in no more than thirty (30) days.

Helpful Resources

Liongard
Attn: Data Privacy
1301 Fannin, Ste. 2440
Houston, TX 77002

You may also contact the Data Privacy Team via our support email at compliance@liongard.com.

Amazon AWS EU Data Protection information: https://aws.amazon.com/compliance/eu-data-protection/

HubSpot Data Privacy: https://legal.hubspot.com/data-privacy

Google Analytics/Google Data Protection: https://privacy.google.com/businesses/compliance/

Intercom GDPR Compliance: https://www.intercom.com/terms-and-policies#eu-us

Mixpanel GDPR Compliance: https://help.mixpanel.com/hc/en-us/articles/360000345423-GDPR-Compliance

LinkedIn GDPR Compliance: https://privacy.linkedin.com/gdpr

Liongard Privacy Policy: https://www.liongard.com/privacy-policy/

Beamer GDPR Statement: https://www.getbeamer.com/privacy-policy/

Security & Compliance

HIPAA Compliance Statement

Liongard GDPR Compliance Statement