GREENFENCE GLOBAL PRIVACY POLICY

At Greenfence (“we”, “our” or “us”), customer trust is the cornerstone of our business. Every individual, small business, enterprise, educational institution, government agency or other similar organization around the world that uses Greenfence is called a “user” with each user putting their trust in us to protect their valuable data. We know that as an “individual user” (“you” or “your”), you care how your information is used and shared, and we appreciate your trust in us to manage this information carefully and sensibly.
This Privacy Policy describes how Greenfence collects and uses data that you provide in our platform or content that you store on Greenfence. This includes information such as account information, individual personal information or the information of others (such as your suppliers or customers). We will not disclose, move, access or use any of the data you provide or store on Greenfence, except as indicated in this Privacy Policy or in our Terms of Use.
By visiting and using Greenfence, you have agreed to the practices described in this Privacy Policy. Note, if you have an account on any Greenfence.com website, and a Greenfence.com cookie, the data gathered by Greenfence may be correlated with any personally identifiable information and used by us to improve the services, products and solutions offered by Greenfence.
We acknowledge that you are concerned about the privacy and security of your data and data you receive from other users. That’s why Greenfence gives all users ownership and control over their data by design through simple tools that allow you to determine who has access to your data. We also leverage responsible and sophisticated technical and physical controls and regularly ask third parties to assess our security and privacy practices and processes to help Greenfence understand if we are appropriately mitigating the risks of unauthorized access or disclosure of data.
Maintaining your trust is an ongoing Greenfence commitment and this Privacy Policy strives to inform you of the privacy and data security policies, practices and technologies we’ve put in place.
Table of Contents
  1. Greenfence’s privacy commitments to you
  2. Summary of Greenfence’s information security processes
  3. Frequently Asked Questions
    1. What personal data about you does Greenfence gather?
    2. How do we define your User data?
    3. Who owns your data?
    4. Who controls your data?
    5. What User data is provided by you?
    6. Does Greenfence share your data?
    7. How secure is information about you?
    8. What automatic data about you does Greenfence use?
    9. What location information may be gathered?
    10. What does Greenfence do related to cookies?
    11. What choices do you have?
    12. What is your role in securing your content?
    13. Are children allowed to use Greenfence?
    14. What happens when Greenfence receives a legal request?
    15. What about conditions of use, notices, and revisions?
    16. What protections are there for individuals encompassed by the EU General Data Protection Regulation (GDPR) and the EU-US Privacy Shield?
  4. Additional information about the EU General Data Protection Regulation
    1. Data Protection Expertise
    2. Data Processing Agreements
    3. Processing According to Instructions
    4. Personnel Confidentiality Commitments
    5. Access Controls
    6. Vulnerability Management
    7. Product Security
    8. Data Subject’s Rights
    9. Data Protection Team
    10. Incident Notifications
  5. Questions about our Privacy Policy? Please contact us!
  1. Greenfence’s privacy commitments to you

Our commitments to you include ownership and control of User data covering areas such as:

  1. Access: Our users manage access to their data, Greenfence services and resources. We leverage an advanced set of access, encryption, and logging features to help you do this effectively both within Greenfence and through services such as Amazon Web Services (AWS) CloudTrail. We do not access or use User data for any purpose other than as legally required and for maintaining the Greenfence services and providing them to our Users.
  2. Security: Users choose how their User data is shared. We offer our Users strong encryption for User data in transit or at rest.
  3. Disclosure of User content: We do not disclose User data unless we’re required to do so to comply with the law or a valid and binding order of a governmental or regulatory body. Unless prohibited from doing so, or there is clear indication of illegal conduct in connection with the use of Greenfence products or services, Greenfence will notify you before disclosing your data, so that you may seek protection from disclosure.
  4. Security Assurance: We have developed a security assurance program using global privacy and data protection best practices in order to help Greenfence establish, operate and leverage our security control environment. These security protections and control processes are independently validated by third-party independent assessors on a periodic basis.

We do not access or use User content for any purpose other than as legally required and for maintaining Greenfence services and resources.

  1. Summary of Greenfence’s information security processes

We have developed a security assurance program using global privacy and data protection best practices in order to establish, operate and leverage the Greenfence platform and to maintain reasonable and appropriate security controls for the protection of our Users. These security protections and control processes are independently assessed and validated by third-party assurance providers.

Automated and manual testing techniques are used to assess Greenfence to gauge the level of risk of any discovered vulnerabilities, using a methodology for security best practices and processes based on industry standards including, but not limited to, ISO/IEC 27001:2013, NIST 800-115, OWASP, and PTES. Testing of our security control practices and processes covers five major phases: discovery, vulnerability analysis, automated testing, manual testing, and reporting. These phases allow a detailed security examination of Greenfence, while gathering the required information to properly rank, prioritize and resolve any identified threats.

Greenfence additionally relies on the processes and practices of our cloud services provider, AWS. AWS has various security and privacy certifications, most notably being also certified to ISO 27018, which has also been assessed and validated by an independent third-party assurance provider. ISO 27018 is the first International code of practice that focuses on protection of personal data in the cloud and is based on ISO/IEC 27001/27002 to provide implementation guidance on the specific steps and controls applicable to Personally Identifiable Information (PII) processed by public cloud service providers.

In combination, these processes and practices demonstrate to users that Greenfence has a system of controls in place that specifically address the security and privacy of their data.

  1. Frequently Asked Questions
  1. What personal data about you does Greenfence gather?

The information we learn from users helps us personalize and continually improve your Greenfence experience. Here are the types of information we gather.

  1. How do we define your User data?

Greenfence classifies user data into two categories: personal data and organization data.

We define personal data as anything related to an individual User, such as a User’s account information, personal documents, individual messages a user has written, individual qualifications, and examination or training course results. We define organization data as anything related to the organization(s) you have created, manage or are associated with: This includes business documents, requirements/requests, supply chain information, created roles, and created courses and exams.

  1. Who owns your data?

You maintain ownership of your data and define how and with who it is shared. You can create connections to other Users through choosing to send them a requirement or request for action, sharing documents, or simply requesting a connection with them for future use. You can also choose to share certain data publicly (e.g., your authenticated qualifications), or through sharing access with others on folders and documents you create, through which you grant permission to other users to access the data contained therein.

We do not access or use your data for any purpose other than as legally required and for maintaining the Greenfence platform and services.

  1. Who controls your data?

You and your organization or business control their own data. With Greenfence, users or the organizations they create, manage or are associated with manage the sharing of data through roles, groups and permissions that they control.

As such, some users such as those categorized as employees who have joined an existing organization, may also be sharing their data with others across their organization. However, as an individual user, you continue to maintain ownership of your data such as documents and choose what to share, and who to share with.

  1. What User data is provided by you?

You provide most user data when you search, buy, sell, communicate, participate in a training course or examination, and share information or communicate with others (including Greenfence). For example, you provide data when you search; purchase through Greenfence; provide data in your Personal Profile; provides answers to an examination, communicate with us by phone, e-mail, LiveChat or otherwise; participate in group messages or other community and network features. As a result of those actions, you might choose to input such information as your name, address, banking or credit card information; people to who purchases have been sold, including addresses and email; personal descriptions and photographs in your Personal Profile; personal qualifications and government issued credentials, including passport and driver’s license numbers.

  1. Does Greenfence share your data with others?

Data about our users is an important part of our business, and we are not in the business of selling it to others. We share user data only as described below and with subsidiaries Greenfence LLC controls that either are subject to this Privacy Policy or follow practices at least as protective as those described in this Privacy Policy.

Business transfers: As we continue to develop our business, we might sell or buy subsidiaries or business units. In such transactions, user data generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Policy (unless, of course, the user consents otherwise). Also, in the unlikely event that Greenfence LLC, or substantially all of its assets are acquired, user data will of course be one of the transferred assets.

Protection of Greenfence and others: We release user data when we believe release is appropriate to comply with the law; enforce or apply our Terms of Use; or protect the rights, property, or safety of Greenfence, you, other users, or others. This includes exchanging information with other companies and organizations for fraud protection and, as you authorize it, authenticating your credentials, qualifications and similar information. Obviously, however, this does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from users for commercial purposes in violation of the commitments set forth in this Privacy Policy.

With your consent: Other than as set out above or when you, as a user, choose to share it yourself, you will receive notice when data about you might go to third parties. There are some circumstances where there may not be a choice to subsequently share the information, such as sharing the results of an examination with a third-party content provider, but you will have been informed and consented to such sharing.

On the Greenfence platform: Certain basic information about you is shared with other users on Greenfence. This includes your name, city and country as you have entered it, as well the organization you own, manage, are associated with, or are employed by. Other information may be shared based on your providing it (e.g. if you provide a link to your LinkedIn profile) and / or your choosing to share it with others (e.g., you choose to share your authenticated qualifications).

  1. How secure is information about you?

We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.

We reveal only the last four digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing.
It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer. Click your personal profile and choose Log Out to sign off from Greenfence.

  1. What automatic data about you does Greenfence collect?

Examples of the information we collect and analyze include the Internet protocol (IP) address used to connect your computer to the Internet; login; email address; password; computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform; purchase history; the full Uniform Resource Locator (URL) clickstream to, through, and from our Web site, including date and time; cookie number; what you viewed or searched for. We may also use browser data such as cookies, Flash cookies (also known as Flash Local Shared Objects), or similar data on certain parts of our Web site for fraud prevention and other purposes. During some visits, we may use software tools such as JavaScript to measure and collect session information, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. We may also collect technical information to help us identify your device for fraud prevention and diagnostic purposes.

  1. What location information may be gathered?

Some of our applications and features may also collect location information if accessed through a mobile device and location services are switched on. Most mobile devices provide you with the ability to disable location services.

  1. What does Greenfence do related to cookies?

Cookies are unique identifiers that we transfer to your device to enable our systems to recognize your device and to provide features.

The Help feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on’s settings or visiting the website. Because cookies allow you to take advantage of some of the Greenfence platform’s essential features, we recommend that you leave them turned on. For instance, if you block or otherwise reject our cookies, you may not be able to take advantage of all the Greenfence platform’s features and capabilities.

  1. What choices do you have?

As discussed above, you can always choose not to provide certain optional data, even though it might be needed to make a purchase or to take advantage of such the Greenfence platform’s features.

You can add or update certain data on pages such as those in your Personal or Organization Profile. When you update data, we usually keep a copy of the prior version for our records.

If you do not want to receive email notifications from us, please adjust your Notification preferences in your Personal Profile. You must explicitly agree to our Terms of Service and Privacy Policy when you initially sign up to the Greenfence platform, and continue that agreement when you subsequently sign in.

  1. What is your role in securing your content?

As our users (and the organizations that they create, manage or are associated with) can control what data is visible to others within their organization or that they choose to share with other users, we encourage you to take advantage of guides and materials available within the Greenfence’s ‘Help Center’ on how you can control and manage your data. Obviously, care should be taken by our users to not choose ‘Make public’ content that they do not want to be public and not share information where the only reason for a user to enter the information is on the implied understanding it will be shared with others (e.g., LinkedIn profile, website).

  1. Are children allowed to use Greenfence?

Greenfence is primarily a platform for organizations to conduct business with other organizations. As such, if you are under 18, you may use Greenfence only with the involvement of a parent or guardian.

  1. What happens when Greenfence receives a legal request?

We are vigilant about our Users’ privacy. We do not disclose User data unless we’re required to do so to comply with the law or a valid and binding order of a governmental or regulatory body. Governmental and regulatory bodies need to follow the applicable legal process to obtain valid and binding orders, and we review all orders and object to overbroad or otherwise inappropriate ones. Unless prohibited from doing so or there is clear indication of illegal conduct in connection with the use of Greenfence products or services, Greenfence notifies Users before disclosing User content so they can seek protection from disclosure.

We know transparency matters to our Users, so we will regularly publish a report about the types and volume of data requests we receive.

  1. What about conditions of use, notices, and revisions?

If you choose to visit and use Greenfence, your visit and any dispute over privacy is subject to this Privacy Policy and our Terms of Use, including limitations on damages, resolution of disputes, and application of the law of the state of Nevada, USA. If you have any concern about privacy at Greenfence, please contact us at security@greenfence.com with a thorough description, and we will try to resolve it. Our business changes constantly, and our Privacy Policy and the Terms of Use will also change. To the extent you have given us permission, we may e-mail changes or provide periodic reminders of our notices and conditions, but you should check our website frequently to see recent changes. Unless stated otherwise, our current Privacy Policy applies to all information that we have about you and your account. We stand behind the promises we make, and we will never materially change our policies and practices to make them less protective of the data we have collected in the past without the consent of affected customers.

  1. What protections are there for individuals encompassed by the EU General Data Protection Regulation and the EU-US Privacy Shield?

Security of your data is our number one priority. The EU-US Privacy Shield replaced Safe Harbor and on 25 May 2018 is supplemented by the EU General Data Protection Regulation (GDPR).

If you reside in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have additional rights under the GDPR related to your Personal Data, as further described in Section 4 below. Greenfence will be the controller of your Personal Data processed in connection with using the Greenfence.com websites, unless you access these sites through an enterprise account, or other account that is controlled by a third party (e.g., your employer or their sub-contracted providers).

  1. Questions about our Privacy Policy? Please contact us!

If you reside in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have additional rights under the GDPR related to your Personal Data, as further described in this section. Greenfence will be the controller of your Personal Data processed in connection with using the Greenfence.com websites, unless you access these sites through an enterprise account, or other account that is controlled by a third party (e.g., your employer or their sub-contracted providers). You can count on the fact that Greenfence is committed to GDPR compliance across our websites.

On 25 May 2018, GDPR replaced the 1995 EU Data Protection Directive (http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=LEGISSUM:l14012), strengthening the rights that individuals have regarding personal data relating to them and seeking to unify data protection laws across Europe, regardless of where that data is processed.

  1. Data Protection Expertise

Greenfence utilizes professionals in information, application, and network security, as well as a team of lawyers and regulatory compliance experts, that have significant experience and who maintain the company’s defense systems, developing security review processes, building secure infrastructure, and implementing policies.

Greenfence also utilizes a team of lawyers and regulatory compliance experts who look after privacy and security compliance for Greenfence.

  1. Data Processing Agreements

Our Privacy Policy for Greenfence articulates our privacy commitment to you. We have evolved these terms over the years based on feedback from our users, evolving regulations and guidance from outside assessors and experts.

Greenfence leverages AWS, which already has approval from EU data protection authorities, known as the Article 29 Working Party (which is replaced 25 May 2018 by the European Data Protection Board (EDPB)) that, through AWS Data Processing Addendum and Model Clauses, enables the transfer of data outside Europe, including to the U.S. Greenfence has signed a data processing addendum with AWS and, can therefore continue to run our global operations using AWS in full compliance with EU law.

  1. Processing According to Instructions

Any data that you and other users put into Greenfence will only be processed in accordance with your instructions, for example, sharing documents with others as you determine to share those documents with others.

  1. Personnel Confidentiality Commitments

All our employees and third-party vendors are required to sign confidentiality agreements. Further, confidentiality and privacy are regular topics and discussed on leadership and during other meetings, reiterating and reinforcing the expected behaviors and responsibilities that our teams and those we work with must maintain and act on continuously for the benefit of our users.

While we do engage some third-party vendors to assist in supporting our services, these vendors each understand the importance of privacy and security, with this reinforced through substantive confidentiality provisions integrated into our agreements with them.

According to the GDPR, the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

Greenfence operates infrastructure designed to provide state-of-the-art security through the entire information processing lifecycle. This infrastructure is built to provide secure deployment of services, secure storage of data with end-user privacy safeguards, secure communications between services, secure and private communication with users, and safe operation by administrators

We designed the security of our infrastructure in layers that build upon one another, from the physical security of our cloud service providers, to the security protections of our applications to the processes we use and follow to support operational security. This layered protection creates a strong security foundation.

  1. Access Controls

For Greenfence, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Requests for additional access follow a formal process that involves a request and an approval from a data or system owner, manager, or other executives.

  1. Vulnerability Management

We scan for software vulnerabilities using a combination of commercially available and purpose-built in-house tools, automated and manual penetration testing, quality assurance processes, software security reviews and external assessments. We also rely on the broader security research community and our service providers and greatly value their help identifying vulnerabilities.

  1. Product Security

Our users can leverage Greenfence features and configurations to further protect personal data against unauthorized or unlawful processing. Administrators for those who have such rights for an organization on Greenfence, can control and manage what their employees can create, edit, delete or view. Further procedures even provide measures against downloading or capturing images, including notifications to others if a user attempts to do so.

  1. Data Subject’s Rights

Data controllers, which are typically an administrator for a specific organization that a user may be own, manage or are employed by, has additional features and services they can leverage to help control access, rectify or restrict the processing of, or delete data that they and their users put into Greenfence. This functionality will help them fulfill their obligations to respond to requests from data subjects to exercise their rights under the GDPR.

  1. Data Protection Team

Greenfence has professionals that are dedicated to resolving inquiries from our users and to who data protection related questions can be directed. They can be reached by sending an email to security@greenfence.com.

  1. Incident Notifications

The GDPR provides for several mechanisms to facilitate transfers of personal data outside of the EU. These mechanisms are aimed at confirming an adequate level of protection or ensuring the implementation of appropriate safeguards when personal data is transferred to a third country.

Appropriate safeguards can be provided for by model contract clauses. An adequate level of protection can be confirmed by adequacy decisions such as the ones that supports the EU-U.S. Privacy Shield. As noted elsewhere in this Privacy Policy, through Greenfence and AWS signing a Data Processing Addendum and Model Clauses that enable the transfer of data outside Europe, including to the U.S., Greenfence can run our global operations using AWS in full compliance with EU law.

Our users expect independent verification of security, privacy, and compliance controls. We undergo several independent third-party assessments on a periodic basis to assess and mitigate identified risks, as well as to provide assurance.

  1. Questions about our Privacy Policy? Please contact us!

Greenfence is committed to resolving all complaints regarding the privacy and collection or use of User data, including personally identifiable information. If you have questions about your privacy or have a complaint, please send an email to: security@greenfence.com.