CyberScout is a family of global companies that provides personal cyber assistance and identity management services including identity monitoring services and resolution of identity fraud and account takeover situations for consumers and individuals worldwide. (hereinafter referred to collectively as 'consumer services'). CyberScout also provides cyber incident and data breach support and remediation to organizations that have experienced an incident that may impact the personal data in their organization’s care, custody, and/or control. (hereinafter referred to collectively as ‘commercial services')
CyberScout consumer services and commercial services are largely provided on an institutional basis and are not generally available directly to individual members of the public. This means that services are made available to the public and to you through insurance providers, financial institutions, employee benefits providers and other partners and entities that have paid us to be able to refer individuals like you to CyberScout for assistance with your fraud or identity theft situation.
This policy applies to all non-U.S. CyberScout entities, including CyberScout Inc. (Canada), CyberScout Ventures Limited (Ireland); CyberScout Limited (U.K.); CyberScout Pty Ltd (Australia); CyberScout Sdn Bhd (Malaysia); and CyberScout Pty Ltd., and Taiwan Branch (Taiwan). All of the above companies shall be collectively referred to in this policy as 'CyberScout International.'
CyberScout’s policies are to inform you any time we may be about to collect any personal information about you, regardless of whether it is online, in person or over the telephone. This means that any time you are asked to reveal personal information about yourself to CyberScout or an affiliate, we'll always do our best to inform you:
- why we need to collect the information;
- what we intend to do with it;
- who, if anybody, we intend to share it with and why.
At that time, we will give you the option to either:
- affirmatively consent to that collection of information and proceed with providing it to us for its intended purpose to redeem a service or product; or
- stop what you are doing and discontinue providing us with that information at the risk that the relevant service or product may not be able to be provided to you.
CyberScout is made up of both U.S.-based entities (CyberScout U.S.) and entities outside of the U.S. (CyberScout International). Based on current practices, Cyberscout wants to be clear that no personal data from CyberScout International is transferred, processed, accessed, and/or stored in the U.S. at this time.
Operationally CyberScout practices data localization to the extent possible and does its best to restrict personal data transfers to within the geographic location/region of the data subject and servicing entity’s location. Even if certain CyberScout International data is not stored locally in an applicable jurisdiction, it will only be transferred, processed, accessed, and/or stored in the E.U. or a jurisdiction recognized by the European Commission of the European Union as providing an adequate level of data protection.
As a result of the Court of Justice of the European Union Decision 2016/1250, CyberScout wants to be clear that E.U. personal data is not transferred, processed, accessed, and/or stored in the U.S. or by CyberScout U.S. based staff. However, this data may be transferred, processed, accessed, and/or stored by CyberScout Inc. (Canada) on occasion as deemed necessary and as permitted under the European Commission’s finding that Canada provides an adequate level of data protection. Otherwise all CyberScout International data is stored in Ireland or on E.U. based servers if not stored locally.
CyberScout Ventures Limited (Ireland) is responsible for servicing CyberScout’s European market including all E.U. and Swiss clients and customers. CyberScout Ventures Limited is specifically subject to the powers and regulatory authority of the Irish Data Protection Commission. Each CyberScout International entity is further subject to the specific regulatory powers of their local based Data Protection Authority.
In your relationship with CyberScout you are the Data Controller. CyberScout provides consumer services via employers, insurance providers, financial institutions, or other third-party businesses. CyberScout does not advertise and solicit business directly from any individuals, consumers, or data subjects and is primarily a business-to-business entity.
However, if you have sought out or been referred to CyberScout for any consumer services CyberScout may collect any relevant information needed to assist you with enrollment in services, fulfillment of identity monitoring, fraud remediation case management, personal cyber assistance, assistance with your involvement in a data security breach, or to provide you with any other help with issues that we can. The types of information we may collect to support you may include but is not limited to: name; address; government-issued identification numbers (e.g., Social Security, Social Insurance, National Insurance, Passport, National Identification numbers); compromised or fraudulent financial or other account information; tax information; or any other information necessary to assist you with the consumer services you have chosen to utilize through CyberScout. All data collected from individuals to provide consumer services or commercial services are stored and/or transferred using secure methods and encryption.
Please note that any and all information collected is provided (1) by an institution you have a relationship with that has asked us to help them with a data breach; or (2) directly by you during interviews with a case manager or during the online or telephone enrollment process. The information provided by your institutions to CyberScout will only be used to verify your eligibility for to CyberScout services or to help your institution notify you if they have suffered a data breach The information provided by you to CyberScout may be used to help populate letters, fraud victim affidavits, and documents provided to you to verify, sign and execute accordingly. You are in control of any ‘sharing’ of this information with third parties by CyberScout. This sensitive and personal information in the form of letters and communications would be sent by you directly to law enforcement, fraud departments, collection agencies, government agencies/bureaus, regulators, attorneys, authorities, and/or any other necessary third parties required to help resolve your personal cyber, fraud, or identity theft situation.
CyberScout also provides special monitoring services including cyber monitoring and credit monitoring in the U.S. and certain limited geographic markets outside of the U.S. These special monitoring services are provided to help you detect fraudulent activity on your personal accounts as well as track the use of your account information and personal information by fraudsters and criminals. The general availability of, and specific monitoring services available will depend upon the country and/or region you reside in. If available in your location, under certain situations in order to sign up for these services, you may be asked to provide specific personal data. This information is used to (1) verify your identity for security purposes and (2) for CyberScout to know what information you want to monitor for fraud and other illicit uses. Examples of data you may want to monitor could include account numbers or government issued ID numbers. Any information being monitored by you would have to be provided by you to CyberScout.
CyberScout may be required to disclose an individual’s personal information in response to a lawful request by public authorities including but not limited to meeting national security or law enforcement requirements and/or requests.
<p>In your relationship with <strong>CyberScout</strong> you are the Data Controller. You have full control of what information, if any you provide about yourself to <strong>CyberScout</strong>. However, in our efforts to service you <strong>CyberScout</strong> may utilize third-party vendors or agents and their solutions to provide you with certain services and support. While most services and the data collected in carrying out that service is managed in house by <strong>CyberScout</strong>, some services must be provided by outside vendors. These limited situations are when CyberScout is required to share data in order to help provide these services.</p>
<p>For instance if you were to be offered or provided any special monitoring services including cyber monitoring and/or credit monitoring which is available in both the U.S. and certain limited markets outside of the U.S., specific information such as that used (1) to verify your identity for security purposes and/or (2) specific information or data you may want to monitor including but not limited to account numbers or government-issued identification numbers; that information would be shared with relevant <strong>CyberScout</strong> services vendors to provide you with this monitoring. <strong>CyberScout</strong> limits the purposes of this sharing with its vendors to providing the monitoring service they were contracted to provide. That data is not shared for marketing or resale purposes by our vendor(s) and any such activity would be a violation of <strong>CyberScout</strong>’s agreements with any and all such vendor(s).</p>
<p>In addition, <strong>CyberScout International</strong>, specifically the entities covering E.U. offerings and services, only share data with authorized third-party vendors located in (1) the E.U.; (2) non-E.U. countries that the European Commission have found to provide an <a href="https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en">adequate level of data protection</a>.</p>
<p><strong>CyberScout</strong> offers individual’s an opportunity to opt-out of having their data shared with third parties by simply opting out of using to <strong>CyberScout</strong> services, or by not signing up for monitoring or other services that, by definition, involve the sharing of personal information with third parties. Individuals are presented at time of sign up with the request for them to provide and submit this personal information to be verified and monitored as part of the service. The request is in response to them redeeming a service with the understanding that the basis for the services involves sharing of this information individuals can opt out of this sharing by simply not enrolling in these services.</p>
<p><strong>CyberScout</strong> does not share or sell any of the personal data provided to <strong>CyberScout</strong> with any third-party organizations for the purposes of marketing or further reselling your data. Information is only shared if necessary, to provide you services that you have enrolled in through <strong>CyberScout</strong> or your institution.</p>
To support delivery of our services, CyberScout International may engage and use various third-party vendors acting as data processors who may have access to certain personal data. (hereinafter referred to collectively as ‘sub-processors’) Please visit the CYBERSCOUT INTERNATIONAL SUB-PROCESSOR PAGE for important information about the identity, location and role of each CyberScout International sub-processor. Prior to engaging any sub-processors, CyberScout performs a privacy impact assessment/data protection impact assessment, in addition to a full due diligence review to evaluate the sub-processor’s privacy, security and confidentiality practices. Finally after completion of this due diligence review, CyberScout executes an agreement with any sub-processors that implements appropriate security and data protection obligations and controls.
Category 1: Strictly necessary cookies. These cookies are essential to allow us to provide services that you have requested. Category 1 cookies used by CyberScout websites: Login status cookies identify you as being logged in to our website. Load balancing cookies may be used to distribute traffic across our web servers to ensure that our websites perform well and give you the best possible experience. Subscription cookies allow us to ensure that you can access resources that you have registered for.
Category 3: Functionality cookies. These cookies allow us to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more relevant features. Some examples of Category 3 cookies used by CyberScout websites:
- User preference cookies remember settings you’ve applied to this site such as layout, default views, search filters.
- Login cookies may be used to communicate your login details across pages of this website. This data is encrypted and not shared with third parties.
- User-profile data, such as email addresses, address and contact information: CyberScout uses a third-party solution to collect this information for CyberScout and CyberScout purposes only. The user-profile data collected by CyberScout is collected by Marketo on CyberScout’s behalf and is provided directly to CyberScout. This data is not shared with third parties and is used to better provide additional services like newsletters and use of user specific online tools and resources.
Category 4: Advertising Cookies. These cookies are set through CyberScout’s website by our advertising partners. Category 4 cookies are used by CyberScout’s advertising partners to build a profile of a user’s interests and show relevant adverts on other sites where they have the ability to do so. The specific personal data captured could include the user’s browser, IP address, and device used. These cookies contain a unique key that is able to distinguish individual users’ browsing habits or store code that can be translated into a set of browsing habits or preferences using information stored elsewhere. Cookies may also be used to limit the number times a user sees a particular ad on a website and to measure the effectiveness of a particular campaign.
These cookies are not persistent and have an expiration, varying by advertising partner and based on the last time CyberScout’s website was visited by the user. Some examples of Category 4 cookies that may be used by CyberScout websites include:
- Cookies placed by advertising networks to collect browsing habits in order to target relevant adverts to the user. The site the user is visiting need not actually be serving adverts, but often this will also be the case.
- Cookies placed by advertising networks in conjunction with a service implemented by the website to increase functionality, such as commenting on a blog, adding a site to the user’s social network, providing maps or counters of visitors to a site.
CyberScout acknowledges the individual’s right to access their personal data no matter where in the world you reside. If you haven't provided us with information about yourself in the past, we don't have information about you. However, if you have provided information to CyberScout or an institution that uses CyberScout and would like to:
- Know what information CyberScout has about you
- Have any data we may have about you erased
- Correct any inaccurate data we may have about you
- Receive clarification or lodge a complaint about our data uses
PLEASE CONTACT US VIA EMAIL:
CyberScout Global Privacy Office ATTN: Custodian of Personal Records Records@CyberScout.com
We will need your legal name, mailing address, telephone number and email address, or be ready to provide such when requested by CyberScout, so that we may locate your record(s) (if any), conduct proper identity verification prior to complying with any request or inquiry, and communicate with you regarding the status of your request.
If you would rather send your inquiry, request or complaint via standard mail/post to the nearest CyberScout offices, you may submit to the relevant address below:
- United States mailing address: 7580 N Dobson Rd, Suite 201 Scottsdale, AZ 85256 USA
- Canada mailing address: 1080 Côte du Beaver Hall, Suite 700, Montreal, Quebec H2Z 1S8 Canada
- United Kingdom mailing address: 10 John Street, London WC1N 2EB United Kingdom
- Ireland mailing address: 2B Galway Technology Centre, Mervue Business Park, Mervue, Galway, Ireland
- Asia Pacific mailing address: 7F, No. 214, Dun Hua North Road, Taipei 10546 Taiwan
Please allow for a slower response time via submissions submitted by post.
CyberScout does its best to provide clear, up to date, and transparent information around its privacy and data sharing practices. If you have additional questions not covered by this policy, please feel free to contact us for more information via email at Records@CyberScout.com
1 For privacy notices for any of our non-U.S. entities, please visit their respective websites for applicable privacy statements and policies. Non-U.S. entities include CyberScout Inc. (Canada), CyberScout Ventures Limited (Ireland), CyberScout Limited (U.K.), CyberScout Pty Ltd. (Australia), CyberScout Sdn Bhd (Malaysia), and CyberScout Pty Ltd., and Taiwan Branch (Taiwan).