Last Updated: May 24, 2018
In this Policy, when we refer to your “personal information,” we mean any personally identifiable information that can identify a natural person, such as a person’s name, address, email address, or phone number. Although this Policy informs you of our broadest potential use of your personal information, we may make far less use of such information.
We are the data controller with respect to the information we collect, as described in this Policy. We do not rent or sell this data to any other companies for marketing purposes. You can contact us with any questions about this Policy by sending an email to email@example.com, or writing to us by post at the following address:
Anti-Malware Testing Standards Organization, Inc.
Attention: Privacy Officer
325 Sharon Park Drive, #450
Menlo Park, California 94025
Information We Collect and How We Use It
In general, you can visit our websites without telling us who you are or revealing any personal information about yourself. However, if you choose to register as a subscriber, submit a membership application, or engage in other communication, some personal information will be required. We collect and use information from you in the following ways:
- If You Join AMTSO. If you sign up to become an AMTSO member, you will be asked to provide us with your e-mail address, your first and last name, your company affiliation, your title, information about your business and commitment to our mission, and a financial contact at your company to facilitate payment of our membership fee. We will use this information to communicate with you about your membership or other information related to our services. In addition, we may provide this information to other AMTSO members in our secured online directory, to allow members to connect with each other. This directory is exclusively available to our members, and each member has control over the profile information that is displayed regarding their membership. If you choose not to provide us with your personal information in connection with your membership at AMTSO, we may be unable to provide membership or our services to you. Our use of your personal information in connection with your membership in AMTSO is based on your consent, and our current or potential legal agreement with you regarding the terms of membership. You can opt to not include your information in our membership directory, or terminate your membership pursuant to the terms of our Membership Agreement, and we will delete your personal information under the terms of this Policy. See the Section entitled “Your Rights Regarding Your Data,” below.
- We encourage, but do not require, you to create anonymized contact information when providing information on the AMTSO Contact List. For example, rather than providing an email address for firstname.lastname@example.org, you would provide email@example.com. This can help protect your private information, and personnel changes in your organization will not impact our ability to communicate with you.
- If You Register for a Conference. From time to time, we may provide an opportunity for you to register on our website for a conference or event that may be relevant to your business. If you choose to register for any such conference or event, you will be asked to provide personal information, which may include your name, email address, company name, street address, phone number, and, as relevant, your dietary restrictions (for meals at the conference) or clothing size (for conference-branded clothing). This information may be shared with other parties working with us, and therefore may be transferred and stored outside of the United States (for example, if you register for a conference that will be held outside of the United States), and treatment of that information is further subject to the privacy policies of those parties. Our use of your personal information in connection with conference registration is based on your consent, which you can withdraw at any time.
- If You Submit a Change Request or Contact Us. We offer an opportunity to submit comments about the AMTSO Standards (a “change request”), or a specific anti-malware test under the AMTSO Standards, and we ask that you provide your name, email address, and information related to such comments. You may also contact us by phone, email, or otherwise with any general questions or comments. If you contact us, we will have access to the information you provide in your correspondence, which will generally include your email address, name, phone number, and any other information included in the signature block to your email or letter. If you use our online contact form, we will have access to any information you include with your message, such as your name, email address, and any information you include in the comment box. We may use the contact information you provide to respond to your questions or comments, and to maintain records of our correspondence. If you contact us through our online portal and do not provide information on how to reply, you may not be able to submit the online contact form, and we will not receive your comments. We process this information based on our legitimate interests in executing on, and improving, our Standards and other documentation, and in being responsive and providing information to our members, and potential members. We also process this information based on your consent, which you can withdraw at any time.
- If You Post a Comment on Our Website. We may provide you with an opportunity to participate in interactive discussions, post comments or other content, including comments in connection with the Standards or other Services, or otherwise engage in networking activities. You should carefully consider whether you want to submit personal information to our open forum or elsewhere, and tailor any content appropriately. If you choose to participate in an open forum and share personal information on such forum, this information will be viewable by all users of that forum, and potentially others. Although use of the forum is controlled by this Policy and the forum’s terms and conditions, we cannot control the behavior of others with personal information you voluntarily post. This means that other users could copy or misuse information you provide without your consent. We may also provide a method to share a private message with other members or persons using the open forum. If you choose to share information in a private message, it is generally viewable only to those selected to receive it; however, we cannot control what the person receiving your message will do with that data. In short, if you are trying to protect your information, do not post personally identifiable or confidential information on an open forum or share it with someone you do not know, and if you do share such data, you specifically provide your consent for that data to be accessed and used by others. Our use of your personal information in connection with your posting of information on our websites is based on your consent, and our legal agreement with you regarding the terms of the forum. If you would like us to remove any information you have posted on our websites, please send an email to firstname.lastname@example.org. Once we have verified that the request came from you, we will take the information down, or delete it. However, please note that any open forum or other posts you have made will remain viewable, at our discretion, under the tag of “guest comment.”
We collect navigational information in a way that does not identify you and we will not associate this data with any personal information from any source with the limited exception if we, or our third-party server, finds potentially suspicious or criminal activity associated with your usage. We process navigational information in this way to fulfill our legal obligations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of our information processing, and for the legitimate interests of using this information to ensure the security of our network and information. In addition, we may process navigational information based on our legitimate interests of improving the quality of our website and services, or because we have received consent from you for a specific processing purpose. If the processing of personal information is necessary for performance of a contract to which you are (or may be) a party, for example, if you are a member or use a registered service, the processing is based on our current or potential contractual relationship and based on our legitimate interests to provide you with information, support or other services that you have requested.
We do not use your personal information in connection with any automatic decision-making or profiling.
We collect navigational information through our website to help improve your experience, and to better understand our users, as described above. We collect and analyze the following navigational information:
While we do not offer an opt-out for cookies, your browsers may give you control over cookies used on your computer or mobile device. You can generally set your browser to alert you when a cookie is being used, which will give you a chance to accept or reject the cookie. You may also be able to set your browser to refuse all cookies, or accept only cookies delivered by the specific domain you are visiting. You can generally disable the cookie feature in your browser without affecting your ability to access our websites, except in some cases where cookies are used as an essential security feature necessary for completing transactions.
Embedded URLs and Pixel Technologies
In some cases, we may use a tracking technique that employs embedded URLs to allow use of our websites without cookies. Embedded URLs allow limited information to follow users as they navigate the site, but is not associated with personal information and is not used beyond the session. We may also use embedded pixel technologies on selected pages for the purposes of identifying unique user visits to our websites, as opposed to aggregate hits, and to identify the pages viewed. Or, we may also use embedded pixel technologies to determine whether the recipient of an e-mail has opened a particular message. Although this information will not generally include personal information, we may re-associate the information with personally identifiable information.
Like most standard websites, we use log files. This information includes electronic communication protocols, web addresses, browser type, internet service provider, platform type, and other network routing information (referrals), equipment information (browser type) and date and time. This information helps us use and administer our websites, track our users’ movements in the aggregate, and gather broad demographic information for aggregate use. We do not link this information to any personal information. We use a tracking utility that uses log files to analyze user movement.
We do not currently respond to “do not track” signals from web browsers but will reevaluate this policy if a “do not track” standard becomes finalized in an applicable jurisdiction.
Data Storage, Protection & Retention
In general, we do not set specific timeframes for deletion of data but will retain personal information only for as long as necessary to achieve the purpose of storage. Thus, we will retain such data as long as your account is active, as long as needed to provide you with our services, and as long as necessary to comply with our legal obligations, resolve disputes, prevent abuse, or enforce our legal agreements. We conduct an annual review of the personal information we are holding and determine whether to retain that information based on the foregoing, and further considering: the current and potential future value of the information; the costs, risks, and liability associated with retaining the information; our ability to ensure the information is accurate and up to date; and the interests of the data holder in having the information deleted. After we no longer need personal information, we will delete it. We will also delete such Information at an earlier date if the data holder requests it, as described under “Your Rights Regarding Your Information” below, unless there is a reasonable basis for retaining such information as described in this Section.
Transfer of Information to Other Countries
The offices and servers we use are located in the United States, so if you are visiting our website or using our services from a different country, please be aware that you are sending information (which may include personal information) to the United States. That information may then be transferred within the United States or back out of the United States to other countries outside of your country of residence, depending on the type of information and how it is stored by us. These countries (including the United States) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence; however, our collection, storage, and use of your personal information will at all
Information About Children
Our website and programs are not intended for or targeted at children under 16, and we do not knowingly collect or use personal information from children younger than 16. If we discover that a child under 16 has submitted personal information to us, we will attempt to delete the information as soon as possible. If you believe that we might have personal information from a child under 16, please contact us at email@example.com so we may delete the information.
Your Rights Regarding Your Personal information
You have several choices regarding your personal information, including the rights to:
- Review the personal information you have provided us. You have the right to request access to the personal information we have on you. You can do this by contacting us at firstname.lastname@example.org. We will make sure to provide you with a copy of the personal information we process about you in a structured, commonly used, and machine-readable way. To comply with your request, we may ask you to verify your identity. We will fulfill your request by sending your copy electronically, unless the request expressly specifies a different method.
- Request that we correct any errors, outdated information, or omissions in your personal information that you have provided us. If you believe that any of the Information we have about you is incorrect, you are welcome to contact us so we can update it and keep your personal information accurate. Any personal information that is no longer needed for the purposes specified in “How We Use Your Information,” above, will be deleted. If at any point you wish for us to delete information about you, you can simply contact us at email@example.com.
- Request that we use your personal information differently that we are currently using it. For example, you can request that your information not be used to contact you, or that it be removed from any marketing list that we use.
- Right to opt-out of being solicited by us, including through email communications. When you receive communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive, by unsubscribing on our website, or by contacting us directly.
To request any of the foregoing actions, or to request that we remove any personal information that you have posted on our websites, please send an email to firstname.lastname@example.org. Once we have verified that the request came from you, we will take the information down. However, please note that any open forum or other posts you have made will remain viewable, at our discretion, under the tag of “guest comment.”
If you have any questions about our collection and use of your personal information, or to request that we take one of the actions listed above under “Your Rights Regarding Your Information,” please contact us by email at email@example.com or write us at the following address:
Anti-Malware Testing Standards Organization, Inc.
Attention: Privacy Officer
325 Sharon Park Drive, #450
Menlo Park, California 94025
We will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of personal information.