Last revision: October 1, 2022
What is personal data?
“Personal Data” means any personally identifiable information that can be linked to you, such as your name, email address or IP address.
How does sequal collect personal data?
We collect Personal Data when you visit our websites, submit information through our submission forms, contact us, send information directly to us or upload information to our technology platforms. We also receive Personal Data collected by our channel partners, service providers, and other third-party vendors.
How sequal uses personal data
sequal uses Personal Data to respond to your requests, to provide you with information about our Services, to operate our technology platform(s), to improve our Services, for hiring/recruitment purposes, and to comply with legal obligations.
- If you are not a customer or end user, please send an email to email@example.com to access, modify, delete, rectify, withdraw your consent or object to the processing of your Personal Data.
- If you are an end user of the sequal services, when we provide the services under contract with your organization (i.e., your employer and our customer), it is your organization that controls the information processed by the services. If you do not agree with the use of your personal data, we recommend that you contact your organization’s account owner (as defined in this Customer Privacy Notice) to exercise your rights. You can also send an email to firstname.lastname@example.org and we will contact your account owner for you.
Please direct any complaints, requests or inquiries to email@example.com. We are committed to working with you to obtain a fair resolution of any privacy complaint or concern. If, however, you feel that we have not been able to help you resolve your complaint or concern, you have the right to file a complaint with the appropriate supervisory authority.
Complete Customer Privacy Notice
At sequal, we are committed to protecting the data of our subscriber organizations (a “Customer”) and their end users (collectively, “you”). The data protection practices set forth in this Customer Privacy Notice (the “Customer Privacy Notice”) pertain to our technology platforms, web-hosted services, software, support services, training content and/or other services and websites (“Services”). This Customer Privacy Notice tells you how sequal uses Personal Data collected through our Services.
By using our Services, you are accepting the practices described in this Customer Privacy Notice. If you do not agree with the data practices provided in this Customer Privacy Notice, you should not use the Services provided by sequal. We may make changes to this Privacy Notice in our sole discretion at any time. We will alert you to any material changes to this Customer Privacy Notice. Your continued use of the Services after we make changes to the Customer Privacy Notice is deemed acceptance of those changes.
For the avoidance of doubt, this Customer Privacy Notice applies only to the extent that we process personal data as a subcontractor on behalf of a customer. If you have signed a data protection agreement with us, the terms of that agreement will supersede this Customer Privacy Notice.
What this notice covers
This Customer Privacy Notice applies to the processing of personal data that we collect when customers (or potential customers):
- use our services (when we function as a personal data processor).
- create an account to use our tools on behalf of the organization.
Personal data collected by sequal
The Personal Data we collect directly from customers includes the following:
- Business contact information: first name, last name, organization, title, city, state, country, phone number, IP address and business email addresses. Automatically Collected Information: information collected through cookies and web beacons, including IP address, browser name, operating system details, domain name, date and time of visit, pages viewed or other similar information.
- Console information: phishing simulation, security awareness training and testing results, security assessment results, and information downloaded from the Services.
How personal data is collected
Personal Data is collected by sequal when shared by your organization’s account administrator (the “Account Administrator”) at your organization’s discretion. Personal Data will also be requested from you through our Services by your account administrator at your organization’s discretion. sequal collects the minimum information necessary to provide you with its Services.
How we use your personal data
We collect and process your Personal Data for the purposes, and on the legal bases, identified in the following (where we function as a processor of your Personal Data):
- When we have entered a contract
- For your use of our tools or other Services provided to you under the applicable terms of service or applicable contract for Subscription Services between you, or your organization, and sequal;
- For use of our website.
- For the management of payments to conduct a transaction with you.
- To provide support for our services (you can contact us by phone or email).
- For any support services we provide you from time to time.
- For webinars for which you have registered.
- For competitions or promotions of sequal.
- Where the legitimate interest is the legal basis for processing
- To evaluate and improve your experience on technology platforms (such as analysing trends or tracking your use of and interactions with our Services to improve your overall experience) ;
- For security purposes, such as investigating suspicious activity or for compliance purposes (such as investigating fraud or abuse of our website).
- When sequal must cooperate with the competent authorities
sequal processes and discloses Personal Data when it cooperates with the appropriate regulatory and governmental authorities. Where sequal processes Personal Data for this purpose, the legal basis for the processing is compliance with a legal obligation to which sequal is subject.
Cookies, web beacons and other tracking technologies on our Services
Below are the two types of cookies that are used on the sequal platform for its Services:
- Session cookies – These are only used to determine how long you stay on the technology platforms and expire immediately when you leave our technology platforms or log out.
- Support Cookies – These cookies allow us to track onboarding times and other metadata to provide a better Service to end users.
Most browsers are set to accept cookies. If you wish, you can refuse to accept cookies or set your browser to notify you when you receive a cookie.
With whom do we share personal data?
We use third-party partners to help us provide the Services and perform specialized data processing services. When we provide personal data to these partners, they are not permitted to use the personal data for any purpose outside the scope for which we have engaged them.
The ways in which we share your Personal Data are as follows:
- When we use third party servers while providing our Services. This is necessary for us to provide our Services to you. We execute contracts with our third parties to ensure that they fulfil their data protection obligations.
- When you register for a webinar, it is usually done through one of our third-party partners.
- We will disclose your information to a purchaser or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of all or a portion of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding. You will be alerted if this occurs, and you may request that your personal data be deleted from our systems, where possible.
- Finally, we will disclose your information for other legitimate business purposes.
Sequal reserves the right to disclose your Personal Data under the following circumstances: (1) when permitted or required by law; (2) when we are trying to protect against or prevent actual or potential fraud or unauthorized transactions; or (3) when we are investigating suspected fraud that has already occurred.
Sale of personal data
As an account administrator, your Personal Information will be used to communicate with you for the purpose of supporting or tracking requests made by you or another user of the console and your use of the Services. An account administrator manages the Services and provides them to members of an organization. When you or your account administrator uploads information (such as organizational email addresses) to our Services, this is done at the discretion of the organization you or your account administrator represents. The account administrator’s organization is the “controller” of the personal data and sequal acts as the “processor” of the personal data. sequal is legally bound by the terms and conditions applicable to the purchased services, such as sequal’s Terms of Service, other agreements applicable to the Services between sequal and your organization, and/or data processing agreements to process the data only as authorized by the agreement(s) and as directed by the controller. If you have detailed questions regarding these agreements, please contact your account administrator or sequal directly and we will forward your request to your appropriate organizational contact.
Subject to legal and contractual requirements, you may refuse our collection of your data or withdraw your consent to further collection. Your personal data will never be used outside of the scope for which sequal was contracted.
Puisque les services fournis sont à la demande de votre organisation, vous pouvez contacter l’administrateur du compte de votre organisation pour vous retirer des services fournis. En outre, vous pouvez contacter votre administrateur de compte pour apporter des modifications à vos données personnelles. sequal n’a aucun contrôle sur la façon dont votre organisation utilise vos Données personnelles à ses fins. Vous pouvez également nous demander de contacter votre organisation en votre nom en envoyant un e-mail à firstname.lastname@example.org.
International Transfers of Personal Data
Your Personal Data will be collected, transferred, and stored by us primarily in Switzerland and the European Economic Area (EEA). In the event that your Personal Data is processed outside of Switzerland, the EEA or a country not recognized as having an adequate level of protection for Personal Data by the Swiss Federal Data Protection Commissioner or the European Commission, we will ensure that the recipient of your Personal Data provides an adequate level of protection by entering into an agreement to comply with the Standard Contractual Clauses for the Transfer of Data as approved by the European Commission (Art. 46 GDPR), or another mechanism approved by the appropriate regulatory bodies.
Security and data retention
Your personal information is kept secure. Only our authorized employees, agents, and contractors (who have agreed to keep the information secure and confidential) have access to this information. To provide our Services, we use third party partners (“Third Parties”) to perform specialized data processing services. When we provide data to these Third Parties, they are not permitted to use the data outside of the scope for which we contracted them.
We (and our third-party partners) use a variety of industry standard security measures to prevent unauthorized access, use or disclosure of your personal data. These security measures include, but are not limited to, data encryption and physical security. No method of electronic transmission or storage over the Internet is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
sequal will retain your Personal Data for the period necessary to fulfil the purpose described in this Customer Privacy Notice or until you request its deletion unless a longer retention period is required by applicable data privacy law.
We take reasonable steps to ensure that your personal data is accurate, complete, current, and reliable for its intended use. We will not process Personal Data in a way that is incompatible with the purposes for which it was collected. If your Personal Data has been disclosed to a Third Party, and has been determined by you to be incorrect, sequal will contact the account administrator and work with the Third Party (such as our contractors) to request a correction of the information.
If sequal obtains knowledge that any of our third parties or employees are in violation of this Customer Privacy Notice, sequal will take commercially reasonable steps to prevent or stop the unauthorized use or disclosure of your Personal Data. sequal takes data privacy seriously. Accordingly, we are committed to taking commercially reasonable steps to ensure the proper handling of your Personal Data by our employees and our third-party partners.
You have certain rights with respect to your Personal Data, subject to local data protection laws. Depending on the applicable laws and if you are located in the EEA, these rights include:
- Access, correction, modification, deletion of your Personal Data.
- To object to any processing of your Personal Data conducted on the basis of our legitimate interests (right to object). Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you may exercise your right to object to such processing at any time without having to provide a specific reason for such objection.
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision Making”). Automated Decision Making does not currently take place on our websites or in our Services; and
- To the extent that we base the collection, processing and sharing of your Personal Data on your consent, withdrawing your consent at any time will not affect the lawfulness of the processing based on that consent prior to its withdrawal.
How to exercise your rights
To exercise your rights, please contact us at email@example.com.
Other essential information
Protected health information, payment card information and other sensitive information.
sequal does not require or request protected health information (“PHI”) governed by the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”), nor does it require or request non-public personally identifiable information or financial information governed by the Gramm-Leach-Bliley Act (“GLBA”) or payment card information covered by the Payment Card Industry Data Security Standards (“PCI DSS”) in order to provide its Services. You shall never disclose, or allow to be disclosed, PHI, PCI DSS or GLBA protected information, or any other sensitive information to sequal. If an end user discloses such information (which would constitute a violation of this Customer Privacy Notice), you acknowledge, on behalf of your organization, that sequal does not take steps to ensure that its Services are HIPAA or PCI compliant. All obligations of the above regulations remain solely with you, on behalf of your organization.
Visitors under the age of 16 years
Our Services, such as our website, are not intended for persons under the age of sixteen. Therefore, we do not intentionally collect personal data from visitors under the age of sixteen. If you are under sixteen, please do not submit your personal data via our submission forms.
To exercise your rights regarding your Personal Data, or if you have any questions about this Customer Privacy Notice or our data protection practices, please send an email to firstname.lastname@example.org. You may also send a notice by mail to the address listed below:
sequal switzerland sàrl
Y-Parc, rue Galilée 7,
We are committed to working with you to obtain a fair resolution of any complaint or concern about your data. If, however, you feel that we have not been able to assist you in resolving your complaint or concern, and you are located in the EEA, you have the right to file a complaint with the relevant supervisory authority.