Who is Cyberscout and what do we do?
Cyberscout is a family of global companies that provides personal cyber assistance and identity management services to individuals (referred to as ‘consumer(s)/data subject(s)’). These services may include identity monitoring, fraud resolution, personal cyber services, and other specific assistance provided to consumer(s)/data subject(s). (hereinafter referred to collectively as 'consumer services').
Cyberscout also provides cyber incident and data breach support and remediation. This means we assist organizations that have experienced an incident that may impact the personal data in the organization’s care, custody, and/or control. (hereinafter referred to collectively as ‘commercial services').
Cyberscout provides its services primarily via employers, insurance providers, financial institutions, or other third-party entities. This means that services are generally made available to consumers/data subjects through institutions that have paid Cyberscout to be able to refer individuals like you to Cyberscout for assistance with your personal cyber, data exposure, fraud, or identity theft situation. Cyberscout accepts all responsibility for Cyberscout data handling and practices, but does not accept responsibility for the unrelated data handling and practices of the clients that have referred consumers/data subjects to us.
How does Cyberscout approach data collection?
Cyberscout strives to give consumers/data subjects control of the data collection and data sharing processes. Cyberscout’s policies are to inform consumer(s)/data subject(s) any time we may be about to collect any personal information, regardless of whether it is online, in person or over the telephone. This means that any time an individual is asked to reveal personal information to Cyberscout or an affiliate, we'll do our best to inform you:
- why we need to collect the information
- what we intend to do with it
- who, if anybody, we intend to share it with and why.
At that time, we give the consumer/data subject the option to either:
- affirmatively consent to that collection of information and proceed with providing it to us for its intended purpose to assist the individual or help them to redeem a service or product; or
- stop and discontinue providing us with personal information at the risk that the relevant assistance, service or product may not be able to be provided to you.
How does Cyberscout US handle the transfer, processing, access, and storage of personal data?
Operationally Cyberscout practices regional data localization to the extent possible and does its best to restrict personal data transfers to within the geographic location/region of the consumer/data subject and servicing entity’s location. In order to ensure continuity of services and support, personal data may be transferred, processed, accessed, serviced, and/or stored by Cyberscout Inc. (Canada) and/or Cyberscout Ventures Limited (Ireland).
Cyberscout US is subject to the enforcement powers of US authorities, including where applicable, the Federal Trade Commission (FTC), the Office of Civil Rights’ Department of Health and Human Services (OCR/HHS), and any and all state Offices of the Attorney General and/or Departments of Consumer Affairs or Protection. Cyberscout Ventures Limited (Ireland) is specifically subject to the powers and regulatory authority of the Irish Data Protection Commission. Cyberscout Inc. (Canada) is specifically subject to the powers and regulatory authority of the Office of the Privacy Commissioner of Canada and/or any provincial Privacy Commissioner(s).
Each Cyberscout International entity is further subject to the specific regulatory powers of their local based Data Protection Authority. All data collected from individuals to provide consumer services or commercial services are stored and/or transferred using industry standard secure methods and encryption.
What kind of personal information does Cyberscout collect?
Any and all information collected is provided (1) by an institution you have a relationship with that has asked us to assist their consumer(s)/data subject(s) when requested or help them with a data breach; or (2) directly by you during interviews with a case manager or during the online or telephone enrollment process. The information provided by your institution to Cyberscout will only be used to verify your eligibility for Cyberscout services or to help your institution notify you if they have suffered a data breach.
The information provided by you to Cyberscout may be used to help populate letters, communications, fraud victim affidavits, and documents provided to you to verify, sign and execute accordingly. You are in control of any ‘sharing’ of this information with third parties by Cyberscout. This sensitive and personal information contained in the form of letters and communications would be sent by you directly to law enforcement, fraud departments, collection agencies, government agencies/bureaus, regulators, attorneys, authorities, and/or any other necessary third parties required to help resolve your personal cyber, fraud, or identity theft situation.
The types of information we may need to collect to assist you may include a variety of personal data types and is highly dependent upon the specific assistance that you may require. For instance, just a few examples could include:
- Policy number and First and last name to verify consumer(s)/data subject(s) program eligibility and provide services;
- Basic bank details to assist with resolving banking and account fraud;
- Personal facts and circumstances related to a cyber-bullying incident;
- IP address or internet provider to deal with personal denial of service attack;
- Any other information necessary to assist you with any consumer services you have chosen to receive
Who Controls How Personal Data is Used?
In your relationship with Cyberscout, you as the consumer/data subject control how your data is used and shared. This DOES NOT mean that Cyberscout is in any way released from its duties and responsibilities under any applicable law(s). This simply means that consumers/data subjects have control over the data collected by Cyberscout as well as the ability to direct the specific purpose and uses of any such data.
Does Cyberscout share personal data with third parties?
You have full control of what information, if any, you provide about yourself to Cyberscout and how that data is to be used. However, in our efforts to service you Cyberscout may utilize third-party vendors or agents and their solutions to provide you with certain services and support. While most services and the data collected in carrying out that service is managed in house by Cyberscout, some services must be provided by outside vendors. These limited situations are when Cyberscout is required to share data in order to help provide these services. Cyberscout limits the purposes of this sharing with its vendors to providing services. No personal data is ever shared for marketing or resale purposes by us or our vendor(s) and any such activity would be a violation of Cyberscout's agreements with any and all such vendor(s).
Cyberscout will always do our best to inform you of when and why data will need to be shared. At any time individuals may opt-out of having their data shared with third parties by simply refraining from using Cyberscout services that involve onward transfer or sharing. When consumers/data subjects are presented with a request to provide and submit personal information, they can opt out of this sharing or decide with whom it should be shared. The consumer/data subject controls this decision based on conversations and interaction with Cyberscout representatives.
Cyberscout may be required to disclose an individual’s personal information in response to a lawful request by public authorities including but not limited to meeting national security or law enforcement requirements and/or requests.
How does Cyberscout handle questions about use of my data or requests for access to or erasure of personal data under the California Consumer Privacy Act (CCPA) and other similar regulations?
While Cyberscout adheres to and acknowledges the specific rights and obligations described in the California Consumer Privacy Act of 2018 (hereinafter ‘CCPA’), Cyberscout acknowledges ALL individuals’ right to access their personal data no matter where in the world they may reside. Therefore, Cyberscout applies the rights enumerated in the CCPA to ALL US Consumers/Data Subjects, regardless of whether they reside in California, or another state, territory, or protectorate of the US. Cyberscout does not share or sell any of the personal data provided to Cyberscout with any third-party organizations for the purposes of marketing, upselling, or further reselling your data. Information is only shared when necessary, to provide consumers/data subjects with services they have enrolled in through Cyberscout or their institution.
Cyberscout believes strongly in privacy rights and espouses and applies the following rights specifically enumerated in the CCPA to ALL US residents. Cyberscout wants to ensure you are aware of the following rights of access and erasure as a consumer:
- consumer shall have the right to request that Cyberscout delete any personal information about the consumer which Cyberscout has collected from the consumer.
- consumer shall have the right to request that Cyberscout disclose to the consumer the following:
- The categories of personal information it has collected about that consumer.
- The categories of sources from which the personal information is collected.
- The business or commercial purpose for collecting or selling personal information.
- The categories of third parties with whom the business shares personal information.
- The specific pieces of personal information it has collected about that consumer.
- WHILE CYBERSCOUT DOES NOT SELL PERSONAL INFORMATION, consumer shall have the right to request that a business that sells the consumer’s personal information, or that discloses it for a business purpose, disclose to that consumer:
- The categories of personal information that the business collected about the consumer.
- The categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold.
- The categories of personal information that the business disclosed about the consumer for a business purpose.
- A consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information. This right may be referred to as the right to opt-out.
If a consumer/data subject or their associated institutions have not provided Cyberscout with personal data in the past, we don't have information about the consumer/data subject. However, if a consumer/data subject or an institution that uses Cyberscout would like to:
- Know what information Cyberscout has about you
- Have any data we may have about you erased
- Correct any inaccurate data we may have about you
- Receive clarification or lodge a complaint about our data uses
- Inquire as to other rights and requests covered in the CCPA
PLEASE CONTACT US VIA EMAIL:
Cyberscout Global Privacy Office
ATTN: Custodian of Personal Records
PLEASE CONTACT US VIA TOLL FREE CALL:
Cyberscout Global Privacy Office
ATTN: Custodian of Personal Records
1(888)682-5911 Ext. 4940
PLEASE CONTACT US VIA POSTAL MAIL:
Cyberscout Global Privacy Office
ATTN: Custodian of Personal Records
7580 N Dobson Rd, Suite 201 Scottsdale, AZ
Allow for a slower response time via submissions by postal service.
Please note that Cyberscout will need your legal name, mailing address, telephone number and email address, or be ready to provide such when requested by Cyberscout, so that we may locate your record(s) (if any), conduct proper identity verification prior to complying with any request or inquiry, and communicate with you regarding the status of your request.
Category 1: Strictly necessary cookies. These cookies are essential to allow us to provide services that you have requested. Category 1 cookies used by Cyberscout websites: Login status cookies identify you as being logged in to our website. Load balancing cookies may be used to distribute traffic across our web servers to ensure that our websites perform well and give you the best possible experience. Subscription cookies allow us to ensure that you can access resources that you have registered for.
Category 3: Functionality cookies. These cookies allow us to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more relevant features. Some examples of Category 3 cookies used by Cyberscout websites:
- User preference cookies remember settings you’ve applied to this site such as layout, default views, search filters.
- Login cookies may be used to communicate your login details across pages of this website. This data is encrypted and not shared with third parties.
- User-profile data, such as email addresses, address and contact information: Cyberscout uses a third-party solution to collect this information for Cyberscout and Cyberscout purposes only. The user-profile data collected by Cyberscout is collected by Marketo on Cyberscout’s behalf and is provided directly to Cyberscout. This data is not shared with third parties and is used to better provide additional services like newsletters and use of user specific online tools and resources.
Category 4: Advertising Cookies. These cookies are set through Cyberscout’s website by our advertising partners. Category 4 cookies are used by Cyberscout’s advertising partners to build a profile of a user’s interests and show relevant adverts on other sites where they have the ability to do so. The specific personal data captured could include the user’s browser, IP address, and device used. These cookies contain a unique key that is able to distinguish individual users’ browsing habits or store code that can be translated into a set of browsing habits or preferences using information stored elsewhere. Cookies may also be used to limit the number times a user sees a particular ad on a website and to measure the effectiveness of a particular campaign.
These cookies are not persistent and have an expiration, varying by advertising partner and based on the last time Cyberscout’s website was visited by the user. Some examples of Category 4 cookies that may be used by Cyberscout websites include:
- Cookies placed by advertising networks to collect browsing habits in order to target relevant adverts to the user. The site the user is visiting need not actually be serving adverts, but often this will also be the case.
- Cookies placed by advertising networks in conjunction with a service implemented by the website to increase functionality, such as commenting on a blog, adding a site to the user’s social network, providing maps or counters of visitors to a site.
Where can I go for any additional questions or inquiries around Cyberscout policies that have not been answered or provided here?
Cyberscout does its best to provide clear, up to date, and transparent information around its privacy and data sharing practices. If you have additional questions not covered by this policy, please feel free to contact us for more information via email at Records@Cyberscout.com
Specific Geographic Application of this policy
This policy applies only to U.S.-based Cyberscout entities formed and focused on doing business in the United States including such entities as Cyberscout LLC (US), Cyberscout Claims LLC (US), and Cyberscout Consulting LLC (US). All such US entities shall herein be collectively referred to as 'Cyberscout US'.