Last Updated: November 15, 2019
Information We Collect
Fortress Identity collects certain personal information (i.e., information that identifies an individual either alone or in combination with other data). We also collect information that has been de-identified and aggregated, meaning it does not identify an individual, and other non-personal information which does not, on its own, identify an individual person.
Fortress Identity obtains information when you or someone acting on your behalf provides such information to us. We also collect information automatically when you access or use Fortress Identity’s websites or services or when you use a device on which a Fortress Identity service is installed.
The following are examples of the type of personal information that may be collected directly from you (or someone acting on your behalf):
- Contact information (including name, email address, mailing address, and telephone number);
- Information about transactions with us and use of our services;
- Information provided by you through Fortress Identity-related communication channels such as forums, technical support, and customer service;
- Username, password, and other information for accounts for Fortress Identity services; and
- Photographs, images, biometrics, and related hash values.
The following are examples of the type of information that may be collected from your web browser or from interactions with our websites and/or services:
- Details about your computers, devices, applications, and networks (including IP address, browser characteristics, device ID and characteristics, operating system, system language, and preferences);
- Activities on our websites and usage patterns of services (including referring URLs, dates and times of website visits, and clickstream data such as information commonly recorded in web server logs);
- Details about Internet or network usage (including URLs or domain names of websites you visit, information about applications that attempt to access your network, or traffic data);
- Data about files and communications, such as potential malware or spam (which may include computer files, emails and attachments, email addresses, metadata, and traffic data, or portions or hashes of any of this information);
- Other information used in the operation of our services (including information regarding the number of checked, suspicious, infected, or unwanted files or emails; number of actual infections); and
- Information that may be included in a virus or malware sample or a file submitted by you to Fortress Identity for review.
Your Biometric Information will be encrypted and stored on either one of our authorized service provider’s servers, an applicable administrator’s servers, or your designated device(s). In order to better serve you and detect and prevent fraud, Fortress Identity may, but is not obligated to, continue to process your Biometric Information until the earlier of (i) one year from the date that you deactivate your applicable user account or your account is otherwise closed, (ii) the time at which the purpose of the initial collection of your Biometric Information has been satisfied, or (iii) three years from your last interaction with us or Fortress Identity services, whereupon your Biometric Information will be permanently destroyed. If you re-open your account or open a new account after we have permanently destroyed your Biometric Information, you will need to re-provide the requested Biometric Information and may be required to re-provide other personal information. We may continue, but are not obligated, to process all personal information other than Biometric Information for as long as we deem necessary for the provision of your account and the applicable Fortress Identity services.
All Internet-enabled devices have an Internet protocol address or IP address. Fortress Identity services use IP addresses to help keep security measures current and relevant.
Fortress Identity uses “cookies” to remember user preferences and to maximize the performance of our website and services. Cookies also help us to identify returning users so, for example, we don’t need to ask them to enter their email and password on every visit. Please note the information gathered by cookies is necessary to provide some Fortress Identity services, including certain subscriptions. We cannot provide such services to users who do not give their consent to the data processing carried out through cookies or whose browsers are set to reject all cookies. For example, when you purchase a subscription to an online technology, a cookie is set that identifies the software, version, and when it expires. We use this information to alert you that a newer version is available or if your subscription is going to expire.
Cookies may also be used to control the type and frequency of ads, promotions, or other marketing messages the customer views. These ads may be placed by Fortress Identity or third party advertising companies which are our vendors. Fortress Identity also uses “web beacons” (small transparent image files) to count visitors to our sites and analyze how visitors use our sites. The information collected is generally anonymized and is not used to identify any particular user.
Fortress Identity also maintains log files of the traffic on our sites. For example, our servers may automatically record the information you or your browser send when you visit a website. These log files may include information such as your requests, IP address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your system.
De-Identified and Aggregated Information
By visiting, registering to use, accessing, using, interacting with, and/or providing information through our websites or services, you expressly agree that Fortress Identity owns, without restriction, all de-identified and aggregated information and other non-personal information collected and/or created by or on behalf of Fortress Identity.
How We Use Information
Fortress Identity and the providers and partners that help provide Fortress Identity’s services use the personal information we collect to:
- Provide our websites or services;
- Authenticate your inputted biometrics;
- Provide security advisories, information, and updates;
- Help safeguard your devices and your data;
- Process payments and complete transactions through our third party payment processor;
- Conduct research and analysis;
- Analyze user behavior when using Fortress Identity services to customize preferences and to establish “aliveness” and usage patterns for biometric user identification;
- Establish and manage Fortress Identity user accounts;
- Provide customer support, manage subscriptions, and respond to requests, questions and comments;
- Personalize and manage our relationship with you;
- Communicate about, and administer participation in, special events, programs, surveys, contests, sweepstakes, and other offers and promotions;
- Enable posting on our blogs and other communications;
- Customize, measure, and improve our websites, services, and advertising;
- Analyze and develop new websites and services;
- Perform accounting, auditing, billing, reconciliation, and collection activities;
- Investigate, respond to, and manage security related incidents and events;
- Predict future security threats and vulnerabilities;
- Prevent, detect, identify, investigate, and respond to potential or actual claims, liabilities, prohibited behavior, and criminal activity;
- Comply with and enforce applicable legal requirements, agreements, and policies; and
Because de-identified and aggregated information and other non-personal information cannot be used to personally identify you, we may use such information for any lawful purpose.
How We Share Information
We may share personal information with:
- Authorized service providers and partners who perform services for us (including data and biometric authentication, data storage, sales, marketing, fraud investigations, bill collection, and payment processing) based on our instructions. These third parties may only use or disclose personal information obtained from Fortress Identity to perform services on our behalf or comply with legal obligations;
- Your administrator, if applicable, with your consent;
- Third parties with your consent; and
We may also disclose personal information: (i) if we are required to do so by law or legal process; (ii) in response to requests by government agencies, such as law enforcement authorities or other authorized third parties; (iii) as may be required for purposes of national security; (iv) when we believe disclosure is necessary and appropriate to prevent physical, mental, financial, or other harm, injury, or loss; or (v) in connection with an investigation of suspected or actual illegal or inappropriate activity or exposure to liability.
When we share personal information with a third party, they must contractually agree to comply with privacy and security standards at least as stringent as Fortress Identity’s when we are handling similar data. When you provide personal information directly to a third party, the processing is based on their standards (which may not be the same as Fortress Identity’s) and your own independent relationship with that provider.
Because de-identified and aggregated information and other non-personal information cannot be used to personally identify you, we may share such information for any lawful purpose.
How You Can Manage and Control Your Personal Information
Many Fortress Identity services allow users to make choices about the personal information collected. For instance:
- You may choose not to receive marketing communications from us by clicking on the unsubscribe link or other instructions in our marketing emails, or contacting us as specified in the “How to Contact Us” section below.
- Many Fortress Identity services contain settings that allow users or administrators to control how the service collects information. Please refer to the relevant service manual or contact us through the appropriate technical support channel for assistance.
- To remove your personal information from a Fortress Identity website testimonial, please contact email@example.com.
If you chose to no longer receive marketing information, Fortress Identity may still communicate with you regarding such things as security updates, functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.
Storage and Data Retention
The information we collect may be stored and processed in servers in the United States and wherever Fortress Identity and our service providers have facilities around the globe.
Fortress Identity does not collect or store any payment information. All payment information you provide is collected and processed by our third party payment processor in accordance with such payment processor’s own terms and conditions and privacy policies.
The time periods for which we retain your personal information depend on the purposes for which we use it: Fortress Identity will keep your personal information for as long as you are a registered subscriber or user of our services and, thereafter, for no longer than is required by law, or Fortress Identity’s Records Retention Policy, reasonably necessary for internal reporting and reconciliation purposes, or to provide you with feedback or information you might request. In certain circumstances, we may be required to retain data we have about you (such as for tax, litigation (threatened, anticipated, or actual), other business purposes, or if required by law enforcement).
We implement appropriate organizational, physical, and technical security practices and procedures for storing and transmitting the personal information we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. Periodically, we test our website, services, data centers, systems, and other assets for security vulnerabilities.
We may transfer the personal information we obtain to countries other than the country in which the information originally was collected. Those countries may not have as comprehensive data protection laws as the country from which Fortress Identity initially obtained the information. When we transfer the information to other countries, we use a reasonable standard of care and appropriate organizational, physical, and technical security practices and procedures.
Links to Other Websites
Our websites may contain links to other websites for your convenience and information. These websites may be operated by companies not affiliated with Fortress Identity. Linked websites may have their own privacy policies or notices, which we strongly suggest you review if you visit any linked websites. We are not responsible for the content of any websites that are not affiliated with Fortress Identity, any use of those websites, or the privacy practices of those websites.
In certain circumstances, where the information of third parties is collected by us by virtue of the third party’s interaction with you (such as the information of those individuals who send communications to your computer), we rely on you to provide the relevant third parties with appropriate notice and to obtain any requisite consent.
Notice to California Residents – Your California Privacy Rights
Such requests must include the reference Request for California Privacy Information in the subject line and in the body of the message and must include the email address or mailing address, as applicable, for us to send our response. This request may be made no more than once per calendar year. We reserve the right not to respond to requests submitted to us if not submitted pursuant to the terms set forth above.
We are committed to being compliant with the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM Act”). All emails you receive from Fortress Identity are intended to fully comply with the CAN-SPAM Act. If at any time you would like to unsubscribe from receiving future emails, you can email us at firstname.lastname@example.org, and we will promptly remove you from ALL correspondence.
Fortress Identity complies with the U.S. Children’s Online Privacy Protection Act and similar laws around the world where applicable. Fortress Identity does not knowingly collect personal information from children under the age of 13 without proper parental consent.
The Digital Millennium Copyright Act of 1998 (DMCA) provides recourse for copyright owners who believe that material appearing on the Internet infringes their rights under U.S. copyright law. If you believe in good faith that any content made available in connection with Fortress Identity websites or services infringes your copyright, you (or your agent) may send us a notice requesting that the content be removed, or access to it blocked. Notices and counter-notices must meet the then-current statutory requirements imposed by the DMCA (see http://www.loc.gov/copyright for details). Notices and counter-notices with respect to Fortress Identity websites or services should be sent to:
Attn: DMCA Notice
2500 S Miami Ave
Miami, FL 33129 USA
We have adopted and currently implement a policy of terminating, in appropriate circumstances, the Fortress Identity user accounts of users who are deemed repeat infringers or who are repeatedly charged with infringement.
- Emailing the Privacy Program Office of Fortress Identity at email@example.com
- Writing us at:
2500 S Miami Ave
Miami, FL 33129 USA