BreachDirectory is the publisher and operator of breachdirectory.com (the "Site") whereby BreachDirectory operates a search engine and various services (the "Services") available. For purposes of this Agreement, when "Site" or "Services" are referenced, such reference includes all hardware, software, and network resources necessary to provide said Site and/or Service.
When first-person pronouns are used in this Agreement, these provisions are referring to BreachDirectory.
As a client and the user of the Site or Services, this Agreement will refer to You through any second-person pronouns, such as "You", "Yours" etc.
This policy describes how we use the information we receive about you when you visit our Site, when you subscribe to or otherwise use our online services. This policy does not cover any information that we may receive from you or about you through channels other than the Site.
Legal bases of data processing
We will process your personal information in a lawful, fair and transparent manner. We only collect and process information about you where we have the legal basis to do so.
These legal bases depend on the services you use and how you use them, i.e. we collect and use your information only where:
This is necessary to perform the contract of which you are a party or to act upon your request before entering into such contract (for example, when we provide the service you request from us).
This serves a legitimate interest (not denied by your data protection interests), such as conducting research and development, selling and promoting our services, and defending our rights and interests.
You give us consent to do so for a particular purpose (for example, you may consent to our sending you our newsletter).
We need to process your data at the request of law enforcement or any legal body (on a legal obligation basis).
Where you consent to the use of your information for a particular purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
We do not store personal information for longer than necessary. While we protect this information, we will protect it by commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or alteration. However, we warn you that no electronic transmission or storage method is 100% secure and cannot guarantee complete data security. Where necessary, we may store your personal information in order to comply with a legal obligation or to protect the vital interests of you or another individual.
Collection and use
We may collect, store, use and disclose information for the following purposes, and personal information will not be further processed in a way incompatible with those purposes:
To provide you with the features of our platform.
To process any operational or current payments.
To access and use our website, affiliate programs and related social media platforms.
To contact and communicate with you.
For internal records (e.g. to record your data to notify you about a recent data breach where your account was found when you previously gave us your consent to save your data (when such input is recorded, the values recorded include the URL of the page, the action (say, search form submission, etc.), and an action description (such as "Values were submitted through the search form.", etc.)), also for firewall violations - firewall violations log the URL on which the attack was blocked, the attack method, your IP, the time the firewall rule was triggered and what the payload was - the firewall logs are only kept for as long as absolutely necessary), accounting and administrative purposes.
To track social impact (we use Google Analytics and Google Webmaster Tools to track the count of submissions of the search form and how many people checked the checkbox stating that they want to be notified when their accounts are found in a data breach in the future, we also track how many people answered and how they answered the questions in the questionnaire.) When searches are submitted, we record an anonymized user session ID to identify unique users, the search type, and the time the search was performed for analytical purposes, and when the checkbox is checked, we record your input (your search query, search type and search time) to inform you about data breaches in the future. When social impact numbers are recorded, we record an anonymized session ID, the action performed at the time (for example, Search), the present URL (for example, "home"), and the description (for example, "Values were submitted through the search form.")
Analysis, market research and business development, including the management and development of our website, related applications and related social media platforms (we collect search data for analytics - data that is being collected includes the hashed ID of the session, the search type and at what time the search was made - year, month, and day).
Running a competition, and / or offering you additional benefits.
Complying with legal obligations, and / or resolving any disputes that may arise.
Disclosure of Personal Information to Third Parties
We may disclose personal information to:
Third-Party Service Providers to enable them to provide their services including, without limitation, IT Service Providers, Data Warehousing, Hosting and Server Providers, Ad Networks, Analysis, Error Loggers, Debt Collectors, Maintenance or Resolution Providers, Marketing or Advertising providers, professional advisors and payment system operators.
To our employees, contractors and / or affiliates.
Credit reporting agencies, courts, tribunals, and regulators in the event that you do not pay for the goods or services we have provided to you.
International transfer of personal information
The personal information we collect is stored and processed in locations where our servers, our partners or third party service providers are. By submitting your personal information to us, you agree that it will be disclosed to those third parties.
We will ensure that any transfer of personal information from European Economic Area (EEA) countries to non-EEA countries is protected by appropriate safeguards, such as the use of standard data protection clauses approved by the European Commission or binding principles or other legally acceptable means.
When we transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws as those under our jurisdiction. There is a risk that any such third party will take actions or practices that violate the data privacy laws under our jurisdiction, which may mean that you will not be able to seek redress under the privacy laws of our jurisdiction.
Control of your rights and personal information
You may choose to restrict the collection or use of your personal information. If you have previously consented to the use of our personal information for direct marketing purposes, you may change your mind at any time by contacting us. If you ask us to restrict or restrict the processing of your personal information, we will let you know how the restriction affects your use of our site or products and services.
You may ask for details of the personal information we have about you. You can request a copy of the personal information we have about you. Where possible, we will provide this information in CSV format or other easily readable computer format. You can always ask us to delete the personal information we have about you. You may also request that we transfer this personal information to another third party.
If you believe that any information we hold about you is inaccurate, outdated, incomplete, irrelevant or misleading, please contact us. We will take reasonable steps to correct any information that is inaccurate, incomplete, misleading, or out of date.
We will comply with all applicable data breach laws applicable to us.
You agree to indemnify and hold us, our parent, subsidiaries, officers, directors, shareholders and employees and every other related person harmless, including costs and legal fees, from any claim or demand made by any third party due to or arising out of your access or use to the website or the violation by this agreement by you or any other person - if harm was made, you agree to repay the damage in full.
Our site may redirect to external sites that we do not use. Please note that we have no control over the content and policies of those websites and are not responsible for their respective privacy practices.