BrickHouse Security is Private & Secure
We are committed to providing you with the information you need in order to feel confident in how we're protecting your privacy. We protect your privacy by:
- Only collecting personal information required to provide you with the best experience possible and protecting it with the best technology and business practices available
- Only using personal information to process your orders and providing a personalized, rewarding customer experience
- NEVER selling, renting, or giving away your personal information
Information We Collect
While using our site, we may ask you to provide us with certain personal data that can be used to contact or identify you (“Personal Data”). Personal Data may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Job title, profession
- Pictures or videos you submit
Information Collected Automatically
- Log & Device data. When you visit our site, we may automatically record information (“log data”), including information that your browser sends whenever you visit our site. This log data may include your web address you came from or are going to, your device model, operating system, browser type, unique device identifier, IP address, mobile network carrier, and time zone or location.
- Our third party service providers may provide us information that tells us how our marketing ads, often placed on third party sites, performed and who clicked on them. This information does not identify any specific individual. If we were to associate it with you we would treat it as personal data.
Cookie data. We may use “cookies” (a small text file sent by your computer each time you visit our site) or similar technologies to record log data. Many browsers default to accepting cookies. You may be able to change this setting in your browser, and you can also clear your cookies. If you do, you may lose some functionality on our site. Check your browser’s help function to learn more about your cookie setting options.
We may use the following types of cookies and tags:
- Analytics: These cookies collect information about who is visiting our site and how users engage with our site. This information does not identify any individual user. It is aggregated and anonymous. Examples of information included: number of visitors to our site, referring websites, pages visited, time of day visited, repeat visitations, and other aggregated trends. This information is used to help us understand site usage, which allows us to improve services and maintain security monitoring. Please see ‘Sharing and Disclosure’ below for a listing of our analytics providers.
- Advertising cookies: Based on your browsing history and with our permission, we use third-party advertising partners to display to you relevant ads on external sites. Within these cookies, we may also know your location such as latitude, longitude, GeoIP, and other location specific information. Please see ‘Sharing and Disclosure’ below for your choices on cookies in the use of advertising.
- Essential cookies: These cookies help run our site and make your experience better. These include cookies that allow you access to members-only sections or make our site load quickly. These cookies are only used to provide you with these services.
- Functionality cookies: These cookies allow the site to remember preferences you have selected, such as login status or shopping cart selections. These are designed to make the site easier to to use.
- Social Media cookies: We use social media tools on our site and these cookies allow the social media network to record when you have liked or engaged with a social media tool on our site. In some situations, the social network may send us data that you have set to share. If you do not want the social media network to share information with us, please check your privacy settings with the social media network. Please see below for a list of integrated social media services.
- E-Mail cookies: To help us make e-mails more useful and interesting, we often receive a confirmation when you open e-mail from us if your computer supports such capabilities. You can opt out of receiving emails from us. Please see the Your Choices section below.
- Pixel tagging: We might also use a pixel tag which is a small graphic file that allows us and third parties to monitor the use of the site and provide us with information based on your interaction with the site. These tags may collect the IP address from the device which you loaded the page, the browser type. Pixel tags are also used by our third parties to collect information when you visit our site, the links and other actions you take on our site, and we may use this information in combination with cookies to display targeted advertisements.
- Other data technologies may be used that collect comparable information for security and fraud detection purposes.
- If you have any questions about cookies you can go to www.youronlinechoices.com/uk.
Use of Your Information—Grounds for Using Your Personal Data
The information that we collect and store relating to you is used to provide our services to you. BrickHouse Security is relying on the following lawful grounds to collect and process any personal data you have provided:
Our Direct Business Interests:
- To provide you with information requested from us relating to our products or services.
- To provide information on other products which we feel may be of interest to you, if you have consented to receive such information. If you are an existing customer, we may contact you with information about goods and services similar to those you purchased previously.
- To notify you about any changes to our Website, such as improvements or service changes, that may affect our service to you.
- Performance of Contract: To meet our contractual commitments to you and in performance of contractual obligations to you.
Advertiser Business Interests:
- We may use your data, or permit selected third parties to use your data, so that you can be provided with information about unrelated goods and services which we consider may be of interest to you.
- We may contact you about these goods and services by any of the methods that you consented to at the time your information was collected.
- If you are a new customer, we will contact you or allow third parties to contact you only when you have provided consent, and only by those means you provided consent for.
- If you do not want us to use your data for ourselves or third-parties, you will have the opportunity to withhold your consent when you provide your details to us on the form on which we collect your data.
Please be advised that we do not reveal information about identifiable individuals to our advertisers, but we may, on occasion, provide them with aggregate statistical information about our visitors such as your area of residence or age group.
Sharing and Disclosure
We do not share your personal information with others except as indicated within this policy, or when we inform you and give you an opportunity to opt-out of having your personal information shared. We will share your information in the following ways.
With third party service providers, agents, or contractors. We use other companies, agents or contractors (“Service Providers”) to perform services on our behalf or to assist us with providing services to you. For example, we engage Service Providers to process credit card transactions and other payment methods. We may also engage Service Providers to provide services such as marketing, advertising, communications, infrastructure and IT services, to provide customer service, to collect debts, and to analyze and enhance data (including data about users’ interactions with our service). These Service Providers may have access to your personal or other information in order to provide these functions. In addition, some of the information we request may be collected by third party providers on our behalf. We do not authorize them to use or disclose your personal information except in connection with providing their services on our behalf to you.
With third party analytics providers: We use Google Analytics, which is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our services. This data is shared with other Google Services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
- For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/
- Google also recommends installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout) for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
- You may opt out of the use of the DoubleClick Cookie for interest-based advertising by visiting the Google Ads Settings web page: http://www.google.com/ads/preferences/
With third party advertising providers: We use Google AdWords remarketing service, provided by Google Inc.
With Social Media: We use Twitter.
- You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
- For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page at http://www.google.com/intl/en/policies/privacy/
With Social Media: We use Facebook.
- You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950
- To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
- To see more about Facebook’s participation in the Digital Advertising Alliance please visit the Choices section of this notice.
- For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation
- We may participate in Facebook.com’s Custom Audience or LinkedIn’s Audience program, which enables us to display personalized ads to persons on our email list when they visit Facebook or LinkedIn respectively.
- We provide Personal Information such as your email address and phone number to this social media provider to enable it to determine if you are a registered account holder. You may opt-out of participation in this program by contacting us as noted below. You may also opt out of receiving these ads from the social media network directly.
Storing Your Personal Data/Transfer of Data
This site is operated in the United States. If you are located in another jurisdiction, please know that your information will be transferred to, stored, and processed in the United States. By using this site and providing us with information, you consent to this transfer, processing and storage of your information in the United States. It is important to note that the privacy laws in the United States may not be as comprehensive as those in other countries such as the European Union. Our service providers use appropriate safeguards to transfer your personal data securely to the United States.
- Data that is provided to us is stored on our secure servers. Details relating to any transactions entered into via our site will be encrypted to ensure its safety.
- The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain areas of our site, you are responsible for keeping this password confidential.
Third Party Links
We may have links on our site to other sites that we do not operate. If you click on a third-party link, you will be taken directly to that site which is governed by its own privacy notice. We strongly encourage you to read that privacy notice. We do not control that site and assume no responsibility for the content, policies or its practices.
Choices and Individual Rights
We aim to take reasonable steps, so you can correct, amend, delete or limit the use of your Personal Data. We outline your choices below:
E-mail. As described above, if you do not wish to receive promotional e-mails from us, you may opt out at any time. If you opt out of a promotional e-mail, we may still send you transactional and administrative emails about this privacy notice or about the products or services you have purchased.
Cookies. Your browser’s help function should contain instructions on how to set your computer to accept all cookies, to notify you when a cookie is issued, or to not receive cookies at any time.
Advertising. You can opt out of online targeted advertising by opting out within the advertisement itself or by visiting Digital Advertising Alliance, the Digital Advertising Alliance of Canada in Canada or the European Interactive Digital Advertising Alliance in Europe. You can also opt out of the Digital Advertising Alliance using your mobile device settings.
Your rights under certain circumstances. To initiate any of these actions please contact us at compliance@BrickHouseSecurity.com.
- To receive a copy of the Personal Data we hold about you
- To rectify any Personal Data held about you that is inaccurate
- To request the deletion of Personal Data held about you
- You have the right to data portability for the information you have provided to us. You can request to obtain a copy of this information in a commonly used electronic format so that you can manage and move it. We will need to verify your identity before being able to respond to such requests. Please note that in some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Right to Lodge a Complaint. For European Union residents, if you feel that our processing of your personal data infringes on data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state where you habitually reside, your place of work or the location of the alleged infringement. If you are located outside of the European Union, you may have rights under privacy laws in the jurisdiction where you live.
We use reasonable administrative, logical, physical and managerial measures to safeguard your personal information against loss, theft and unauthorized access, use and modification. Unfortunately, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information.
We request that you do not send us any sensitive data such as social security or national identification numbers, information related to racial or ethnic origin, political opinions, religious beliefs, health data, biometrics or genetic, criminal background or trade union membership information. If you do send us this information, then you are consenting to its processing in accordance with this privacy notice. To avoid processing of sensitive data, do not submit it.
Our Policy on Children’s Information
Our site is not directed to children under 16. If you learn that your minor child has provided us with personal information without your consent, please contact us.
GDPR Readiness at BrickHouse Security
In December 2016, the EU Parliament and Council agreed upon the EU General Data Protection Regulation (GDPR), first proposed in 2012, to go into effect on May 25, 2018.
GDPR offers a new framework for data protection with increased obligations for organizations. GDPR focuses on protecting personal data and handing control of it back to the subject of the data.
We’ve been receiving a lot of questions from our Customers, Vendors, Prospects, and Partners. So we’ve provided some more information in the following areas:
- Customer GDPR Roll-Out
- Governance Structure and BrickHouse Security’s Data Protection Officer
- Data Mapping
- Information Security
- Privacy Impact Assessments
- Responding to Subject Access Requests / Rectification / Deletion
- Data Breach Reporting
- Who to Contact
1. Customer GDPR Roll-Out
Where customers are processing personal data with BrickHouse Security, as this is against third party data sources, we are asking our customers to advise us on the lawful processing condition for using our products/services. This ‘reason’ why will need to be determined by our customer, as they are the Data Controller. BrickHouse Security is the Data Processor who acts under their instruction.
There are six lawful processing conditions:
- Compliance with a legal obligation
- Performance of a contract
- Legitimate interest
- Public interest
- Vital interest
2. Governance Structure and BrickHouse Security’s Data Protection Officer
Data privacy is discussed throughout BrickHouse Security with regular presentations to all of our Employees, the Executive Team, and members of our Board of Directors.
BrickHouse Security’s named Data Protection Officer is Daniel Sachs (COO).
Daniel Sachs leads the Privacy and Data Compliance initiative, where each Department Head has a core focus on the products BrickHouse Security delivers, helping embed data privacy into operations whilst also monitoring activity on an ongoing basis.
3. Data Mapping
BrickHouse Security has completed Article 30; our Data Mapping exercise. We know what data we have, where it’s held, how we access it, the classification of the data, records for transfer and flowcharts to show how it moves between systems, processes and countries.
4. Information Security
Led by our COO, the Operations Team is focused on maintaining an information security program which covers everything you would expect and more.
This includes technical security measures (e.g. intrusion, detection, firewalls, monitoring), restricted access to personal data, protection of our physical premises and hard assets, maintaining security measures for our team members (e.g. pre-screening), a data-loss prevention strategy and regular testing of our security posture across our product family: BrickHouseSecurity.com, LightningGPS.com, BrickHouseAlert.com, and our GPS product platforms.
5. Privacy Impact Assessments
Where appropriate, a Privacy Impact Assessment will be completed and evidence gathered, such as copies of privacy notices, a due diligence questionnaire, periodic testing.
6. Responding to Subject Access Requests / Rectification / Deletion
BrickHouse Security has a process in place to manage these requests and sees no issue responding within the new GDPR required timescale of 30 days.
7. Data Breach Reporting
The ICO or Information Commissioner’s Office has a Blog that clears up a lot of myths around data breach reporting. Art. 33 (2) states as data processor, BrickHouse Security’s obligation is to notify data controllers without undue delay after becoming aware of it. WP29 have provided some guidance on this which states:
“The GDPR does not provide an explicit time limit within which the processor must alert the controller, except that it must do so “without undue delay”. Therefore, WP29 recommends an immediate notification by the processor to the controller, with further information about the breach provided in phases as information becomes available. This is important in order to help the controller to meet the requirement of notification to the supervisory authority within 72 hours.”
BrickHouse Security’s position is, the regulation states without “undue delay”, therefore this is what we will abide by. However, we recognise that for our Customer, the Data Controller, the clock will only start ticking when they become aware there has been an incident.
9. Who to Contact
You can reach our Compliance team via email for any GDPR related questions at: compliance@BrickHouseSecurity.com.
Updated: May 25, 2018 / v1