Privacy Policy

This Privacy Policy applies to services from CORL Technologies LLC (“CORL”) available through the websites www.vendorsecurity.com (also called the VSRM website) and www.vendorsecurity.com. By using either of these websites you agree to be bound by the terms and conditions of this Privacy Policy.  If you do not agree to be bound by the terms and conditions of this Privacy Policy, please do not access either website or use our services.

This Privacy Policy describes what personal information we may collect from you, and what we do with that information, as part of the normal operation of our services. Personal information includes data elements such as your name, title, email address, phone number, and IP address.

By using CORL’s Vendor Security Risk Management service, you expressly consent to our use and disclosure of your personal information subject to the terms and conditions stated within this Privacy Policy. This Privacy Policy is incorporated into, and subject to, the CORL ASP Subscription Agreement and is effective upon your organization’s acceptance of the CORL ASP Subscription Agreement.

1. Why and How We Collect Information
Our primary purpose in collecting personal information is to provide you with CORL’s Vendor
Security Risk Management services. You can view public areas of the VSRM website without the need to enter personal information. However, if you do provide your personal information (e.g. by submitting a request for more information), you are no longer anonymous.  If your organization signs up for CORL’s Vendor Security Risk Management service, we will require
your organization to provide contact and identity information about users (i.e. you). Some information is required and some information is optional.  Your organization has the option to decline to provide us with required information; however, if this is the case, we will not be able to provide your organization with CORL’s Vendor Security Risk Management service.

As we continually add to our services over time, we reserve the right to require additional personal information.   

Use of Cookies
We use data collection "cookies" on certain pages of both of our websites. Cookies are small files that we place on your computer to assist us in providing CORL’s Vendor Security Risk
Management services.  We do not relate the cookie information to any of your personal information.   We use only "session cookies," meaning that they are automatically deleted from your hard drive at the end of a session. Some browsers allow you to decline cookies; however both our websites will not work correctly if you do so.
 
2. How We Use Your Information
We use your personal information to provide CORL’s Vendor Security Risk Management
services, authenticate users at login, customize the list of reports and dashboards you see on our websites, detect and protect us against error or fraud, and enforce our ASP Subscription Agreement.  We may review and compare your personal information against other users from your organization to identify and resolve issues (e.g. errors or omissions) that come to your or our attention.
 
We post client feedback and comments on the community forum section of our websites. Although we make every effort to anonymize your feedback and comments, you should be aware that it may still be possible to link your feedback and comments to your personal information.  We will obtain your written consent prior to posting your feedback and comments.  If you wish to request the removal of your feedback or comments, please send a request to sales@CORLtech.com.
 
3. Our Disclosure of Your Information
We will not share, sell or rent any of your personal information to third parties other than as described in this Privacy Policy. During the delivery of CORL’s Vendor Security Risk
Management services your personal information may be disclosed as follows:
 
Service providers facilitate some aspects of CORL’s Vendor Security Risk Management
services. Your personal information will be shared with these service providers in order to provide you with our services. Our service providers are subject to confidentiality agreements with us and other legal restrictions that prohibit their use of the information we provide them for any other purpose except to provide CORL Vendor Security Risk Management services.
We cooperate with law enforcement inquiries and enforcement activities, including intellectual property rights and fraud.  Therefore, in response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, with or without a subpoena, you authorize us to disclose your personal information and usage history.
Any information you provide in the community forum areas of our websites may be read, collected, and used by others who access them.  If you wish to request the removal of your feedback or comments, please send a request to sales@CORLtech.com.  
 
Although we use industry standard security and privacy practices, we do not promise, and you should not expect, that your personal information or feedback and comments will always remain private.
 
4. Your Use of Other CORL Users' Information
We do not tolerate spam.  You are not licensed to send any message to another CORL user (either by email or regular mail) without their express (preferably written) consent.  If you receive spam that appears to come from CORL, please contact us at sales@CORLtech.com.
 
5. Password Protection
You are responsible for all actions taken with your CORL account. Therefore, we recommend that you select a suitably strong password and keep it secret from colleagues, friends, and all others.  If your password is disclosed, either intentionally or unintentionally, you may lose control over your personal information provided to CORL, and may be subject to legally binding actions taken on your behalf (for example, report requests that are charged against your annual quota).  Therefore, if your password has been compromised for any reason, you should immediately change your password and contact us at sales@CORLtech.com to review recent activity on your account.
 
6. Reviewing and Updating Your Personal Information
You have the ability to review the personal information associated with your CORL account. If you wish to update your personal information, please submit a request to your Organizational Administrator. If your Org Admin is unable to make the requested changes, you may contact us at sales@CORLtech.com. We will only modify your personal information if we are able to authenticate your identity to our full satisfaction.
 
Upon your request, we will deactivate your account. To make a deactivation request, email sales@CORLtech.com. Your account will only be deactivated after we have been able to authenticate your identity to our full satisfaction.
 
7. Retention of Your Personal Information
We will retain your personal information for as long as your account is active or as needed to provide your organization with CORL’s Vendor Security Risk Management services. If you wish to cancel your account or request that we no longer use your personal information to provide you with our services, please send an email to sales@CORLtech.com. We reserve the right to retain and use some or all of your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our ASP Subscription Agreement. Therefore, you should not expect that we will remove all of your personal information in response to your requests.  However, any personal information we retain will only be available to certain CORL personnel or certain of our service providers.
 
8. Collection of Information by Others
Except as otherwise expressly stated in this Privacy Policy, this Privacy Policy only addresses the use and disclosure of information we collect from you.  If you choose to disclose your personal information to others using our system or service (including by following links to other websites), different terms and conditions may apply to their use or disclosure of the personal information you disclose to them.  Since CORL does not control the privacy policies of third parties, or the actions of other individuals, you are subject to the privacy policies of that third party or those individuals.  We encourage you to make sure the recipients are authenticated to your full satisfaction before you disclose any of your personal information.
 
9. Information Security Practices
We treat data as an asset that must be protected against loss and unauthorized access. Your personal information is stored on CORL's servers which are located in a secure data center within the United States.  Procedural and technical safeguards are used to protect your personal information against loss or theft, as well as unauthorized access and disclosure. These safeguards include encryption, the use of firewalls, and Secure Socket Layers. However, notwithstanding our best efforts, "perfect security" does not exist on the Internet and you should not have expectations of “perfect security” with either of our websites or the use of CORL’s Vendor Security Risk Management service.  If you have any questions about security, you can contact us at sales@CORLtech.com.
 
10. Changes to this Policy
We reserve the right to modify this Privacy Policy at any time. If we make any changes to our Privacy Policy, we will notify you via email and/or by posting the changes on our website prior to the change becoming effective. We encourage you to review our Privacy Policy from time to time.
 
11. Contact us
If you have any questions regarding this Privacy Policy, you may contact us at sales@CORLtech.com, by calling (404) 410-7400, or via postal mail at 5256 Peachtree Road, Suite 190, Atlanta, GA 30341.
 
Last updated August 9, 2016