1. Why and How We Collect Information
Our primary purpose in collecting personal information is to provide you with CORL’s Vendor
Security Risk Management services. You can view public areas of the VSRM website without the need to enter personal information. However, if you do provide your personal information (e.g. by submitting a request for more information), you are no longer anonymous. If your organization signs up for CORL’s Vendor Security Risk Management service, we will require
your organization to provide contact and identity information about users (i.e. you). Some information is required and some information is optional. Your organization has the option to decline to provide us with required information; however, if this is the case, we will not be able to provide your organization with CORL’s Vendor Security Risk Management service.
As we continually add to our services over time, we reserve the right to require additional personal information.
We use data collection "cookies" on certain pages of both of our websites. Cookies are small files that we place on your computer to assist us in providing CORL’s Vendor Security Risk
Management services. We do not relate the cookie information to any of your personal information. We use only "session cookies," meaning that they are automatically deleted from your hard drive at the end of a session. Some browsers allow you to decline cookies; however both our websites will not work correctly if you do so.
We use your personal information to provide CORL’s Vendor Security Risk Management
services, authenticate users at login, customize the list of reports and dashboards you see on our websites, detect and protect us against error or fraud, and enforce our ASP Subscription Agreement. We may review and compare your personal information against other users from your organization to identify and resolve issues (e.g. errors or omissions) that come to your or our attention.
Management services your personal information may be disclosed as follows:
services. Your personal information will be shared with these service providers in order to provide you with our services. Our service providers are subject to confidentiality agreements with us and other legal restrictions that prohibit their use of the information we provide them for any other purpose except to provide CORL Vendor Security Risk Management services.
We cooperate with law enforcement inquiries and enforcement activities, including intellectual property rights and fraud. Therefore, in response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, with or without a subpoena, you authorize us to disclose your personal information and usage history.
Any information you provide in the community forum areas of our websites may be read, collected, and used by others who access them. If you wish to request the removal of your feedback or comments, please send a request to sales@CORLtech.com.
We do not tolerate spam. You are not licensed to send any message to another CORL user (either by email or regular mail) without their express (preferably written) consent. If you receive spam that appears to come from CORL, please contact us at sales@CORLtech.com.
You are responsible for all actions taken with your CORL account. Therefore, we recommend that you select a suitably strong password and keep it secret from colleagues, friends, and all others. If your password is disclosed, either intentionally or unintentionally, you may lose control over your personal information provided to CORL, and may be subject to legally binding actions taken on your behalf (for example, report requests that are charged against your annual quota). Therefore, if your password has been compromised for any reason, you should immediately change your password and contact us at sales@CORLtech.com to review recent activity on your account.
You have the ability to review the personal information associated with your CORL account. If you wish to update your personal information, please submit a request to your Organizational Administrator. If your Org Admin is unable to make the requested changes, you may contact us at sales@CORLtech.com. We will only modify your personal information if we are able to authenticate your identity to our full satisfaction.
We will retain your personal information for as long as your account is active or as needed to provide your organization with CORL’s Vendor Security Risk Management services. If you wish to cancel your account or request that we no longer use your personal information to provide you with our services, please send an email to sales@CORLtech.com. We reserve the right to retain and use some or all of your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our ASP Subscription Agreement. Therefore, you should not expect that we will remove all of your personal information in response to your requests. However, any personal information we retain will only be available to certain CORL personnel or certain of our service providers.
We treat data as an asset that must be protected against loss and unauthorized access. Your personal information is stored on CORL's servers which are located in a secure data center within the United States. Procedural and technical safeguards are used to protect your personal information against loss or theft, as well as unauthorized access and disclosure. These safeguards include encryption, the use of firewalls, and Secure Socket Layers. However, notwithstanding our best efforts, "perfect security" does not exist on the Internet and you should not have expectations of “perfect security” with either of our websites or the use of CORL’s Vendor Security Risk Management service. If you have any questions about security, you can contact us at sales@CORLtech.com.