Privacy Policy

Capsicum Group, LLC (“Capsicum Group”, “we”, “us”) provides digital forensics, electronic discovery, cyber-security, security audits, remediation, data hosting and related services to companies and the law firms that represent them. As an industry leader in the investigation, acquisition, management and analysis of critical data, Capsicum Group adheres to the highest ethical standards in providing outstanding service to its customers. At no other time in history has access to, and dissemination of, information been such a critical element of business and commerce in the United States and throughout the world. At the same time, public concern, especially in the area of privacy, is also running at a high level. Capsicum Group remains committed to the responsible use of personally identifiable information and to the safeguarding of individual privacy. We comply with all applicable laws regarding the collection, use, and distribution of personally identifiable information.

This Privacy Policy is designed to inform You (“Data Subject”) about how your personal information is collected, managed, and used by Capsicum Group through this web site (the “Web Site”) and through requests for information regarding, and the utilization of, Capsicum Group services.

You expressly consent to Capsicum Group’s processing of information as described in this Privacy Policy when you visit the Web Site, provide information to Capsicum Group through the Web Site, request information regarding Capsicum Group services, utilize Capsicum Group services, and/or sign a contract with Capsicum Group.

SCOPE

This Privacy Policy applies to personally identifiable information (“PII”) we obtain from individuals interacting with Capsicum Group and the Web Site. This Privacy Policy does not apply to PII that we obtain in our capacity as an employer; employment-related data is covered under separate policies and/or notices.

INFORMATION COLLECTION, SHARING, USE & STORAGE

  1. Personally identifiable information

The Web Site only collects PII from you if you choose to provide this information to Capsicum Group. PII collected with your consent may include, but is not limited to, your name, mailing address, e-mail address, telephone number, facsimile number, username and password used to verify identity (if applicable), resume information, social media username and/or handle, any responses you choose to provide through Web Site survey questions, or any inquiries you may make through the Web Site and any other web sites owned and operated by Capsicum Group.

Capsicum Group uses PII that we collect in order to serve your security and privacy needs, including but not limited to: providing security advisories, information, and offerings; conducting research and analysis; providing customer support; analyzing an developing new services; complying with and enforcing applicable legal requirements; and performing other activities consistent with this Privacy Policy.

Capsicum Group may share PII with certain personnel and organizations, including but not limited to: authorized partners who perform services for us based upon our instructions and third parties with your consent. Capsicum Group may also disclose PII if required to do so by law, in response to government agency requests, as required for national security purposes, and/or in connection with an investigation of suspected or actual illegal or inappropriate activity or exposure to liability. Note that if and when Capsicum Group shares PII with a third party, they must contractually agree to comply with standards of privacy and security that are on par with those of Capsicum Group. However, if you provide PII to a third party directly, privacy and security issues shall be addressed consistent with that third party’s standards, and your own independent relationship with that third party.

The time periods for which Capsicum Group shall retain your PII depends upon the purposes for which we use it. The PII Capsicum Group collects may be stored and processed in servers in the United States and wherever Capsicum Group and its related service providers have facilities abroad.

2. Cookies

“Cookies” are small pieces of information that are stored by your Internet browser on your PC and/or Internet-connected device’s hard drive. The Web Site uses first- and third- party cookies (session and persistent); however, personally identifiable information is not collected through the use of cookies. Cookies are used to determine whether a visitor is unique or whether a visitor has viewed the Web Site before. While most Internet browsers are set to accept cookies by default, you can set yours to refuse cookies or to alert you before accepting them. Your Internet browser manufacturer has pertinent information on changing the default setting for your specific Internet browser.

3. Non-personally identifiable information

The Web Site also collects non-personally identifiable information. For example, as you browse the Web Site, we may collect information about your visit, but not about you personally. Via web server logs, for example, Capsicum Group may monitor statistics such as: the number of people that visit the Web Site, which page(s) are visited on the Web Site, from which domain our visitors come (e.g., www.google.com, www.hotmail.com, etc.), and which Internet browsers people use to visit our site (e.g., Google Chrome, Firefox, Microsoft Internet Explorer, etc.). The Web Site uses an outsourcing program to assist Capsicum Group in analyzing this data to better tailor the Web Site.

SECURITY

Capsicum Group takes steps to protect against the loss, misuse, or unauthorized alteration of PII collected through the Web Site. We recognize the importance of security for all PII collected by the Web Site. We exercise care in providing secure transmission of your information to Capsicum Group servers. Once we receive PII, we take steps to protect its security on our systems. In the event we request or transmit sensitive information, we use industry standard, secure socket layer (“SSL”) encryption. Furthermore, Capsicum Group regularly tests the Web Site, data centers, systems, and other capabilities to ensure that we maintain top-of-the-line security. We limit access to PII to those Capsicum Group employees who require access in order to carry out their job responsibilities.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

Capsicum Group is committed to maintaining the privacy and confidentiality of PII and, additionally, Client Personal Data (“Client Personal Data”) entrusted to Capsicum Group by our clients and their legal counsel. Capsicum Group complies with the U.S.-EU Privacy Shield and the U.S.-Swiss Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  To learn more about the Privacy Shield program, please visit www.privacyshield.gov.

Client Personal Data is information from equipment and networks owned, controlled or operated by our clients that is received by Capsicum Group for purposes of collection, processing, storage and analysis in accordance with the instructions of the clients and/or their legal advisors and in order to assist clients in meeting their legal or professional obligations, protecting their vital interests or carrying out other legitimate activities. Capsicum Group will not use Client Personal Data for any purposes other than for those specifically outlined in the client contract.

a. Scope

The EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield apply to all PII and Client Personal Data received by Capsicum Group in the United States from the European Economic Area and Switzerland, in any format including electronic, paper or verbal.

Note: Client Personal Data processed by Capsicum Group may be subject to contractual agreements with our clients that require more stringent privacy and security safeguards than the requirements in the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. At a minimum, however, Capsicum Group handles Client Personal Data in accordance with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Privacy Principles.

b. Seven EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Principles adhered to by Capsicum Group

  1. Notice

Capsicum Group notifies Data Subjects covered by the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield about its data practices regarding personally identifiable information received by Capsicum Group in the U.S. from European Union member countries and Switzerland in reliance on the respective Privacy Shield framework, including the personally identifiable information it collects about them, the purposes for which it collects and uses such personally identifiable information, the types of third parties to which it discloses such personally identifiable information and the purposes for which it does so, the rights of Data Subjects to access their personally identifiable information, how Capsicum Group limits its use and disclosure of such personally identifiable information, how Capsicum Group’s obligations under the Privacy Shield are enforced, and how Data Subjects can contact Capsicum Group with any inquiries or complaints.

When Capsicum Group collects or receives Client Personal Data for processing pursuant to instructions of our clients or their legal counsel, we are acting as an agent for our client and do not provide notice to individuals regarding the collection and use of their personal data. Our clients remain responsible for providing notice, if and to the extent they believe such notice is necessary under applicable European Union or Switzerland law.

2. Choice (Opt Out)

If personally identifiable data and/or Client Personal Data covered by this Policy is to be used for a new purpose that is materially different from that for which the personally identifiable data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, Capsicum Group will provide Data Subjects with an opportunity to choose whether to have their personally identifiable data so used or disclosed. Requests to opt out of such uses or disclosures of personally identifiable data should be sent to: info@capsicumgroup.com.

If personally identifiable data and/or Client Personal Data covered by this Policy is to be used for a new purpose that is different from that for which it was originally collected or subsequently authorized, or is to be disclosed to a third party, Capsicum Group will obtain the Data Subject’s explicit consent prior to such use or disclosure.

When Capsicum Group receives Client Personal Data from individuals in the European Union or Switzerland pursuant to instructions of our clients or their legal counsel, we are acting as an agent for our client and do not provide the choice for individuals to opt out regarding the collection and use of their personal data. Our clients remain responsible for providing the choice to opt out, if and to the extent they believe such notice is necessary under applicable European Union or Switzerland law.

3. Accountability for Onward Transfer

Capsicum Group does not transfer PII and/or Client Personal Data to unrelated third parties, unless lawfully directed to do so by a client, or in certain limited or exceptional circumstances in accordance with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. For example, such circumstances would include disclosures of PII and/or Client Personal Data as required by law or legal process, or disclosures made in the vital interest of an identifiable person such as those involving life, health or safety. In the event that Capsicum Group ever needs to transfer PII and/or Client Personal Data to an unrelated third party, Capsicum Group will ensure that such party is either subject to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, subject to similar laws providing an adequate and equivalent level of privacy protection, or will enter into a written agreement with the third party requiring them to provide protections consistent with the the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield,  and Capsicum Group’s Privacy Policy. Should Capsicum Group learn that an unrelated third party to which PII and/or Client Personal Data has been transferred by Capsicum Group is using or disclosing PII and/or Client Personal Data in a manner contrary to these policies, Capsicum Group will take reasonable steps to prevent or stop the use or disclosure. When Capsicum Group does transfer data to vendors for additional processing, it will be at the direction of our clients, thereby making the vendor an agent of the client, and not an agent of Capsicum Group. Accordingly, each time we send data to vendors, we ensure a transmittal letter accompanies the data that reflects that the data is being provided “at the direction of [client name]”

4. Security

Capsicum Group is committed and takes reasonable precautions to protect PII and/or Client Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

5. Data Integrity and Purpose Limitation

Capsicum Group controls PII and/or Client Personal Data only in ways that are consistent with the purposes for which it was collected or subsequently directed or authorized by clients or their legal counsel to fulfill services requested by them.

6. Access

PII and/or Client Personal Data is accessible by only those Capsicum Group employees and contractors who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. Our employees and contractors do enter into confidentiality and non-disclosure agreements requiring that they maintain the confidentiality of PII and/or Client Personal Data. Capsicum Group will provide individuals with access to his or her own PII and/or Client Personal Data in order to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. However, where the burden or expense of providing access would be disproportionate to the risks to the individuals privacy in the case in question, or where the rights of persons other than the individual would be violated, such access will not be granted.

7. Recourse, Enforcement and Liability

Capsicum Group’s participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission. In compliance with the Privacy Shield Principles, Capsicum Group commits to resolve complaints about your privacy and our collection or use of PII. Data Subjects with inquiries or complaints regarding this Policy should first contact Capsicum Group via email at info@capsicumgroup.com, with “Privacy Shield” in the subject line, or at the postal address: Capsicum Group, LLC., 2929 Arch Street, Suite 1525, Philadelphia, PA 19104, Attention: Privacy Shield.  Capsicum Group will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

c. Limitation on Application of Principles

Adherence by Capsicum Group to these Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule or regulation.

d. Changes to the Privacy Shield Policy

This policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. A notice will be available upon request.

CHILDREN’S PRIVACY

Capsicum Group complies with the Children’s Online Privacy Protection Act of the United States of America (which is available here: http://www.coppa.org/coppa.htm). We do not knowingly collect personal information from children under the age of thirteen (13) years without proper parental consent.

UPDATING THIS PRIVACY POLICY

Capsicum Group may update this Privacy Policy at any time by posting additions or modifications on the Web Site. Capsicum Group will notify you by prominent notice on the Web Site if at any point we decide to use personally identifiable information in a manner materially different than that stated at the time it was collected, and if appropriate we shall seek consent prior to the new stated use.

CONTACT US

If you have questions or concerns regarding this Privacy Policy, please contact us via email at info@capsicumgroup.com, with “Privacy Policy” in the subject line, or at the postal address: Capsicum Group, LLC., 2929 Arch Street, Suite 1525, Philadelphia, PA 19104, Attention: Privacy Policy.

This Privacy Policy was last updated on January 22, 2018.