Privacy Policy

Capsicum Group, LLC (“Capsicum Group”, “we”, “us”) provides digital forensics, electronic discovery, cyber-security, security audits, remediation, data hosting and related services to companies and the law firms that represent them. As an industry leader in the investigation, acquisition, management and analysis of critical data, Capsicum Group adheres to the highest ethical standards in providing outstanding service to its customers. At no other time in history has access to, and dissemination of, information been such a critical element of business and commerce in the United States and throughout the world. At the same time, public concern, especially in the area of privacy, is also running at a high level. Capsicum Group remains committed to the responsible use of personally identifiable information and to the safeguarding of individual privacy. We comply with all applicable laws regarding the collection, use, and distribution of personally identifiable information.

This Privacy Policy is designed to inform you about how your personal information is collected, managed, and used by Capsicum Group through this web site (the “Web Site”).

You expressly consent to Capsicum Group’s processing of information as described in this Privacy Policy when you visit the Web Site, provide information to Capsicum Group through the Web Site, utilize Capsicum Group services, and/or sign a contract with Capsicum Group.

I. SCOPE

This Privacy Policy applies to personally identifiable information we obtain from individuals interacting with Capsicum Group and the Web Site. This Privacy Policy does not apply to personally identifiable information that we obtain in our capacity as an employer; employment-related data is covered under separate policies and/or notices.

II. INFORMATION COLLECTION, SHARING, USE & STORAGE

a. Personally identifiable information
The Web Site only collects personally identifiable information from you if you choose to provide this information to Capsicum Group. Personally identifiable information collected with your consent may include, but is not limited to, your name, mailing address, e-mail address, telephone number, facsimile number, username and password used to verify identity (if applicable), resume information, social media username and/or handle, any responses you choose to provide through Web Site survey questions, or any inquiries you may make through the Web Site and any other web sites owned and operated by Capsicum Group.

Capsicum Group uses personally identifiable information that we collect in order to serve your security and privacy needs, including but not limited to: providing security advisories, information, and offerings; conducting research and analysis; providing customer support; analyzing an developing new services; complying with and enforcing applicable legal requirements; and performing other activities consistent with this Privacy Policy.

Capsicum Group may share personally identifiable information with certain personnel and organizations, including but not limited to: authorized partners who perform services for us based upon our instructions and third parties with your consent. Capsicum Group may also disclose personally identifiable information if required to do so by law, in response to government agency requests, as required for national security purposes, and/or in connection with an investigation of suspected or actual illegal or inappropriate activity or exposure to liability. Note that if and when Capsicum Group shares personally identifiable information with a third party, they must contractually agree to comply with standards of privacy and security that are on par with those of Capsicum Group. However, if you provide personally identifiable information to a third party directly, privacy and security issues shall be addressed consistent with that third party’s standards, and your own independent relationship with that third party.

The time periods for which Capsicum Group shall retain your personally identifiable information depends upon the purposes for which we use it. The personally identifiable information Capsicum Group collects may be stored and processed in servers in the United States and wherever Capsicum Group and its related service providers have facilities abroad.

b. Cookies
“Cookies” are small pieces of information that are stored by your Internet browser on your PC and/or Internet-connected device’s hard drive. The Web Site uses first- and third- party cookies (session and persistent); however, personally identifiable information is not collected through the use of cookies. Cookies are used to determine whether a visitor is unique or whether a visitor has viewed the Web Site before. While most Internet browsers are set to accept cookies by default, you can set yours to refuse cookies or to alert you before accepting them. Your Internet browser manufacturer has pertinent information on changing the default setting for your specific Internet browser.

c. Non-personally identifiable information
The Web Site also collects non-personally identifiable information. For example, as you browse the Web Site, we may collect information about your visit, but not about you personally. Via web server logs, for example, Capsicum Group may monitor statistics such as: the number of people that visit the Web Site, which page(s) are visited on the Web Site, from which domain our visitors come (e.g., www.google.com, www.hotmail.com, etc.), and which Internet browsers people use to visit our site (e.g., Google Chrome, Firefox, Microsoft Internet Explorer, etc.). The Web Site uses an outsourcing program to assist Capsicum Group in analyzing this data to better tailor the Web Site.

III.       SECURITY

Capsicum Group takes steps to protect against the loss, misuse, or unauthorized alteration of personally identifiable information collected through the Web Site. We recognize the importance of security for all personally identifiable information collected by the Web Site. We exercise care in providing secure transmission of your information to Capsicum Group servers. Once we receive personally identifiable information, we take steps to protect its security on our systems. In the event we request or transmit sensitive information, we use industry standard, secure socket layer (“SSL”) encryption. Furthermore, Capsicum Group regularly tests the Web Site, data centers, systems, and other capabilities to ensure that we maintain top-of-the-line security. We limit access to personally identifiable information to those Capsicum Group employees who require access in order to carry out their job responsibilities.

IV.        SAFE HARBOR PRIVACY POLICY

Capsicum Group is committed to maintaining the privacy and confidentiality of Client Personal Data (“Client Personal Data”) entrusted to Capsicum Group by our clients and their legal counsel. Capsicum Group complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  Capsicum Group has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view Capsicum Group’s certification, please visit http://www.export.gov/safeharbor/.

Client Personal Data is information from equipment and networks owned, controlled or operated by our clients that is received by Capsicum Group for purposes of collection, processing, storage and analysis in accordance with the instructions of the clients and/or their legal advisors and in order to assist clients in meeting their legal or professional obligations, protecting their vital interests or carrying out other legitimate activities. Capsicum Group will not use Client Personal Data for any purposes other than for those specifically outlined in the client contract.

a. Scope

The Safe Harbor Privacy Policy applies to all Client Personal Data received by Capsicum Group in the United States from the European Economic Area and Switzerland, in any format including electronic, paper or verbal.

Note: Client Personal Data processed by Capsicum Group may be subject to contractual agreements with our clients that require more stringent privacy and security safeguards than the requirements in the Safe Harbor Agreement. At a minimum, however, Capsicum Group handles Client Personal Data in accordance with our Safe Harbor Privacy Policy, which is based upon the seven principles identified in the Safe Harbor Privacy Framework.

b. Seven Safe Harbor Privacy Principles adhered to by Capsicum Group

  1. Notice: When Capsicum Group collects or receives Client Personal Data for processing pursuant to instructions of our clients or their legal counsel, we are acting as an agent for our client and do not provide notice to individuals regarding the collection and use of their personal data. Our clients remain responsible for providing notice, if and to the extent they believe such notice is necessary under applicable European Union or Switzerland law.
  2. Choice (Opt Out): When Capsicum Group receives Client Personal Data from individuals in the European Union or Switzerland pursuant to instructions of our clients or their legal counsel, we are acting as an agent for our client and do not provide the choice for individuals to opt out regarding the collection and use of their personal data. Our clients remain responsible for providing the choice to opt out, if and to the extent they believe such notice is necessary under applicable European Union or Switzerland law.
  3. Onward Transfer: Capsicum Group does not transfer Client Personal Data to unrelated third parties, unless lawfully directed to do so by a client, or in certain limited or exceptional circumstances in accordance with the Safe Harbor Privacy Framework. For example, such circumstances would include disclosures of Client Personal Data as required by law or legal process, or disclosures made in the vital interest of an identifiable person such as those involving life, health or safety.In the event that Capsicum Group ever needs to transfer Client Personal Data to an unrelated third party, Capsicum Group will ensure that such party is either subject to the Safe Harbor Agreement, subject to similar laws providing an adequate and equivalent level of privacy protection, or will enter into a written agreement with the third party requiring them to provide protections consistent with the Safe Harbor Privacy Framework and Capsicum Group’s Privacy Policy. Should Capsicum Group learn that an unrelated third party to which Client Personal Data has been transferred by Capsicum Group is using or disclosing Client Personal Data in a manner contrary to these policies, Capsicum Group will take reasonable steps to prevent or stop the use or disclosure. When Capsicum Group does transfer data to vendors for additional processing, it will be at the direction of our clients, thereby making the vendor an agent of the client, and not an agent of Capsicum Group. Accordingly, each time we send data to vendors, we ensure a transmittal letter accompanies the data that reflects that the data is being provided “at the direction of [client name]”
  4. Security: Capsicum Group is committed and takes reasonable precautions to protect Client Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
  5. Data Integrity: Capsicum Group controls Client Personal Data only in ways that are consistent with the purposes for which it was collected or subsequently directed or authorized by clients or their legal counsel to fulfill services requested by them.
  6. Access and Correction: Client Personal Data is accessible by only those Capsicum Group employees and contractors who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. Our employees and contractors do enter into confidentiality and non-disclosure agreements requiring that they maintain the confidentiality of Client Personal Data.Capsicum Group will provide individuals with access to his or her own Client Personal Data in order to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. However, where the burden or expense of providing access would be disproportionate to the risks to the individuals privacy in the case in question, or where the rights of persons other than the individual would be violated, such access will not be granted.
  7. Enforcement: Capsicum Group will conduct compliance audits of its relevant privacy practices on an annual basis to verify adherence to the Safe Harbor Agreement. Any employee that Capsicum Group determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.Clients or prospective clients of Capsicum Group with questions or concerns regarding Capsicum Group’s compliance with the Safe Harbor Privacy Policy should contact us via email at info@capsicumgroup.com, with “Safe Harbor Privacy” in the subject line, or at the postal address: Capsicum Group, LLC., 2929 Arch Street, Suite 1525, Philadelphia, PA 19104, Attention: Safe Harbor Privacy.  Capsicum Group will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy. For complaints that cannot be resolved between Capsicum Group and the complainant, Capsicum Group agrees to cooperate with data protection authorities located in the European Union and Switzerland and participate in the dispute resolution procedures of the panel established by the European and Swiss data protection authorities to resolve disputes pursuant to the Safe Harbor Principles.

c. Limitation on Application of Principles
Adherence by Capsicum Group to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule or regulation.

d. Changes to the Safe Harbor Privacy Policy
This policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles. A notice will be available upon request.

V. CHILDREN’S PRIVACY

Capsicum Group complies with the Children’s Online Privacy Protection Act of the United States of America (which is available here: http://www.coppa.org/coppa.htm). We do not knowingly collect personal information from children under the age of thirteen (13) years without proper parental consent.

VI. UPDATING THIS PRIVACY POLICY

Capsicum Group may update this Privacy Policy at any time by posting additions or modifications on the Web Site. Capsicum Group will notify you by prominent notice on the Web Site if at any point we decide to use personally identifiable information in a manner materially different than that stated at the time it was collected, and if appropriate we shall seek consent prior to the new stated use.

VII. CONTACT US

If you have questions or concerns regarding this Privacy Policy, please contact us via email at info@capsicumgroup.com, with “Privacy Policy” in the subject line, or at the postal address: Capsicum Group, LLC., 2929 Arch Street, Suite 1525, Philadelphia, PA 19104, Attention: Privacy Policy.

This Privacy Policy was last updated on January 27, 2015.