1.1. “Anonymous Information” means information that does not relate to an identified or identifiable natural person or to Personal Data rendered unable to identify a natural person. “Anonymized” or “Anonymization” is the process of making information anonymous.
1.2. “CAL™” or “Collective Analytics Layer” is a proprietary Threat Analysis Tool that operates with the ThreatConnect Platform and aggregates a worldwide scope of threat intelligence data and information, including OSINT, from all available sources, both internal and external to the ThreatConnect Platform, including from all users and Online Communities of any Products for which CAL is engaged.
1.3. “CAL Data” means anonymized or pseudonymized Indicators of Compromise that CAL automatically ingests and that is aggregated and co-mingled into all other data, information, and tools available on CAL to enrich the threat analysis capabilities of the ThreatConnect Platform for the benefit of all ThreatConnect users globally.
1.4. “Cloud” is a remote instantiation of the ThreatConnect Platform which is administratively controlled by ThreatConnect in a secure manner for multiple users, and for which organizational access to the account is controlled by the User. CAL and certain other vendor services (i.e., Pendo) are always active and engaged for Cloud users.
1.6. “Data Protection Laws” means GDPR and any and all other laws, rules and regulations of any jurisdiction applicable to us or to our Services from time to time, as amended.
1.7. “Data Subject” means an identified or identifiable person to whom Personal Information relates.
1.8. “Dedicated Cloud” is a remote instantiation of the ThreatConnect Platform which is licensed to a single organization who possesses all administrative control of its Instance, including the creation of organizations and sub-organizations and the engagement of vendor services.
1.9. “GDPR” means the EU General Data Protection Regulation 2016/679 of the European Parliament and the European Council dated April 27, 2016 and all amendments and successors thereto.
1.10. “Instance” is a single instantiation of our cloud-based ThreatConnect Platform, which can be either a Cloud, Dedicated Cloud, or On-Premises deployment of the application.
1.11. “IOCs” or “Indicators of Compromise” are the information and technical data (e.g., IP address, domain name, hashes of malware, URLs and elements of valid or spoofed personal information) associated with an actual or attempted hack, intrusion, attack, release or compromise of the security of any data, network, device or information system or which may identify the existence or possible existence of any other cybersecurity threat, vulnerability or risk.
1.12. “Legitimate Interests” include, with regard to the controller or processor: (i) internal administration of the company’s business, including the management of assets, staff and business risks, (ii) direct marketing, (iii) preventing fraud or other illegal activities, (iv) ensuring network and information security, including preventing unauthorized access or damage to electronic communications networks, stopping malicious code distribution and preventing DNS attacks, (v) the establishment or defense of legal claims by the company or on behalf of a third party, and (vi) for purposes of public safety & health or other public interest, whether or not subject to action by a governmental authority.
1.13. “Online Communities” are those publicly available areas and other interactive features of the Sites or ThreatConnect Platform, such as Workspaces, user profiles, forums and message boards, with which users can share data and information for access by other users. Other than your password, your registration information (i.e., name, email address, user ID and avatar photo, if selected) will be available to all members of any Online Community or Workspace you join and to which you contribute User Shared Data.
1.14. “Personal Data” means, as defined in Article 4(1) of the GDPR, any information relating to an identified or identifiable natural person (i.e., Data Subject).
1.15. “Personal Information” means Personal Data, personally identifiable information, or any other such information that is protected under any Data Protection Laws, that is not encrypted or Anonymized.
1.16. “Processing” means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, transmission, dissemination, erasure or destruction.
1.17. “Products” mean any or all of our proprietary threat intelligence tools or services, including TC Complete, TC Identify, TC Manage, TC Analyze, TC Exchange and CAL, and any other tools or software developed by us from time to time.
1.18. “Pseudonymization” means the processing of Personal Data such that it can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to protect against the attribution of such data to an identified or identifiable natural person. “Pseudonymized Information” is data that has undergone the process of pseudonymization.
1.19. “OSINT” or “Open Source Intelligence Feeds” means third-party products or tools that are used in or made available to users through our ThreatConnect Platform which provide cybersecurity threat, incident or adversary data, information or IOCs.
1.20. “Site” or “Sites” means the website ThreatConnect.com, including all subdomains thereof.
1.21. “Sub-Processor” means any third-party that we engage to Process Personal Information for or on behalf of you or for any other business purposes with you.
1.22. “TAP” or “ThreatConnect Authorized Personnel” means any of our employees or other authorized agents who need to know or otherwise have access to Personal Information in order for us to perform our obligations to you.
1.23. “ThreatConnect Data” means all data and information, other than User Data that is subject to Section 4.4.1), that is created, developed, licensed, stored, accessed and/or used in the ThreatConnect Platform (including all User Shared Data), all right, title and interest to which is held by us.
1.24. “ThreatConnect Platform” means our proprietary collaborative security operations and analytics platform that combines threat data collection, analysis, collaboration and expertise from a wide variety of sources into a single platform and is the operating platform for all of our Products and Threat Analysis Tools, including CAL.
1.25. “ThreatConnect Processing Authorities”. Our data processing is based upon performance of a contract, public interest and legitimate interests. Our collection and Processing of Personal Information in connection with your purchase, acquisition, use or license of any of our Products and Services, including use of the ThreatConnect Platform, is lawful and necessary on the basis of (i) the performance of a contract between you and us or at your request in anticipation of formation of such a contract, (ii) for the performance of a task carried out in the public interest, whether or not the subject of action by a public authority (including but not limited to the protection and enhancement of network and information security), and/or (iii) based upon our other Legitimate Interests means our respective legal bases for the collection and Processing of Personal Information as defined in Section 10.4.
1.26. “Threat Analysis Tools” means cyber threat-related inventions, software and information, whether proprietary to ThreatConnect or licensed by us from a Vendor and integrated into our Services.
1.27. “User Data” means a user’s Personal Information, text, documents, content, code, software, video, images, music, sound, messages, tags or other materials of any type exclusive of any ThreatConnect Data.
1.28. “User Shared Data” means any and all elements of User Data that a user uploads, submits, posts, emails, transmits or otherwise makes available to or through the use of CAL or to an Online Community, and all IOCs identified in a user’s Instance.
1.29. “Vendors” mean our suppliers and licensors which enable us to perform our Services, including our providers of (i) IP information & analytics, (ii) human resource information systems, (iii) OSINT and Threat Analysis Tools, and/or (iv) other security-related products or services.
1.30. “You,” “Your” or “User” means any and all authorized personnel of a client, organization, or entity which is the user account holder. Any right or obligation of an individual user may be administered by or under the authority of its employer or other account holder and the exercise of Data Subject Rights may not conflict with an individual user’s duties to its employer, including duties of confidentiality with regard to employer data.
1.31. “We,” “Us” or “Our” means ThreatConnect, Inc. including ThreatConnect, Inc., licensors and any and all ThreatConnect Authorized Personnel.