Updated January 1, 2020.
PLOTTER MECHANIX BELIEVES THAT PRIVACY IS IMPORTANT FOR OUR CUSTOMERS’ TRUST.
Our privacy practices are informed by key principles:
We are responsible for the protection of Personal Information that is entrusted to us.
Transparency and Control.
We inform our customers, when we collect their Personal Information, and we honor their selected preferences for contacting them.
Third Parties processing our information.
We choose trustworthy vendors and suppliers to help us process our Personal Information, and we require them to commit to adequate privacy and data security standards. We require that our partners commit to privacy policies and standards, that we consider adequate.
Privacy by Design.
We apply privacy requirements and the principles of our Privacy Policies when designing our products and services, and when we are implementing new technologies internally.
Data Integrity and Proportionality.
We collect Personal Information to use it for specific and legitimate business purposes. We collect what we need to get the job done, we store it safely and accurately, and we retain it as needed for its intended purpose.
Customer Benefit/Value for Customers.
We share with our customers the benefits/value that we derive from processing their Personal Information
We implement technical, organizational, and physical security measures, to help ensure an appropriate level of security of the Personal Information that we process.
This Privacy Statement applies to our Online Privacy Practices, and it may apply to our offline data collection, if we refer to this statement. It tells you which information we collect when you visit Plotter Mechanix Networks’ websites (“Sites”), and how we use it.
If you use our products, other privacy disclosures and information may apply.
BEST PRACTICE ASSESSMENT PRIVACY
The Best Practice Assessment (BPA) evaluates Plotter Mechanix Networks next-generation firewall (NGFW) and network security management configurations to identify risks and provide recommendations on how a customer can remediate issues. It consists of two components: the Best Practice Assessment itself, and the Security Policy Capability Adoption Heatmap.
The BPA compares current configurations against best practices and produces a report on which best practices are—and are not—being followed.
Each policy, security profile, and configuration is parsed to see if it aligns with best practices. If any do not, the BPA provides guidance on how to remediate the issue.
The Security Policy Capability Adoption Heatmap analyzes Panorama and individual NGFW configurations to determine how the customer is leveraging our prevention capabilities. The tool analyzes the rule base to identify whether our capabilities are applied where relevant. Shown in a matrix form with color coding, the Adoption Heatmap can help drive effective capability adoption on existing infrastructure. The Adoption Heatmap offers different ways to consume the information, such as filtering data by device groups, serial numbers, zones, areas of architecture, tags, and other categories. It also provides various filter options to narrow the data search to specific device groups, specific traffic between source and destination zones, to or from an area of architecture, one or more tags, etc. The Adoption Heatmap also shows trending information that tracks historical capability adoption, which helps to identify progress and rate of improvement in security posture.
Summary views provide an executive report on overall adoption, comparison to the industry average, and alignment with industry security standards, such as the NIST Cybersecurity Framework, and CIS Critical Security Controls.
Information Processed by BPA
The Best Practice Assessment tool receives the Technical Support file (TSF), which is used to generate the BPA report. The TSF contains a configuration file, management and data plane program files, a few command outputs, etc.
Read the following article to know more about GDPR-related questions and documentation.
How the BPA Fits with EU Data Protection Laws
Processing personal data to ensure network and information security, including through a cloud-based data processor, is broadly recognized as: a “Legitimate Interest,” and is specifically called out as such, in the EU General Data Protection Regulation:
(49) The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems, by public authorities, by Computer Emergency Response Teams (CERTs), Computer Security Incident Response Teams (CSIRTs), by providers of electronic communications networks and services and by providers of security technologies and services, constitutes a Legitimate Interest of the data controller concerned.
This could, for example, include preventing unauthorized access to electronic communications networks and malicious code distribution, and for stopping ‘denial of service’ attacks and for preventing and or limiting the damage to computer and electronic communication systems.
Where a Service Provider like Plotter Mechanix processes personal data to ensure network and information security, this is a Legitimate Interest of the Service Provider, and its customers. Such legitimate interest provides a basis for the processing of personal data by Plotter Mechanix under EU data protection laws.
How Plotter Mechanix Complies with Data Protection Rules
Plotter Mechanix is committed to protecting personal data stored and processed in the BPA tool. Access to the data is restricted to the Customer Experience Automation team. Access is allowed for the purpose of solving issues, troubleshooting, and improving the effectiveness of the BPA. We will not access the information in such a way as to learn meaningful information about natural persons unless necessary for the purpose of troubleshooting issues with the BPA report or its findings. The TSF is uploaded and processed in memory, and is never captured, or stored by the BPA tool.
The BPA report is never shared with any third parties. Any data stored on or processed by Plotter Mechanix systems is secured with state-of-the-art technologies, and Plotter Mechanix operates rigorous technical and organizational security controls.
BPA reports are not retained for access at a later time. BPA data from the TSF is retained in JSON format for five years, after the date when the report is produced. Customers also have an option to “soft delete,” or archive themselves any data processed by the tool, to exclude it from trending and benchmarking metrics. If a customer requests to purge their data, Plotter Mechanix will do so by the next business day. Heatmap and BPA adoption aggregate data is also retained for five years.
Access by Customer
Customers can view assessment history for each TSF uploaded in the past. The assessment report contains best practice checks mapped to industry security standards, overall security posture, industry benchmarking, and detailed feature adoption views. Customers can generate a BPA report by uploading a TSF to the BPA tool.
More information about the BPA and other assessment tools is available on our Optimizing Prevention webpage.
About This Datasheet
Please note that the information provided with this paper that concerns technical or professional subject matter is for general awareness only, may be subject to change, and does not constitute legal or professional advice, warranty of fitness for a particular purpose, or compliance with applicable laws.
INFORMATION WE COLLECT
When you visit our Sites, for instance to request information, sign up for newsletters, request online product demonstrations, download a whitepaper, register for webcasts or events, register an opportunity, activate an app from our Plotter Mechanix Services Portal, post comments in our LIVE Community, register a product and enroll in customer support, or to propose your products and services as a vendor, we collect and we ask you to provide information about yourself ("Your Information") that may include:
Contact details, including your name, business address, business e-mail address, phone number, the company you work for, your job title or business role, your area of responsibility, your country or region;
User ID and password, if you establish an account with us;
Chat information, you provide when you are interacting online with our sales team, or with our customer service;
Information about your computer or device, including browser type and settings;
Log data, including information such as your computer's IP address, the webpage you were visiting before you came to our Site, pages you visit on our Site, time spent on those pages, information you search for on our Site, access times and dates, and other statistics;
History of interaction with our webpages and LIVE Community and traffic data relating to your Internet connection;
Other information that does not specifically identify you, such as actions taken on our websites.
Providing your data is optional, but it may be necessary for certain services, such as product registration, to access content, such as whitepapers, to activate or access an app or a cloud service, or to qualify your suitability as a vendor. In such cases, if you do not provide your information, we may not be able to provide you with the requested services.
If you visit our Sites to apply for a job at Plotter Mechanix, our Career portal will display the applicable privacy notice.
HOW WE USE YOUR INFORMATION
We use Your Information mainly to interact with you, to provide you with support services, to make it easy to navigate our Sites, to improve our Sites and our products, and to offer you Plotter Mechanix apps and services from the Plotter Mechanix Services Portal, content and services that might interest you.
We use Your Information as follows, where the processing is necessary to establish or administer our agreement with you:
Create a single sign on for access to your Plotter Mechanix Networks online account, our portals, and our online community;
Verify your identity and your entitlement to access the Plotter Mechanix products or services, when you contact us, or when you access our services;
Allow you to register products and or services, that are purchased on behalf of your company;
Allow you to activate, and to access Plotter Mechanix apps on our Plotter Mechanix Services Portal;
Communicate with you regarding product/service support services, and to provide you with critical service updates;
Allow you to register opportunities;
Provide you with technical and customer support, and enable the provisioning of services;
Register you for events;
Determine your qualifications and suitability as a, Client, a Vendor, and make decisions to purchase goods or services from you;
Determine the type of entity that you are connecting to our system from.
We use Your information as follows, where the processing is based on our legitimate business interests to communicate with you, and help us improve users' experience, to help us improve our products and services, to protect our security, and to defend our legal rights:
Subscribe you to newsletters, and manage your subscriptions and preferences;
Call you, or e-mail you with updates and marketing items of interest, as described in this statement;
Evaluate our marketing campaigns and sales opportunities;
Solicit your opinion or feedback;
Research, and implement our product/services improvements, and our product updates;
Evaluate and improve the quality of our products, services and Sites;
Provide you with a customized experience when you visit our Sites;
Determine the effectiveness of our banner ads;
Secure our network systems and applications;
Enforce our legal rights, and to help us comply with legal requirements;
Monitor, administer, and analyze use of the Sites; to help increase our Site's functionality, and its overall user-friendliness.
We may also use Your information where processing is necessary for us to comply with legal obligations, including us responding to legal process, or to respond to proper lawful requests. Lastly, we may use your information with your consent, where such is required by applicable law.
CONTACT US - YOUR RIGHTS
Plotter Mechanix in Glendale, Arizona, U.S.A., is the controller of your Personal Information. All interactions and all transactions with us is governed by and under the applicable provisions of Uniform Commercial Code, UCC, as is adopted for the purposes of governing commercial business transactions between business entities in the State of Arizona. Arizona UCC provisions govern all transactions with us, and is stated as a selected choice of venue in any conflict of laws, if any between different jurisdictions.
If you have questions or concerns about this Privacy Statement or our privacy and security practices you can send an e-mail to email@example.com.
You have the right to request access to Your Information that we have, and to rectify it, to object to data processing, to request the erasure of Your Information, and to withdraw your consent. You can exercise your rights by sending an email to: individualrights@PlotterMechanix.com or filling Individual Rights Form.
You also have the right to lodge a complaint with the competent Data Protection Authority in Arizona.
INFORMATION FROM THIRD PARTIES
Third parties may provide us with information about you, from a variety of online and offline sources. We may combine such information with the information we already have about you, to help us to provide you with a better experience, to help determine your interest in our products, and to help us improve the quality of our offerings to you. For instance, we may use third party web analytics tools, to pool together contact information collected through any of our forms, or email campaign with contact information provided by you via opt-in on other websites form or email – to identify you when you visit our websites.
We may also aggregate Your Information with information collected from other website visitors, to help generate statistics, and to help us analyze and to better understand how visitors use our Sites.
We use Your Information to contact you with Plotter Mechanix Networks' newsletters, marketing, promotional materials, and other information and products that may be of interest to you, including personalized predictive recommendations. This may include using demographic, geographic, firmographic or trend data provided by third parties, where permitted. Contact details, including phone numbers and email addresses, may be used to contact you.
If you do not want us to e-mail you, you can choose not to give your permission on the webpages and/or forms, with which we collect Your Information.
Please note that in some regions this may involve un-checking a box.
At any time, if you no longer wish to receive communications from us, you can unsubscribe by following the unsubscribe instructions provided in the communication, or by updating your e-mail subscriptions at https://www.PlotterMechanix.com/company/subscriptions, or by sending a message to unsubscribe@PlotterMechanix.com.
COOKIES, PIXELS, AND OTHER WEB TECHNOLOGIES
Cookies are small text files that are placed on your computer or device by websites that you visit or HTML-formatted emails you open. You can choose to reject or turn off cookies through your browser settings and you can manage your preferences through our cookie consent manager. You can also manage your cookies to control your information. If you do not accept cookies, however, you may not be able to use all the functionalities of the Sites.
You may opt out of third-party cookies at the following websites:
There are different ways you can prevent tracking of your online activity. One of them is setting a preference in your browser that alerts websites you visit that you do not want them to collect certain information about you. This is referred to as a Do-Not-Track (“DNT”) signal.
Please note that our websites may not recognize or react in response to DNT signals from Web browsers. At present, there is no universally accepted standard for what a company should do when a DNT signal is detected. In the event a final standard is established, we will assess how to appropriately respond to these signals.
For more detailed information about cookies, Do-Not-Track and other tracking technologies, please visit allaboutcookies.org and allaboutdnt.com.
Plotter Mechanix BLOG
If you choose to post comments on the Plotter Mechanix Blog, accessible at https://PlotterMechanix.com/ (the "Blog"), be aware that other users of the blog will see your name, website, and the content of your comments, and may interact with you in response to your comments. Using our Blog may be subject to additional terms.
INFORMATION SHARING AND DISCLOSURE
We do not sell, lease, rent or give away Your Information.
We only share Your Information as described below, with our affiliates, business partners, service providers that process information on our behalf, and law enforcement. If we share Your Information, we require those we share it with to comply with appropriate privacy and confidentiality requirements, and security standards.
Plotter Mechanix is a technology driven company, with affiliates in many regions. To conduct our business, Your Information may be transferred to Plotter Mechanix in the United States, or to subsidiaries of Plotter Mechanix, which may be in Europe, in the Middle East, Africa, Asia Pacific or Japan. Transfers will occur in compliance with applicable requirements. If you are in the European Union, and Your Information is transferred to a country not approved by the EU Commission, as a country providing adequate protection for the rights and freedoms of data subjects, Your Information will be protected using data transfer agreements based on the EU Standard Contractual Clauses, or another approved data transfer mechanism.
We may share Your Information with our business partners and channel partners so that they can provide you with information on our products or services, or follow up on a sales lead. If you do not wish to receive promotional emails from our partners, you can unsubscribe directly in the footer of the partner’s email to you.
Entities processing data on our behalf.
We may employ third party companies and individuals to provide services associated with the Site, to perform Site-related services (e.g., without limitation, maintenance services, database management, web analytics, and improvement of the Site's features), to analyze use of our Site, or to conduct marketing activities on our behalf (e.g., email management firms and internet advertising platforms, etc.), to perform collection services, to deliver requested goods and services to you. We do not allow any Service Providers to share Your Information with any others without our authorization, or to use it for any of their own purposes.
We may also share non-Personal Information (such as aggregated usage data and demographics, referring pages, platform types, click counts, etc.) with third parties, to help us understand usage patterns for our services, etc.
Government and Law Enforcement.
We may only disclose personal information to any law enforcement agency or governmental agency including to meet national security or law enforcement requirements, in response to:
A subpoena, warrant or other process issued by a court of competent jurisdiction;
A legal process having the same consequence as a court-issued request for information, in that by refusing to provide such requested information, we would be in breach of local law, and we, or our officers, directors, executives, contractors or employees would be subject to liability for failing to honor such required legal process; When allowed by the law governing such compelled request, we will promptly notify the affected parties, that we were served with a legal request for information, including their information.
Where such disclosure is necessary for us to enforce our legal rights pursuant to the laws of the jurisdiction from which such information was gathered; or
Where such disclosure is necessary to prevent, or to lessen a serious and imminent threat of bodily harm to the data subject.
Plotter Mechanix may sell, transfer or otherwise share some or all it's assets, through a merger, acquisition, reorganization or sale of its assets, or in the event of bankruptcy. In such events, customer information is usually one of the business assets that is transferred. If we are acquired, a substantial portion of our assets is sold, or experience some other change in control, Your Information may be part of the assets acquired by or transferred to a third party. We will promptly notify you of any such deal, and outline your choices in that event.
The security of Your Information is important to us. We use appropriate technical and organizational security measures to protect Your Information from misuse, unauthorized or unlawful access or disclosure, loss, alteration, damage or destruction.
These measures include:
Physical safeguards, with locked doors and file cabinets, controlled access to our facilities and secure destruction of media containing Your Information.
Technology safeguards, like the use of anti-malware, encryption, monitoring of our systems and data centers, firewalls, encrypted channels, and secure communications software, to safeguard the confidentiality of Your Information.
Organizational safeguards, like training and awareness programs on security and privacy, to make sure employees understand the importance and means by which they must protect personal information. Our organization privacy policies and standards also guide our handling of Your Information.
LINKS TO OTHER SITES
Our Site contains links to other websites owned or operated by other companies. If you choose to visit any linked websites, we encourage you to review their privacy statements carefully, as they may differ from ours. We do not exercise control over third party websites and we are not responsible for their content or privacy practices. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you.
Our websites may also link to co-branded websites that are maintained by Plotter Mechanix and one or more of our business partners. We encourage you to read the privacy statements on any co-branded site to which you link for information on the privacy practices of that site.
Our websites are not directed to children under 13 and we do not knowingly collect personal information from them.
NOTIFICATION OF CHANGES
This privacy statement may be changed or updated from time to time. We will post the date of the changes at the beginning of this statement. Please check this privacy statement from time to time to make sure that you are aware of our current privacy practices.
Be the first to know.
As a member you’ll get exclusive invites to our events, Unit 42 threat alerts and cybersecurity tips delivered to your inbox.