Who we are
Corvus Forensics LLC (“Corvus”) is a cyber-security company focusing on digital forensics, cyber incident response, malware analysis, and technical consulting services. Our website address is: https://corvusforensics.com.
What does this Privacy Notice do?
This Privacy Notice (“Notice”) explains Corvus’ information processing practices. It applies to any personal information you provide to us and also personal information we collect from other sources. This Notice is a statement of our practices and of your rights regarding your personal information. This is not a contractual document, and it does not create any rights or obligations on either party, beyond those which already exist under data protection laws.
This Notice does not apply to your use of any third party site which may be linked from this website.
Who is responsible for your information?
Throughout this Notice, “Corvus” refers to Corvus Forensics LLC (also referred to as “we”, “us”, or “our”) Corvus is responsible for your personal information (and in some instances the controller for the purposes of data protection laws) that we collect from or about you.
When and how do we collect your information?
We collect personal information in the following ways:
- When we perform services for our clients.
- When you request a service from us.
- When you use any of our websites or data transmission services.
- If you contact us with a complaint or query.
What information do we collect?
Information you provide to us
When you contact us to request information about Corvus or our services, we ask that you provide accurate and necessary information that enables us to respond to your request. Whenever you provide personal information to us, we use it for the purposes for which it was provided to us as stated at the point of collection or as obvious from the context of collection.
When we provide the services described above for our clients, we may collect personal information such as:
- Contact information, such as name, e-mail address, postal address, phone number and mobile number;
- Communication preferences;
- Other relevant information, such as occupation, zip code, location, and the time zone; and
- Any other information which might be material or necessary to accomplish the purpose of the engagement.
More information about the personal information collected for each of our services, together with the purpose and legal basis for collecting the information is provided below.
We do not usually seek to collect sensitive personal information (e.g., data relating to race or ethnic origin, religious beliefs, bio-metric information, physical or mental health or sexual orientation, criminal convictions). Where necessary and a lawful basis exists, we may collect and use such information. If you provide us with sensitive personal information, you understand and give your explicit consent that we may collect, use and disclose this information to appropriate third parties for the purposes described in this Notice. If you provide personal information about other individuals such as employees or dependents, you must obtain their consent prior to your disclosure to us.
Information we collect
For purposes of this Notice, “website” includes our mobile applications and data transmission services.
We may ask you for some or all of the following types of information when you request services, manage accounts, access various content and features or directly visit our websites. This includes, but is not limited to:
- Contact information, such as name, e-mail address, postal address, phone number and mobile number;
- User name, password, password reminder questions and password answers;
- Communication preferences;
- Search queries;
- Which pages on the Corvus website you’ve visited, and
- Information posted in webinar discussions and other interactive online features.
In some instances, we automatically collect certain types of information when you visit our websites and through e-mails that we may exchange. Automated technologies may include the use of web server logs to collect IP addresses, “cookies” and web beacons. Further information about our use of cookies can be found in our Cookie Notice below.
Social Media
You can engage with us through social media websites or through features such as plug-ins or applications on our websites that integrate with social media sites. When you engage with us on or through third party social media sites, plug-ins, or applications, you may allow us to have ongoing access to certain information from your social media account (e.g., name, e-mail address, photo, gender, birthday, posts you make).
If you post information when you interact with our websites through social media sites, plug-ins or other applications, depending on your privacy settings, this information may become public on the Internet. You can control what information you share through privacy settings available on some social media sites. For more information about how you can customize your privacy settings and how third party social media sites handle your personal information, please refer to their privacy help guides, privacy notices and terms of use.
Mobile Devices
If you access our websites or applications from your mobile device, we may also collect your unique device identifier and mobile device IP address, as well as information about your device’s operating system, mobile carrier and your location information.
How do we use your personal information?
The following is a summary of the purposes for which we use personal information. More information about the personal information collected for each of our services, together with the purpose and legal basis for collecting the information will be provided to you below.
Performing services for our clients
We process personal information which may be contained in data sets that our clients provide to us in order to perform our consultancy services. This may impact you, for example, where you are the employee of our client, or a legal representative of our client. The precise purposes for which your personal information is processed will be determined by the scope and specification of our client engagement, and by applicable laws, regulatory guidance and professional standards. It is the obligation of our client to ensure that you understand that your personal information will be disclosed to Corvus Forensics.
Administering client engagements
We process personal information about our clients and the individual representatives of our clients in order to:
- carry out “Know Your Client” checks and screening prior to starting a new engagement.
- carry out client communication, service, billing and administration.
- deal with client or data subject complaints or queries.
- manage workflow internally.
Contacting and marketing to our clients and prospective clients
We process personal information about our clients and the individual representatives of our corporate clients in order to:
- contact our clients in relation to current, future and proposed engagements;
- send our clients promotional material and other marketing communications;
- improve the content of our website to ensure it is suitable to your needs, and
- measure the effectiveness of our marketing activities.
Conducting data analytics
We are not generally concerned with an analysis of identifiable individuals, and we take steps to ensure that your rights, our confidentiality obligations and the legitimacy of our activities are ensured.
If we wish to use your personal information for a purpose which is not compatible with the purpose for which it was collected, we will request your consent. In all cases, we balance our legal use of your personal information with your interests, rights, and freedoms in accordance with applicable laws and regulations to make sure that your personal information is not subject to unnecessary risk.
Legal basis
All processing (i.e. use) of your personal information is justified by a “lawful basis” for processing. In the majority of cases, processing will be justified on the basis that:
- the processing is necessary for the performance of a contract to which you are a party, or to take steps (at your request) to enter into a contract (e.g. where we use personal information to generate user credentials for you or your legal representative to access and review your data;
- the processing is necessary for us to comply with a relevant legal obligation (e.g. where we are required to collect certain information about our clients for tax or accounting purposes, or where we are required to make disclosures to courts or regulators); or
- the processing is in our legitimate commercial interests, subject to your interests and fundamental rights (e.g. where we use personal information provided to us by our clients to deliver our services, and that processing is not necessary in relation to a contract to which you are a party).
In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required to obtain your prior consent in order to send you marketing communications.
Before collecting and/or using any sensitive personal information, or criminal record data, we will establish a lawful basis which will allow us to use that information. This basis will typically be:
- explicit consent;
- the establishment, exercise or defense by us or third parties of legal claims; or
- a context specific exemption provided for under local laws of EU Member States and other countries implementing the GDPR, such as in relation to the processing of personal data for insurance purposes, or for determining benefits under an occupational pension scheme.
Do we collect information from children?
We do not directly provide services to children, and we do not knowingly collect personal information from children.
How long do we retain your personal information?
How long we retain your personal information depends on the purpose for which it was obtained and its nature. We will keep your personal information for no more than the time required to fulfil the purposes described in this privacy notice unless a longer retention period is permitted by law. We have implemented appropriate measures to ensure your personal information is securely destroyed in a timely and consistent manner when no longer required.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
Do we disclose your personal information?
Within Corvus Forensics
We may share your personal information with Corvus Forensics in order to serve you, including for the activities listed above.
We do not rent, sell or otherwise disclose personal information with unaffiliated third parties for their own marketing use. We do not share your personal information with third parties except in the circumstances discussed below.
Business Partners
For certain service offerings, we may disclose personal information to business partners who partner with us to offer those services. These business partners operate as separate controllers, and are responsible for their own compliance with data protection laws. You should refer to their privacy notices for more information about their practices.
Authorized Service Providers
We may disclose your information to service providers we have retained (as processors) to perform services on our behalf (either in relation to services performed for our clients, or information which we use for its own purposes, such as marketing). These service providers are contractually restricted from using or disclosing the information except as necessary to perform services on our behalf or to comply with legal requirements. These activities could include any of the processing activities that we carry out as described in the above section, ‘How we use your personal information.’
Examples include:
- service providers who manage our IT and back office systems and telecommunications networks;
- analytics and search engine providers who assist us in the improvement and optimization of our websites;
- subject matter experts retained to support a client engagement.
These third parties are contractually obligated to appropriately safeguard your data, and their activities are limited to the purposes for which your data was provided.
Legal Requirements and Business Transfers
We may disclose personal information (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request. (ii) in response to law enforcement authority or other government official requests, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (iv) in connection with an investigation of suspected or actual illegal activity or (v) in the event that we are subject to a merger or acquisition to the new owner of the business. Disclosure may also be required for company audits or to investigate a complaint or security threat.
Do we transfer your personal information across geographies?
We provide our services globally and may transfer certain personal information across geographical borders either internally or to our authorized service providers or business partners in other countries working on our behalf in accordance with applicable law. Our affiliates and third parties may be based locally or they may be overseas countries, some of which have not been determined by the European Commission to have an adequate level of data protection.
Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.
Do we have security measures in place to protect your information?
The security of your personal information is important to us and we have implemented reasonable physical, technical and administrative security standards to protect personal information from loss, misuse, alteration or destruction. We protect your personal information against unauthorized access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your personal information.
Our service providers and agents are contractually bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purpose.
What choices do you have about your personal information?
We offer certain choices about how we communicate with our customers and what personal information we obtain about them and share with others. When you provide us with personal details, if we intend to use those details for marketing purposes, we will provide you with the option of whether you wish to receive promotional communications from us. At any time, you may opt out from receiving marketing communications from us by clicking on the “unsubscribe” link, following other instructions in our marketing emails or contacting us as noted below.
Other rights regarding your data
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information.
You can exercise your rights by contacting us at privacy@corvusforensics.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request and will promptly or inform you if we require further information in order to fulfill your request.
We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to Access
You have right to access personal information which we hold about you. If you have created a profile, you can access that information by visiting your account.
Right to Rectification
You have a right to request that we correct your personal information where it is inaccurate or out of date.
Right to be Forgotten (Right to Erasure)
You have the right under certain circumstances to have your personal information erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data.
Right to Restrict Processing
You have the right to restrict the processing of your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
Right to Data Portability
You have the right to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party.
Right to Object to Processing
You have the right to object the processing of your personal information at any time, but only where that processing is has our legitimate interests as its legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Automated Decision Making
You have the right to not be subject to decisions based solely on automated decision making, which produce legal or significant effects for you, except where these are (i) necessary for a contract to which you are a party; (ii) authorized by law; (iii) based on your explicit consent.
Even where such decisions are permitted, you can contest the decision and require us to exercise human intervention.
Contact Us
If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs or withdrawing consent, or would like to make a complaint about a breach of the law or this Privacy Notice, please contact us at privacy@corvusforensics.com. Alternatively, you have the right to contact your local Data Protection Authority.
If you have any questions relating to this Notice, and you may write to us at:
Corvus Forensics LLC
919 North Market Street, Suite 950
Wilmington, DE 19801
Changes to this Notice
We may update this Notice from time to time. When we do, we will post the current version on this site, and we will revise the version date located at the bottom of this page.
We encourage you to periodically review this Notice so that you will be aware of our privacy practices.
This Notice was last updated on October 1, 2018.
Cookie Policy
To ensure that our Website is well managed and to facilitate improved navigation, Corvus Forensics uses “cookies,” which are small text files stored in a user’s browser to keep records of the site visits. Cookies are widely used in order to make websites work, or work more efficiently to improve the user experience. By using the Corvus Website, you consent to the collection and use of your information by Corvus as set out in this Cookie Policy.
This Website uses cookies to record session information, and uses aggregate cookie information to analyze Website performance and provide insights into how we can improve our visitors’ experience. A cookie cannot read data off of your hard drive or read cookie files created by other sites.
Disabling Cookies
Web browsers allow you to exercise some control over cookies through the browser settings. Most browsers enable you to block cookies entirely or to block cookies from particular sites. Browsers can also be set to delete cookies when you close your browser. You should note however, that this may mean that any preferences you set on the Website, including opt-opt preferences, will be lost.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org which includes information on how to manage your settings for the major browser providers.
Use of Cookies
Cookies on the Corvus Website are used in a number of ways. To the extent any personal information is collected through cookies, the Privacy Policy above applies and complements this Cookie Policy.
The main reasons we have cookies on the Corvus Website are to:
- Remember your choices and preferences.
- Remember you: recalling that you have visited the site before and implementing your chosen settings.