Privacy Policy

Your privacy, personal rights and security of your personal information is of the utmost importance to Goldilock. We strive to secure and protect your personal information using globally acknowledged best practice approaches to policy, process, and procedure across our entire organisation. We comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the local laws applicable in the various countries in which we operate.

This Privacy Policy describes how personal information is collected, used, and shared when natural persons ‘users’ visit or make a purchase from www.goldilock.com (the ‘Site’).

WHO WE ARE

Goldilock is a global cybersecurity company with its headquarters in Cannock, Staffordshire (Goldilock Secure Limited). Goldilock Secure Limited controls the collection and processing of any personal data that you provide to us in relation to this website. Where services are provided to you by other entities within the Goldilock Group, the entity providing the service will be responsible for your personal data. This notice applies to all such entities. You can find details of our local entities here .

PERSONAL INFORMATION WE COLLECT

When visiting the Site, we automatically collect certain information about devices, including, but not limited to;

• IP address
• time zone and location

Additionally, as users browse the Site, we collect information about the individual web pages or products that are viewed, what websites or search terms referred users to the Site, and information about how users interact with the Site. We refer to this automatically-collected information as ‘Device Information.’

We collect Device Information using the following technologies:

• ‘Web beacons,’ ‘tags,’ and ‘pixels’ are electronic files used to record information about how users browse the Site.

Additionally, when Site visitors make a purchase or attempt to make a purchase through the Site, we collect certain information including, but not limited to;

• full name
• billing address
• shipping address
• payment information including credit card
• email address
• phone number.

We refer to this information as ‘Order Information.’

‘Personal Information’ in this Privacy Policy includes both Device Information and Order Information.

If you do not consent to our collection of this information, please do not use the website and/or send us your personal information through our forms.

HOW DO WE USE PERSONAL INFORMATION?

We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing payment information, arranging for shipping, providing invoices and/or order confirmations). Additionally, we use this Order Information to:

• Communicate with users and customers
• Screen our orders for potential risk or fraud; and
• When in line with the preferences shared with us, provide information or advertising relating to our products or services.

We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, IP address), and more generally to improve and optimize our Site (for example, improve performance, navigation analytics).

We share Personal Information with third parties to help us use Personal Information, as described above. For example, we use WooCommerce to power our online store, more about how WooCommerce uses Personal Information here: https://woocommerce.com/gdpr/#.

We also use Google Analytics to help us understand how our customers use the Site, more about how Google uses Personal Information here: https://www.google.com/intl/en/policies/privacy/.

It is also possible to opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

Finally, we may also share Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

If you are a user resident in the European Union, whenever we require your consent for the processing of your personal information, such processing will be justified pursuant to Article 6(1)(a) of the GDPR.

If the processing of your personal data is necessary for the performance of a contract between you and Goldilock Secure Limited or for taking any pre-contractual steps upon your request, such processing will be based on Article 6(1)(b) of the GDPR. If this data is not processed, Goldilock Secure Limited will not be able to execute the contract with you.

Where the processing is necessary for us to comply with a legal obligation, we will process your information on the basis of Article 6(1)(c) of the GDPR, such as when complying with the requirements of the employment law.

And where the processing is necessary for the purposes of Goldilock Secure Limited’s legitimate interests, to, for example, detect fraud, such processing will be made in accordance with Article 6(1)(f) of the GDPR.

DO NOT TRACK

SITE VISITOR RIGHTS

European residents have the right to access personal information we hold, and can ask for personal information be corrected, updated, or deleted. In order to exercise this right, please contact us through the contact information below.

Additionally, for European residents, we note that we are processing personal information in order to fulfil contracts (for example to make an order through the Site), or otherwise to pursue our legitimate business interests listed above.

DISLOSURES

We may disclose information about you to any of our employees, officers, agents, suppliers, collaborators, distribution partners, customers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy.

In addition, we may disclose information about you:

• to the extent that we are required to do so by law;
• in connection with any legal proceedings or prospective legal proceedings;
• in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
• to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling; and
• to other other Goldilock entities for the purpose of our internal business processes (such as administration and billing) or for the purpose of providing our services.

Except as provided in this privacy policy, we will not provide your information to third parties.

INTERNATIONAL DATA TRANSFERS

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy.

If you are resident in the European Economic Area (EEA), information which you provide may be transferred to countries (including Canada and the United States) which do not have data protection laws equivalent to those in force in the EEA.

We may process personal data based on our legitimate interest however we comply with GDPR principles of data minimization and carefully consider the legitimate interest of the data subjects. The legal basis intent for which we collect, process, and retain your personal data throughout the term of your relationship with us as a customer, correlates with the term of providing you our service. We retain the data for a period of providing you with our services and/or until you withdraw your consent to ours processing your data.

Where applicable law requires a data transfer mechanism, we use one or more of the following: EU Standard Contractual Clauses with a data recipient outside the EEA, Switzerland or the UK, and verification that the recipient has implemented Binding Corporate Rules, or other legal methods available to us under applicable law.

For transfers to third countries, we have entered into Standard Contractual Clauses, approved by the European Commission, to ensure an adequate level of protection for the transfer of your personal data to those entities outside the EEA.

We constantly train our associates on data protection related matters and frequently review our policies and systems in place in order to make sure that we process personal data with the highest standards of professional care and legal compliance.

You expressly agree to such transfers of personal information.

SECURITY

We will take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.

We will securely store any personal information you provide on encrypted, password protected servers.

Our systems are constantly monitored and have restricted access granted only to our own employees and consultants. The data stored within our IT systems may be shared with our service providers and partners under Data Control and Processing Agreement(s) that contain(s) Standard Contractual Clauses.

We may need to share some data with our services providers, such as computing providers or financial institutions, and we always do this in line with the laws of a particular jurisdiction, whenever possible based on Data Processing Agreement obliging the processors and/or the controllers to securely store shared data and process it lawfully with the highest standards of professional care and legal compliance.

Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping your password and user details confidential. We will not ask you for your password.

DATA RETENTION

When orders are placed through the Site, we will maintain Order Information for our records in accordance with our Data Retention and Confidential Data Policies, or until asked to delete this information.

MINORS

The Site is not intended for individuals under the age of 16. We do not knowingly collect the personal information of individuals under the age of 16. If any Personal Information is discovered or disclosed relating to any individuals under the age of 16, it is our policy to delete any data relating to that individual.

CHANGES

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. Please visit https://goldilock.com/privacy for the latest version.

EDITING YOUR ACCOUNT

You can edit your Goldilock Secure Limited account, information and preferences at any time. New categories of marketing communications might be added to the preferences page from time to time. You can delete your Goldilock Secure Limited account at any time.

CONTACT US

For more information about our privacy practices or to make a complaint, please contact us by e-mail at privacy@goldilock.com or by mail using the details provided below:

Ascot 5, Centrix House, Keys Park Road, Cannock. WS12 2HA, Uniter Kingdom

In many countries (including US and EEA countries), you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Goldilock Secure Limited processes your personal data.