Organization Information:

IOActive
701 5th Avenue, Suite 6850
Seattle, Washington 98065
Phone: 206-784-4313
Fax: 206-462-4877
www.ioactive.com

Contact Information:

Contact Office: IOActive
Contact Name: Jennifer Steffens, General Manager
Phone: 206-784-4313 Fax: 206-462-4877 Email: david.baker@ioactive.com

Corporate Officer Information:

Corporate Officer: Joshua Pennell, Chief Executive Officer
Phone: 206-784-4313 Fax: 206-462-4877 Email: jpennell@ioactive.com

Safe Harbor Information:

Signed up to safe harbor 05/18/2009 08:57:31 AM
Next certification 05/18/2010
EU/EEA Countries From Which Personal Information Is Received: Czech Republic, France, Netherlands, Spain, Belgium, Germany, Poland, United Kingdom
Industry Sector: Information Services - (INF) Computer Services - (CSV)
Personal Information Received From the EU: IOActive, Inc. respects individual privacy and values the confidence of its customers, their stakeholders, employees, business partners and others who may use our services. In accordance with the service we provide, we strive to collect, use and disclose personal information in a manner consistent with our service offerings and the laws of the countries in which we do business. IOActive strives to uphold the highest ethical standards in our business practices. This Safe Harbor Privacy Policy (the “Policy”) sets forth the privacy principles that IOActive follows with respect to transfers of personal information between the United States and member states of the European Union.
IOActive is an independent information security consulting services provider contracted by its customers to assess the information security of products, technology environments (including networks, computers, and software), and the effectiveness security practices. During the process of performing security assessments, information collected may include personal information about an individual. This information is collected to facilitate assessment by verifying the exploitability of potential security vulnerabilities. IOActive does not retain personally identifying information obtained during its testing work, and disposes of or returns such information to IOActive’s customer when testing and assessment work is complete. Where IOActive collects personal information directly from individuals in the EEA, it will inform them about the purposes for which it collects and uses personal information about them, the types of third parties to which IOActive discloses that information, and the choices and means, if any, IOActive offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to IOActive, or as soon as practicable thereafter, and in any event before IOActive uses the information for a purpose other than that for which it was originally collected.
Privacy Policy Effective: May 1, 2009
Location: www.ioactive.com/privacy.php
Regulated by: Federal Trade Commission
Privacy Programs:
Verification: In-House
Dispute Resolution: Any questions or concerns regarding the use or disclosure of personal information should be directed to the IOActive compliance at the address given below. IOActive will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between IOActive and the complainant, IOActive has agreed to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles.
IOActive is an independent information security consulting services provider contracted by its customers to assess the information security of products, technology environments (including networks, computers, and software), and the effectiveness security practices. During the process of performing security assessments, information collected may include personal information about an individual. This information is collected to facilitate assessment by verifying the exploitability of potential security vulnerabilities. IOActive does not retain personally identifying information obtained during its testing work, and disposes of or returns such information to IOActive’s customer when testing and assessment work is complete. Where IOActive collects personal information directly from individuals in the EEA, it will inform them about the purposes for which it collects and uses personal information about them, the types of third parties to which IOActive discloses that information, and the choices and means, if any, IOActive offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to IOActive, or as soon as practicable thereafter, and in any event before IOActive uses the information for a purpose other than that for which it was originally collected.
Where IOActive collects personal information directly from individuals in the EEA, IOActive will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, IOActive will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. IOActive will provide individuals with reasonable mechanisms to exercise their choices.
IOActive will obtain assurances from its business partners, vendors, agents, and other third-parties that they will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by third-parties include: a contract obligating the third-party to provide at least the same level of protection as is required by the relevant Safe Harbor Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), Safe Harbor certification by the third-party, or being subject to another European Commission adequacy finding. Where IOActive has knowledge that a third-party is using or disclosing personal information in a manner contrary to this Policy, IOActive will take reasonable steps to prevent or stop the use or disclosure.
IOActive uses the appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect. We take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
IOActive will use personal information only in ways that are compatible with the purposes for which it has been collected or subsequently authorized by our customers. IOActive will take reasonable steps to ensure that personal information is relevant to its intended use, accurate and complete.
Upon request, IOActive will grant individuals reasonable access to personal information that it holds about them. In addition, IOActive will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. 
IOActive will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. IOActive´s privacy practices are self-certified as defined in the U.S. Department of Commerce Safe Harbor Program. For more information about the Safe Harbor Program, please go to http://www.export.gov/safeharbor.
Personal Data Covered: off-line
Human Resource Data Covered: No

Do you agree to cooperate and comply with the European Data Protection Authorities? Select Appropriate Response

Certification Status: Current
Compliance Status:

Safe Harbor Overview | Safe Harbor Documents | Workbook | Safe Harbor List
Information Required for Certification | Certification Form