Last Updated: May 24, 2018

The Anti-Malware Testing Standards Organization, Inc. (AMTSO) respects your right to privacy. We have written this Privacy Policy to inform you about our treatment of your personal information, including how we collect, manage, and safeguard your data, and under what circumstances and to whom your data can be disclosed. We also explain how you can control our use of your personal information.

In this Policy, when we refer to your “personal information,” we mean any personally identifiable information that can identify a natural person, such as a person’s name, address, email address, or phone number. Although this Policy informs you of our broadest potential use of your personal information, we may make far less use of such information.

By using our websites or services, or providing us with any personal information, you are agreeing to the collection and use of information in the manner described in this Policy. If you do not consent to this Policy, do not use our websites or download any materials from us. If required by applicable law, we will seek your explicit consent to collect or process any personal information collected on our websites or volunteered by you. Please note that any such consent will be entirely voluntary. This Privacy Policy takes precedence over and supersedes any other policy concerning the treatment of your personal information.

We are the data controller with respect to the information we collect, as described in this Policy. We do not rent or sell this data to any other companies for marketing purposes. You can contact us with any questions about this Policy by sending an email to privacy@amtso.org, or writing to us by post at the following address:

Anti-Malware Testing Standards Organization, Inc.
Attention: Privacy Officer
325 Sharon Park Drive, #450
Menlo Park, California 94025
U.S.A.

Information We Collect and How We Use It

In general, you can visit our websites without telling us who you are or revealing any personal information about yourself. However, if you choose to register as a subscriber, submit a membership application, or engage in other communication, some personal information will be required. We collect and use information from you in the following ways:

  • If You Join AMTSO. If you sign up to become an AMTSO member, you will be asked to provide us with your e-mail address, your first and last name, your company affiliation, your title, information about your business and commitment to our mission, and a financial contact at your company to facilitate payment of our membership fee. We will use this information to communicate with you about your membership or other information related to our services. In addition, we may provide this information to other AMTSO members in our secured online directory, to allow members to connect with each other. This directory is exclusively available to our members, and each member has control over the profile information that is displayed regarding their membership. If you choose not to provide us with your personal information in connection with your membership at AMTSO, we may be unable to provide membership or our services to you. Our use of your personal information in connection with your membership in AMTSO is based on your consent, and our current or potential legal agreement with you regarding the terms of membership. You can opt to not include your information in our membership directory, or terminate your membership pursuant to the terms of our Membership Agreement, and we will delete your personal information under the terms of this Policy. See the Section entitled “Your Rights Regarding Your Data,” below.
  • If You Use Our Member Services. If you use our member services, including the Real Time Threat List (RTTL), the AMTSO newsletter or similar communication, or participate any AMTSO member survey, we may use information associated with your membership, described above, or you may be asked to provide certain additional information regarding such services. We will use this information to communicate with you about these services or provide these services to you. If you choose not to provide us with this information, we may be unable to provide these member services to you, and you may be unable to access RTTL, our newsletter, or participate in any AMTSO member survey. Your use of these services is governed by the operative agreements for each service, such as the RTTL Agreement or our Terms of Use, and may also be governed by the AMTSO Membership Agreement. However, the collection and use of your data is governed by this Privacy Policy. Our use of your personal information in connection with your use of such services is based on your consent, and our current or potential legal agreement with you regarding the terms of these services, and is also based on our legitimate interests to provide you with information, support or other services that you have requested, and to better support our membership. You can terminate your use of our services pursuant to the terms of the operative agreement for each such service, and we will delete your personal information under the terms of this Policy.
  • If You Join the AMTSO Contact List. We offer anti-malware testing standards that require communications between testers and vendors. To help facilitate this communication, we offer the AMTSO Contact List, in which any interested party, regardless of whether they are an AMTSO member, can include their contact information for use in connection with the AMTSO Standards Program. The information we request for participation in the Contact List includes the business name, a contact name and email address, and your preferences with regard to participation on the Contact List. We provide access to the AMTSO Contact List to third party vendors and testers that have registered with us, and these parties may use this information to contact you and solicit participation in an anti-malware test, or otherwise communicate with you regarding such test; however, they may not use the contact information for general solicitation purposes, and are generally prohibited from sharing such information with any third party. Our use of your personal information in connection with your participation in the AMTSO Contact List is based on your consent, which you can withdraw at any time, and our Terms of Use.
    • We encourage, but do not require, you to create anonymized contact information when providing information on the AMTSO Contact List. For example, rather than providing an email address for john@amtso.org, you would provide amtsocontact@amtso.org. This can help protect your private information, and personnel changes in your organization will not impact our ability to communicate with you.
  • If You Register for a Conference. From time to time, we may provide an opportunity for you to register on our website for a conference or event that may be relevant to your business. If you choose to register for any such conference or event, you will be asked to provide personal information, which may include your name, email address, company name, street address, phone number, and, as relevant, your dietary restrictions (for meals at the conference) or clothing size (for conference-branded clothing). This information may be shared with other parties working with us, and therefore may be transferred and stored outside of the United States (for example, if you register for a conference that will be held outside of the United States), and treatment of that information is further subject to the privacy policies of those parties. Our use of your personal information in connection with conference registration is based on your consent, which you can withdraw at any time.
  • If You Submit a Change Request or Contact Us. We offer an opportunity to submit comments about the AMTSO Standards (a “change request”), or a specific anti-malware test under the AMTSO Standards, and we ask that you provide your name, email address, and information related to such comments. You may also contact us by phone, email, or otherwise with any general questions or comments. If you contact us, we will have access to the information you provide in your correspondence, which will generally include your email address, name, phone number, and any other information included in the signature block to your email or letter. If you use our online contact form, we will have access to any information you include with your message, such as your name, email address, and any information you include in the comment box. We may use the contact information you provide to respond to your questions or comments, and to maintain records of our correspondence. If you contact us through our online portal and do not provide information on how to reply, you may not be able to submit the online contact form, and we will not receive your comments. We process this information based on our legitimate interests in executing on, and improving, our Standards and other documentation, and in being responsive and providing information to our members, and potential members. We also process this information based on your consent, which you can withdraw at any time.
  • If You Post a Comment on Our Website. We may provide you with an opportunity to participate in interactive discussions, post comments or other content, including comments in connection with the Standards or other Services, or otherwise engage in networking activities. You should carefully consider whether you want to submit personal information to our open forum or elsewhere, and tailor any content appropriately. If you choose to participate in an open forum and share personal information on such forum, this information will be viewable by all users of that forum, and potentially others. Although use of the forum is controlled by this Policy and the forum’s terms and conditions, we cannot control the behavior of others with personal information you voluntarily post. This means that other users could copy or misuse information you provide without your consent. We may also provide a method to share a private message with other members or persons using the open forum. If you choose to share information in a private message, it is generally viewable only to those selected to receive it; however, we cannot control what the person receiving your message will do with that data. In short, if you are trying to protect your information, do not post personally identifiable or confidential information on an open forum or share it with someone you do not know, and if you do share such data, you specifically provide your consent for that data to be accessed and used by others. Our use of your personal information in connection with your posting of information on our websites is based on your consent, and our legal agreement with you regarding the terms of the forum. If you would like us to remove any information you have posted on our websites, please send an email to privacy@amtso.org. Once we have verified that the request came from you, we will take the information down, or delete it. However, please note that any open forum or other posts you have made will remain viewable, at our discretion, under the tag of “guest comment.”
  • When Visit Our Website. When visit our website or use our services, such as the Security Features Check (SFC) or our Guidelines or Documents, we may collect information about your visit, usage of our services, and your web browsing. This may include information that identifies your IP address, operating system, browser, browsing activity, geographical indicators, referral source, length of visit on our website, and pages viewed. We refer to this information collectively in this Policy as “navigational information.” We may collect navigational information as part of log files, or through the use of cookies and other tracking technologies, and through Google Analytics. We have integrated the component of Google Analytics on our website through use of a cookie (described in more detail under “Navigational Information,” below), that can be placed on the information technology system of our website users. Google Analytics collects, gathers, and analyzes data about the behavior of visitors to our website by collecting data about the website a person came from, which subpages were visited, or how often or for what duration a subpage was viewed. Google Analytics uses the collected information, among other reasons, to evaluate the use of our website and provide online reports to us, which show the activities on our website and to provide other services concerning the use of our website for others. We use this information to better understand our website usage, and to help us optimize our website. Google’s services are provided through its Terms of Service with us, and are subject to Google’s Privacy Policy. The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States. You may prevent your data from being collected and used by Google Analytics by opting out through the use of the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout/. We store data that we collect on our website on Amazon Web Services servers in the United States. Please see Amazon’s Privacy Policy for more information.

We collect navigational information in a way that does not identify you and we will not associate this data with any personal information from any source with the limited exception if we, or our third-party server, finds potentially suspicious or criminal activity associated with your usage. We process navigational information in this way to fulfill our legal obligations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of our information processing, and for the legitimate interests of using this information to ensure the security of our network and information. In addition, we may process navigational information based on our legitimate interests of improving the quality of our website and services, or because we have received consent from you for a specific processing purpose. If the processing of personal information is necessary for performance of a contract to which you are (or may be) a party, for example, if you are a member or use a registered service, the processing is based on our current or potential contractual relationship and based on our legitimate interests to provide you with information, support or other services that you have requested.

A General Statement About the Legal Basis for Processing. With regard to each item above, we have summarized the legal basis we anticipate having for processing any of your personal information. However, we reserve the right to process your personal information based on any other legal right we have under applicable law. Thus, for example, we may process and disclose your personal information to comply with laws, court orders, litigation, or other legal processes, and/or in response to requests from governmental authorities within or outside of your country of residence. We may also disclose your personal information if we determine that disclosure is reasonably necessary to enforce our rights or protect our operations or users. Additionally, we may disclose your personal information to an affiliate, or a successor or acquiring entity as part of a merger, acquisition, reorganization, bankruptcy, or other transaction. In such event, you will be notified via email or a notice on our website, and this notification will include any change in usage of your personal information. We may also share your personal information with our agents, contractors, and employees to perform any of the functions listed above, or as part of our general business operations; though in all such cases, we require the agent, contractor, or employee to acknowledge and adhere to this Privacy Policy regarding the use of your personal information.

We do not use your personal information in connection with any automatic decision-making or profiling.

Navigational Information

We collect navigational information through our website to help improve your experience, and to better understand our users, as described above. We collect and analyze the following navigational information:

Cookies

Our websites use cookies generated by a third-party application, or its plug-ins or widgets. A cookie is a small piece of information that a website asks a browser to store on a computer or mobile device. AMTSO uses cookies to enhance your usage of our websites by “remembering” your actions or preferences. The cookies we generally use include a unique identifier, user preferences, and profile and member information. We may also use cookies to collect general usage and volume statistical information that does not include any personally identifiable information. Some cookies may remain on your computer after you leave our websites.

While we do not offer an opt-out for cookies, your browsers may give you control over cookies used on your computer or mobile device. You can generally set your browser to alert you when a cookie is being used, which will give you a chance to accept or reject the cookie. You may also be able to set your browser to refuse all cookies, or accept only cookies delivered by the specific domain you are visiting. You can generally disable the cookie feature in your browser without affecting your ability to access our websites, except in some cases where cookies are used as an essential security feature necessary for completing transactions.

Links to websites outside of ours may lead to the delivery of cookies that we do not control. In addition, we may use third-party vendors to provide or track connections to our websites. It is possible that such vendors may use cookies, over which we also have no control. Such cookies (if used) would be downloaded once you click on any third-party links on our websites. The information collected through these functions is subject to the privacy policies of those third-parties.

Embedded URLs and Pixel Technologies

In some cases, we may use a tracking technique that employs embedded URLs to allow use of our websites without cookies. Embedded URLs allow limited information to follow users as they navigate the site, but is not associated with personal information and is not used beyond the session. We may also use embedded pixel technologies on selected pages for the purposes of identifying unique user visits to our websites, as opposed to aggregate hits, and to identify the pages viewed. Or, we may also use embedded pixel technologies to determine whether the recipient of an e-mail has opened a particular message. Although this information will not generally include personal information, we may re-associate the information with personally identifiable information.

Log Files

Like most standard websites, we use log files. This information includes electronic communication protocols, web addresses, browser type, internet service provider, platform type, and other network routing information (referrals), equipment information (browser type) and date and time. This information helps us use and administer our websites, track our users’ movements in the aggregate, and gather broad demographic information for aggregate use. We do not link this information to any personal information. We use a tracking utility that uses log files to analyze user movement.

We do not currently respond to “do not track” signals from web browsers but will reevaluate this policy if a “do not track” standard becomes finalized in an applicable jurisdiction.

Data Storage, Protection & Retention

We take security measures we believe are reasonable to protect your personal information both online and offline from loss, misuse, unauthorized access or disclosure. However, we cannot guarantee the security of information on or transmitted through the Internet. We also take reasonable steps in partnership with our hosting providers to ensure the security of your data. We utilize a Secured Server Certificate from Godaddy.com, Inc., to identify your secured connection to our website. Personal information (as described in this Privacy Policy) collected through our website is entered and transmitted over Secure Socket Layer (SSL), which creates an encrypted session that is used to identify your secured connection to our website. Please see Go Daddy’s Privacy Policy for more information. We take no responsibility for any data loss that may occur through our hosting providers, including through malware and hacker attacks. In the event of a security breach that we are aware has exposed your personal information to loss, misuse, unauthorized access, or disclosure, we will notify you of the breach and provide a description of what happened in compliance with applicable law.

In general, we do not set specific timeframes for deletion of data but will retain personal information only for as long as necessary to achieve the purpose of storage. Thus, we will retain such data as long as your account is active, as long as needed to provide you with our services, and as long as necessary to comply with our legal obligations, resolve disputes, prevent abuse, or enforce our legal agreements. We conduct an annual review of the personal information we are holding and determine whether to retain that information based on the foregoing, and further considering: the current and potential future value of the information; the costs, risks, and liability associated with retaining the information; our ability to ensure the information is accurate and up to date; and the interests of the data holder in having the information deleted. After we no longer need personal information, we will delete it. We will also delete such Information at an earlier date if the data holder requests it, as described under “Your Rights Regarding Your Information” below, unless there is a reasonable basis for retaining such information as described in this Section.

Third-Party Sites

This Privacy Policy discloses the privacy practices for our websites; however, we may provide links to other websites. If you leave our websites, you will be going to sites that are beyond our control. These other sites may send their own cookies to your computer, collect data or solicit personal information. The privacy policies and procedures described here for AMTSO do not apply to any external links. You are encouraged to read the privacy policies of any site linked through our websites, especially if you share any personal information.

Transfer of Information to Other Countries

The offices and servers we use are located in the United States, so if you are visiting our website or using our services from a different country, please be aware that you are sending information (which may include personal information) to the United States. That information may then be transferred within the United States or back out of the United States to other countries outside of your country of residence, depending on the type of information and how it is stored by us. These countries (including the United States) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence; however, our collection, storage, and use of your personal information will at all

Information About Children

Our website and programs are not intended for or targeted at children under 16, and we do not knowingly collect or use personal information from children younger than 16. If we discover that a child under 16 has submitted personal information to us, we will attempt to delete the information as soon as possible. If you believe that we might have personal information from a child under 16, please contact us at privacy@amtso.org so we may delete the information.

Your Rights Regarding Your Personal information

You have several choices regarding your personal information, including the rights to:

  • Review the personal information you have provided us. You have the right to request access to the personal information we have on you. You can do this by contacting us at privacy@amtso.org. We will make sure to provide you with a copy of the personal information we process about you in a structured, commonly used, and machine-readable way. To comply with your request, we may ask you to verify your identity. We will fulfill your request by sending your copy electronically, unless the request expressly specifies a different method.
  • Request that we correct any errors, outdated information, or omissions in your personal information that you have provided us. If you believe that any of the Information we have about you is incorrect, you are welcome to contact us so we can update it and keep your personal information accurate. Any personal information that is no longer needed for the purposes specified in “How We Use Your Information,” above, will be deleted. If at any point you wish for us to delete information about you, you can simply contact us at privacy@amtso.org.
  • Request that we use your personal information differently that we are currently using it. For example, you can request that your information not be used to contact you, or that it be removed from any marketing list that we use.
  • Right to opt-out of being solicited by us, including through email communications. When you receive communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive, by unsubscribing on our website, or by contacting us directly.
  • Right to request that all of your personal information be deleted from our records. This right is often referred to as the “right to be forgotten,” in that you may request that we delete all personal information from our records, which we will do without undue delay, subject to this Privacy Policy and applicable law and contract.
  • Right to object. You have the right to object to how we process your information, and we ask that you contact us directly if you have any concerns or questions about our control or processing to help ensure you are comfortable with, and consent to, all of the ways we may use your personal information – as set forth in this Privacy Policy.

To request any of the foregoing actions, or to request that we remove any personal information that you have posted on our websites, please send an email to privacy@amtso.org. Once we have verified that the request came from you, we will take the information down. However, please note that any open forum or other posts you have made will remain viewable, at our discretion, under the tag of “guest comment.”

Contact Information

If you have any questions about our collection and use of your personal information, or to request that we take one of the actions listed above under “Your Rights Regarding Your Information,” please contact us by email at privacy@amtso.org or write us at the following address:

Anti-Malware Testing Standards Organization, Inc.
Attention: Privacy Officer
325 Sharon Park Drive, #450
Menlo Park, California 94025
U.S.A.

We will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of personal information.

Policy Updates

We constantly update the features of our website and services to better serve our customers and consumers. Accordingly, this Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by updating the policy online and changing the “Last Updated” date above. You should consult this Privacy Policy regularly for any changes. Your continued use of our website, and any apps or services, or continued provision of personal information to us, will be subject to the terms of the then-current Privacy Policy.