Book ASV Scan

Privacy Policy

1. Introduction

Our customers are our most valuable asset. Your privacy is fundamental to how we operate.

SecusyASV.com (“SecusyASV,” “we,” “us,” or “our”) is committed to respecting and protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at SecusyASV.com and use our Approved Scanning Vendor (ASV) services, including PCI DSS compliance scanning, vulnerability assessments, penetration testing, and all related cybersecurity services (collectively, the “Services”).

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with our practices, please discontinue use of our Services.

 

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you:

  • Register for an account or request a service quote
  • Submit payment information to purchase PCI scanning, penetration testing, or vulnerability assessment services
  • Contact us via forms, email, phone, or live chat
  • Complete surveys, participate in promotions, or respond to communications
  • Provide network or system configuration details required to perform scanning services

This may include your name, company name, job title, email address, phone number, billing address, payment card details (processed securely through PCI-compliant payment processors), and technical infrastructure data needed to perform scans.

2.2 Information Collected Automatically

When you access our website or portal, we automatically collect:

  • IP address and approximate geographic location
  • Browser type and version, device type, and operating system
  • Pages visited, time spent on pages, referring URLs, and clickstream data
  • Log files, error reports, and usage patterns
  • Cookie identifiers and similar tracking technologies (see Section 7)

2.3 Technical and Scanning Data

In providing ASV and cybersecurity services, we may collect and process:

  • Network IP ranges, hostnames, domain names, and system configurations submitted by you for scanning
  • Vulnerability scan results, security assessment reports, and compliance attestation records
  • Penetration testing data and findings specific to your infrastructure
  • PCI DSS compliance status and attestation history

This technical data is processed exclusively to deliver contracted services and is treated as strictly confidential client data.

 

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Provisioning and delivering PCI ASV scanning, vulnerability assessments, and penetration testing services
  • Generating compliance reports, attestations, and remediation guidance
  • Authenticating your identity and managing your account
  • Processing payments and managing billing records

3.2 Communication

  • Responding to your inquiries, support requests, and service questions
  • Sending service notifications, scan completion alerts, and compliance reminders
  • Providing technical updates, security advisories, and regulatory changes relevant to PCI DSS
  • Sending marketing communications where you have opted in (you may opt out at any time)

3.3 Security, Compliance, and Legal

  • Detecting, investigating, and preventing fraud, unauthorized access, and security incidents
  • Complying with applicable laws, regulations, and legal processes
  • Enforcing our Terms of Service and other applicable agreements
  • Protecting the rights, property, and safety of SecusyASV, our clients, and the public

3.4 Service Improvement

  • Analyzing usage patterns to improve website functionality and service quality
  • Conducting internal analytics and research to enhance our cybersecurity offerings
  • Training and quality assurance for our security engineering team


4. How We Share Your Information

SecusyASV does not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

4.1 Service Providers

We engage trusted third-party vendors to assist in operating our platform and delivering services. These include payment processors, cloud infrastructure providers, customer support tools, and analytics providers. All vendors are contractually bound to handle your data in accordance with applicable privacy laws and our security standards.

4.2 PCI SSC and Compliance Bodies

As a PCI Approved Scanning Vendor, we are required to submit scan results and attestation data to the PCI Security Standards Council (PCI SSC) and, where applicable, to acquiring banks, card brands, or payment processors on behalf of our clients. Such submissions are made in accordance with PCI DSS requirements and only to the extent required by your compliance obligations.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, such as a court order, subpoena, or government agency request.

4.4 Business Transfers

In the event of a merger, acquisition, asset sale, or corporate restructuring, your information may be transferred as part of that transaction. We will notify you via prominent notice on our website or by email prior to any such transfer and the change in applicable privacy policies.

4.5 With Your Consent

We may share your information with third parties when you have provided explicit consent for us to do so.

 

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account and billing records are retained for a minimum of seven (7) years to comply with financial and tax obligations
  • PCI scan results and compliance reports are retained for a minimum of three (3) years in accordance with PCI DSS requirements
  • Penetration testing reports and vulnerability assessments are retained for the duration of your service agreement plus three (3) years
  • Website usage data and logs are retained for up to twelve (12) months

Upon expiry of the applicable retention period, we securely delete or anonymize your information.

 

6. Data Security

As a cybersecurity company, we hold ourselves to the highest standards of data protection. We implement industry-leading technical and organizational measures to safeguard your information, including:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of sensitive data at rest using AES-256
  • Role-based access controls (RBAC) and multi-factor authentication (MFA) for internal systems
  • Regular internal and third-party security audits and penetration testing of our own infrastructure
  • Compliance with PCI DSS for all cardholder data environments
  • 24/7 security monitoring via our own Security Operations Center (SOC)
  • Employee security awareness training and background screening

While we employ rigorous security measures, no system can guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable legal requirements.

 

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and gather analytics data. Cookies are small text files placed on your device.

7.1 Types of Cookies We Use

  • Essential Cookies: Required for the website and portal to function properly, including session management and authentication
  • Analytics Cookies: Used to understand how visitors interact with our website (e.g., pages viewed, time on site). We use anonymized data only
  • Preference Cookies: Remember your settings and preferences for future visits
  • Marketing Cookies: Used to deliver relevant service information. These are only deployed where you have consented

7.2 Managing Cookies

You may control and manage cookies through your browser settings. Disabling certain cookies may impact the functionality of our services. You may also opt out of analytics tracking by adjusting your browser preferences or using available opt-out tools.

 

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data, subject to legal and contractual retention obligations
  • Right to Restrict Processing: Request that we limit how we process your data in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data for direct marketing or legitimate interest purposes
  • Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time

To exercise any of these rights, please contact our Data Protection Officer at privacy@secusyasv.com. We will respond within 30 days of receipt. We may need to verify your identity before processing certain requests.

 

9. International Data Transfers

SecusyASV operates globally and may transfer your personal information to countries outside your jurisdiction. Where data is transferred outside the European Economic Area (EEA) or the United Kingdom, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms.

By using our Services, you acknowledge that your information may be processed in countries where data protection laws may differ from those in your home country.

 

10. Children’s Privacy

Our Services are intended solely for business use by adults and organizations. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly. If you believe a minor has provided us with personal data, please contact us immediately.

 

11. Third-Party Links and Integrations

Our website may contain links to third-party websites, partner portals, or integrated services. This Privacy Policy applies only to SecusyASV.com and our Services. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any external sites you visit.

 

12. Regional Privacy Disclosures

12.1 European Economic Area and United Kingdom (GDPR)

For individuals in the EEA or UK, we process personal data on the following legal bases: contract performance, legal obligation, legitimate interests, and explicit consent where required. You have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.

12.2 California Residents (CCPA/CPRA)

California residents have the right to know what personal information we collect, disclose, or sell; the right to delete personal information; the right to opt out of the sale of personal information (we do not sell personal information); and the right to non-discrimination for exercising privacy rights. To submit a request, contact us at privacy@secusyasv.com or call our toll-free number.

 

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable law. When we make material changes, we will:

  • Post the updated policy on this page with a revised “Last Updated” date
  • Provide prominent notice on our website or send an email notification to registered users
  • For significant changes, request renewed consent where legally required

We encourage you to review this Privacy Policy periodically. Continued use of our Services after changes take effect constitutes your acceptance of the updated policy.

 

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact our Data Protection Officer:

SecusyASV.com

Data Protection Officer

Email: privacy@secusyasv.com

Website: https://www.secusyasv.com/privacy-policy

We are committed to resolving any privacy concerns you may have in a timely and transparent manner.