Effective on: 2020-09-02

Introduction and Scope
Hoplite Technology Limited. ("Hoplite," "we," "us," "our") takes the protection of personal data very seriously. This Privacy Notice (the "Notice") addresses data subjects whose personal data we may receive in our Anti-Phishing Bot, AP Lens Virtual Browser and Anti-Hack (AHO) Operation Cybersecurity Training software application (the "Services"). This Notice does not apply to personal data we collect by other means, such as personal data that we receive directly through Hoplite's own publicly accessible website.

What Information does Hoplite Collect?

We receive and store any information you knowingly provide to us. When you create a new Hoplite or Anti-Phishing Bot , AP Lens or AHO account we will solicit your consent to connect your Microsoft 365 or Outlook account to your Hoplite APIs, thereby providing us with access to your email headers and meta data. We access and store a subset of data from your O365 or Outlook account to provide you with our Services.

Additional Limits on Use of Your Microsoft 365 or Outlook User Data: Not withstanding anything else in this Privacy Policy, if you provide the add-ins access to the following types of your Microsoft 365 data, the add-in's use of that data will be subject to these additional restrictions:

The App will only use access to read, write, modify, or control Microsoft 365 or Outlook message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Microsoft 365 or Outlook data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.

Hoplite acts as an agent, also known as a data processor, for the PII we process for our customers through the Services. This means that Hoplite’s customers determine the type of PII they provide to the Services for Hoplite to process on their behalf. Hoplite generally has no direct relationship with the individuals whose PII it receives from its customers and Hoplite’s customers are responsible for providing notice to the individuals whose PII will be collected and provided to Hoplite.

Purpose of Processing PII
We process PII submitted by our customers for the purposes of providing the Services to our customers, which typically involves our anti-phishing program.

Basis of Processing
Within the scope of this Notice, we process PII based on the documented instructions of our customers.

Data Retention
We delete the PII submitted to us by customers and business partners within 90 days of receiving a request to delete from our customers or the data subject unless applicable law requires a different retention period.

Sharing PII with Third Parties
We share PII with our corporate affiliates and our service providers, who process PII on behalf of Hoplite, and who agree to use the PII only to perform the Services for us or as required by law. Our service providers include businesses that provide:

internet hosting and infrastructure services;
office management services; cloud storage services; and customer service software.

Our service providers may be located within or outside of the United States; however, we will require that those third parties maintain at least the same level of confidentiality that we maintain for such PII.

Other Disclosure of PII
We may also disclose PII: to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, provided that in such instances we may not be able to ensure that such recipients of your PII will maintain the privacy or security of your PII;
if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or to our subsidiaries or affiliates only if necessary for business and operational purposes.

We use and may transfer, sell, and share aggregated, anonymous data, which does not include any PII, about our Service for any legal business purpose, such as analyzing usage trends and seeking compatible business opportunities.

Cookies
A “cookie” is a small file stored on your device that contains information about your device. We may use cookies to provide Service functionality, authentication (session management), usage analytics (web analytics), and generally improve our websites and Services.

We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our Services are first-party cookies, since they are placed directly by us. Other parties, such as Microsoft, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.

Data Integrity & Security
Hoplite has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect PII from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.

Access, Review & Deletion
If we store PII about you, you may have a right to request access to, and the opportunity to update, correct, or delete, such PII. You may also have the right to opt out of having your PII shared with third parties and to revoke your consent that you have previously provided for your PII to be shared with third parties, except as required by law. You also have the right to opt out if your PII is used for any purpose that is materially different from, but nevertheless compatible with the purpose(s) for which it was originally collected or subsequently authorized by you. Requests should be sent to the Hoplite customer who provided your PII to Hoplite, or to Hoplite directly at privacy@hoplite-tech.com. Hoplite has limited rights to access PII our customers submit to our Service. Therefore, if you contact us with such a request, please provide the name of the Hoplite customer who submitted your PII to our Service. We will forward your request to that customer and provide assistance to our customers, as needed, as they respond to your request.

Inquiries or Complaints
In compliance with the Privacy Shield Principles, Hoplite commits to resolve complaints about our collection or use of personal data. For inquiries or complaints regarding our Privacy Shield policy, you may contact us by emailing security@hoplite-tech.com. Hoplite representatives will respond within 24 days.

Regulatory Oversight
Hoplite Technology Limited is subject to the investigatory and enforcement powers of the Hong Kong SAR Law.

Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page and update the "Effective" date above to reflect the date on which the new Notice became effective.

Contact Us
If you have any questions about this Notice or our processing of your PII, please write to our privacy contact at privacy@hoplite-tech.com or by postal mail at:

Hoplite Technology Limited.

Unit 538 , 19W , Hong Kong Science and Technology Park, Hong Kong SAR

Please allow up to three weeks for us to reply.