This website www.buriba.com (“Site”) is operated by BURIBA, (“Buriba, “We”, “Us”). We take the privacy of our website users and the security of their personal information very seriously and are committed to best practices.
PERSONAL INFORMATION COLLECTION AND USE
WHAT INFORMATION DO WE COLLECT?
At times, we may request that you voluntarily supply us with personal information, or you may choose to provide us with your personal information by emailing us via the “Contact” section of this website. Generally, this information is requested or provided when you want us to provide you with information.
We may gather the following information about you when you use this website including, but not limited to, the following:
- Email address
- Telephone number
- IP address
- Mobile device ID
- Such other personal information provided by you when contacting us via the “Contact” sections of this website, email, phone or otherwise.
HOW DO WE USE IT?
We will use your personal information in the following ways. We are also required by law to state a “legal basis for processing”, i.e., to tell you on what grounds we are allowed to use your information, and this is also set out below:
- To provide you with materials and information you requested: Consent – we only use your personal information for this purpose if you have asked us to do so. You can withdraw your consent at any time.
- To send you information and materials that may be of interest to you, such as newsletters, whitepapers, news bulletins, and other business information: Our legitimate interests – we use your business – related contact information such as your work email address to communicate such information to you.
- To respond to specific queries you may raise regarding BURIBA and its various operating companies and brands: Consent – we only use your personal information for this purpose if you have asked us to do so. You can withdraw your consent at any time.
- To provide you with better ways of accessing information on this website: Our legitimate interests – we use your personal information to help deliver the best online experience to you and other website users.
- To process and consider your queries and requests such as those submitted via or pursuant to the “Contact” and “Careers” section, such as job applications. We will update you on your application, and keep you informed of other opportunities, if you have asked us to, via the methods you have selected: Our legitimate interests – we use your personal information to assess the information you have submitted to us and to communicate and respond accordingly. For example, if you submit a job application, we will need to keep you updated throughout the application process.
- To allow you to submit information to our new business team: Our legitimate interests- we only use your personal information to assess the information submitted for new business purposes.
- To process your registration for events, seminars, conferences, and meetings via the BURIBA and its affiliates: Our legitimate Interests -we use your information to book you on to the requested events and to send confirmation to you and the event organizer
For how we use your information that is collected using cookies and similar technologies please see the “Cookies” page here.
BURIBA may also collect and store aggregate or anonymous information about a user’s interaction with the Site.
We may use this aggregate or anonymous information we collect about our customers, traffic patterns, and related site information to better design our Site and to share with reputable third-party vendors. Please note, aggregate and anonymous information is not personal information and cannot directly or indirectly identify an individual on its own.
LINKS TO OTHER SITES
SHARING YOUR INFORMATION
DO WE PASS YOUR INFORMATION TO THIRD PARTIES?
- We may send your personal information to other affiliates and third parties to help us process your personal information for the purposes set out in this notice.
- We may disclose your personal information if we or any of our assets are the subject of a sale or similar corporate transaction. We will ensure that the third parties who receive your personal information are required to keep it confidential.
- We may disclose personal information to third parties when we reasonably believe we are required or permitted by law (such as third parties who provide services on our behalf), and in order to investigate, prevent, or take action regarding suspected or actual unlawful or otherwise prohibited activities, including, but not limited to, fraud.
- We may also share your personal information with third parties where required for processing. For example, when applying for a job through our website.
- If you have previously applied to a job with BURIBA and would like to request that we update or delete the information that we hold about you, or you would like a copy of that information, please send your name and email address to firstname.lastname@example.org with as many details of your application as you can.
We will always take steps to require such third parties to keep your personal information confidential.
HOW LONG DO WE KEEP YOUR INFORMATION?
We only keep your personal information for as long as we need to, to be able to use it for the reasons given in this privacy notice, and for as long as we are required to keep it by law. For example, following a job application we may keep your information to inform you of any other opportunities that become available; however, we will only keep your information for a limited period and your details will not be kept longer than is reasonably necessary or as required by law.
HOW DO WE PROTECT YOUR INFORMATION?
We take appropriate technical and organizational measures to ensure that your personal information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used.
This web site is not intended or designed to attract children under the age of 18. We do not knowingly collect personal information from or about any person under the age of 18. If you are under 18 years old and wish to ask a question or use this site in any way which requires you to submit your personal information, please get your parent or guardian to do so on your behalf. Likewise, if you are a parent or guardian and think your child may have submitted their personal information to us by mistake, please let us know at email@example.com, and we will delete that data.
WHERE DO WE SEND YOUR INFORMATION?
We are an Israeli registered company with branches abroad therefore we may transfer your personal information to countries around the world including the US and Europe. We will, where the country to which your data is transferred has not been found to provide an adequate level of protection, put in place appropriate safeguards (we use standard contractual clauses) to ensure your information is protected.
You are entitled to ask:
- for a copy of the personal information we hold about you, and details about how we are processing your personal information;
- to have any inaccuracies in your personal information corrected;
- if we are processing your personal information by automated means and on the basis of your consent (see “How do we use it?”, above), for us to provide your personal information to you in a structured, commonly-used and machine-readable format. You can also ask us to provide your personal information directly to a third party in this format, and, if technically feasible, we will do so; and
- to have your personal information erased, or for our use of it to be restricted (for example, if your preferences change, or if you don’t want us to send you the information you have requested).
Please contact us using the details set out below if you would like to exercise any of these rights.
You also have the right to make a complaint to the supervisory authority if you’re not happy with how we’ve handled your personal information. Please refer to the local data protection authority where you are located.
HOW TO CONTACT US
If you wish to exercise any of your rights in relation to your personal information or if you have any queries about how we use your personal information, please let us know by emailing firstname.lastname@example.org.
BURIBA appreciates and values the identification and reporting of security vulnerabilities carried out by well-intentioned, ethical security researchers.
Our vulnerability disclosure policy applies to any vulnerabilities you are considering reporting to us. We recommend reading this vulnerability disclosure policy fully before you report a vulnerability and always acting in compliance with it.
We do not offer a bug bounty program or monetary rewards for responsible disclosures and compensation requests will not be considered in compliance with this Responsible Disclosure Policy.
If you believe you have found a security vulnerability, please submit your report to us using the following email address: email@example.com
Your report should include details of:
- The website, domain, IP or page where the vulnerability can be observed.
- Steps to reproduce which should be a benign, non-destructive, proof of concept. This helps to ensure that the report can be triaged quickly and accurately.
If you have any concerns or queries with regard reporting, please email firstname.lastname@example.org for advice.
What to expect
We aim to confirm receipt of your vulnerability report and triage your report as soon as possible. We also aim to keep you informed of our progress and completion of any remediation activities. We may contact you if we require further information regarding your report.
Remediation of any reported vulnerabilities are assessed based upon their impact, severity and exploit complexity. Vulnerability reports might take some time to triage or address. You are welcome to enquire on the status but we ask that you avoid doing so more than once every 14 days to allow our teams to focus on the remediation.
You must NOT:
- Break any applicable law or regulations.
- Access unnecessary, excessive or significant amounts of data or modify data in our systems or services.
- Disrupt our services or systems, use high-intensity invasive or destructive scanning tools to find vulnerabilities or attempt any form of denial of service.
- Submit reports detailing non-exploitable vulnerabilities, or reports indicating that the services do not fully align with “best practice”, for example missing security headers.
- Submit reports detailing TLS configuration weaknesses, for example “weak” cipher suite support or the presence of TLS1.0 support.
- Social engineer, ‘phish’ or physically attack our staff or infrastructure.
- Demand financial compensation in order to disclose any vulnerabilities.
- Always comply with data protection rules and must not violate the privacy of our users, staff, contractors, services or systems. You must not, for example, share, redistribute or fail to properly secure data retrieved from the systems or services.
- Securely delete all data retrieved during your research as soon as it is no longer required or within 1 month of the vulnerability being resolved, whichever occurs first (or as otherwise required by data protection law).
This policy is designed to be compatible with common vulnerability disclosure good practice. It does not give you permission to act in any manner that is inconsistent with the law, or which might cause us to be in breach of any legal obligations.