Last modified: April 2023.
Protecting your privacy is of utmost importance to us at GIANT SENTINEL. ("Giant Sentinel" or "we" or "us"), and it is fundamental to our service. This Privacy Policy clarifies the types of personal data we gather, the reasons behind collecting it, and how we handle and utilize your personal data in relation to our Gmail anti-phishing extension. Furthermore, this Privacy Policy elaborates on the various conditions under which we process personal data, as we sometimes act as a data controller in regard to our users' information or other parties connected to our website, and at other times, as a data processor on behalf of our users.
Giant Sentinel is dedicated to safeguarding your privacy and ensuring the highest level of security for your personal information.
1. Introduction
The aim of this Privacy Policy is to inform you about the terms and procedures for the collection, usage, and disclosure of personal data in association with our service. Giant Sentinel offers its users an anti-phishing email protection and management service with various related features (the "Service"). Consequently, this Privacy Policy outlines the conditions for the processing of personal data by Giant Sentinel: (i) when you utilize our Services ("User") or when you access and browse our giantsentinel.com website ("Website"); and (ii) when in order to provide our Service, we process personal data on behalf of the User related to the User's communication, including personal data of the recipient (« Recipient »).
Giant Sentinel will process personal data in compliance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals concerning the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (“GDPR”), Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (“LOPD”) and other applicable data protection laws.
We encourage you to thoroughly read this Privacy Policy before using our Services or browsing through our Website.
2. Processing of Users’ Personal Data by Giant Sentinel
2.1. In various instances and for specific purposes and durations, Giant Sentinel may process personal data of Users or visitors to the Website:For the provision of the Service, Giant Sentinel may process personal data provided by Users when installing or signing up for the Service, such as name, email address, language preferences, location for accurate price/currency display, payment information, and any other data or information resulting from the Service.
Giant Sentinel uses this personal data for the following purposes:
delivering the Service and managing the contractual relationship;administering and enhancing the Service;addressing requests, suggestions, or complaints about the Service;providing the User with requested information;sending updates and news related to the Service;complying with applicable regulations in each case; andresponding to requests or demands from public authorities.
The legal basis for processing the above data is the execution of the contractual relationship between the User and Giant Sentinel for the Service provision, as well as Giant Sentinel's legitimate interest in informing Users about the Service. Additionally, this includes improving the Service and preventing fraud and abuse unless Users notify Giant Sentinel that they do not wish to receive commercial communications.
Giant Sentinel is committed to processing Users personal data during the contractual relationship and, subsequently, for the legally required period as per applicable regulations, depending on the case.
Through cookies, Giant Sentinel collects information from Website visitors to enable Website functionalities, learn about Website usage, and improve its operation, as outlined in our Cookies Policy.
When using cookies for the purposes stated in our Cookies Policy, we do so based on prior consent in accordance with applicable regulations. Website users can accept or reject all of our cookies, or selectively accept some cookies and not others through our consent manager.
Giant Sentinel will store cookie usage information and your IP address following the Cookies Policy.
To respond to inquiries, suggestions, or complaints, Giant Sentinel exclusively uses personal data obtained through designated channels to reply to questions, suggestions, or complaints submitted by Users or those accessing and browsing the Website.
The purpose of processing this personal data is to manage inquiries, suggestions, or complaints and subsequent follow-up. This is based on fulfilling a contractual relationship or, where appropriate, Giant Sentinel's legitimate interest in managing the response to these requests and managing and improving the Service.
Giant Sentinel will maintain the information for as long as necessary to respond to inquiries, suggestions, or complaints and follow up on them. Additionally, Giant Sentinel may keep personal data for the periods required to comply with any legal obligations that may apply.
For participating in selection processes published on the Website, Giant Sentinel will use identification, academic, professional, and profile data provided by job applicants through the Website's provided means. This information, along with data provided during the process, will be used to manage these selection processes.
In such cases, the legal basis for processing personal data is performing pre-contractual measures at the data subject's request.Personal information will only be stored for the duration of the relevant selection process.
2.2. Duration. The time frame for retaining personal data or the criteria used to determine such a period are specified in each case outlined in Section 2.2 of this Privacy Policy. Furthermore, personal data will be retained for the durations required by applicable regulations.
2.3. Giant Sentinel's processors, meaning our service providers, may access the aforementioned personal data when necessary and solely for the purpose of managing the delivery of the relevant service. To ensure that personal data receive an adequate level of protection, Giant Sentinel will enter into agreements with third parties with whom it shares personal data. These agreements require that your personal data is processed by those third parties in a manner consistent and compliant with data protection regulations.We may also provide personal data to the competent judicial or administrative authorities when necessary to comply with any applicable law or regulation.
2.4. In general, Users' personal data will be stored within the European Economic Area (i.e., the member states of the European Union, Norway, Iceland, and Liechtenstein, or "EEA"). However, Giant Sentinel may share personal data with service providers located outside the EEA. In such cases, Giant Sentinel will ensure that personal data is stored and transferred securely. These transfers will be made, depending on the case, based on one of the bases permitted by European data protection regulations. This could be either because the transfer is made to a country where the European Commission has established its adequacy concerning data protection levels or through data transfer agreements incorporating the standard contractual clauses accepted by the European Commission as per art. 46.2.c) GDPR.
2.5. The User or the data subject, as appropriate based on the cases outlined in section 2.1 above, has the right to request a copy of any personal information we hold about them in our records, to correct any inaccuracies, and to update any outdated information.
You may also request the deletion of your personal information if, among other reasons, it is no longer needed for the purposes for which it was collected, or request data portability, if applicable. In certain circumstances, you can request to limit the processing of your data or object to the processing of your data.
Giant Sentinel will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims. You also have the right to withdraw your consent at any time when this is the legal basis for the processing of your personal data.
The above rights may be exercised by contacting Giant Sentinel by sending an e-mail to privacy@giantsentinel.com.
In accordance with the provisions of the GDPR, when requests are manifestly unfounded or excessive, particularly due to their repetitive nature, Giant Sentinel reserves the right to charge a reasonable fee based on the administrative costs incurred to provide the information or communication or to carry out the requested action, without prejudice to the possibility of refusing to act.
the User or the relevant party, as applicable, may also seek the assistance of the relevant Data Protection Authority at https://www.cnil.fr/fr.
If at any time the User or interested party wishes to stop receiving commercial communications from Giant Sentinel, they may request to do so by sending an e-mail to privacy@giantsentinel.com.
3. Processing of personal data of Recipients on behalf of the Users by Giant Sentinel (as Data Processor)
3.1. This section details the processing of personal data relating to communications received by users, carried out by Giant Sentinel on behalf of and following the instructions of the users. In such cases, Giant Sentinel acts as a data processor, as the purposes and means of the processing of personal data are determined by the user and Giant Sentinel only accesses the data at the request of the user and to provide the service. Giant Sentinel does not act as a data controller with respect to personal data relating to communications received by users.
3.2. The provision of the Service in favor of the user may involve access and processing by Giant Sentinel of personal data relating to communications received by the user, for the purposes established by the user. Giant Sentinel will have access to the following data:
Information necessary to analyze emails received by the user in their Gmail inbox:
email address;email subject;activeTab - allows the extension to access the current active browser tab.scripting - allows the extension to execute JavaScript code in the context of the current page.storage - allows the extension to access the browser's local storage.tabs; allows the extension to access information about browser tabs, such as URLs and titles.date and time the email was received.
Information provided by the Service:
analysis of email security elements (such as SPF, DKIM, DMARC, etc.);assessment of links and attachments for potential threats;detection of sensitive information requests;risk score and clear explanations on the legitimacy of the email.
The processing of the aforementioned personal data is carried out solely for the provision of the Service within the terms and duration indicated in the Terms and Conditions of the Service and always under the instructions of the user.
3.3. Consequently, Giant Sentinel:
will solely process the personal data associated with the received email communications for the purpose of providing the requested Service to the user, and will not transfer such data, including storage, to unauthorized third parties;will process the personal data related to the received email communications in accordance with the user's instructions. Should Giant Sentinel become aware of any instructions that may violate data protection regulations, it will promptly notify the user;
(iii) will immediately inform the user if it becomes aware of any data breach, providing all relevant details of the infringement;
(iv) will ensure that individuals authorized within Giant Sentinel to process personal data regarding received email communications have committed to maintaining confidentiality or are bound by a legal confidentiality obligation;
(v) considering the nature of the processing, Giant Sentinel will, to the extent possible, assist the user with appropriate technical and organizational measures to fulfill their obligation to address requests concerning the exercise of rights by the relevant data subjects as outlined in Chapter III of the GDPR. Giant Sentinel will promptly notify the user of any received requests through the email address associated with their account. The user remains responsible for addressing and responding to such requests, and Giant Sentinel will comply with the user's instructions accordingly;
(vi) will implement all necessary measures in compliance with Article 32 GDPR (security of processing);
(vii) will support the user in meeting their obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to Giant Sentinel, including but not limited to:
per the user's preference, Giant Sentinel will either delete or return all personal data related to received email communications upon the conclusion of the Service, unless the applicable regulations mandate data retention; andmay provide the user with all necessary information to demonstrate adherence to the obligations set forth in Article 28 of the GDPR, and will facilitate and contribute to audits, including inspections, conducted by the user or an authorized auditor on their behalf.
3.4. Giant Sentinel will not subcontract third parties for processing operations that may involve access to personal data related to the received email communications without the user's authorization.In this regard, the following sub-processors are deemed authorized by the user:
Platform.sh SAS, a French company located at 22 Rue de Palestro, Paris, 75002 France as a provider of hosting the Service, through servers located in Paris, France.Google Services: Google Apps, Gmail API, Google Analytics, Webmaster Tools, Google Looker, and Google Forms.Webflow, Inc. (Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103).
3.5. Giant Sentinel will ensure the confidentiality of personal data related to received email communications, even after the termination of the Service.
3.6. The user is responsible for the processing of personal data of recipients or any other type in the context of received email communications received email communications under the scope of the GDPR (excluding processing derived from purely domestic activities), or that of any other applicable regulation.
The user alone defines the purposes and means for processing the mentioned personal data, and it cannot be understood that Giant Sentinel processes personal data related to received email communications for its own purposes since it will only use them for the provision of the Service and acting on behalf of the user. As a result, the user shall comply with the applicable obligations under data protection regulations, as applicable in each case, including, where applicable, obligations relating to obtaining the consent of the data subjects and informing them about the processing of their data as a consequence of using the Service. The user, and not Giant Sentinel, shall be solely responsible for complying with such obligations.
4. Use of Google’s APIs
The use by Giant Sentinel of the information received through the Google API implies the user's adherence to the Google API Services’ User Data Policy.Opting out of Giant Sentinel’s Service : https://www.google.com/url?q=https://developers.google.com/terms/api-services-user-data-policy%23additional_requirements_for_specific_api_scopes&sa=D&ust=1599474444017000&usg=AFQjCNF0Xaqkw3jGnUKrZoD1YJvLlpAZaQ
5. Opting out of Giant Sentinel Service
If you are a user of Giant Sentinel’s Service and you wish to exercise any rights under the GDPR, please note that you should contact Giant Sentinel directly. Giant Sentinel is responsible for analyzing received email communications in the user's Gmail inbox, not sending emails. The user is the one who defines the purposes and means for processing the personal data and is responsible for complying with the applicable obligations under data protection regulations.
In any case, at Giant Sentinel, we are committed to safeguarding and protecting privacy, and we provide you with the email privacy@giantsentinel.com to help you make requests or exercise your rights under GDPR. We will assist you in fulfilling your obligations related to the exercise of your rights as a user, in compliance with GDPR requirements.
Please note that you can also manage the analysis of emails by disabling the Giant Sentinel Chrome extension or adjusting its settings. This action allows you to prevent further analysis by Giant Sentinel but does not involve the exercise of the rights granted to you under the GDPR. Giant Sentinel processes personal data in accordance with the GDPR and, in the event that you exercise your rights, will act accordingly.
