Last Updated: June 5, 2017

The Anti-Malware Testing Standards Organization, Inc. (AMTSO) respects your right to privacy.  We have written this Privacy Policy to inform you about our treatment of your personal data, including how we collect, manage, and safeguard your data, and under what circumstances and to whom your data can be disclosed. We also explain how you can control our use of your personal data.

In this Policy, when we refer to your “personal data,” we mean any personally identifiable information that you provide to us, or that we collect from you, through your visiting www.amtso.org, and from your interactions with us offline. This can include information such as your name, address, and phone number, or your IP address and company affiliations.  Although this Policy informs you of our broadest potential use of your personal data, we may make far less use of such information.  We will not knowingly collect or use personal data from children younger than 13.

By using our website or providing us with any personal data through our website or offline, you are agreeing to the collection and use of information in the manner described in this Policy.  If you do not consent to this Policy, do not use our website or download any materials from it.  This Privacy Policy takes precedence over and supersedes any other policy concerning the treatment of your personal data.

Information We Collect

In general, you can visit our website without telling us who you are or revealing any personally identifiable information about yourself.  However, if you choose to register as a subscriber or submit a membership application, or engage in other communication, some personal data will be required. For example

  • If you sign up to become an AMTSO member or access data included on our website, you must provide us with your e-mail address, your first and last name, your company affiliation, your title and a financial contact at your company to facilitate payment of our membership fee.
  • If you choose to register for a workshop, meeting or conference, you may be asked to provide other personal data to complete your registration request, including seminar preferences and dietary restrictions.
  • If you ask us to provide you with a specific conference invitation to help you secure a travel visa, you may provide us with your date of birth, and your passport number and expiration date. This information will not be used by us in any way other than to generate the invitation letter, and will only be stored by us only as needed for proper corporate record-keeping, and deleted as soon as practicable.
  • If you choose to include your contact information on the AMTSO Contact List in connection with the AMTSO Standards Accreditation Program, you may provide us with your e-mail address, company name, company address, and a telephone contact at your company. By including your information on the AMTSO Contact List, you agree that we may provide this information to registered parties, including anti-malware testers, to facilitate communications between testers and vendors.
    • We encourage, but do not require, you to create anonymized contact information when providing contact information on the AMTSO Contact List. For example, rather than providing an email address for john@amtso.org, you would provide amtsocontact@amtso.org. This can help protect your private information, and personnel changes in your organization will not impact our ability to communicate with you.

You may, from time to time, choose to divulge other personal information to us. For example, you may choose to participate on an open forum and share personal data on such forum.  You should be aware that any personal data you choose to post on an open forum will be viewable by all users of that forum, and potentially others. Although use of the forum is controlled by this Policy and the forum’s terms and conditions, we cannot control the behavior of others with personal data you voluntarily post.  This means that other users could copy or misuse information you provide without your consent.  We also provide a method to share a private message with other members or persons using the open forum.  If you choose to share information in a private message, it is generally viewable only to those selected to receive it; however, we cannot control what the person receiving your message will do with that data.  In short, if you are trying to protect your information, do not post personally identifiable or confidential information on an open forum or share it with someone you do not know, and if you do share such data, you specifically provide your consent for that data to be accessed and used by others.

If you would like us to remove all of your registration and profile details from our website, the Contact List, or otherwise remove information we have identifying you, please send an email to AMTSO’s Privacy Officer.  Once we have verified that the request came from you, we will take the information down, or delete it.  However, please note that any open forum or other posts you have made will remain viewable, at our discretion, under the tag of “guest comment.”

Cookies

Our website uses cookies generated by a third-party application, or its plug-ins or widgets.  A cookie is a small piece of information that a website asks a browser to store on a computer or mobile device. AMTSO uses cookies to enhance your usage of our website by “remembering” your actions or preferences. The cookies we generally use include a unique identifier, user preferences, and profile and member information.  We may also use cookies to collect general usage and volume statistical information that does not include any personally identifiable information. Some cookies may remain on your computer after you leave our website.

While we do not offer an opt-out for cookies, your browsers may give you control over cookies used on your computer or mobile device.  You can generally set your browser to alert you when a cookie is being used, which will give you a chance to accept or reject the cookie.  You may also be able to set your browser to refuse all cookies, or accept only cookies returned to the originating servers.  You can generally disable the cookie feature in your browser without affecting your ability to access our website, except in some cases where cookies are used as an essential security feature necessary for completing transactions.

Links to websites outside of ours may contain cookies that we do not control.  In addition, we may use third-party vendors to provide or track connections to our website.  It is possible that such vendors may use cookies, over which we also have no control. Such cookies (if used) would be downloaded once you click on any third-party links on our website. The information collected through these functions is subject to the privacy policies of those third-parties.

Embedded URLs and Pixel Technologies

In some cases, we may use a tracking technique that employs embedded URLs to allow use of our website without cookies.  Embedded URLs allow limited information to follow users as they navigate the site, but is not associated with personal information and is not used beyond the session.  We may also use embedded pixel technologies on selected pages for the purposes of identifying unique user visits to our website, as opposed to aggregate hits, and to identify the pages viewed.  Or, we may also use embedded pixel technologies to determine whether the recipient of an e-mail has opened a particular message.  Although this information will not generally include personal data, we may re-associate the information with personally identifiable information.

Log Files

Like most standard websites, we use log files.  This information includes electronic communication protocols, web addresses, browser type, internet service provider, platform type, and other network routing information (referrals), equipment information (browser type) and date and time.  This information helps us use and administer our website, track our users’ movements in the aggregate, and gather broad demographic information for aggregate use.  This information is generally not linked to any personally identifiable information.  We use a tracking utility that uses log files to analyze user movement.

Use of Personal Data by AMTSO and Others

The personal data we collect, including information that you voluntarily provide, as outlined above, may be used for the following purposes:

  • To engage in and process transactions. We may use personal data such as your name, physical address, and email address to communicate with you about your membership, order, subscription, or other information related to our products or services.
  • To provide support or other services. We may use personal data to provide you with information, support or other services that you have requested.
  • To provide online forums and social networks. We may provide you with an opportunity to participate in interactive discussions, post comments or other content, or otherwise engage in networking activities. We do not control the content any of our users post to our open forum or elsewhere.  You should carefully consider whether you want to submit personally identifiable information to our open forum or elsewhere, and tailor any content appropriately.
  • To facilitate member connection. We maintain an online directory of our members that may allow members to connect with each other.  This directory is exclusively available to our members, and each member has control over the profile information that is displayed regarding their membership, including the right to include no information in the directory.
  • To facilitate compliance with the AMTSO Standards Accreditation Program. We offer standards for testers and vendors to follow in anti-malware testing, which requires communications between testers and vendors. If you have included your contact information on the AMTSO Contact List, we may provide this information to registered parties for use in connection with the AMTSO Standards Accreditation Program. Such registered parties may use this information to contact you and solicit participation in an anti-malware test, or otherwise communicate with you regarding such test; however, they may not use the contact information for general solicitation purposes, and are generally prohibited from sharing such information with any third party.
  • To administer downloads of our papers or products. We may contact users that download our papers or products to confirm certain information about the download, or provide information about related papers or products.
  • To improve the quality, and assess usage, of AMTSO’s products and services. We may use your personal data to help improve the quality and determine the level of usage of our products and services.
  • To communicate with users about a service, conference, or event. We may communicate with you about a service, conference, or event hosted or co-sponsored by AMTSO or one of our associates.  Information that you provide when registering for a service, conference, or event may be shared with other parties working with us, and treatment of that information is further subject to the privacy policies of those parties.
  • To comply with legal requirements. We may disclose your personal data to comply with laws, court orders, litigation, or other legal process, and/or in response to requests from governmental authorities within or outside of your country of residence.  We may also disclose your personal data if we determine that disclosure is reasonably necessary to enforce our rights or protect our operations or users.
  • As part of a merger or acquisition. We may disclose your personal data to a successor or acquiring entity as part of a merger, acquisition, reorganization, or other transaction involving all or substantially all of our assets.

We may also share your personal with our agents, contractors, and volunteers to perform any of the functions listed above, or as part of our general business operations.

Data Storage and Protection

We take reasonable security measures to protect your personal data both online and offline from loss, misuse, unauthorized access or disclosure.  However, we cannot guarantee the security of information on or transmitted through the Internet. We also take reasonable steps in partnership with our host to ensure the security of your data. Our host is subject to their own privacy policy with which we are satisfied, but we can take no responsibility for any data loss that may occur, including through malware and hacker attacks.

In the event of a security breach that we are aware has exposed your personal data to loss, misuse, unauthorized access, or disclosure, we will use commercially reasonable efforts to notify you of the breach and provide a description of what happened.

Opting Out

From time to time, we may send you e-mails containing information about products or services that may be of interest to you.  If you do not wish to receive further e-mails from us that are promotional in nature, please follow the opt-out instructions in the email or send a request to opt-out to AMTSO’s Privacy Officer. Some non-marketing communications are not subject to opt-out, including communications related to your membership, product downloads, event registrations, and changes to our corporate documents.

Third-Party Sites

This Privacy Policy discloses the privacy practices for our website; however, we may provide links to other websites. If you leave our website, you will be going to sites that are beyond our control. These other sites may send their own cookies to your computer, collect data or solicit personal information. The privacy policies and procedures described here for AMTSO do not apply to any external links. You are encouraged to read the privacy policies of any site linked through our website, especially if you share any personal information.

Transfer of Information to Other Countries

Our processing of the information that we collect may involve the transfer of that information to various countries around the world. By submitting information to us through our website or in connection with your interactions with us offline, you consent to such transfers and to the processing of this information in various countries around the world.

Updating or Deactivating Personal Data

If your personal data changes or if you no longer desire to receive communications from AMTSO, you can correct, update, delete, or deactivate your personal data by sending an email to AMTSO’s Privacy Officer.

If you terminate your membership in AMTSO, or if a named representative leaves your company and is no longer a valid contact, please send us an email and we will remove this information from our systems.

Policy Violations, Contact Information

If you have questions or concerns of any possible Privacy Policy violations, please contact us by email, or write us at the following address:

Anti-Malware Testing Standards Organization, Inc.
Attention: General Counsel
c/o Coblentz, Patch, Duffy and Bass LLP
One Montgomery Street, Suite 3000
San Francisco, California USA 94104

We will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of personal information.

Policy Updates

This Privacy Policy may be amended from time to time. The updated version of this Policy will be effective upon its posting on our website, on this web page. Please check this page frequently to review the most up-to-date version of this Policy.