Tenable Privacy Policy

Last Updated: November 8, 2023

Introduction

This privacy policy (“Policy”) describes how Tenable, Inc. and our affiliates (“Company,” “we,” and “our”) collect, use, disclose, and otherwise process Personal Data about individuals who use this website, tenable.com, and Tenable's publicly-facing sites (e.g., the Tenable Community and Tenable University) (collectively, the “Site”); who register for an evaluation license for one of our products; or who otherwise interact with us. Please read the following information carefully to understand our views and practices regarding your Personal Data and how we will treat it.

1. Personal Data We Collect and Purposes of Processing

What Personal Data do we collect?

We may collect information about you as set out in this Policy and that may include Personal Data. Personal Data is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual or household.

Through our interactions with you, we may collect the following categories of Personal Data:

• identifiers, such as your name, alias, user name, unique personal identifier, online identifier, IP address;
• contact information, such as home or other physical address, telephone number, email address;
• financial information, such as bank account number, credit card number, or debit card number;
• commercial information, including records of products or services that you purchased, obtained, or considered;
• Internet or other electronic network activity information, such as information about your interactions with our websites;
• audio, electronic, visual, or similar information, such as call recordings;
• professional or employment-related information, such as the name of your employer, business contact information, and employment history; and
• inferences drawn from any of the categories of information above.

What are our purposes for collecting your Personal Data?

We will only collect and/or process your Personal Data in compliance with applicable data protection and privacy laws and in accordance with this Policy. In order to provide you with access to the Site, we may process your Personal Data in accordance with this Policy. If you create a profile or register with us, you will be asked to agree to provide certain information in order to access our services or view our content. By agreeing to do so you consent to your Personal Data being processed by us. This consent provides us with the legal basis to process your Personal Data. If you change your mind and wish to withdraw your consent to us processing your Personal Data, you may withdraw your consent at any time by emailing us at [email protected]. There may also be instances where you are required to provide your information to purchase products or access the Tenable Community and Tenable University. In such cases, Tenable has a legitimate business interest to process your Personal Data. If you do not agree to our use of your Personal Data in line with this Policy, please do not use our Site. You can find detailed information about our purposes for processing your information in section 3 of this Policy.

We will retain your Personal Data as described in section 12 of this Policy.

How do we sell or share your Personal Data?

We disclose your personal identifiers, such as IP address, and information about your Internet or other network activity, such as cookie data to third party marketing, advertising, and analytics providers to receive insights or services, and to support targeted advertising. While we do not engage in the sale of personal information for monetary or other valuable consideration that we obtain from you via our Sites, there may be limited circumstances where we “share” personal information with third parties in a way that may be considered “selling” under California law. To opt out of the sale or sharing of your Personal Data, please click here. We do not knowingly sell or share information related to individuals under 16 years of age.

2. Collecting Your Personal Data

We collect information about you from the following categories of sources:

Information You Give Us. This may include:

• any Personal Data you provide to us, including name, postal address, email address, telephone number, and a username;
• any Personal Data that may be contained in any video, comment, or other submission you upload or post to the Site;
• any Personal Data you provide when you report a problem with our Site;
• any Personal Data you provide when you register through the Site for an evaluation license for any of our products;
• any Personal Data you provide when you make a purchase through our Site;
• any Personal Data you provide when you use our Site's live chat feature; and
• any Personal Data you provide when you correspond with us by phone, email, or otherwise.

Information from Social Networking Sites. Our Site includes interfaces that allow you to connect with social networking sites (each a “SNS”). If you connect to a SNS through our Site, you authorize us to access, use and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use and store that information in accordance with this Policy. You can revoke our access to the information you provide in this way at any time by amending the appropriate settings from within your account settings on the applicable SNS.

Information We Get from Others. We may also get information about you from other sources, for example, if you have agreed to disclose information to one of our partners, listed here: https://www.tenable.com/partners/channel-partner-directory, or through our e-commerce provider, content syndicators, or other associated business partners.

Information Automatically Collected. We automatically log information about you and your computer or mobile device when you access our Site. For example, when visiting our Site, we identify an initial public IP address to identify your approximate location, we log your computer or mobile device operating system name and version, browser type, browser language, screen resolution, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site. We collect this information about you by using cookies and other tracking technologies. Please refer to the sections on cookies and pixel tags below.

Automated Decision Making and Profiling.We may use automated decision making and/or profiling in regard to your Personal Data for some services and products, for example, when logging into the Tenable Community, Tenable will need to identify if you are a customer or not, or messaging may change depending on your prior visits to our Site. You can request a manual review of the accuracy of an automated decision that you are unhappy with, or limit/object to such automated decision making and/or profiling by contacting us at [email protected].

3. Using Your Personal Data

We use your Personal Data for the following purpose(s):

• to operate, maintain, and improve our Site;
• to evaluate your registration on our Site or for an evaluation license;
• to deliver the services you request and manage your account, including to communicate with you regarding your account on our Site or your evaluation license;
• to respond to your comments and questions;
• any Personal Data you provide when you make a purchase through our Site;
• to send information including technical notices, updates, security alerts, and support and administrative messages regarding our Site or your evaluation license;
• to send you marketing communications, including via e-mail in compliance with applicable laws, about upcoming promotions, newsletters, new products, services, webinars, training seminars and other news, including information about products and services offered by us and our affiliates;
• to link or combine user information with other Personal Data;
• as we believe necessary or appropriate (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) to enforce this Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others; and
• as described in the “How do we 'sell' or 'share' your Personal Data” section above.

4. Disclosing Your Personal Data to Third Parties

We may disclose your Personal Data to the following categories of third parties for the purposes described in section 3:

• Third Parties Designated by You. We may disclose your Personal Data to third parties where you have provided your consent to do so.
• Our Third Party Service Providers. We may disclose your Personal Data to our third-party service providers who provide services such as data analysis, distribution partners, resellers, information technology and related infrastructure provision (such as Amazon Web Services), email delivery, auditing, payment processors and other similar services.
• Busines Partners. We may give information to one of our channel partners (e.g., resellers and distributors) located here https://www.tenable.com/partners/channel-partner-directory. These third parties are only permitted to use your Personal Data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your Personal Data.
• Third Party Advertisers. We may disclose Personal Data with advertisers and advertising networks that require the data to select and serve relevant advertisements to you and others.
• Tenable Affiliates. We may disclose some or all of your Personal Data to our affiliates, in which case we will require our affiliates to comply with this Policy. In particular, you may let us share Personal Data with our affiliates where you wish to receive marketing communications from them.
• Corporate Restructuring. We may disclose Personal Data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding. We will inform any buyer that your information shall only be used in accordance with this Policy.
• Other Disclosures. We may disclose Personal Data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and the legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or those of you or others.

The table below describes the categories of Personal Data that Tenable collects and the categories of third parties to which we may disclose Personal Data:

Category of Personal Data	Disclosures of Personal Data for Business Purposes
Identifiers, such as your name, alias, user name, unique personal identifier, online identifier, Internet Protocol address, account name	Service providers, advertisers, business partners, affiliates, law enforcement in the event of a lawful request, with your consent
Contact information, such as home or other physical address, telephone number, email address	Service providers, business partners, affiliates, payment processors, law enforcement in the event of a lawful request, with your consent
Financial information, such as bank account number, credit card number, or debit card number	Service providers, affiliates, payment processors, law enforcement in the event of a lawful request, with your consent
Commercial information, including records of products or services that you purchased, obtained, or considered	Service providers, business partners, affiliates, payment processors, law enforcement in the event of a lawful request, with your consent
Internet or other electronic network activity	Service providers, advertisers, affiliates, law enforcement in the event of a lawful request, with your consent
Audio, electronic, visual or similar information	Service providers, affiliates, law enforcement in the event of a lawful request, with entities in the event of a business transaction, with your consent
Professional or employment-related information	Service providers, affiliates, law enforcement in the event of a lawful request, with entities in the event of a business transaction, with your consent.

5. Cookies

What are cookies

We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Site.

We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Site; and (2) third party cookies, which are served by service providers on our Site, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.

Cookies we use

Our Site uses the following types of cookies for the purposes set out below:

Type of cookie	Purpose
Essential Cookies	These cookies are essential to provide you with services available through our Site and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Site and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
Functionality Cookies	These cookies allow our Site to remember choices you make when you use our Site, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of our Site which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Site.
Analytics and Performance Cookies	These cookies are used to collect information about traffic to our Site and how users use our Site. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. It includes the number of visitors to our Site, the websites that referred them to our Site, the pages they visited on our Site, what time of day they visited our Site, whether they have visited our Site before, and other similar information. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site. We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Site works. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies You can find out more about how Google protects your data here: www.google.com/analytics/learn/privacy.html. You can prevent the use of Google Analytics relating to your use of our Site by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB.
Targeted and advertising cookies	These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third party advertisers can place cookies to enable them to show adverts which we think will be relevant to your interests while you are on third party websites. You can disable cookies which remember your browsing habits and target advertising at you by visiting http://www.youronlinechoices.com/ or http://optout.aboutads.info/. If you choose to remove targeted or advertising cookies, you will still see advertisements, but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.
Social Media Cookies	These cookies are used when you share information using a social media sharing button or “like” button on our Site or you link your account or engage with our content on or through a social networking website such as Facebook and Twitter. The social network will record that you have done this.

Disabling cookies

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.

Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, you can visit the following pages:

• United States - http://www.aboutads.info/choices
• Canada - http://www.youradchoices.ca/choices
• Europe/UK - http://www.youronlinechoices.com/

6. Pixel Tags

We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Site to track the actions of users on our Site. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Site, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users' Personal Data.

7. Anonymous Data

When we use the term “anonymous data,” we are referring to deidentified data and information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual, either alone or when combined with any other information.

We may create anonymous data from the Personal Data we receive about you and other individuals whose Personal Data we collect. This data might include analytics information and information collected by us using cookies. We make Personal Data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data for our own purposes, including the ability to analyze usage patterns in order to make improvements to our Site. We will maintain anonymous data in deidentified form and will not attempt to re-identify the information.

8. Third Party Sites

Our Site may contain links to third party websites and features. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them. For example, we may link to social media pages through widgets on our Site or we may provide links to industry reports

9. User Generated Content

You may disclose Personal Data to us when you submit user generated content to our Site, including via our Tenable Community and Tenable University. Please note that any information you post or disclose on our Site will become public information, and will be available to other users of our Site and to the general public. We urge you to be very careful when deciding to disclose your Personal Data, or any other information, on our Site. Such Personal Data and other information will not be private or confidential once it is published on our Site.

10. International Data Transfer

Your information, including Personal Data that we collect from you, may be transferred to, stored and processed by us and our affiliates and other third parties outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our Site, you agree to this transfer, storing or processing. If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), your Personal Data may be processed outside of the EEA or the UK, and in countries which are not subject to an adequacy decision by the European Commission. In this event, we will ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission and the UK Information Commissioner's Office. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.

EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, and UK Extension to the EU-US Data Privacy Framework

Tenable’s U.S. affiliates (Tenable, Inc., Tenable Holdings, Inc., and Tenable Public Sector LLC) comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EU, UK, and Switzerland to the United States. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Data received from the EU in reliance on the EU-U.S. DPF, from Switzerland in reliance on the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles”), and from the UK in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/ or the Swiss-U.S. DPF Principles, the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program and to view our certification, please visit www.dataprivacyframework.gov.

Tenable is accountable for Personal Data that we receive and subsequently transfers to a third party acting as an agent on our behalf. If third parties that process Personal Data on our behalf do so in a manner that does not comply with the DPF Principles, Tenable is accountable, unless we prove that we are not responsible for the event giving rise to the damage.

With respect to Personal Data received or transferred pursuant to the DPF Principles, Tenable is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Tenable may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles, Tenable commits to resolve complaints about our collection or use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding this Policy should first contact us at [email protected].

Tenable has further committed to refer unresolved DPF complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, if we have not resolved your complaint, or wish to file a complaint, you can file a complaint with JAMS online HERE or contact:

JAMS
Attn: Mara Satterthwaite, DPF Coordinator
[email protected]
7160 Rafael Rivera Way, Suite #400
Las Vegas, NV 89113

The services of JAMS are provided at no cost to you.

If your Data Privacy Framework complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by any other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

If you have questions about our DPF certifications, please contact [email protected].

Employee Personal Data under the Data Privacy Framework

Tenable commits to cooperate with the panel established by the EU data protection authorities, the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner, and to comply with the advice given by the panel with regard to human resources data transferred from the EU, UK, and Switzerland in the context of the employment relationship. Please contact us at [email protected] for a copy of the applicable Tenable employee privacy policy and/or to be directed to the relevant DPA contacts for human resources-related privacy complaints.

11. Security

We seek to use reasonable organizational, technical, and administrative measures to protect Personal Data within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at [email protected].

12. Retention

We will retain your Personal Data for a period of time consistent with the original purpose of collection (see section 3, “Using Your Personal Data”). We determine the appropriate retention period for Personal Data on the basis of the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data, and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable minimum statutory retention requirements). After the expiration of the applicable retention periods, we will delete your Personal Data. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.

13. Our Policy on Children

We respect the sensitive nature of children's privacy online. Our Site is not directed to children under eighteen (18) and we do not knowingly collect Personal Data from or sell or share Personal Data about children under the age of 18. You must be at least eighteen (18) years old to register, purchase or apply online for our products, services, promotions and other activities. If you are under the age of eighteen (18), please do not provide us with any type of information about yourself. Tenable is not liable for any information provided to us by a person under the age of eighteen (18).

If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at [email protected]. We will delete such information from our systems as soon as reasonably practicable.

14. Your Rights

You may have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws, and, in particular, if you are located in the EEA or the UK, these rights may include:

• Opt-out. You may contact us anytime to opt-out of: (i) direct marketing communications; (ii) automated decision-making and/or profiling; (iii) our collection of sensitive Personal Data; (iv) any new processing of your Personal Data that we may carry out beyond the original purpose; or (v) the transfer of your Personal Data outside the EEA or the UK. Please note that your use of some of the Site may be ineffective upon opt-out.
• Access. You may request what Personal Data Tenable has about you at any time by contacting us directly.
• Amend. You can also contact us to update or correct any inaccuracies in your Personal Data.
• Move. Your Personal Data is portable - i.e., you to have the flexibility to move your data to other service providers as you wish.
• Erase and forget. In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data.

If you wish to exercise any of the rights set forth above, please contact us at [email protected]. In your request, please make clear: (i) what Personal Data is concerned; and (ii) which of the above rights you would like to exercise. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes, legal purposes and/or to complete any transactions that you began prior to requesting such change or deletion.

Your Rights Relating to Customer Data

As described above, we may also process Personal Data submitted by or for a customer of our products and services. To this end, if not addressed in this Policy or in a separate disclosure, we process such Personal Data in our role as processor/service provider on behalf of a customer (and/or its affiliates) who is the responsible controller of the Personal Data concerned. We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those set forth in this Policy. If your data has been submitted to us by or on behalf of a Tenable customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. If you wish to make your request directly to us, please provide to us the name of the Tenable customer who submitted your data to us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.

Your Preferences for Email Communications

If you prefer not to receive promotional materials, our email newsletter or other forms of communication, you may choose to opt-out or manage your email subscriptions by using the unsubscribe link at the bottom of the email you have received from Tenable or by using our Subscription Management webpage. Tenable will honor your requests to opt-out of specified emails and marketing materials. Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements, or security information.

15. Your California Privacy Rights

The California Consumer Privacy Act of 2018 (“CCPA”) gives California residents certain rights as described below. For this section, we use the terms “personal information,” “sale,” and “sharing” as those are defined in the CCPA.

• Right to access - You may have the right to request a copy of the specific pieces of personal information that Tenable has collected about you.
• Right to know - You may have the right to know what personal information we have collected about you, including, as applicable, the categories of personal we have collected, the sources from which we collected that personal information, the business or commercial purposes for which we collected, sold, and shared that personal information, the categories of personal that we sold, shared, or disclosed to third parties for business purposes and the categories of third parties to whom we sold, shared or disclosed personal information.
• Right to delete - You have the right to request that Tenable delete the personal information we have collected from you.
• Right to correct your personal information - You may have the right to update inaccurate information that we process about you.
• Right to opt-out of the sale or sharing of your personal information - You may have the right to request to opt out from the sale of your personal information or the sharing of your personal information for targeted advertising purposes. While we generally do not engage in the sale of personal information that we obtain from you via our Sites, this activity may be defined by law to be the sharing or processing personal information for targeted advertising. To exercise this right, call us toll-free at 833-720-0398, or email us at [email protected] using “CCPA Request” in the subject line.

Your rights are subject to certain exceptions under the CCPA, for example, as necessary to perform or evidence a transaction or contract, comply with a legal obligation, or when a consumer's identity cannot be reasonably verified.

Exercising your CCPA Rights

To make a CCPA request, you can:

• Call us toll-free at 833-720-0398.
• Email us at [email protected] using “CCPA Request” in the subject line.

Your request must (1) provide sufficient information to allow us to verify that you are the person about whom we have collected personal information, and (2) describe your request in sufficient detail to allow us to understand, evaluate, and respond to it. We may not respond to requests that do not meet these criteria. We will only use personal information provided in your request to verify your identity and complete your request.

You may also authorize an agent (“Authorized Agent”) to exercise your CCPA rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights and we will not deny you goods or services, charge you a different price, or provide you with a lesser quality of goods or services if you exercise any of your CCPA rights.

Other California Resident Rights

Under California law, a California resident who has provided Tenable with personal information is entitled to request certain information with respect to the types of personal information that Tenable has disclosed to third parties for their direct marketing purposes. In accordance with California law, Tenable will, in response to your written request, provide you with the means to choose not to have your information disclosed.

Except as otherwise stated in this Policy (including, but not limited to, disclosing information to our third party resellers), we will not disclose your personal information to third parties for their direct marketing purposes unless you affirmatively agree to such disclosure. To prevent further disclosure to your personal information from use in direct marketing by a third party, do not opt-in to such use when you provide personal information on our Site. If you opt-in to receive communication from a third party, your personal information will be subject to the third party's privacy policy. If you later decide that you do not want that third party to use your personal information, you must contact that third party directly, as Tenable has no control over a third party's use of personal information. You should always review the privacy policy of any party that collects your information to determine how that entity will handle your information.

California residents may request further information about our compliance with this law by emailing [email protected]. Please note that we are only required to respond to one request per individual per year and are not required to respond to requests made by means other than through this e-mail address.

16. Complaints

We are committed to resolve any complaints about our collection or use of your Personal Data. If you would like to make a complaint regarding this Policy or our practices in relation to your Personal Data, please contact us at [email protected]. We will reply to your complaint as soon as we can and in any event, within 45 days. We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, and you are located in the EEA or the UK, you have the right to submit a complaint to our governing supervisory authority, the Ireland Data Protection Commission (individuals located in Ireland) or the UK Information Commissioner's Office (individuals located in the UK):

Ireland Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland
+353 578 684 800
https://www.dataprotection.ie/

UK Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
+0303 123 1113
https://ico.org.uk/

17. Contact Information

We welcome your comments or questions about this Policy. You may contact us in writing at [email protected].