Cybersecurity Response Network ("CRN", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, crnsecure.com, including our reporting form at crnsecure.com/report and member dashboard at crnsecure.com/dashboard. It applies to all users, including members, staff, and visitors, with special protections for children under 13 as required by the Children's Online Privacy Protection Act (COPPA) and UK data protection laws.
By using our website, you consent to the practices described in this policy. If you do not agree, please do not use our site.
1. Information We Collect
We collect information you provide directly, information collected automatically, and information from third parties, as follows:
a. Personal Information You Provide
- Reporting Form (crnsecure.com/report): When you submit an incident report, we may collect:
- Name (optional)
- Email address (optional)
- Incident details (e.g., description, date)
- Imagery (e.g., screenshots of incident)
- Members Area: When you sign up or log in, we collect:
- Nickname / Username
- Email address
- Password (encrypted)
- Division/role (e.g., Community Director, Operations Division)
- Staff Dashboards: When you sign up or log in, we collect:
- Community stats (Directorship Team)
- Safeguarding notes (Safeguarding Division)
- Staff management details (Human Resources Division)
- Children's Information: For users under 13, we collect limited information (e.g., anonymized incident reports) with verifiable parental consent, per COPPA and UK GDPR.
b. Information Collected Automatically
- Usage Data: We collect data about your interactions with our site, including:
- IP address
- Browser type
- Device information
- Pages visited
- Cookies and Tracking Technologies: We use cookies to maintain site functionality and analyze usage. You can manage cookie preferences via your browser settings.
c. Information from Third Parties
We may receive data from our service providers, such as Wix, which hosts our site and processes data on our behalf.
2. How We Use Your Information
We use your information to:
- Process and respond to incident reports
- Provide and personalize dashboard access (e.g., Community Director stats, staff actions)
- Manage member accounts and roles
- Monitor and secure our site (e.g., Internal Security Division audits)
- Communicate with you (e.g., report follow-ups)
- Comply with legal obligations
- Improve our services and analyze site performance
3. How We Share Your Information
We do not sell your personal information. We may share it with:
- Service Providers: Third parties like Wix (hosting, forms, analytics) who process data under strict agreements.
- Staff Divisions: Relevant CRN staff (e.g., Operations Division for report handling, Human Resources for staff management) with access limited to their roles.
- Legal Authorities: When required by law or to protect our rights, safety, or property.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
4. Children's Privacy (COPPA and UK GDPR Compliance)
CRN is dedicated to protecting children. For users under 13:
- We collect minimal personal information (e.g., anonymized incident reports).
- We obtain verifiable parental consent before collecting identifiable information, in compliance with COPPA (US) and UK GDPR.
- Parents can review, delete, or restrict their child's data by contacting us at contact.crnsecure@gmail.com.
- Incident reports are anonymized unless consent is provided.
5. Your Rights and Choices
a. General Rights
You may:
- Access, correct, or delete your personal information (via Members Area or by contacting us).
- Opt out of non-essential cookies via browser settings.
- Request data portability (GDPR/UK GDPR/CCPA).
- Object to or restrict certain data processing (GDPR/UK GDPR).
b. GDPR and UK GDPR Rights (EU and UK residents)
If you are in the EU or UK, you have the right to:
- Access your data
- Rectify inaccuracies
- Erase data ("right to be forgotten")
- Restrict or object to processing
- Data portability
- Lodge a complaint with a supervisory authority (e.g., UK Information Commissioner's Office)
c. CCPA/CPRA Rights (California Residents)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, or disclose
- Request deletion of your data
- Opt out of data sales (we do not sell data)
- Non-discrimination for exercising these rights
To exercise these rights, contact us at contact.crnsecure@gmail.com
6. Data Security
We implement industry-standard measures to protect your information, including:
- Encryption of passwords and sensitive data
- Role-based access controls for dashboards
- Secure hosting via Wix
- Regular security audits
However, no system is completely secure. We cannot guarantee absolute security.
7. Data Retention
We retain personal information only as long as necessary for the purposes outlined in this policy or as required by law:
- Incident reports: 3 years or until resolved, unless anonymized.
- Member data: Until account deletion or inactivity for 5 years.
- Logs: 1 year for Internal Security audits.
8. International Data Transfers
CRN operates in the US and UK. If you are outside these regions, your data may be transferred to and stored in the US or UK. We ensure compliance with GDPR, UK GDPR, and other laws through contractual clauses with our service providers (e.g., Wix).
9. Third-Party Links
Our site may contain links to third-party websites. We are not responsible for their privacy practices. Review their policies before providing information.
10. Changes to This Privacy Policy
We may update this policy to reflect changes in our practices or legal requirements. We will notify you by posting the updated policy on our site with a new "Last Updated" date. Significant changes will be communicated via email or site notice.
11. Contact Us
For questions, concerns, or to exercise your rights, contact our Data Protection Officer at:
12. Additional Information for California Residents
Under the COPPA/CPRA, we disclose that:
- We collect the categories of personal information listed in Section 1.
- We do not sell personal information.
- We share data with service providers and staff as described in Section 3.
- You can exercise your rights by contacting us at privacy@crnsecure.com.
13. Verifiable Parental Consent (COPPA and UK GDPR)
Parents of children under 13 can provide consent by:
- Completing a consent form found on this website
- Contacting us at contact.crnsecure@gmail.com
14. Governing Law
This Privacy Policy is governed by the laws of the United States and the State of Florida for users located in the United States, and by the laws of the United Kingdom, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, for users located in the United Kingdom. For users in other jurisdictions, the laws of the United States and Florida apply, without regard to conflict of law principles. If there is a conflict between US and UK laws, we will apply the law of the user's jurisdiction to the extent required to comply with applicable data protection regulations.