Webroot Privacy Policy

@ wrote:
Thank you @ for your careful reading and for again raising the specific issues I first brought up last year.  I knew that I had not made this up!  The only reassurance given by Webroot contradicting the issues i raised was that they "do not sell" any information (emphasis mine).  Not particularly reasuring, when the new policy directly reversed the one it replaced, which had required parties recieving information to protect it with the same care as Webroot does. Or rather, did. There must be something in it for them, however, to prevent us from opting out of their "new (2017) practice of providing our personal info to marketers and advertisers to serve us ads.
  Looking forward to a response to your questions from Webroot.

Regarding emphasised text, that is correct.

@, you ask some great questions about our Privacy Statements. First, let me share that we constantly assess all of our policies and procedures to make sure we’re in alignment with industry best practices. Our Privacy Statements are no different and we review them to make sure we are providing visibility into how we use, store, and transfer personal data.
 
We reviewed your questions with our legal team and we’re happy to provide responses to each.
 
      1. As our Privacy Statements note, you have the right to opt-out of marketing-related messages from Webroot and our sharing of your personal information with affiliates, subsidiaries, and third parties for marketing purposes. If you’d like to opt out, please send an email request to unsubscribe@webroot.com or privacy@webroot.com, or send your request via mail using the following contact information:

[list]
• Privacy Team, Webroot Inc.
• 385 Interlocken Crescent, Suite 800
• Broomfield, CO 80021, USA.

Or, if you are located in the EEA:

• Privacy Team, Webroot International Limited
• Block A, Georges Quay Plaza, George’s Quay
• Dublin 2, Ireland

[/list] 
       2. Webroot takes its obligations to protect customer data very seriously. As a cybersecurity company, we have a number of layered defenses in place. Third-party vendors, especially those not in the cybersecurity business, may not have in place every security method that Webroot itself implements. However, Webroot takes steps to ensure that they keep personal information secure and confidential and only use it for the purpose it was provided. Additionally, any sharing of data is done consistently with our Privacy Statements and all applicable laws.
 
      3. The Website Privacy Statement details what information we collect, including: (i) information you provide to Webroot, (ii) technical information including cookies and IP Addresses, and (iii) information about you provided by third parties who had a right to provide Webroot with that information. You are free to opt out of the marketing related messages and our sharing of you PI with affiliates, subsidiaries, and third-parties for marketing purposes via the channels I outlined above.
 
Thanks again for your interest and sparking this conversation. Data privacy is very important to Webroot.
 

Thank you Drew for your reply, and all that you say is good as far as it goes.
 
That is, you seem to have partially answered my queries regarding the second and third extracts I refer to, namely:
"In some cases, we may choose to share your personal information with third parties who have not explicitly agreed to provide the same level of protection to your information as we do"
and
"We may also share your personal information with ... selected ... advertisers, marketers, and advertising and marketing networks that use the information to select and serve relevant ads to you and others on our site, on other sites, and in apps, as permitted under applicable law and in accordance with your communication preferences"
 
You have pointed out that we can opt out of "the marketing related messages" and your sharing of our personal information from our using your website with "affiliates, subsidiaries, and third-parties for marketing purposes". Which is basically a repetition of page 5 paragraph 6 of your Website Privacy Statement.
 
So, marketing affiliates, subsidiaries, and third parties: Yes; but what about advertising affiliates, subsidiaries, and third parties??
 
This is where my first extract from the Website Privacy Statement - What's New comes in. It says:
"Our WSA Statement omits (emphasis mine) language allowing you to opt out of disclosure of your personal information to third parties as part of a joint sales promotion or for other sales purposes"
 
So I have three questions:

1. Does this last statement still hold true (a quick perusal of your Policies seems by omission to confirm the above statement—see "Your Rights" on page 5 of both your Website Privacy Statement and of your WSA Privacy Statement)?
2. If the answer to my first question is yes, is it yes for both the Privacy Statements or only for one of them and if so which one?
3. Do you still have a copy of the Website Privacy Statement - What's New and if so can you make it available to us for our further perusal as this will greatly help discussions on this subject?

I would value direct Yes or No answers to these questions, and I believe they would best come from someone with authority in the Legal Department (this is what I asked for in my previous post) or, better, someone with Executive Authority.
 
Third parties that are linked to the security solutions you provide through the core product (BrightCloud & others) seem to me to be legitimate parties to provide our personal information to. However, to provide such information to advertisers and with no option for us to opt out seems to me to be unacceptable to put it mildly.
 
When I first moved to Prevx (the British Cloud security solution which Webroot acquired in 2010 and on which you then based your new security solution Webroot SecureAnywhere) in 2006, I was keenly aware of the trade-off between a high-quality Cloud security solution and the amount of personal information of mine that the company would have at their disposal because of the Cloud-based architecture. I hesitated. However I eventually decided that the trade-off was worth it and I was prepared to give them the benefit of the doubt until such time as I had reason to think otherwise. Over time, I felt that my trust was justified and that Prevx took that responsibility extremely seriously.
 
Is this the same with you? If you really do say that you share our personal information with advertisers and, to boot, that there is no way we cannot opt out of that (and at the moment I can find nothing in your Privacy Statements that says otherwise) then that most definitely puts my continuing loyalty to Webroot into question—and, for that matter, should for any customer who values their privacy. The fact that you have so much personal information of ours at your disposal places great responsibility on your shoulders. The answers you give to the above questions (and the person who gives those answers) will show me (and us) how seriously you take that responsibility.,

I do have a question about 1 part of the privacy policy as well.
 
The part where it says, "We may share your personal information with our affiliates and subsidiaries. Such sharing will be for our reasonable business purposes, consistent with the types of uses for which we use your personal information as described in this WSA Statement.", is that personal information we're giving you as in this website or "other sources" as Webroot put it in the privacy policy, or the stuff you just gather automatically from using WSA, or both?

@ wrote:
I do have a question about 1 part of the privacy policy as well.
 
The part where it says, "We may share your personal information with our affiliates and subsidiaries. Such sharing will be for our reasonable business purposes, consistent with the types of uses for which we use your personal information as described in this WSA Statement.", is that personal information we're giving you as in this website or "other sources" as Webroot put it in the privacy policy, or the stuff you just gather automatically from using WSA, or both?

That's a very good question since Webroot knows an awful lot about us. For example they inspect every page of every website that we access via their web extension browsers (assuming we use them).

We reviewed your questions with our legal team and we’re happy to provide responses to each.
 
First, to address @'s questions:
 

• We want to reiterate that you can opt out of marketing relating messages, and our sharing of your personal information with third parties for marketing purposes, which, to your point Muddy7, includes advertising purposes, we are not trying to hide the ball here. This is the case with your data regardless of whether we collected your information via your use of our website, our product, or if it was provided to us by a third party.
• Again, if you would like to opt out, please send an email request to unsubscribe@webroot.com or privacy@webroot.com, or send your request via mail using the following contact information:[list]
• US customers: Privacy Team, Webroot Inc., 385 Interlocken Crescent, Broomfield, CO 80021
• EEA customers: Privacy Team, Webroot International Limited, Block A, George’s Quay Plaza, George's Quay, Dublin 2, Ireland

Our What's New document is out-of-date, but our privacy policies are current and attempt to provide visibility into how we use, store, and transfer your personal information. To Muddy7's point in his post 1 month ago re-opening this thread, we hope you find these policies reasonable (we are glad this was the case for you, Muddy7).

Lastly, Anna and I are here to represent Webroot, and we have discussed these matters with the legal team. [/list]To address your questions @
 

• We have privacy statements to cover each of the scenarios you raised including when you: [list]
• Use our website or online services (found at: https://www.webroot.com/Website_Privacy_Statement);
• Interact with cookies placed on our website (found at: https://www.webroot.com/Cookies_Policy);
• Use our WSA products (found at: https://www.webroot.com/Webroot_SecureAnywhere_Privacy_Statement);
• Use our flowscape product (found at: https://www.webroot.com/download_file/1150/0); or
• Use our Webroot Security Awareness Training services (found at: https://www.webroot.com/download_file/1695).

So, depending on what service you are using, the applicable document discloses how we are gathering the information and for what purposes it will be used. If you use our WSA products and provide us information online, multiple privacy policies will apply, as we are collecting data from both sources. Please note that they are largely consistent across the board, and how your information was collected in no way affects your right to opt out of Webroot's sharing of your information with a third party for marketing/advertising purposes.[/list]Lastly, I want to again express that Webroot takes privacy and its obligation to protect our customers personal information very seriously. We hope that we have resolved your concerns.
 
 
 

I tried to opt out for sharing personal info to third partys via both email links you posted and I'm not getting a response, how long does it take before someone responds?
 
Edit...I was watching a video with Grayson Milbourne from Webroot at blackhat in 2016 where he made it seem that the way the data was collected automatically from WSA was anonymous (or by the time it got to the cloud it wasn't personally identifiable at least)  Is this the case? It was before the privacy policy was updated, however if it is, that'd be awesome, and also why wouldn't that be stated on the privacy policy like some other security venders do?

@
 
With respect, Drew, I can read. So yes, I can read that the Website Privacy Statement and the WSA Privacy Statement state that we can opt out of “marketing-related” messages and of your sharing our personal data with third parties for “marketing” and “advertising” purposes. So no, you don’t need to repeat to me yet again what is already in both the Website Privacy Statement and the WSA Privacy Statement.
 
It really does feel as if am being worn down by my having to repeat myself a hundred times over regarding the same issue. Once again, I point out to you that the document Website Privacy Statement - What's New that was released, back in January 2017, alongside the new Website Privacy Statement and the new WSA Privacy Statement, but is no longer visible to us, stated clearly and I quote:
 
"Our WSA Statement omits language allowing you to opt out of disclosure of your personal information to third parties as part of a joint sales promotion or for other sales purposes" (emphasis mine)

 
In conformity with what the above sentence says, the word “sales” is meticuluously excluded from both the new Website Privacy Statement and the new WSA Privacy Statement — it appears nowhere in those documents. It would seem that the Legal Department sees a distinction between "marketing/advertising purposes" on the one hand and "sales promotions" or "other sales purposes" on the other. What that distinction is, I don’t know (I am not a lawyer). I note however that you also, whether knowingly or unknowingly, have systematically avoided the word "sales" in every reassurance of yours in this thread about our opt-out possibilities.The most plausible explanation for all this would be that the above statement is wholly accurate.
 
I have asked you several times that this explanatory document (that is what it claimed to be) that was released alongside the new Website Privacy Statement and WSA Privacy Statement be made available to us in this thread so we can see its contents, but you have so far declined to do so.
 
My problem is simple: in short, you have not answered my three questions. They are:

1. Does the above statement — which says "Our WSA Statement omits language allowing you to opt out of disclosure of your personal information to third parties as part of a joint sales promotion or for other sales purposes" — from the document Website Privacy Statement - What's New still hold true?
2. If the answer to my first question is yes, is it yes for both the Privacy Statements or only for one of them and if so which one?
3. Do you still have a copy of the Website Privacy Statement - What's New and if so can you make it available to us for our further perusal as this will greatly help discussions on this subject?

I asked for a direct Yes or No answer to each of these questions. You have not given me that. I also asked that this come directly from someone in authority in the legal department or someone with executive authority as this would give greater clarity and weight to what is said. I do not have that either.
 
If the answer to my question no. 1 above is 'No', then the simplest way to clear this up would be to categorically state on this thread, and in your Privacy Statements, something like this: the opt-out provision for your use of our personal information, and for the disclosure of that data to third parties, includes opting out from your sharing and using them for joint sales promotions and/or other sales purposes.
 
I am aware that I have taken some time to reply to your post (as I said, I feel as if I am being worn down!). Nevertheless, it looks as if you waited a whole month until two others, @ and @, added to my concerns, before deciding to reply to my post.
 
Just my personal opinion, but I do not feel we are getting clear answers to clear questions. I have been asking these questions on this thread for over a year now, and I still do not know the answers*. I find that disturbing.
 
 
 *Nor, for that matter, am I at all clear as to the answer to @’ question.