Privacy Policy

1. INTRODUCTION

Please read this Privacy Policy carefully as it describes collection, use, disclosure, retention, and protection of personal data by the Gate Software group of companies (brand names “ALLOut Security” and “ALLOut TRACE”). We take care to ensure compliance with data protection standards (including GDPR) and respect for the privacy of individuals.

“Personal data” is here defined as information concerning any living natural person (a “Data Subject”) that is not already in the public domain. For example, this might include an individual’s name, email address, or phone number.

Gate Software is an international group of companies providing a market-leading security, audit, and compliance toolset, for JD Edwards and beyond (see Trace for IBM i and Oracle database).

This Privacy Policy applies to all products and services offered by:

Gate Software, Ltd (a company incorporated in England with registration number 05286432 and registered office of Office 2a Innovation House, Molly Millars Close, Wokingham, Berkshire, RG41 2RX); and
Gate Software, Inc (a company incorporated in Colorado, United States with registration number 20091132278 and registered office address of Suite 1500, 8400 E. Prentice Ave, Greenwood Village, CO 80111).

Please contact our Data Protection Officer Merry Phillips at complianceofficer@alloutsecurity.com if you have any issues.

Please also see our Cookie Policy, available on our website: https://alloutsecurity.com/.

2. WHAT PERSONAL DATA DO WE PROCESS?

The nature of our business is the development and sale of software to organisations (i.e. B2B). As part of this, we hold personal data relating to employees and contractors of clients, prospects and certain other organisations.

We collect and process your data when you:

Provide information by email, telephone, or other means of communication (e.g. at an event or connecting on LinkedIn).
Use or view our website via your browser’s cookies and the log-in information you provide (see our Cookie Policy, available on our website: https://alloutsecurity.com/)

For each data subject, we hold some or all of the following data:

Name
Business email
Business phone
Personal website/LinkedIn (webpage link).
Any information specifically provided by the data subject by email

We do not collect any sensitive data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

This website, and any services available from this website, are not directed to children under the age of 18. By providing us with your data, you warrant to us that you are over 18 years of age. If you learn that a child under the age of 18 has provided us with their Personal data, please contact our Data Protection Officer immediately at merry.phillips@alloutsecurity.com.

3. HOW DO WE PROCESS YOUR PERSONAL DATA?

We will only use your personal data when legally permitted and when we believe you would wish us to do so.

The most common uses of your personal data are:

Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. For example to:
To execute a contract between us and your organisation.
To register your organisation as a customer.
To deliver material and products.
To manage and collect payment.
To offer and provide educational material and webinars.
To manage our relationship with your organisation which will include notifying you about changes to our Terms and Conditions or Privacy Policy.
Where we need to comply with a legal or regulatory obligation.
Where we need to manage and protect our systems (e.g. website and databases) and your data within them – including troubleshooting, maintaining, supporting, testing, analysis, reporting and hosting.

3.1. Marketing and Offers of Educational Material

You will receive communications from us offering educational material, our educational webinar program, our products and services, and communications relevant to our industry if you have:

Purchased goods or services from us.
Requested material from us (including attending webinars, recorded or otherwise) and provided us with your details and ticked the box at the point of entry of your details in order for us to send you that promotional or educational material.
Connected to us, directly or through third parties, in order to receive information from us.

In each case, you have provided us with your details in order to maintain a relationship with us and have not opted out of receiving offers of promotional and educational material.

You can opt out at any time by contacting complianceofficer@alloutsecurity.com (just a quick email saying ‘NO’ will do). We will remove your data from our system as soon as possible (and within five business days) and will not contact you further.

4. WHAT IS THE LEGAL BASIS FOR PROCESSING PERSONAL DATA?

The legal basis for our data processing is legitimate interest. This meets the requirements of GDPR, CCPA and other legal standards.

For example, GDPR Article 6(1)(f): “Processing shall be lawful only if and to the extent that at least one of the following applies… processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

In the case where Gate has a software licensing/services contract with your employer, the legitimate interest is to fulfil that contract.

To do this, Gate must be able to communicate with clients’ employees (for example, to enable their access to Gate’s software and to arrange invoicing). This requires Gate to store information in the limited categories listed above.
The legitimate interest is not overridden by the interests, rights, and freedoms of data subjects. The information processed is the minimum required to fulfil the purpose in question. We think you would reasonably expect your data to be stored and to be contacted in this way and for this purpose.

In other cases, the legitimate interest is to promote the software and services offered by Gate and/or to market those products to existing and potential clients (see GDPR Recital 47).

To do this, Gate must be able to reach organisations (and occasionally sole traders) with whom it might do business or collaborate. This requires Gate to store information in the limited categories listed above.
The legitimate interest is not overridden by the interests, rights, and freedoms of data subjects. The information processed is the minimum required to fulfil the purpose in question. All data is collected in the course of business networking, and we think you would not be surprised or likely to object.

5. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

At any point whilst Gate Software is in possession of or processing your personal data, all Data Subjects have the following rights:

Request access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
Request restriction of processing your personal data.
Request transfer of your personal data.
Right to withdraw consent.

If you wish to exercise any of the rights set out above, please email our Data Protection Officer at complianceofficer@alloutsecurity.com.

You will not have to pay a fee to access your personal data (or to exercise any other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made multiple requests. In this case, we will notify you and keep you updated.

6. HOW DO WE SECURE YOUR INFORMATION?

We recognise our obligation to protect data to ensure appropriate security, integrity, and confidentiality. For example, Article 25 GDPR refers to “data protection by design and by default,” including implementing “appropriate technical and organizational measures” to protect data. We have put in place security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.

All personal data is held on CRM Salesforce, which maintains strong safeguards to prevent unauthorised access to or disclosure of data. Multi-factor authentication must be used for added security.

Our Salesforce data may be accessed only by authorised individuals who are employees or contractors from Gate companies, who are subject to a duty of confidentiality. Only individuals with a clear need to access the data can do so. This currently amounts to 15 individuals, including in Europe, the UK and the USA. Disclosure within the Gate group is necessary for the purposes of contract fulfilment and marketing; the Gate companies collaborate extensively; all adhere to the same strict protections.

All team members receive comprehensive training (with regular reviews) on our data protection obligations, for example storing only data that is strictly necessary and ensuring it is kept up-to-date and accurate, and deleted if appropriate.

Like all organisations, we cannot guarantee that data will be immune from malicious attack or compromise. We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where your data is at risk.

7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will only keep your personal data for as long as is necessary to fulfil the purposes for which we collected it. We may retain your data to satisfy any legal, accounting, or reporting requirements, so for example we need to keep certain information about you for 6 years after your organisation ceases to be a client for tax purposes.

We may anonymize your personal data (so that you can no longer be identified from such data) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

8. HOW CAN YOU WITHDRAW CONSENT?

You have the right to withdraw consent for our processing of your personal data at any time, by emailing complianceofficer@alloutsecurity.com (just a quick email saying ‘NO’ will do). We will remove your data from our system as soon as possible (and within five business days) and will not contact you further.

You also have the right to stop us from sending you marketing communications only. You can do this by selecting your contact preferences at the point where you provide us with your information on our website, applications or services, using any preference centers we give you access to, or by sending an email to complianceofficer@alloutsecurity.com.

9. WHEN DO WE DISCLOSE DATA TO THIRD PARTIES?

We will only share your information with third parties, which are either related to or associated with the running of our business, and where it is necessary for us to do so. These third parties include:

Our accountants & advisors, Gate Software companies and affiliates.
Third party database hosters and service providers who help us manage our data, website and databases.
Third party business partners, where you have explicitly indicated a wish to receive products and/or services from them.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

We do not otherwise share your information with any other external organization without your consent unless required to do so by law, for safeguarding purposes or to protect against harm to the rights, property or safety of Gate Software, its users or the public, as required or permitted by law.

Gate Software has no intention of sharing your personal data with any third party for marketing purposes. We undertake to request your express opt-in consent should we wish to do this in the future.

10. WHAT ABOUT TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA?

Personal data in the European Union is protected by data protection laws but other countries do not necessarily protect your personal information in the same way.

Our website and some databases or parts of them may also be hosted by providers in the United States or otherwise outside of the EEA (which means all the EU countries plus Norway, Iceland and Liechtenstein), and this means that we may transfer any information which has been submitted by you through the website or via any other means outside of the EEA to the United States or to other territories outside of the EEA. When you send an email to us, this will also be stored on our email servers which may be hosted in the United States.

Our service providers who help us provide our website, applications, software, marketing, and other services may also be located in the United States or otherwise outside of the EEA and this means that we may transfer any information which has been submitted by you through the website or via any other means outside of the EEA to the United States or to other territories outside of the EEA.

We take steps to ensure that where your information is transferred outside of the EEA by our service providers and hosting providers, appropriate measures and controls are in place to protect that information in accordance with applicable data protection laws and regulations. For example, we may share information with affiliates based outside the EEA for the purposes envisaged by this Privacy Policy.

All Gate Software companies are subject to data protection policies designed to protect data in accordance with EU data protection laws. In each case, such transfers are made in accordance with the requirements of GDPR and may be based on the use of the European Commission’s Standard Model Clauses for transfers of personal data outside the EEA.

By using our website, products, or services or by interacting with us in the ways described in this Privacy Policy, you consent to the transfer of your information outside the EEA in the circumstances set out in this Privacy Policy. If you do not want your information to be transferred outside the EEA you should not use our website, applications, or services.

11. WHAT IS THE PROCEDURE FOR COMPLAINTS?

We are committed to protecting your personal data – but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to Gate Software’s Data Protection Officer by sending us an email to complianceofficer@alloutsecurity.com.

You also have the right to lodge a complaint with the supervisory authority in the country where you live, where you work, or where the alleged infringement took place.

12. CHANGES TO OUR PRIVACY POLICY

We may update our Privacy Policy from time to time, but we will not reduce your rights. Please check for updates when you visit our website, https://alloutsecurity.com/.

Privacy Policy last updated 18 May 2024

1. INTRODUCTION

Gate Software is an international group of companies providing a market-leading security, audit, and compliance toolset, for JD Edwards and beyond (see Trace for IBM i and Oracle database).

This Privacy Policy applies to all products and services offered by:

Gate Software, Ltd (a company incorporated in England with registration number 05286432 and registered office of Office 2a Innovation House, Molly Millars Close, Wokingham, Berkshire, RG41 2RX); and
Gate Software, Inc (a company incorporated in Colorado, United States with registration number 20091132278 and registered office address of Suite 1500, 8400 E. Prentice Ave, Greenwood Village, CO 80111).

Please contact our Data Protection Officer Merry Phillips at complianceofficer@alloutsecurity.com if you have any issues.

Please also see our Cookie Policy, available on our website: https://alloutsecurity.com/.

2. WHAT PERSONAL DATA DO WE PROCESS?

We collect and process your data when you:

Provide information by email, telephone, or other means of communication (e.g. at an event or connecting on LinkedIn).
Use or view our website via your browser’s cookies and the log-in information you provide (see our Cookie Policy, available on our website: https://alloutsecurity.com/)

For each data subject, we hold some or all of the following data:

Name
Business email
Business phone
Personal website/LinkedIn (webpage link).
Any information specifically provided by the data subject by email

3. HOW DO WE PROCESS YOUR PERSONAL DATA?

We will only use your personal data when legally permitted and when we believe you would wish us to do so.

The most common uses of your personal data are:

Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. For example to:
To execute a contract between us and your organisation.
To register your organisation as a customer.
To deliver material and products.
To manage and collect payment.
To offer and provide educational material and webinars.
To manage our relationship with your organisation which will include notifying you about changes to our Terms and Conditions or Privacy Policy.
Where we need to comply with a legal or regulatory obligation.
Where we need to manage and protect our systems (e.g. website and databases) and your data within them – including troubleshooting, maintaining, supporting, testing, analysis, reporting and hosting.

3.1. Marketing and Offers of Educational Material

You will receive communications from us offering educational material, our educational webinar program, our products and services, and communications relevant to our industry if you have:

Purchased goods or services from us.
Requested material from us (including attending webinars, recorded or otherwise) and provided us with your details and ticked the box at the point of entry of your details in order for us to send you that promotional or educational material.
Connected to us, directly or through third parties, in order to receive information from us.

In each case, you have provided us with your details in order to maintain a relationship with us and have not opted out of receiving offers of promotional and educational material.

4. WHAT IS THE LEGAL BASIS FOR PROCESSING PERSONAL DATA?

The legal basis for our data processing is legitimate interest. This meets the requirements of GDPR, CCPA and other legal standards.

In the case where Gate has a software licensing/services contract with your employer, the legitimate interest is to fulfil that contract.

To do this, Gate must be able to communicate with clients’ employees (for example, to enable their access to Gate’s software and to arrange invoicing). This requires Gate to store information in the limited categories listed above.
The legitimate interest is not overridden by the interests, rights, and freedoms of data subjects. The information processed is the minimum required to fulfil the purpose in question. We think you would reasonably expect your data to be stored and to be contacted in this way and for this purpose.

In other cases, the legitimate interest is to promote the software and services offered by Gate and/or to market those products to existing and potential clients (see GDPR Recital 47).

To do this, Gate must be able to reach organisations (and occasionally sole traders) with whom it might do business or collaborate. This requires Gate to store information in the limited categories listed above.
The legitimate interest is not overridden by the interests, rights, and freedoms of data subjects. The information processed is the minimum required to fulfil the purpose in question. All data is collected in the course of business networking, and we think you would not be surprised or likely to object.

5. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

At any point whilst Gate Software is in possession of or processing your personal data, all Data Subjects have the following rights:

Request access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
Request restriction of processing your personal data.
Request transfer of your personal data.
Right to withdraw consent.

If you wish to exercise any of the rights set out above, please email our Data Protection Officer at complianceofficer@alloutsecurity.com.

6. HOW DO WE SECURE YOUR INFORMATION?

All personal data is held on CRM Salesforce, which maintains strong safeguards to prevent unauthorised access to or disclosure of data. Multi-factor authentication must be used for added security.

7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

8. HOW CAN YOU WITHDRAW CONSENT?

9. WHEN DO WE DISCLOSE DATA TO THIRD PARTIES?

Our accountants & advisors, Gate Software companies and affiliates.
Third party database hosters and service providers who help us manage our data, website and databases.
Third party business partners, where you have explicitly indicated a wish to receive products and/or services from them.

Gate Software has no intention of sharing your personal data with any third party for marketing purposes. We undertake to request your express opt-in consent should we wish to do this in the future.

10. WHAT ABOUT TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA?

Personal data in the European Union is protected by data protection laws but other countries do not necessarily protect your personal information in the same way.

11. WHAT IS THE PROCEDURE FOR COMPLAINTS?

You also have the right to lodge a complaint with the supervisory authority in the country where you live, where you work, or where the alleged infringement took place.

12. CHANGES TO OUR PRIVACY POLICY

We may update our Privacy Policy from time to time, but we will not reduce your rights. Please check for updates when you visit our website, https://alloutsecurity.com/.

Privacy Policy last updated 18 May 2024

Discover our industry leading expertise

Industry Insights

Here’s the problem with most Security Audit Reports…
July 1, 2021
How does The Board and your top management assess the value of Security Audit reports to support their risk assurance? What do you have to report on and what should you give them?

JD Edwards Security made Simple with ALLOut
July 17, 2019
Save time and reduce risk with streamlined processes for security and user defined objects. We review some of the more problematic security time consumers...
Watch On-Demand

Upcoming live events

No upcoming webinars found

Empower your security team

Save time, enhance risk visibility and be audit-ready with ALLOut Security for JD Edwards.

Request a Demo

Cookie name	Default expiration time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_ga_<container-id>	2 years	Used to persist session state.
_gac_gb_<container-id>	90 days	Contains campaign related information. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.

visitor_id<accountid>	The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.
pi_opt_in<accountid>	If Tracking Opt-in preferences is enabled, the pi_opt_in cookie is set with a `true` or `false` value when the visitor opts in or out of tracking. If a visitor opts in, the value is set to `true`, and the visitor is cookied and tracked. If the visitor opts out or ignores the opt-in banner, the opt-in cookie value is set to `false`. The visitor cookie is disabled, and the visitor is not tracked.
visitor_id<accountid>-hash	The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information.
lpv<accountid>	This LPV cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.
pardot	A session cookie named pardot is set in your browser while you’re logged in to Pardot as a user or when a visitor accesses a form, landing page, or page with Pardot tracking code. The cookie denotes an active session and isn’t used for tracking.

Cookie name	Default expiration time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_ga_<container-id>	2 years	Used to persist session state.
_gac_gb_<container-id>	90 days	Contains campaign related information. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.

visitor_id<accountid>	The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.
pi_opt_in<accountid>	If Tracking Opt-in preferences is enabled, the pi_opt_in cookie is set with a `true` or `false` value when the visitor opts in or out of tracking. If a visitor opts in, the value is set to `true`, and the visitor is cookied and tracked. If the visitor opts out or ignores the opt-in banner, the opt-in cookie value is set to `false`. The visitor cookie is disabled, and the visitor is not tracked.
visitor_id<accountid>-hash	The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information.
lpv<accountid>	This LPV cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.
pardot	A session cookie named pardot is set in your browser while you’re logged in to Pardot as a user or when a visitor accesses a form, landing page, or page with Pardot tracking code. The cookie denotes an active session and isn’t used for tracking.

Privacy Policy

1. INTRODUCTION

2. WHAT PERSONAL DATA DO WE PROCESS?

3. HOW DO WE PROCESS YOUR PERSONAL DATA?

3.1. Marketing and Offers of Educational Material

4. WHAT IS THE LEGAL BASIS FOR PROCESSING PERSONAL DATA?

5. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

6. HOW DO WE SECURE YOUR INFORMATION?

7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

8. HOW CAN YOU WITHDRAW CONSENT?

9. WHEN DO WE DISCLOSE DATA TO THIRD PARTIES?

10. WHAT ABOUT TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA?

11. WHAT IS THE PROCEDURE FOR COMPLAINTS?

12. CHANGES TO OUR PRIVACY POLICY

1. INTRODUCTION

2. WHAT PERSONAL DATA DO WE PROCESS?

3. HOW DO WE PROCESS YOUR PERSONAL DATA?

3.1. Marketing and Offers of Educational Material

4. WHAT IS THE LEGAL BASIS FOR PROCESSING PERSONAL DATA?

5. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

6. HOW DO WE SECURE YOUR INFORMATION?

7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

8. HOW CAN YOU WITHDRAW CONSENT?

9. WHEN DO WE DISCLOSE DATA TO THIRD PARTIES?

10. WHAT ABOUT TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA?

11. WHAT IS THE PROCEDURE FOR COMPLAINTS?

12. CHANGES TO OUR PRIVACY POLICY

Discover our industry leading expertise

Industry Insights

Here’s the problem with most Security Audit Reports…

On-demand webinars

JD Edwards Security made Simple with ALLOut

Upcoming live events

Empower your security team