This policy was last updated in June of 2021.
We, at Varonis Systems, Inc. and our subsidiaries (“we” or “Varonis”), respect the privacy of our employees, job seekers, contractors and services provider, who provide us Personal Information (as defined below) within the natural framework of our engagement. We are committed to respect your privacy, and we recognize the need for appropriate protections and management of Personal Information that you provide to us.
What information do we collect?
We collect both electronic and manual information (including personally identifiable information, hereinafter “Personal Information”) that is provided to us during the recruitment process and the engagement period. Personal Information does not include anonymous or non-Personal Information (i.e., information that cannot be associated with or tracked back to a specific individual). Most of the information is provided to us directly and knowingly by you.
The legal basis for processing your personal data Is the company's legitimate Interest, as the processing of the data Is Intended to carry out acts directly linked to the performance of employment/services agreement, compliance with legal obligations which Varonis Is subject to and the smooth and effective operation of the company.
We collect and maintain different types of Personal Information for those individuals who seek to be, are or were engaged/employed by us, including the Personal Information contained in resumes and/or applications submitted to us during the recruitment process, references and interview notes, background checks (in some countries we may collect criminal background checks and credit reports), offer letters/agreements of employment/engagement, payroll, wage and benefit information, forms relating to the application for, or in respect of changes to, employee health and welfare benefits (where applicable); including, short and long term disability, medical and dental care; beneficiary and emergency contact information; and photographs and video.
In addition to the examples listed above, Personal Information also includes information such as name, home address, telephone, personal email address, date of birth, employee identification number and marital status, and any other information necessary for our business purposes, which is voluntarily disclosed in the course of an employee’s/contractor’s application for and employment/engagement with Varonis.
We also collect and record certain footage information through our CCTV surveillance system, in order to improve the safety and security of Varonis’ assets, facilities and personnel. CCTV footage will only be viewed by authorized Varonis personnel or by competent authorities, as may be required by law.
Please also refer to our Email and IT Technologies Policy and Physical Security Policy for further information.
How we use the information we collect?
We use the Personal Information for legitimate business purposes only, such as: human resources management, verification of references and qualifications, assessments regarding eligibility, performance/termination of the engagement/employment, administration of payroll services and other benefits, compiling directories, establishing contact persons in the case of emergency, processing work-related claims (e.g. compensation), conducting training/performance reviews/plans, assessment of potential transactions, protecting Varonis’ rights and property and complying with applicable procedures, laws and regulations. We use the Personal Information only to the extent required and while maintaining your right to privacy.
Please note that we collect from you certain information (such as your contact information, your health and welfare conditions) in order to comply with applicable labor and employment laws and regulations; failure to provide such information may result in our inability to employ or engage with you.
Varonis generally collects Personal Information directly from you, the employee or contractor. From time to time, Varonis may receive Personal Information about you collected from third parties we do business with in the course of our business interactions (e.g. background check agencies). In those circumstances, Varonis will take reasonable steps to ensure that those third parties have represented to us that they have the right to disclose your Personal Information to us.
We may use your Personal Information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.
Do we disclose any information to outside parties?
Varonis is currently in the process of transferring its information on to Microsoft Azure cloud servers, located in Ireland. Microsoft applies at least the industry standard security measures, is certified by security international standards, and represented to us that it has adopted adequate safeguard protections as required under applicable laws.
We also transfer and share Personal Information with our respective service providers, such as healthcare vendors, insurance providers and payment processors, and government tax and social security authorities, solely to the extent necessary to fulfill the purposes stated herein or as required under applicable laws and regulations.
Since we operate globally, it may be necessary to transfer, store and process Personal Information in the United States or any other country in which we or our affiliates, subsidiaries or service providers maintain facilities. The data protection and other laws of these countries may not be as comprehensive as those in the European Union. In these instances, we will take steps to ensure that a comparable level of protection is given to Personal Information.
We do not sell, trade or otherwise transfer your Personal Information to outside parties. This does not include trusted third parties who assist us in operating our engagement for the purposes listed above (such as payroll companies, insurers etc.) as long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our policies or protect ours or others’ rights, property or safety. However, non-personally identifiableinformation may be provided to other parties for research and analysis (mainly for the development of Varonis products) or other uses.
How long do we retain the information we collect?
Unless you instruct us otherwise for justified reasons, we retain the information we collect for as long as we believe is needed to operate our business, to fulfill the purposes listed in this Policy and to comply with our legal obligations, resolve disputes and enforce our agreements and policies. We may, instead of destroying or erasing your Personal Information, make it anonymous such that it cannot be associated with or tracked back to you.
In Varonis offices where CCTV cameras are installed, the footage of such cameras is retained for six months (unless a specific need arises).
Security of Personal Information
We are committed to making reasonable efforts, in accordance with market best practices, to ensure the security, confidentially and integrity of the Personal Information you choose to provide us and to protect your Personal Information from loss and unauthorized access, copying, use, modification or disclosure. Access to the Personal Information is based on the ‘need to know’ concept together with role-based access control systems, ensuring only authorized access to the Personal Information. To protect the privacy of any Personal Information you may have provided, we are using data hosts who implement market best practice security measures. Although we take steps to safeguard such information, we cannot be responsible for the acts of those who gain unauthorized access by using your credentials, and we make no warranty, express, implied or otherwise, that we will prevent such access. If a password is used to help protect your accounts and Personal Information, it is your responsibility to keep your password confidential.
We also strive to keep your Personal Information accurate (although it is your responsibility to update us on any change in your Personal Information maintained by Varonis). We have implemented technology, management processes and policies to maintain data integrity. We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
What are your rights?
- You have the right to access your Personal Information and amend or correct inaccuracies in Personal Information related to you, by contacting your Human Resources representative. This right of accessentitles you to request copies of Personal Information relating to you and information regarding the processing of Personal Information and third parties to whom data may be disclosed. To protect your privacy and security, we will take steps to verify your identity before granting access or making changes to your data. In some circumstances, we may not agree with your request to amend your Personal Information and will instead append an alternative text to the record in question.
- You may contact us and request that we will restrict or cease any further use of your Personal Information or delete your Personal Information (for example, you may ask that we stop using or sharing your Personal Information with third parties). Requests to restrict use of or delete Personal Information are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations.
- In certain cases, you may also have the right to request that your Personal Information is transferred to another entity. Please note that this only applies to Personal Information that was automatically processed (not including paper files) and is subject to certain conditions.
Please feel free to reach out to us at the contact details provided below. If you are unsatisfied with our response, you can reach out to the applicable data protection authority as detailed below.
If you are unsatisfied with our response, you can reach out to the applicable data protection authority to Varonis for GDPR purposes: the Data Protection Commissioner in Ireland: Postal Address: Canal House, Station Road, Portarlington R32 AP23 Co. Laois.