This policy was last updated in June of 2022.
What information do we collect?
When ordering or registering on our site (including when you subscribe to our newsletter, register for an event, respond to a survey or fill out a form) or when we receive the business contact information from various marketing events we organize or participate in, we may collect individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Information”), such as your name, address, telephone number, email address, IP address, user IDs and passwords and contact preferences. Personal Information collected online may be supplemented with information you provide to us through other services and sources such as trade shows or seminars, as well as other data collection methods.
We may record some of the marketing and sales calls with our leads, but this will be only for internal training and quality control purposes. In jurisdictions where a consent of both parties is required to record, we will either acquire the required consent before recording or refrain from recording the other party.
How we use the information we collect?
We use the Personal Information for legitimate business purposes only, such as:
- Offering products or services – Your Personal Information will NOT be sold, exchanged, transferred or given to any company outside the Varonis Group or our trusted third party service providers for any reason whatsoever, without your consent, other than for the express purpose of offering products or services or delivering the purchased product or service requested, and as otherwise explicitly set forth herein.
- Communication – We may communicate (via mail, email or phone call) periodic informational or promotional content. However, you can always unsubscribe or choose not to receive promotional information from us by following the specific instructions in the email you receive or by notifying us via the appropriate method below. It may take a reasonable period of time to process your request, no longer than 30 days for direct mail and telephone promotions and 10 business days for email promotions. This will not apply to the receipt of mandatory service communications that are considered part of certain Varonis’ services, which you may receive periodically unless you cancel the service.
- Provision of service – Your information helps us to respond more effectively to your customer service requests and support needs.
- Improvement of our services and website – We continually strive to improve our site offerings based on the information and feedback we receive from you.
- To perform research, technical diagnostics and analytics with regard to the website.
- We may disclose Personal Information, or any information you submitted via our software products if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies, including investigations of potential violations thereof; (iii) investigate, detect, prevent or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.
We use the Personal Information only to the extent required and while maintaining your right to privacy.
We strive to keep your Personal Information accurate. We have implemented technology, management processes and policies to maintain data integrity. We will provide you with access to your information when reasonable, or in accordance with relevant laws, including making reasonable efforts to provide you with online access and the opportunity to change your information. To protect your privacy and security, we will take steps to verify your identity before granting access or making changes to your data. Requests to delete Personal Information are subject to any applicable legal and ethical reporting or document retention obligations. To access and/or correct information, you can do so online or notify us via the appropriate method below.
What are the Conditions for Processing of Personal Information?
We will process your Personal Information for a variety of reasons, each of which is prescribed by relevant data protection laws.
- Performance of a contract, compliance with a legal obligation: It is necessary for us to process your Personal Information where it is necessary for the performance of a contract (such as for our agreement) or in order for us to comply with our various legal and/or regulatory responsibilities.
- Legitimate interests: We also process your Personal Information where we deem such processing to be in our (or a third party’s) legitimate interests and provided always that such processing will not prejudice your interests, rights and freedoms. Examples of us processing in accordance with legitimate interests would include: (i) where we disclose your Personal Information to any one or more of our associate/subsidiary companies following a restructure or for internal administrative purposes; (ii) processing for the purposes of ensuring network and information security, including preventing unauthorized access to our electronic communications network; (iii) sharing personal information with our advisers and professional services providers (such as auditors).
- Consent: Our processing of your Personal Information will primarily be necessary for us to provide you with the services. However, on certain occasions we may ask for your consent to processing Personal Information. In these instances your Personal Information will be processed in accordance with such consent and you will be able to withdraw this consent in writing at any time.
With whom we share the information we collect?
Since we operate globally, it may be necessary to transfer, store and process Personal Information in the United States or any other country in which we or our affiliates, subsidiaries or service providers maintain facilities. The data protection and other laws of these countries may not be as comprehensive as those in the European Union − in these instances we will take steps, as required by applicable law, to ensure that a similar level of protection is given to Personal Information. You hereby consent to the transfer of your Personal Information to countries outside the European Union.
We do not sell, trade or otherwise transfer Personal Information to outside parties (except to the third parties with whom we have contracted to provide services to us, as detailed in the section below).
Below you can find the links to the privacy policies of the third parties we currently use on our site. This list is reviewed and updated periodically.
In most cases, we will not receive the information these third parties collect but only receive the analysis or results that we requested, and the sole holders of the collected information are the third parties.
Also, we may disclose your information when we believe disclosure is required to comply with the law, enforce our policies or protect ours or others’ rights, property or safety. Non-personally identifiable visitor information may be also provided to third parties for marketing, advertising or other uses, as described herein.
Cookies and tracking technologies
* Cookies are small data files transferred to your computer’s hard drive by a website. They keep a record of your preferences making your subsequent visits to the site more efficient. Cookies may store a variety of information, including the number of times that you access a site, registration information and the number of times that you view a particular page or other item on the site. Most browsers are designed to accept cookies but they can be easily modified to block cookies. See your browser’s help files for details on how to block cookies, how to know when you have received cookies and how to disable cookies completely.
Below are some links to some commonly used web browsers. Information about cookies is usually found in the “Help” section of the web browser.
- Google Chrome
- Internet Explorer
- Mozilla Firefox
- Safari (Desktop)
- Safari (Mobile)
- Android Browser
- Opera Mobile
For other browsers, please consult the documentation that your browser manufacturer provides.
Mobile Devices – You can-opt out of certain types of interest-based advertising (or “cross-app” advertising), by accessing the “settings” on your device:
- If you’re using an Apple device you can configure your device to limit ad tracking to by clicking on “settings” > “privacy” > “advertising” and toggling “limit ad tracking” to ‘on.’
- If you’re using an Android device you can opt out of most app-based tracking for advertising by opening the “Google Settings” app on your device, selecting “Ads”, and then selecting the option to opt-out of interest-based ads.
Please note that the above information may change when these manufacturers updates their systems. Also note, that your device may use another platform, not described above. In that case, please consult the manufacturer documentation for further instructions.
You can also turn off certain third party targeting and advertising cookies by visiting the following link: Network Advertising Initiative
Sharing registration information to co-organizers
If you fill a registration form to participate in an event organized by Varonis together with other exhibitors and/or sponsors (“Co-Organizers”), Varonis shall share the information you provided in the registration form with its Co-Organizers. At this point, you will be subject to the Co-Organizers’ communications and privacy practices. If you wish to opt-out or exercise any appliable privacy rights you may have regarding these Co-Organizers communications, you must exercise those rights directly with those Co-Organizers.
How long do we retain the information we collect?
At any time, you may request to view, change and update your Personal Information by emailing us at firstname.lastname@example.org. You can also request that we will cease processing, correct errors or that we will erase Personal Information by emailing us at email@example.com.
We retain the information we collect for as long as needed to provide our services, (including marketing and communications, as described herein) and to comply with our legal obligations, resolve disputes and enforce our agreements (including exercising any of our rights under our agreements, such as audit and record-keeping). All other Personal Information is periodically deleted.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
How do we safeguard and transfer your information?
We are committed to use reasonable efforts, in accordance with market best practices and legal requirements, to ensure the security, confidentially and integrity of the Personal Information you choose to provide us. Access to the Personal Information is based on the need to know’ concept together with role based access control systems, ensuring only authorized access to the Personal Information. To protect the privacy of any Personal Information you may have provided, we are using data hosts who implement market best practice security measures. Although we take steps to safeguard such information, we cannot be responsible for the acts of those who gain unauthorized access, and we make no warranty, express, implied or otherwise, that we will prevent such access. If a password is used to help protect your accounts and Personal Information, it is your responsibility to keep your password confidential.
What are your rights?
You may contact our Data Privacy Officer at firstname.lastname@example.org any time and request:
- To access, receive or transmit a portable copy, delete, change or update any personal data relating to you (for example, if you believe that your Personal Information is incorrect, you may ask to have it corrected);
- That we will cease any further use of your Personal Information (for example, you may ask that we stop using or sharing your Personal Information with third parties), including to stop direct marketing.
If you wish to raise a complaint on how we have handled your Personal Information, you can contact us as set forth below. In addition, you have the right to lodge a complaint with your supervisory authority.
Our site, products and services are all directed to people who are above the age of majority (as determined by the applicable law in your jurisdiction of residency; "Age of Majority"). In the event that we become aware that a user under the Age of Majority has shared any Personal Information, we will discard such information. If you have any reason to believe that a minor has shared any Personal Information with us, please contact us at email@example.com.
If you are unsatisfied with our response, you can reach out to the applicable data protection authority for Varonis for GDPR purposes: the Data Protection Commissioner in Ireland: Telephone: +353 (0)761 104 800; E-mail: firstname.lastname@example.org; Postal Address: Canal House, Station Road, Portarlington R32 AP23 Co. Laois
Privacy Notice for California and Virginia Residents
This part of the Policy addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199);the California Consumer Privacy Act Regulations enacted thereunder (collectively, “CCPA“); the California Privacy Rights and Enforcement Act of 2020 ("CPRA") and the Virginia Consumers Data Protection Act of 2021 ("VCDPA"), (collectively: "Applicable Law")
Most of the statements, rights and obligations under this part are common to both California and Virginia residents, and apply to you only to the extent determined in the applicable law according to your residency.
Categories of Personal Information We Process
In the 12 preceding months, we have collected and disclosed the following categories of Personal Information:
Category of Personal Information Collected
Personal Information Collected
Categories of service providers to whom Personal Information was disclosed
Email address, device identifiers (User IDs, IP)
B. Personal Information Categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e))
Address, telephone number
C. Commercial information
Feedback of clients, leads and/or end users
D. Internet or Other Electronic Network Activity Information
Usernames, information regarding the user’s interaction with the website.
In addition, in the past 12 months, we have collected the following categories of Sensitive Personal Information (as this term is defined under the CPRA):
Category of Personal Information Collected
Personal Information Collected
Categories of service providers to whom Personal Information was disclosed
A. Nonpublic communications
Email conversations, marketing and sales calls recordings
We do not sell (as this term is defined under Applicable Law) any Personal Information.
We do not share (as this term is defined under the CPRA) any Personal Information for behavioral advertising purposes.
We may share or transfer Personal Information to third parties as assets that are part of a merger, acquisition, bankruptcy or other transaction in which the third party assumes control of all or part of the Company. Such transfer will be handled according to the requirement of Applicable Law, and shall not be regarded as a sale of Personal Information under Applicable Law.
Sources of Personal Information
In the 12 preceding months, we have collected the above-mentioned categories of Personal Information from the following categories of sources:
- Website users directly.
Purposes for collection of Personal Information
Our purposes for collecting Personal Information can be found above, under the section “How we use the information we collect”.
User Rights under the Applicable Law
Applicable Law provides consumers with specific rights regarding their Personal Information.
Access to Personal Information
You may request, up to two times each year, that we disclose to you the categories and specific pieces of Personal Information that we have collected about you, the categories of sources from which your Personal Information is collected, the business or commercial purpose for collecting your Personal Information, the categories of Personal Information that we disclosed for a business purpose, any categories of Personal Information about you that we sold, the categories of third-parties with whom we have shared your Personal Information, and the business purpose for sharing your Personal Information, if applicable.
You have the right to obtain a copy of your Personal Information in a portable and, to the extent technically feasible, readily usable format.
You may have the right to request that we delete any Personal Information collected from you and retained, unless an exception applies.
Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers, subcontractors, and consultants to delete) your Personal Information, unless an exception applies.
Right to Correction
You may have the right to request that we correct inaccurate Personal Information about you, and we will use commercially reasonable efforts to correct it.
Right to Opt-Out
Under Applicable Law, you have the right to opt out of selling (as defined under the CCPA) or sharing for the purpose of behavioral advertising (as defined under the CPRA) of your personal information. As mentioned above, we do not sell or share (as these terms are defined in the CCPA and CPRA respectively) your personal information.
Right to Limit Use of Sensitive Personal Information
You may have the right to limit our use of your Sensitive Personal Information, only to what is necessary to the performance of the services you requested. In addition to the general exercising of rights method, you may exercise your right by checking the "Limit the Use of my Sensitive Personal Information" box.
Unless permitted by the Applicable Law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising Your Rights
You can exercise your rights (such as access and deletion) by submitting a verifiable consumer request to our email address: email@example.com or by sending a mail to our physical address specified in the How To Contact Us section.
Only you or a person authorized to act on your behalf may make a consumer request related to your Personal Information.
The request must:
- Provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it.
- We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
You may only request a copy of your data twice within a 12-month period.
If you have any general questions about the Personal Information that we collect about you how we use it, please contact us at firstname.lastname@example.org.
Response Timing and Format
Our goal is to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing within the first 45 days period. We will deliver our written response, by mail or electronically, at your option. Any disclosures we provide will cover only the 12-month period preceding the request. If reasonably possible, we will provide your Personal Information in a format that is readily useable and should allow you to transmit the information without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
In case of rejection, the response we provide will explain the reasons for which we cannot comply with your request.
If you are a Virginia resident, you have the right to appeal a rejection to your request. The appeal request shall be submitted through our Data Privacy Officer's email address: email@example.com or by sending a mail to our physical address specified in the How To Contact Us section.
Please note that these Applicable Law rights are not absolute and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations.
If you are a California resident, you can designate an authorized agent to make a request under the CCPA or the CPRA on your behalf if:
- The authorized agent is a natural person or a business entity registered with the Secretary of State of California; and
- You sign a written declaration that you authorize the authorized agent to act on your behalf.
If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information below.
If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA or the CPRA.