Varonis Privacy Policy

GENERAL INFORMATION

We, at Varonis Systems, Inc. and our subsidiaries (collectively, “we” or the "Company” or "Varonis"), respect the privacy of anyone who chooses to provide us with their individually identifying or identifiable information (“Personal Information”), and we are committed to protect their privacy.

This Privacy Policy ("Privacy Policy" or "Policy") describes, among other things, the types of information we may collect, how that information may be used, and with whom the information may be shared. This Privacy Policy applies to our Marketing Activity (as defined below), including whenever you use or interact with our website https://www.varonis.com (the "Website"), and to information collected and processed through our SaaS products (the "Software"), or the services we provide including any content or material provided thereon (collectively with the Software, the "Services"), as well as contact information we collect from vendors and partners for the purpose of management and execution of the respective engagements.

If you do not agree to this Policy, please avoid using our Website, Software or Services. You are not legally required to provide us with any Personal Data, but without it we will not be able to provide you with the best experience.

We encourage you to read this Privacy Policy carefully and use it to make informed decisions.

 

WHAT INFORMATION DO WE PROCESS AND HOW WE COLLECT IT?

• Contact Information:
  
  • When using the Website (including when subscribing to our newsletter, registering for an event, responding to a survey or filling out a form) or when we receive the business contact information from various marketing events we organize or participate in, or from other lawful and legitimate sources (collectively with the Website, “Marketing Activities”), we may collect Personal Information, such as your name, address, telephone number and email address ("Contact Information"). We do not require that visitors to our Website provide us with Contact Information and you may visit our Website anonymously (by using the ‘Incognito’ status on your browser). In this case, we do not collect Contact Information when you visit our website, unless you choose to provide it to us (however, we do collect certain Online Identifiers, as described below). The decision to provide Contact Information is voluntary and you may withdraw your consent at any time by contacting us in one of the ways described in the 'How to contact us' section below. However, if you do not provide the Contact Information requested, you may not be able to proceed with the activity or enjoy the full experience of our Website.
  • We collect Contact Information of the relevant personnel of our clients, business partners, service providers and vendors, in the course of our respective engagements and for the purpose of management and execution of such engagements.
• Online Identifiers: When you interact with our Website, we may collect your online identifiers, such as Internet Protocol (IP) address, user IDs and contact preferences ("Online Identifiers"). Online Identifiers may be supplemented with information you provided to us through other services and sources, such as trade shows or seminars, as well as other data collection methods.
• Call recording: We may record some of the marketing and sales calls with our prospective clients, but this will be only for internal training and quality control purposes and in accordance with applicable laws (e.g. in jurisdictions where a consent of both parties is required to record, we will either acquire the required consent before recording or refrain from recording the other party).
• Metadata from the Software: We may also collect incidental Personal Information that is included in the metadata processed in the course of our clients’ use of our Software and Services (which is referred to as ‘Subscriber Data’ in the Subscription Service Agreement of our SaaS products). Such incidental Personal Information relates to individuals whose Personal Information is on our customers’ systems or environments that are monitored by the Software. The Subscriber Data is primarily governed by the Data Processing Agreement, but is referenced in this Privacy Policy as well. For further information about our privacy practices of our Software, please refer to our Privacy Whitepaper.
• Non-identifiable information: We may collect non-identifiable information, which may be made available or gathered via use of the Services and/or through Marketing Activities (“Non-Personal Information”). We are not aware of the identity of the individual from which the Non-Personal Information was collected. Non-Personal Information which is being collected may include directory names, server names, share names, file names, configurations, logs from the Software (e.g. event logs), browsing events and technical information transmitted by your device, including certain software and hardware information (e.g., the type of browser and operating system the device uses, language preference, access time and the domain name from which you are linked to the Website or Software; etc.).

 

HOW DO WE USE THE INFORMATION WE COLLECT?

The information we collect, which may include Personal Information, is used for legitimate business purposes, onlyto the extent requiredor otherwisereasonably necessary for one or more of our functions or activities, and while maintaining the right to privacy. Such legitimate business purposes include:

• Conducting our business (such as, reaching out to prospective clients);
• Setting up our client’s account and providing our Services to them;
• Identifying and authenticating access to our Software;
• Supporting and troubleshooting our Software and responding to queries;
• Improving our Software and other Services;
• Performing research, technical diagnostics and analytics with regard to the Website;
• Communicating with prospective and existing clients with promotional content (however, you can always unsubscribe or choose not to receive promotional information from us by following the specific instructions in the email you receive or by notifying us via the appropriate method below. This will not apply to the receipt of mandatory service communications that are considered part of certain Services, which you may receive periodically unless you cancel the service); and
• Preventing potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services, enforcing our legal terms and conditions, protecting the security or integrity of our databases, and taking precautions against legal liability

WHAT ARE THE LEGAL BASES FOR PROCESSING OF PERSONAL INFORMATION?

We will process Personal Information based on either of the following legal bases, each of which is prescribed by relevant data protection laws.

• Performance of a contract, compliance with a legal obligation: We process Personal Information where it is necessary for the performance of our contract with you, or in order for us to comply with our various legal and/or regulatory responsibilities.
• Legitimate interests: We also process Personal Information where we deem such processing to be in our (or a third party’s) legitimate interests and provided always that such processing will not prejudice your interests, rights and freedoms. Examples of our processing in accordance with our legitimate interests would include: (i) where we disclose Personal Information to any one or more of our associate/subsidiary companies following a restructure or for internal administrative purposes; (ii) processing for the purposes of ensuring network and information security, including preventing unauthorized access to our electronic communications network; (iii) sharing personal information with our advisers and professional services providers (such as auditors).
• Consent: On certain occasions we may ask for your consent to processing Personal Information. In these instances, your Personal Information will be processed in accordance with such consent, and you will be able to withdraw this consent in writing at any time (for further information, see "WHAT ARE YOUR RIGHTS" section below).

 

WITH WHOM WE SHARE THE INFORMATION WE COLLECT

We disclose Personal Information to trusted third parties that help us maintain and provide our Services and/or Marketing Activities. We only disclose Personal Information as described in this Privacy Policy, or as permitted by applicable law.

If you fill a registration form to participate in an event organized by Varonis alone, or together with other exhibitors and/or sponsors (“Co-Organizers”), Varonis may share the information you provided in the registration form with its Co-Organizers. At this point, you will be subject to the Co-Organizers’ communications and privacy practices. If you wish to opt-out or exercise any appliable privacy rights you may have regarding these Co-Organizers communications, you must exercise those rights directly with those Co-Organizers.

We may share Personal Information with the following recipients: (i) our affiliates and subsidiaries; (ii) subcontractors and other third-party service providers (for further elaboration about our sub-processors, please refer to our Data Processing Agreement); (iii) auditors or advisers of our business processes; and (iv) any potential purchasers or investors in Varonis.

We may share Personal Information with our recipients for any of the following purposes: (i) storing or processing Personal Information on our behalf (e.g., cloud computing service providers); (ii) processing such information to assist us with our business operations; (iii) performing research, technical diagnostics, personalization and analytics.

When disclosing Personal Information to third parties, they are required to secure and use that Personal Information only for the purpose of providing us the services, and in compliance with all applicable data protection regulations (such service providers may use other Non-Personal Information for other purposes).

In addition, under certain circumstances we may be required to disclose Personal Information in response to, or we may have a good faith belief that use and/or disclosure of such information is reasonably necessary to: (i) comply with any applicable law, court/tribunal order, regulation, legal process, including alternative dispute resolution process, or governmental request; (ii) enforce our policies, including investigations of potential violations thereof; (iii) investigate, detect, prevent or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) establish or exercise our rights to defend against legal claims; (v) lessen or prevent harm or serious threat to the rights, property, life, health or safety of us, our users, yourself or any third party; (vi) locating a person reported as missing; or (vii) for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.

We reserve the right to use, disclose or transfer (for business purposes or otherwise) aggregated and processed Non-Personal Information to third parties for various purposes including commercial use, provided that the individuals to whom the Personal Information pertains are not identifiable. This information may be collected, processed and analyzed by us and transferred in a combined, collectively and aggregated manner (i.e., your information is immediately aggregated with other users) to third parties.

Please note, this Privacy Policy only addresses Varonis' use and disclosure of Personal Information. To the extent that Personal Information is processed by third parties who gained access to the Personal Information independently of Varonis, different rules may apply to their use or disclosure of the information disclosed to them.

 

COOKIES AND TRACKING TECHNOLOGIES

We use “cookies” (or similar tracking technologies) when you access or interact with our website.

The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing it. You can find more information about cookies at www.allaboutcookies.org. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, or for statistical and advertising purposes.

Additionally, after you register to our Website, we will be able to backtrack your activity on our website even before you registered (information that if you did not register will remain anonymous to us).

The cookies we use on our website are all described in our cookie settings menu. You can adjust your preferences when visiting our website.

Please note that once you choose to opt out or disable cookies on our website, some features of the website may not operate properly, and your online experience may be limited. In addition, even if you do opt-out, you may still receive some content and advertising, however it will not be targeted content or advertising.

Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You may set your browser to block all cookies, including cookies associated with our website, or to indicate when a cookie is being used by us, by adjusting the privacy and security settings of your web browser. Below is a list of useful links that can provide you with more information on how to manage your cookies: Google Chrome; Mozilla Firefox; Safari (Desktop); Safari (Mobile); Android Browser; and Microsoft Edge.

You can learn more and turn off certain third party targeting and advertising cookies by visiting the following third-party webpages:

• The Interactive Advertising Bureau (US);
• The Interactive Advertising Bureau (EU); and
• European Interactive Digital Advertising Alliance (EU).

 

INTERNATIONAL DATA TRANSFERS

Since we operate globally, it may be necessary to transfer,vstore and processvPersonal Information in other countries in which we or our affiliates, subsidiaries or service providers (including the sub-processors) maintain facilities, such as the United States, Israel, the European Union and the United Kingdom. The data protection and other laws of these countries may be different than those in your jurisdiction of residence.

EU and UK residents, please note that we may transfer your Personal Information to countries outside the EEA or the UK. In these instances, we will take steps, as required by applicable law and market practice, to ensure that a similar level of protection is given to Personal Information, including, when applicable, through contractual means (for example, when the GDPR or UK law applies, we will rely on the standard contractual clauses approved by the European Commission for data transfers, the UK International Data Transfer Addendum (IDTA), or transfer data only to recipients located in jurisdictions which were granted an “adequacy decision” with regard to their level of protection of Personal Information by the European Commission).

For information about international data transfer of the Personal Information processed by our SaaS software (‘Subscriber Data’), please refer to our Data Processing Agreement.

 

HOW LONG DO WE RETAIN THE INFORMATION WE COLLECT?

Unless you instruct us otherwise for justified reasons, we retain the Personal Information we collect for as long as needed to manage our business and provide our services (including marketing communications, as described herein) and to comply with our legal obligations, resolve disputes and enforce our agreements (including exercising any of our rights under our agreements, such as audit and record-keeping).

As for the retention of Subscriber Data – our default retention policy is a sliding window of 180 days during the subscription term (unless a longer period was approved by Varonis, at its sole discretion, at the request of the Client). Upon the end/termination of the subscription term, Subscriber Data which is held by Varonis at such time shall be kept for a period of up to 30 days after termination of the subscription.

We may rectify or remove incomplete or inaccurate information, at any time and at our own discretion.

At any time, you may request to view, change and update your Personal Information by contacting us in one of the ways described in the 'How to contact us' section below.

 

HOW DO WE SAFEGUARD YOUR INFORMATION?

We are committed to making reasonable efforts, in accordance with market best practices and legal requirements, to ensure the security, confidentially and integrity of the Personal Information. We take great care in implementing and maintaining the security of our website, software and anywhere the Personal Information is stored. Access to the Personal Information is based on the ‘least to know’ concept together with role-based access control systems, ensuring only authorized access to the Personal Information. We employ market best practice security measures to ensure the safety of the Personal Information and prevent unauthorized use of any such information. Although we take steps to safeguard such information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our software, and we make no warranty, express, implied or otherwise, that we will prevent such access. If a password is used to help protect your accounts and Personal Information, it is your responsibility to keep your password confidential.

For further information about our privacy and security practices, please visit our Trust Center.

 

WHAT ARE YOUR RIGHTS?

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your Personal Information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

The following table describes all the rights you are entitled to. Please note that some rights are only available for residents of certain jurisdictions. Please also note that these rights are not absolute, and may be subject to our legitimate interests and regulatory requirements.