Software Privacy Policy

This policy was last modified September 2017.



This is our Software Privacy Policy. Click here to view our Website Users Privacy Policy.

General information

We, at Varonis Systems, Inc. and its wholly-owned subsidiaries (collectively, “we” or “the “Company”), are committed to protect the privacy of our business partners who are licensed to use our software (“the “Software”) on their internal network (“you” or “Client”) and our Client’s end users which have access to any of the data resources monitored by our Software (“End Users”).

We encourage you and your End Users to read this “Software Privacy Policy” (“Privacy Policy”) carefully and use it to make informed decisions. By using our Software, you agree to the terms of this Privacy Policy, and your continued use of the Software constitutes your ongoing agreement to it.

Client’s obligation

Without derogating any of the terms and warranties of the Master License Agreement and our website’s privacy policyClient shall ensure that all End Users have been informed of, and have given their consent to, Company’s use and process of any information, as detailed in this Privacy Policy, to the extent such consent is required by applicable law.

What information do we collect?

We collect two types of information when you or your End Users are using our Software:

  • The first type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Information”), which includes the following:
  • Client’s Information: We may collect contact information (including Personal Information) from you when you register on our site, subscribe to our newsletter, register for an event, respond to a survey or fill out a form. Please review our website’s privacy policyin order to learn more about our privacy practices with regard to Client’s Personal Information.
  • Feedback: When you allow us (or our trusted third party service providers) to receive your End Users’ feedback and rating with regard to Software (“Feedback”), we may gather Personal Information which may include the following: email address of the End User, End User’s full name, End User’s IP address, and the Client’s email. In addition, we may collect Personal Information which your End User voluntarily shares with us when he sends us Feedback (e.g., identifying content, images; etc.).
  • The second type of information is unidentified and non-identifiable information pertaining to you or to your End Users, which may be made available or gathered via your use of the Software (“Non-Personal Information”). We are not aware of the identity of the user from which the Non-Personal Information was collected.
  • Non-Personal Information which is being collected may include usernames, directory names, server names, share names, file names, configurations, logs related to Software and Client (e.g. event logs), browsing events and technical information transmitted by your device or your End Users’ devices, including certain software and hardware information (e.g., the type of browser and operating system the device uses, language preference, access time and the domain name from which you or your End Users are linked to the Software; etc.).
  • In addition, when you allow us (or our trusted third party service providers) to receive your End Users’ Feedback with regard to Software, we may gather Non-Personal Information which may include the following: Feedback rating, Feedback tags, Feedback text, browser type and language, operating system, viewport of the screen, page URL on which the Feedback has been given, screenshot of the screen on which Feedback was provided (with all textual strings redacted), and our clients.

Please note that when the Software is deployed by our Clients, it analyzes unstructured data that is stored on the Clients’ platforms. The Clients maintain sole ownership of this data and determine their own policies regarding the storage, access, deletion, sharing and retention of this data. This data is hosted and stored only on the Clients’ servers (not on the Company’s servers).

How we use the information we collect?

In addition to the purposes listed herein, the information we collect, which may include your Personal Information, is used for the following purposes:

  • To set up your account and to provide our services to you and to your End Users (Please review our website’s privacy policy in order to learn about our privacy practices with regard to Client’s Personal Information);
  • To identify and authenticate End Users’ access to the Software;
  • To obtain End Users’ Feedback with regard to the Software;
  • To improve our Software;
  • To support and troubleshoot our Software and to respond to queries; and
  • To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process or respond to a governmental request.

With whom we share the information we collect?

We do not rent, sell or share your Personal Information with third parties except as described in this Privacy Policy.

We may transfer or disclose Personal Information to our subsidiaries and other affiliated companies. In addition, Client’s and End User’s Personal Information may be disclosed to other trusted third party service providers or partners for the purpose of: (i) storing Personal Information on our behalf (e.g., cloud computing service providers); (ii) assisting us with our business operations and Software and improving it (e.g., processing and analyzing End Users’ Feedback); and (iii) performing research, technical diagnostics and analytics with regard to the Software.

We may disclose Personal Information, or any information you submitted via the Software if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including this Privacy Policy), including investigations of potential violations thereof; (iii) investigate, detect, prevent or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.

Since we operate globally, it may be necessary to transfer Personal Information to countries outside the European Union. The data protection and other laws of these countries may not be as comprehensive as those in the European Union − in these instances, we will take steps to ensure that a similar level of protection is given to Personal Information. You hereby consent to the transfer of your and your End Users’ Personal Information to countries outside the European Union.

Third party collection of information

Our policy only addresses the use and disclosure of information we collect from you and from your End Users through the Software. To the extent that you or your End Users disclose your information to other parties through the Software, different rules may apply to their use or disclosure of the information disclosed to them.

How long do we retain the information we collect?

At any time, you or your End Users may request to change, update, correct errors or delete Personal Information by emailing us at privacy@varonis.com

Please note that unless you instruct us otherwise we retain the information we collect for as long as needed to provide our services and to comply with our legal obligations, resolve disputes and enforce our agreements.

The Company has an archiving process that determines the period during which the information is available. After the archiving period is reached, the information is archived, and Client can restore it once needed. Our default retention policy is 180 days, but Client can adjust the archive policy to its needs.

We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.

How do we safeguard and transfer your information?

We are committed to making reasonable efforts, in accordance with market best practices, to ensure the security, confidentially and integrity of the Personal Information. We take great care in implementing and maintaining the security of the Software and the Personal Information. Access to the Personal Information is based on the ‘least to know’ concept together with role based access control systems, ensuring only authorized access to the Personal Information. We employ market best practice security measures to ensure the safety of your End Users’ Personal Information and prevent unauthorized use of any such information. Although we take steps to safeguard such information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Software, and we make no warranty, express, implied or otherwise, that we will prevent such access. If a password is used to help protect your accounts and Personal Information, it is your responsibility to keep your password confidential.

What are your rights?

You may contact us at privacy@varonis.com any time and request:

  • To access, delete, change or update any personal data relating to you (for example, if you believe that your Personal Information is incorrect, you may ask to have it corrected);
  • That we will cease any further use of your Personal Information or delete your information (for example, you may ask that we stop using or sharing your Personal Information with third parties).

If you wish to raise a complaint on how we have handled your Personal Information, you may contact us at the addresses indicated below.

Minors

The Software is not designated to End Users under the age of 18. In the event that we become aware that End Users under the age of 18 have shared any information, we will discard such information. If you have any reason to believe that a minor has shared any information with us, please contact us at privacy@varonis.com.

Updates or amendments to the Privacy Policy

We may revise this Privacy Policy from time to time, in our sole discretion, and the most current version will always be posted on the website. We encourage you to review this Privacy Policy regularly for any changes. In the event of material changes, we will notify you through our Software or by email.

Your continued use of the Software, following the notification of such amendments, constitutes your acknowledgement and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.

How to contact us

If there are any questions regarding this Privacy Policy or the information that we collect about you, or if you feel that your privacy was not treated in accordance with this Privacy Policy, you may contact us at privacy@varonis.com.

Additional contacts:

Data Protection Officer: Mr. Gilad Raz, CIO & VP of Technical Services

If you are unsatisfied with our response, you can reach out to the applicable data protection authority for the Company affiliates for the purpose of the EU General Data Protection Regulations: the Data Protection Commissioner in Ireland: Telephone: +353 (0)761 104 800; E-mail: info@dataprotection.ie; Postal Address: Canal House, Station Road, PortarlingtonR32 AP23 Co. Laois R32 AP23, Ireland