This policy was last modified September 2017.
This policy was last modified September 2017.
We, at Varonis Systems, Inc. and its wholly-owned subsidiaries (collectively, “we” or “the “Company”), are committed to protect the privacy of our business partners who are licensed to use our software (“the “Software”) on their internal network (“you” or “Client”) and our Client’s end users which have access to any of the data resources monitored by our Software (“End Users”).
We collect two types of information when you or your End Users are using our Software:
Please note that when the Software is deployed by our Clients, it analyzes unstructured data that is stored on the Clients’ platforms. The Clients maintain sole ownership of this data and determine their own policies regarding the storage, access, deletion, sharing and retention of this data. This data is hosted and stored only on the Clients’ servers (not on the Company’s servers).
In addition to the purposes listed herein, the information we collect, which may include your Personal Information, is used for the following purposes:
We may transfer or disclose Personal Information to our subsidiaries and other affiliated companies. In addition, Client’s and End User’s Personal Information may be disclosed to other trusted third party service providers or partners for the purpose of: (i) storing Personal Information on our behalf (e.g., cloud computing service providers); (ii) assisting us with our business operations and Software and improving it (e.g., processing and analyzing End Users’ Feedback); and (iii) performing research, technical diagnostics and analytics with regard to the Software.
Since we operate globally, it may be necessary to transfer Personal Information to countries outside the European Union. The data protection and other laws of these countries may not be as comprehensive as those in the European Union − in these instances, we will take steps to ensure that a similar level of protection is given to Personal Information. You hereby consent to the transfer of your and your End Users’ Personal Information to countries outside the European Union.
Our policy only addresses the use and disclosure of information we collect from you and from your End Users through the Software. To the extent that you or your End Users disclose your information to other parties through the Software, different rules may apply to their use or disclosure of the information disclosed to them.
At any time, you or your End Users may request to change, update, correct errors or delete Personal Information by emailing us at email@example.com
Please note that unless you instruct us otherwise we retain the information we collect for as long as needed to provide our services and to comply with our legal obligations, resolve disputes and enforce our agreements.
The Company has an archiving process that determines the period during which the information is available. After the archiving period is reached, the information is archived, and Client can restore it once needed. Our default retention policy is 180 days, but Client can adjust the archive policy to its needs.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
We are committed to making reasonable efforts, in accordance with market best practices, to ensure the security, confidentially and integrity of the Personal Information. We take great care in implementing and maintaining the security of the Software and the Personal Information. Access to the Personal Information is based on the ‘least to know’ concept together with role based access control systems, ensuring only authorized access to the Personal Information. We employ market best practice security measures to ensure the safety of your End Users’ Personal Information and prevent unauthorized use of any such information. Although we take steps to safeguard such information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Software, and we make no warranty, express, implied or otherwise, that we will prevent such access. If a password is used to help protect your accounts and Personal Information, it is your responsibility to keep your password confidential.
You may contact us at firstname.lastname@example.org any time and request:
If you wish to raise a complaint on how we have handled your Personal Information, you may contact us at the addresses indicated below.
The Software is not designated to End Users under the age of 18. In the event that we become aware that End Users under the age of 18 have shared any information, we will discard such information. If you have any reason to believe that a minor has shared any information with us, please contact us at email@example.com.
Data Protection Officer: Mr. Gilad Raz, CIO & VP of Technical Services
If you are unsatisfied with our response, you can reach out to the applicable data protection authority for the Company affiliates for the purpose of the EU General Data Protection Regulations: the Data Protection Commissioner in Ireland: Telephone: +353 (0)761 104 800; E-mail: firstname.lastname@example.org; Postal Address: Canal House, Station Road, PortarlingtonR32 AP23 Co. Laois R32 AP23, Ireland