- How It Works
This Policy and Notice (“Policy”) applies to use of www.avanan.com and our Security Platform owned and operated by Avanan, Inc. (“Avanan”, or we, our etc). Avanan respects the privacy of customers, vendors, website visitors, and others, and is committed to protecting the Personal Data that they share with us. This Policy describes how Avanan collects, uses, shares, secures and processes Personal Data in the course of providing threat detection services (“Services”), and outlines the ways in which our customers can control our use of that information. Note that those aspects of this Policy which are mandated by the EU General Data Protection Regulation (“GDPR”), in particular any rights (such as Data Subject rights detailed below) and duties conferred by GDPR, will apply only to the extent that GDPR applies. Capitalized terms not otherwise defined herein (other than section 1) take their meaning in GDPR.
Avanan participates in, and has certified its compliance with, the EU-US. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List:https://www.privacyshield.gov
Avanan is responsible for the processing of personal data it receives under each Privacy Shield Framework and subsequently may transfer it to a third party acting as an agent on its behalf. Avanan complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland and the UK, including the onward transfer of liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Avanan is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have unresolved privacy or data use concerns that we have not addressed satisfactorily, please contact our U.S.- based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/about/submit-a-case.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Avanan commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Avanan is generally a Processor of Personal Data on behalf of its customers, the Controllers, and Avanan will process your Personal Data as a Processor when our customers deploy our cloud platform as a trial or purchased service to monitor their data and/or the data of their customers and/or partners. However, with respect to data of website users, employees, and contacts at its customers, Avanan may be the Controller. Avanan may process your Personal Data as a Controller when you contact us using our website or by telephone or otherwise, when you request a demo or trial of the Services or report any concerns, and when you when you or your organization contact Avanan or into a contract or business or services relationship with Avanan.
In addition, we receive, or are granted access to, information provided by our customers, in which case we are the Processor. In the course of providing the Services, we may collect some Personal Data to identify security risks may also contain some Personal Data. This information is used only used in protecting the IT infrastructure of Avanan and its customers.
We will use Personal Data to provide and improve our Services to our customers and others and meet our contractual, ethical and legal obligations, including for example:
Avanan processes Personal Data on different legal bases:
Avanan processes Personal Data as a Processor, and does so where the Controller has declared that they have met their obligation to ensure the data processing is lawful, which is usually on the basis of their contract with third parties, including contracts with or on behalf of, data subjects.
Consent: We may in some circumstances process certain data only on the basis of consent, for example when we contact prospective customers who have agreed to be contacted to offer our services. If that is the case, you are not required to consent, but then we might not be able to contact you.
Contract: We process details of our customers and their contact persons based on fulfillment of contract, or in preparation for entering a contract, at the request of the data subject. You are not obligated to provide this Personal Data, but where we do not have contact details, we might not be able to provide Services.
Legal obligation: Avanan may be required to process certain data in fulfilment of its legal obligations, including regulatory or ethical obligations and best practices, or to enforce our legal rights.
Protection of legitimate interests: Avanan processes data for the legitimate interest of sales and marketing, of being in touch with actual or potential customers, improving, optimizing and personalizing the Services, to transfer data between Avanan’s companies and locations to effectively run an international business, and in order to protect Avanan’s legitimate interests or the interests of third parties.
Data may be transferred to the following entities , in which case we take all steps reasonably necessary to ensure the data is subject to appropriate safeguards, and is treated in accordance with this policy:
We employ various technical and administrative measures such as encryption and authentication tools to protect and maintain the security, integrity, and availability of your data, as applicable. Though protection against unauthorized access cannot be guaranteed, Avanan is committed to protecting Personal Data by means of physical, electronic, and process security controls commensurate with the current state of the art. Additionally, we use the following measures as appropriate:
In line with the principal of data minimisation, we keep your data only as long as is necessary to satisfy the purpose for which the data is intended to be processed. To that end, Avanan has established a process to identify systems where Personal Data exists. All Personal Data associated with a given customer account is retained for customers for 30 days after the term of the agreement with such customer, after which time it is either erased or anonymized
Avanan, in its capacity as a Processor, analyzes customer files, emails and other content for threats posed by malware as well as communication with malicious hosts on the internet. Avanan will collect and analyze certain artifacts - files, URLs, and email content that could pose a threat to the organizations (“Artifacts”) - that are transmitted to, from and within the SaaS environment. Avanan takes steps to avoid collecting information from our customer’s network that could personally identify their end users or collect or view any data that could be reasonably associated to such information. However, the data we collect through our Services to identify security risks may also contain some Personal Data. This information is only used in protecting the IT infrastructure of Avanan and its customers. Content within the SaaS account, which Avanan may inspect and assess includes:
To ensure adequate data protections are in place, Avanan has established dedicated processing facilities within the European Union. With that, Avanan is an international organization, including companies, resellers, agents and customers in multiple jurisdictions.
Avanan transfers data including Personal Data from its various locations and jurisdictions to other jurisdictions as follows:
We may transfer your Personal Data outside of the EEA, in order to:
Store or backup the information;
Where GDPR and other local laws apply, such laws stipulate data subjects’ various rights over their data. These rights are to be met by the Controller, and will apply to Avanan where it is Controller. These rights may include the following, depending on the circumstances: rights to data portability, rights to access data, rights to rectify data, rights to object to processing, and the right to erase data. You may have the right to lodge a complaint with a supervisory authority. Where we process Personal Data based on your consent, you have the right to withdraw you consent, which will not affect the lawfulness of processing prior to the withdrawal of consent. To submit questions and requests to exercise these right contact us as detailed in the next section. Avanan may undertake a process to identify a data subject exercising their rights, and may keep details of such rights exercised for its own compliance and audit requirements. Where Personal Data is processed by Avanan as a Processor, relevant data subjects’ rights must be asserted only through the Controller. Likewise, where Personal Data is provided by a party being the data subject's employer or service provider, such data subject rights will have to be affected through that party. Note that data subject rights cannot be exercised in a manner inconsistent with the rights of Avanan employees and staff, with Avanan proprietary rights, and third-party rights.
Note that We do not knowingly Control any Personal Data relating to people under the age 16. Please inform us if you believe we may be doing so in error, in which case we will, where possible, delete such data or otherwise ensure its lawful processing by Avanan.
Avanan takes your data protection rights very seriously. Enquiries or request to exercise data subjects’ rights, may be sent to our Data Protection Officer or professionals and in parallel to Avanan at email@example.com, or to:
259 WEST 30th SREET
New York, NY 10001
1-855-528-2626 extension 707
Note that Avanan’s website may include third-party links for your use and reference. Avanan is not responsible for the data protection practices or other aspect of these websites.
The contents of this statement may be altered at any time, at our discretion.