- Any SaaS
- Any Security
- How It Works
Artifact – means any potentially Malicious file, URL, email content, or other material collected by the Avanan Platform for analysis.
Benign – Those Artifacts Avanan deems safe.
Cloud Platform –The Avanan Product is installed in a cloud-based environment where the Avanan deployment leverages a multi-tenant Hosted platform installed in a data center and connected via encrypted API to the customers’ SaaS Accounts.
IaaS Account – The Infrastructure as a Service Account subscribed by the customer, hosted by a third-party IaaS Provider that is monitored by the Avanan Platform.
Malicious – Those Artifacts Avanan deems as unsafe.
Metadata – Is data that describes the Artifact and results of the analysis of the Artifact.
Personal Data – means any information relating to an identified or identifiable natural person (“data subject”) who can be directly or indirectly identified in particular by reference to an identifier, such as name, location etc.
SaaS Account – The Software as a Service Account subscribed by the customer, hosted by a third-party SaaS Provider that is monitored by the Avanan Platform.
Services – Means the analysis of Artifacts provided by Avanan to Company.
Suspicious – Those Artifacts Avanan deems to be potentially unsafe.
European-Hosted Data Centers – By design, EU/EEA-based personal data is hosted, processed and replicated entirely within one of three EU data-centers based in Frankfurt, Paris, Ireland or other EU-located data centers.
EU-U.S. PRIVACY SHIELD AND SWISS-U.S. PRIVACY SHIELD
Avanan participates in, and has certified its compliance with, the EU-US. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List: https://www.privacyshield.gov
Avanan is responsible for the processing of personal data it receives under each Privacy Shield Framework and subsequently may transfer it to a third party acting as an agent on its behalf. Avanan complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer of liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Avanan is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have unresolved privacy or data use concerns that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/about/submit-a-case.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Avanan commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
IN THE EUROPEAN ECONOMIC AREA
Personal Data Protection
Avanan’s Responsibilities Related to Personal Data Processing
As defined by the basic EU General Data Protection Regulation (GDPR) is responsible for the processing of your personal data.
The contact information for Avanan is email@example.com.
Collection and Processing of Personal Data
Avanan will acquire and process your personal data in the following situations:
We request your assistance in helping us to keep your personal data up to date by notifying us regarding any changes – in particular your contact information.
The following categories of personal data can be collected via the numerous services and contact channels described in this data protection information:
We use this information to verify your account, to provide and enhance our Services (including supporting or servicing your account, if applicable), and answer any questions you may have.
The data involved in the execution of contracts or providing our services are processed for the purposes stated below.
We only process your data if it is permitted by an applicable law or regulation. We will process your data in particular on the basis of Article 6, Article 7 and Article 9 of the basic EU data protection regulations. Here, we will base the processing of your data on, among others, the following legal principles. Please bear in mind that this is not a complete or conclusive list of the legal principles, rather only examples intended to make the legal principles more transparent.
Consent (Article 6/7/9): We will process certain data only on the basis of the consent you have given expressly and voluntarily. You have the right to revoke your consent at any time with effect for the future.
Fulfillment of a contract / pre-contractual measures (Article 6): For initiation and/or execution of your contract with Avanan and/or Avanan partners, we require access to certain data.
Fulfillment of a legal obligation (Article 6): Avanan is subject to a number of legal specifications. We must process certain data to comply with these specifications.
Protection of legitimate interests (Article 6): Avanan will process certain data in order to protect their legitimate interests or the interests of third parties. However, this only applies if your interests do not outweigh ours in individual cases.
Avanan uses your personal data to handle any request you have submitted (for example queries and complaints to Avanan Customer Care). Regarding all aspects of dealing with a concern, we will contact you without separate consent, for example in writing, by telephone, per messenger service or per e-mail, depending on which contact data you have specified.
Avanan also processes your personal data on this basis to optimize your experience with Avanan Customer Support (e.g. to identify you correctly if you contact us).
Avanan is subject to a large number of other legal obligations. In order to fulfill these obligations, we process your data to the required extent and, if necessary, pass them on to the authorities responsible within the framework of legal obligations of notification.
We also process your data in the event of legal conflicts if the legal conflict makes processing the data necessary.
Protection of Your Personal Data
We employ various technical and administrative measures such as encryption and authentication tools in line with the current state of the art technology to protect and maintain the security, integrity, and availability of your data.
Protection against ALL unauthorized access in the case of data transfers across the Internet or a website cannot be guaranteed, but we and our service providers and business partners commit to doing all our resources will allow to protect your personal data by means of physical, electronic, and process security controls commensurate with the current state of the art. In addition to other aspects, we use the following measures:
Retention of Personal Data
In line with article 17 of the EU data protection regulations, we keep your data only as long as is necessary to satisfy the purpose in which the data is intended to be processed.
To ensure that your data is deleted in accordance with the data minimization requirements under Article 17 of GDPR, Avanan has established a process to identify systems where personal data exists. The fundamental principles employed toward the deletion of your personal data are described below.
Use for the assessment of IoCs
Avanan analyzes the files, emails and other content stored and processed in Security as a Service (SaaS) and Infrastructure as a Service (IaaS) accounts and is designed to detect threats posed by malware, as well as communication with Malicious hosts on the internet. Avanan will collect and analyze certain Artifacts (files, URLs, and email content that could pose a threat to the organizations) that are transmitted to, from and within the SaaS environment.
Avanan takes steps to avoid collecting information from our customer’s network that could personally identify their end users or collect or view any data that could be reasonably associated to such information. However, the data we collect through our Services to identify security risks may also contain some Personal Data (i.e. username, email address or IP address). This information is only used in protecting the IT infrastructure of the organization
Information Avanan Inspects
Content within the SaaS Account, including:
Email contents, including:
Header information from email messages inspected by the Avanan Platform
Potentially Suspicious or Malicious Email Attachments or URLs
Information Avanan Retains
Use for customer support
In order for a customer to license our products and obtain technical support Services, we will collect certain Personal Data, such as the first and last names of our contacts, mailing address (including postal code), email address, cell phone or work phone. This information is used only in connection with the administration of a customer’s account with Avanan and for no other purpose.
For the purpose of marketing activities, we may collect the following Personal Data from you: name, title, location, company name, phone number and email address via our website, if you wish to request some types of product or company related content, a product demo or contact us for other reasons.
If you believe that we have inappropriately collected your Personal Data and you would like to request that it be removed from our databases, please contact our Data Protection Officer at firstname.lastname@example.org.
Who is granted ‘cross-border’ access to your data and how is protection ensured?
Avanan is an international company and personal data is processed by Avanan employees and service providers contracted to perform specific functions.
If data processed is sourced within countries of the EU/EEA, Avanan uses Data Processing Agreements and EU standard contractual clauses (including suitable technical and organizational measures) in order to ensure that your personal data are processed in accordance with GDPR.
Due to ongoing issues regarding transatlantic data transfers to the United States of America, Avanan has established dedicated processing facilities within the European Union to ensure adequate data protections are in place.
To support the provision of the services and intended purposes listed above, Avanan uses a number of service providers that are commissioned by Avanan within the framework of the strict conditions of data processing in accordance with data protection legislation.
Data privacy and protection rights and your right to file complaints with data privacy protection authorities
To submit questions that you may have related to any personal data we may retain about you, please contact us at: email@example.com.
As the person affected by the processing of your data, the basic EU data protection regulations and other relevant data privacy protection regulations enable you to assert certain rights in relation to us. The following section contains explanations of your rights as defined by the basic EU data protection regulations. Depending on the type and scope of your inquiry, we ask you to put the inquiry in writing.
Rights of persons whose personal data is processed by Avanan
Data subjects in the EU/EEA related to personal data Avanan processes have the following rights:
Right to information:
You can ask us for information regarding any data of yours that we keep at any time (GDPR, Article 15). This information concerns, among other things, the data categories we process, for which purposes we process them, the origin of the data if we did not acquire them directly from you and, if applicable, the recipients to whom we have sent your data. You can obtain a copy of your data from us free of charge. If you are interested in additional copies, we reserve the right to charge for the additional copies.
Right to correction:
You can request that we correct your data (GDPR, Article 16). We will initiate appropriate measures to keep the data of yours that we continuously process correct, complete, and up to date, based the latest information available to us.
Right to deletion:
You can request that we delete your data provided the legal requirements have been met. In accordance with Article 17 of EU data protection regulations, this can be the case if:
Wherever the processing is not necessary
Right to restriction of processing:
You can request that we restrict the processing of your data if (GDPR, Article 18):
Right to data transferability:
At your request, we will transfer your data – where technically possible – to another responsible entity (GDPR, Article 20). However, this right only applies if the data processing is based on your consent or is required to fulfill a contract. Instead of receiving a copy of your data, you can ask us to send the data directly to another responsible entity that you specify.
Right to objection:
You can object to the processing of your data at any time for reasons that arise from your special situation provided the data processing is based on your consent or our legitimate interest or that of a third party (GDPR, Article 21). In this case, we will no longer process your data. The latter does not apply if we are able to prove there are compelling, defensible reasons for the processing that outweigh your interests or we require your data to assert, exercise or defend against legal claims.
Time limits for compliance with the rights the persons affected
As a general principle, we make every effort to comply with all requests within 30 days. This time limit, however, can be extended for reasons related to the specific rights of persons affected or the complexity of your request.
Restriction in the provision of information regarding the rights of persons affected
In certain situations, legal specifications might require us not to provide information regarding all of your data. If we have to refuse your request for information in such a case, we will inform you of the reasons for refusal at the same time.
Complaints to supervisory authorities
Avanan takes your privacy rights seriously. However, if you are of the opinion that we have not addressed your concerns adequately, you have the right to submit a complaint to the data privacy protection authorities responsible.
If you would like to inquire as to the use of your personal data, please send an email to firstname.lastname@example.org or use the following contact data:
242 W. 30th Street
New York, NY 10001
1-855-528-2626 extension 707
Legal basis for the processing of personal data
Avanan will only process your data if permitted by an applicable law. We will process your data on the basis of Article 6/7/9 of the GDPR. We will base the processing of your data on the following legal principles. Please bear in mind that this is not an exhaustive list of the legal principles, rather examples for transparency.
Protection of legitimate interests (Article 6): Avanan will process certain data in order to protect Avanan’s legitimate interests or the interests of third parties. However, this only applies if your interests do not outweigh Avanan’s as applied on an individual basis.
Links to Third Party Websites
We have included links on this site for your use and reference. We are not responsible for the privacy policies on these websites. You should be aware that the privacy policies of these sites may differ from our own.
Changes to This Privacy Statement
The contents of this statement may be altered at any time, at our discretion.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.
To report any incident please contact email@example.com.