Avanan participates in, and has certified its compliance with, the EU-US. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List: https://www.privacyshield.gov
Avanan is responsible for the processing of personal data it receives under each Privacy Shield Framework and subsequently may transfer it to a third party acting as an agent on its behalf. Avanan complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer of liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Avanan is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have unresolved privacy or data use concerns that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/about/submit-a-case.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Avanan commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Avanan’s Responsibilities Related to Personal Data Processing
As defined by the basic EU General Data Protection Regulation (GDPR) is responsible for the processing of your personal data. The contact information for Avanan is firstname.lastname@example.org.
Avanan will acquire and process your personal data in the following situations:
We request your assistance in helping us to keep your personal data up to date by notifying us regarding any changes – in particular your contact information.
The following categories of personal data can be collected via the numerous services and contact channels described in this data protection information:
We use this information to verify your account, to provide and enhance our Services (including supporting or servicing your account, if applicable), and answer any questions you may have.
The data involved in the execution of contracts or providing our services are processed for the purposes stated below.
We only process your data if it is permitted by an applicable law or regulation. We will process your data in particular on the basis of Article 6, Article 7 and Article 9 of the basic EU data protection regulations. Here, we will base the processing of your data on, among others, the following legal principles. Please bear in mind that this is not a complete or conclusive list of the legal principles, rather only examples intended to make the legal principles more transparent.
Avanan uses your personal data to handle any request you have submitted (for example queries and complaints to Avanan Customer Care). Regarding all aspects of dealing with a concern, we will contact you without separate consent, for example in writing, by telephone, per messenger service or per e-mail, depending on which contact data you have specified.
Avanan also processes your personal data on this basis to optimize your experience with Avanan Customer Support (e.g. to identify you correctly if you contact us).
Avanan will also process personal data if there is a legal obligation to do so.
Collected data are also processed within the framework of ensuring the operation of IT systems. Ensuring operation involves the following activities:
Avanan is subject to a large number of other legal obligations. In order to fulfill these obligations, we process your data to the required extent and, if necessary, pass them on to the authorities responsible within the framework of legal obligations of notification.
We also process your data in the event of legal conflicts if the legal conflict makes processing the data necessary.
Data are forwarded to the following companies, among others, if and to the extent that the requirements in compliance with data protection legislation necessary for this are met:
We employ various technical and administrative measures such as encryption and authentication tools in line with the current state of the art technology to protect and maintain the security, integrity, and availability of your data.
Protection against ALL unauthorized access in the case of data transfers across the Internet or a website cannot be guaranteed, but we and our service providers and business partners commit to doing all our resources will allow to protect your personal data by means of physical, electronic, and process security controls commensurate with the current state of the art. In addition to other aspects, we use the following measures:
In line with article 17 of the EU data protection regulations, we keep your data only as long as is necessary to satisfy the purpose in which the data is intended to be processed.
To ensure that your data is deleted in accordance with the data minimization requirements under Article 17 of GDPR, Avanan has established a process to identify systems where personal data exists. The fundamental principles employed toward the deletion of your personal data are described below.
Avanan analyzes the files, emails and other content stored and processed in Security as a Service (SaaS) and Infrastructure as a Service (IaaS) accounts and is designed to detect threats posed by malware, as well as communication with Malicious hosts on the internet. Avanan will collect and analyze certain Artifacts (files, URLs, and email content that could pose a threat to the organizations) that are transmitted to, from and within the SaaS environment.
Avanan takes steps to avoid collecting information from our customer’s network that could personally identify their end users or collect or view any data that could be reasonably associated to such information. However, the data we collect through our Services to identify security risks may also contain some Personal Data (i.e. username, email address or IP address). This information is only used in protecting the IT infrastructure of the organization
Content within the SaaS Account, including:
Email contents, including:
In order for a customer to license our products and obtain technical support Services, we will collect certain Personal Data, such as the first and last names of our contacts, mailing address (including postal code), email address, cell phone or work phone. This information is used only in connection with the administration of a customer’s account with Avanan and for no other purpose.
For the purpose of marketing activities, we may collect the following Personal Data from you: name, title, location, company name, phone number and email address via our website, if you wish to request some types of product or company related content, a product demo or contact us for other reasons.
If you believe that we have inappropriately collected your Personal Data and you would like to request that it be removed from our databases, please contact our Data Protection Officer at email@example.com.
Avanan is an international company and personal data is processed by Avanan employees and service providers contracted to perform specific functions.
If data processed is sourced within countries of the EU/EEA, Avanan uses Data Processing Agreements and EU standard contractual clauses (including suitable technical and organizational measures) in order to ensure that your personal data are processed in accordance with GDPR.
Due to ongoing issues regarding transatlantic data transfers to the United States of America, Avanan has established dedicated processing facilities within the European Union to ensure adequate data protections are in place.
To support the provision of the services and intended purposes listed above, Avanan uses a number of service providers that are commissioned by Avanan within the framework of the strict conditions of data processing in accordance with data protection legislation.
To submit questions that you may have related to any personal data we may retain about you, please contact us at: firstname.lastname@example.org.
As the person affected by the processing of your data, the basic EU data protection regulations and other relevant data privacy protection regulations enable you to assert certain rights in relation to us. The following section contains explanations of your rights as defined by the basic EU data protection regulations. Depending on the type and scope of your inquiry, we ask you to put the inquiry in writing.
Data subjects in the EU/EEA related to personal data Avanan processes have the following rights:
You can ask us for information regarding any data of yours that we keep at any time (GDPR, Article 15). This information concerns, among other things, the data categories we process, for which purposes we process them, the origin of the data if we did not acquire them directly from you and, if applicable, the recipients to whom we have sent your data. You can obtain a copy of your data from us free of charge. If you are interested in additional copies, we reserve the right to charge for the additional copies.
You can request that we correct your data (GDPR, Article 16). We will initiate appropriate measures to keep the data of yours that we continuously process correct, complete, and up to date, based the latest information available to us.
You can request that we delete your data provided the legal requirements have been met. In accordance with Article 17 of EU data protection regulations, this can be the case if:
You can request that we restrict the processing of your data if (GDPR, Article 18):
At your request, we will transfer your data – where technically possible – to another responsible entity (GDPR, Article 20). However, this right only applies if the data processing is based on your consent or is required to fulfill a contract. Instead of receiving a copy of your data, you can ask us to send the data directly to another responsible entity that you specify.
You can object to the processing of your data at any time for reasons that arise from your special situation provided the data processing is based on your consent or our legitimate interest or that of a third party (GDPR, Article 21). In this case, we will no longer process your data. The latter does not apply if we are able to prove there are compelling, defensible reasons for the processing that outweigh your interests or we require your data to assert, exercise or defend against legal claims.
As a general principle, we make every effort to comply with all requests within 30 days. This time limit, however, can be extended for reasons related to the specific rights of persons affected or the complexity of your request.
In certain situations, legal specifications might require us not to provide information regarding all of your data. If we have to refuse your request for information in such a case, we will inform you of the reasons for refusal at the same time.
Avanan takes your privacy rights seriously. However, if you are of the opinion that we have not addressed your concerns adequately, you have the right to submit a complaint to the data privacy protection authorities responsible.
If you would like to inquire as to the use of your personal data, please send an email to email@example.com or use the following contact data:
242 W. 30th Street
New York, NY 10001
1-855-528-2626 extension 707
Avanan will only process your data if permitted by an applicable law. We will process your data on the basis of Article 6/7/9 of the GDPR. We will base the processing of your data on the following legal principles. Please bear in mind that this is not an exhaustive list of the legal principles, rather examples for transparency.
We have included links on this site for your use and reference. We are not responsible for the privacy policies on these websites. You should be aware that the privacy policies of these sites may differ from our own.
The contents of this statement may be altered at any time, at our discretion.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.
To report any incident please contact firstname.lastname@example.org.