PRIVACY SHIELD & GDPR POLICY, AND ISO CERTIFICATE
Privacy Shield & GDPR
This Privacy Shield and GDPR Policy (this “Policy”) applies to all personal information received by WANdisco in the United States from the European Economic Area (EEA) (which includes the Member States of the European Union (EU) plus Iceland, Liechtenstein and Norway) and Switzerland. This Policy sets out our practices for collecting, using, maintaining, protecting and disclosing that personal information in accordance with the Privacy Shield Framework Principles and the General Data Protection Regulation.
Thank you for visiting WANdisco.com. Your privacy is important to us. To protect your privacy and help you to make informed choices, we provide this notice explaining our information practices, how you can choose how we use your data, and your rights in relation to your data.
In brief, we will only use your information:
- to provide services that you or your organization have requested; or
- where you have consented to us doing so.
We do not routinely sell or license your personal data to anybody, and we only use your personal data as described in this Privacy Notice.
More information can be found in the Privacy Shield and GDPR section below.
ISO/IEC 27001 is a compliance framework that establishes Information Security Management System (ISMS) standards to identify and manage information risks through a comprehensive set of company-wide processes and controls. Additionally, ISMS embodies principles of continuous improvement to keep abreast with changes in the threats landscape to address them proactively.
ISO/IEC 27001 requires that management:
- Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts;
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
- Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.
WANdisco’s ISO Certificate are available for download below:San Ramon office | Belfast office | Sheffield office
This site is operated by WANdisco, Inc., WANdisco International Ltd and WANdisco, PLC. (each and together, "WANdisco"). We are jointly headquartered in the US and the UK:
- 5000 Executive Parkway
- Suite 270
- San Ramon
- CA 94583
- T +1 925 380 1728
- F +1 866 247 7584
- 13 Angel Street
- S3 8LN
- T +44 114 3039985
WANdisco complies with the US-EU and US-Swiss Privacy Shield as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from EEA member countries and Switzerland. To learn more about the Privacy Shield program, visit https://privacyshield.gov. WANdisco has certified that it adheres to the Privacy Shield Framework Principles, which are the basis for the principles of this Policy. To learn more about the Privacy Shield program, and to view WANdisco’s certification, visit https://privacyshield.gov.
EU GENERAL DATA PROTECTION REGULATION (GDPR)
WANdisco complies with the GDPR requirements regarding the collection, use, and retention of personal data from EU member countries.
The information we collect and how we use it
Personal information you provide to us
1.When you have requested services
You may provide us with your information when you order products or services; enter contests; vote in polls or otherwise express an opinion; subscribe to one of our services such as our online newsletters; download our binaries from our website, request a free trial of our products, fill in a form on our website, or participate in an online forum or community. You may also provide us with information about yourself if you correspond or otherwise interact with us on behalf of an organization. We will use this information in order to fulfill your (or your organization's) requests for our products and services, and to respond to your inquiries. To this extent, we process your information in the performance of the contract between us and as part of our general business operations. If you do not provide us with the necessary personal data, we may not be able to provide the requested services to you and/or your organization.
2. Marketing and advertising
We will only process your information in order to offer you other products or services that we believe may be of interest to you. You can choose to unsubscribe from our marketing emails at any time by clicking the 'unsubscribe' link at the bottom of the email, or by emailing us at firstname.lastname@example.org. If you do so, we will not send you any more marketing messages, although the messages we sent you prior to unsubscribing will still be lawful.
Information provided to us by your organization
If we provide services to your organization, your organization may send us information about you. This may include information such as your name, work address, e-mail address, job title, telephone number, fax number and information about your interests in and use of various products, programs, and services. We will use this information in order to provide the services we have agreed with your organization. We will process this information in order to perform the contract agreed between us and your organization. It is also important for us to have sufficient information to perform our services and administer our business effectively.
Information that is collected automatically
We, and our partners and vendors, may collect certain information automatically when you visit many of our web pages or when you use our software and services, such as the type of browser you are using (e.g., Internet Explorer, Netscape), the type of operating system you are using, (e.g., Windows 98 or Mac OS) and the domain name of your Internet service provider (e.g., America Online, Earthlink), the IP address of your computer, the amount and type of data replicated, and other information related to your use of our software and services. We use this automatically-collected information to improve the design and content of our site and our software and services. We may also use this information in the aggregate (i.e. in a way that does not identify you) to analyze usage of our site, software and services, including through our partners and vendors. We may also use this information to provide advertisements to you and for our own marketing purposes.
We use the following cookies:
- Google Tag Manager
- Facebook Lead - Contact Specialist
- Facebook Pixel Base Code
- LinkedIn Insight
- Universal Analytics
We collect and process this automatically-collected information because it is in our interests as a business to make sure that our website functions smoothly and effectively. If you reject our site's cookies, or have turned cookies off in your browser, you will still be able to use the site, but you may find that the site does not function optimally or that certain aspects of its functionality are impaired.
Where WANdisco receives personal information from its subsidiaries, affiliates or other entities in the EEA or Switzerland, WANdisco will use that information in accordance with the notices those entities provided to the individuals to whom that personal information relates, and the choices made by those individuals.
Communications about our services
If you have registered an account with us (either on your own behalf or on behalf of an organization), we may use your personal data to provide you with certain communications such as service announcements and administrative messages. These communications are considered part of the services that you (or your organization) have requested from us and you cannot opt out of these emails.
Disclosing information to third parties Service providers
We will share your personal information with our trusted third-party service providers where we need to do so in order to provide you (your organization) with the services you have requested, or where necessary for our legitimate business administration purposes. Such third parties include our payment processor; the company that provides our client record management tools; our mailing list administration software; our lead management service provider; our partners and vendors who make our software and services available to you and your organization.
In accordance with the law; Protection of WANdisco’s rights
On rare occasions, we may release personal data when we believe in good faith that release is necessary to comply with the law, regulation or legal request; to enforce or apply our conditions of use and other agreements; to protect national security; or protect the rights, property, or safety of WANdisco, our employees, our users, or others, including to prevent fraud or abuse.
Disclosure of non-personally identifying (anonymous/anonymized) information
We may disclose your non-personally identifying information to third parties. We may share with third parties, anonymized information in the aggregate for the purpose of improving the Service and for business and administrative purposes. We do not sell, trade or rent your personal information to third parties.
In some cases, we may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that are transferred. If WANdisco or substantially all of its assets were acquired (such as through a merger or acquisition), or in the unlikely event that WANdisco goes out of business or enters bankruptcy or is dissolved or otherwise reorganized, customer information would be one of the assets that is transferred to or acquired by a third party. In any of these events, we consider that it would be in the legitimate interests of WANdisco (or our creditors or transferee(s)) that the relevant customer information be transferred.
We may permit certain trusted third party companies and individuals to access your information in connection with their performance of services to help us maintain, operate, analyze, and improve the Service, including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service’s features. These third parties may have access to your personal information only for purposes of performing these tasks on our behalf. WANdisco obtains assurances from these third parties that they will safeguard personal information consistently with this Policy. Appropriate assurances are obtained under contract obligating the third party to provide at least the same level of protection as is required by the relevant Privacy Shield Framework Principles and the GDPR. These contracts will require the third party to notify WANdisco if the third party determines that it cannot meet its contractual obligations regarding data use and data protection. WANdisco complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
Data storage, security and transmission
WANdisco takes reasonable precautions to protect personal information in its possession. WANdisco has put in place appropriate physical, technical and administrative safeguards to secure the information from loss, misuse, unauthorized access or disclosure, alteration, or destruction. WANdisco has in place appropriate physical, technical and administrative safeguards to: (a) ensure the confidentiality, integrity, availability and resilience of processing systems and services; (b) restore the availability and access to personal data in the event of a physical or technical incident; and (c) test, assess and evaluate the effectiveness of the security measures.
Agents and contractors of WANdisco who have access to personal information are required to protect this information in a manner that is consistent with this Privacy Notice by, for example, not using the information for any purpose other than to carry out the services they are performing for WANdisco. Unfortunately, the transmission of information via the Internet is not completely secure. Although we take appropriate measures to safeguard against unauthorized disclosures of information, we cannot guarantee the security of your data, and unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Third party websites
Our site contains links to other sites, and our services may be offered by partners or vendors, whose information practices may be different than ours. Please consult all third-party sites' privacy notices as we have no control over information that is submitted to, or collected by, third parties.
How long we keep your personally identifying information
We will retain your information for as long as your account is active or as needed to comply with applicable federal and state laws. If you delete your account, we may retain and use your information only as allowed by law to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information as quickly as possible upon request. Please note, however, that there might be a delay in deleting information from our servers. Any information that remains will continue to be protected by WANdisco under the terms of this Privacy Shield and GDPR Policy.
We do not knowingly market or provide our services to children, and our services (including this website) are not designed for use by persons under 18 years old. Children under 18 are not allowed to register with or use our services, or to submit personal data to us. If we discover that we have collected personal information from a child under 18, we will delete that information as soon as reasonably possible. If you believe that we might have any information from a person under age 18, please contact us at email@example.com.
The Privacy Shield Framework Principles and the GDPR give data subjects' certain rights with respect to their personal information. You may:
- require us to rectify the personal data we hold about you, where that data is incorrect;
- require that we restrict the processing of your personal information in certain circumstances;
- request access to the personal data that we hold about you;
- require that, in certain circumstances, we delete the personal information we hold about you;
- require that we provide you with the information that we hold about you in a structured, commonly used and machine-readable format;
- object to the processing of personal data under certain circumstances including the processing of personal data for direct marketing purposes;
- withdraw your consent to our using your data for marketing purposes at any time; and/or
- lodge a complaint with the relevant supervisory authority.
If you wish to exercise any of these rights, please contact us at firstname.lastname@example.org, or by writing to us at:
- Privacy and Legal
- 4847 Hopyard Road, Suite 4-208
- Pleasanton, CA 94588, USA
To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access or making corrections.
In the event of a personal data breach, WANdisco will provide appropriate notification in accordance with GDPR and other applicable laws. As a processor, WANdisco will notify the controller of a personal data breach without undue delay after becoming aware of the breach.
In compliance with Privacy Shield Principles, WANdisco commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding out Privacy Shield policy should first contact WANdisco at:
- WANdisco, Inc
- c/o Larry Webster, General Counsel
- Bishop Ranch 8
- 5000 Executive Parkway, Suite 270
- San Ramon, CA 94583
- United States of America
WANdisco will investigate and attempt to resolve complaints regarding use and disclosure of personal information by reference to the principles contained in this Policy. WANdisco has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. WANdisco has further committed to refer unresolved privacy complaints under the Privacy Shield to the DPAs or FDPIC as applicable. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by WANdisco, please contact the DPA or FDPIC for more information and to file a complaint.
The EU DPA panel may be contacted at email@example.com and the EU DPA may be contacted directly via the information provided at http://ec.europa.eu/justice/data-protection/bodies/authorities/third-countries/index_en.html. Fax: (32-2)296 80 10. Telephone: (32-2)295 17 86. Mail: Data protection panel secretariat, Rue de Luxembourg 46 (01/126), B-1000 Brussels, BELGIUM.
The Swiss FDPIC may be contacted directly via the information provided at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html. By mail at Office of the Federal Data Protection and Information Commissioner FDPIC, Feldeggweg 1 CH 3003 Berne. Telephone +41 (0)58 462 43 95 (Monday-Friday 10-12am). Telefax: +41 (0)58 465 99 96.
The DPA and FDPIC dispute resolution process shall be conducted in English.
In addition, the United States Federal Trade Commission is the statutory body that has jurisdiction to hear any claims against WANdisco regarding possible unfair or deceptive practices and violations of laws or regulations governing privacy. If WANdisco does not resolve the complaint, you can submit the matter to arbitration to a single arbitration of the Privacy Shield Panel, and under certain conditions you have the right to invoke binding arbitration. The remedies from this arbitration are limited to individual-specific, non-monetary equitable relief (such as access, correction, deletion, or return of the individual’s data in question) necessary to remedy the violation of the Principles only with respect to the individual.
How to contact us
If you have any questions or concerns about this Privacy Notice or its implementation you may contact us at firstname.lastname@example.org.