This Policy applies to all Netwrix entities that process Personal Data.
"Automated Decisions" are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
"Controller" means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
"Data Subject" means an individual for whom Netwrix Processes Personal Data.
"Employee" means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of Netwrix or any current or prospective subsidiary or affiliate of Netwrix.
"European Economic Area ("EEA")" means the following countries: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Republic of Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the UK.
"Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable Customer, Employee or Supplier’s representative; (ii) can be linked to that Customer, Employee or Supplier’s representative; (iii) is transferred to Netwrix in the U.S. from the EEA or Switzerland, and (iv) is recorded in any form.
"Privacy Officer" means the individual officer designated by Netwrix as the initial point of contact for inquiries, complaints, or questions regarding privacy matters. The Privacy Officer is identified at the end of this Policy.
"Processing" is defined as any action that is performed on Personal Data, whether in whole or in part by automated means, such as collecting, modifying, using, disclosing, or deleting such data. This Policy does not cover data rendered anonymous or where pseudonyms are used that do not allow for, directly or indirectly, the identification of an individual. The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult. This Policy shall apply again if the protections offered through anonymization no longer apply.
"Sensitive Personal Data" means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or concerning health or sex, and the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
"Supplier" means any supplier, vendor or other third party located in the USA and/or the EEA or Switzerland that provides services or products to Netwrix.
This Policy is designed to provide compliance with all relevant applicable data protection laws in the EEA, and in particular the General Data Protection Regulation ("GDPR"). Netwrix will handle Personal Data in accordance with local law at the place where the Personal Data is processed.
Netwrix respects the privacy of Data Subjects and is committed to protecting Personal Data. Netwrix will observe the following principles when processing Personal Data:
Netwrix’s services do not need to collect or process individual consumer information to perform its services. However, as part of the services Netwrix provides, it may have incidental access to Personal Data.
With regard to Customer contact information, Netwrix collects and processes the following categories of Personal Data:
Netwrix does not need any Sensitive Personal Data and instructs its customers to avoid submitting any Sensitive Personal Data to Netwrix.
Netwrix obtains Personal Data through various sources:
Netwrix processes Personal Data for legitimate purposes related mostly to direct marketing in a business-to-business context. Netwrix does not process for purposes of marketing to individual consumers.
In addition, Netwrix may process Personal Data for business operational purposes. The foregoing limited purposes will be taken into consideration before any type of processing of Personal Data occurs
For customer/supplier-specific Personal Data, the purposes of processing may include:
In the event of a change of the foregoing, Netwrix will inform affected Data Subjects of new processes or applications, new purposes for which the Personal Data are to be used, and the categories of recipients of the Personal Data.
Netwrix is committed to implementing and maintaining appropriate technical, physical and organizational measures to protect Personal Data against unauthorized access, unlawful processing, accidental loss or damage and unauthorized destruction.
Any person has the right to be provided with information as to the nature of the Personal Data stored or processed about him or her by Netwrix and may request deletion or amendments. Data Subjects may contact the Privacy Officer or email@example.com to review, update, and revise their Personal Data.
If access is denied, the Data Subject has the right to be informed about the reasons for denial. The person affected may contact any competent regulatory body or authority to resolve the issue. Netwrix will handle in a transparent and timely manner any type of complaint resolution or inquiry about Personal Data.
If any information is inaccurate or incomplete, the Data Subject may request that the data be amended. If the Data Subject demonstrates that the purpose for which the data is being processed in no longer legal or appropriate, the data will be deleted, unless applicable laws require otherwise.
In connection with the activities described under Section VII, Netwrix may transmit Personal Data outside the EEA and more specifically to: (i) Netwrix’s corporate headquarters in California, USA; or (ii) its other offices in the US. Moreover, Personal Data might be sent to the following third parties in or outside the EEA:
Netwrix will ensure that this Policy is observed and duly implemented. All Netwrix Employees who have access to Personal Data must comply with this Policy.
If at any time, a person believes that Personal Data relating to him or her has been Processed in violation of this Policy, he or she should report the concern to the Privacy Officer. In addition, Netwrix is happy to answer any questions related to its Processing of Personal Data.Please contact us at firstname.lastname@example.org.