PRIVACY POLICY

Effective Date: January 04, 2022

CyArx Technologies Ltd. and its subsidiaries, d/b/a Siemplify (collectively “Siemplify“, “we”, “our” or “us”) respects the privacy of its users (“user” or “you”) in connection with their use of our website (“Website”), software products (the “Software”), and related services (collectively the “Service(s)”) that we offer prospective and actual customers.

This Privacy Notice (“Privacy Notice”) explains how information is collected and used by Siemplify and our parent company, Google (“Google”). We offer the Services either directly or via our authorized partners including but not limited to Managed Security Services Providers (“MSSPs”), resellers, distributors or other similar representatives. Where we refer to our customers in this notice, we also mean our partners, MSSPs, resellers, distributors or other similar Siemplify representatives and their customers. Where we refer to “Google” in this notice, we mean Google, LLC, our parent company.

We are committed to protecting and respecting data privacy. Please read this Privacy Notice carefully.

  1. 1. INFORMATION WE COLLECT

    1. We process Customer Data and Service Data in order to provide the Services. This Privacy Notice applies solely to Service Data and does not apply to Customer Data. Customer Data is defined and governed by our agreement(s) covering the Services, and represents the data that you and our customers provide to Siemplify for processing in the Services. For more information about how we process Customer Data, see our Siemplify Data Processing Addendum.

      Service Data is the personal information we collect or generate during the provision and administration of the Services excluding any Customer Data. Service Data includes:

      • When you engage us to use our Service or sign-up to the Service. We collect and process your contact information and billing information when you engage us to use our Service(s) or sign-up to the Service(s). If you are a representative of a business that wishes to use, or is already using, our Service(s), we will collect your contact information such as full name, email address, and information relating to the potential or existing engagement between us and that business.
      • Payments and transactions. We collect reasonable business records of charges, payments such as credit card or bank account information, and billing details and issues.
      • When the Service monitors a business’ IT Systems. When the Service operates and monitors a Business’s IT systems, it collects and processes security-related data that may incidentally include personal data associated with security events.
      • Settings and configurations. We collect your configuration and settings, including resource identifiers and attributes. This includes service and security settings for data and other resources.
      • Technical and operational details of your usage of the Services. We collect information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain the Services. This information may include device identifiers, identifiers from cookies or tokens, and IP addresses.
      • When you visit the Website. We also collect analytics information about your use of the Website. When you visit the Website, we collect certain information about your interaction with the Website, including device identifiers, identifiers from cookies or tokens, the IP address from which you access the Services, time and date of access, type of browser used, language used, links clicked, and actions taken while using the Website or Service.
      • Your direct communications. We collect records of your communications and interactions with us and our partners, for example, when you send us an inquiry, sign-up to one of our webinars or workshops, register to receive updates from us, provide feedback or contact information, ask questions or seek technical support.
  2. 2. WHY WE PROCESS YOUR DATA

    1. Siemplify processes Service Data for the following purposes:

      • Provide the Services you request. Service Data is primarily used to deliver the Services that you and our customers request. This includes a number of processing activities that are necessary to provide the Services, including processing to bill for services usage, to ensure services are working as intended, to detect and avoid outages or other problems you might experience, and to secure your data, the services you use, respond to your inquiry, sign you up to our webinars or workshops, or sign you up to our mailing list to receive updates about our Service and related developments.
      • Make recommendations to optimize use of the Services. We may process Service Data to provide you and our customers with recommendations and tips. These suggestions may include ways to better secure your account or data, options to reduce service charges or improve performance, and information about new or related products and features. We may also evaluate your response to our recommendations.
      • Maintain and improve the Services. We evaluate Service Data to help us improve the performance and functionality of the Services and Website. As we optimize the Services for you, this may improve them for our customers and vice versa.
      • Provide and improve other services you request. We may use Service Data to deliver and improve other services that you and our customers request, including Siemplify, Google or third-party services that are enabled via the Services, administrative consoles, APIs, or the Siemplify Marketplace.
      • Assist you. We use Service Data when needed to provide technical support and professional services as requested by you and our customers, and to assess whether we have met your needs. We also use Service Data to improve our online support, and to communicate with you and our customers. This includes notifications about updates to the Services, and responding to support requests.
      • Protect you, our users, the public, Siemplify and Google. We use Service Data to improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm our users, our customers, the public, Siemplify or Google. These activities are an important part of our commitment to secure our services.
      • Comply with legal obligations. We may need to process Service Data to comply with Siemplify and Google’s legal obligations, for example, where we’re responding to a legal process or an enforceable governmental request, or to meet our financial record-keeping obligations.
      • Other purposes with your consent. We may ask for your consent to process information for other purposes not covered in this Privacy Notice. You have the right to withdraw your consent at any time.
      To achieve these purposes, we may use Service Data together with information we collect from other Siemplify or Google products and services. We may use algorithms to recognize patterns in Service Data. Manual collection and review of Service Data may also occur, such as when you interact directly with our billing or support teams. We may aggregate and anonymize Service Data to eliminate personal details, and we may use Service Data for internal reporting and analysis of applicable product and business operations.
  3. 3. HOW WE SHARE DATA

    1. We do not share Service Data with companies, organizations, or individuals outside of Siemplify or Google except in the following cases:

      • With your consent. We will share Service Data outside of Siemplify or Google when we have your consent. For example, when you or our customer chooses to procure a third-party service through the Siemplify Marketplace or use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
      • With your administrators and authorized resellers: When you use the Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
        • View account and billing information, activity and statistics.
        • Change your account password.
        • Suspend or terminate your account access.
        • Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request.
        • Restrict your ability to delete or edit your information or your privacy settings.
      • For external processing. We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
      • For legal reasons. We may share Service Data outside of Siemplify or Google if we have a good-faith belief that access to, or use, preservation, or disclosure of the information is reasonably necessary to:
        • Comply with applicable law, regulation, legal process, or enforceable governmental request.
        • Enforce applicable agreements, including investigation of potential violations.
        • Detect, prevent, or otherwise address fraud, security, or technical issues.
        • Protect against harm to the rights, property or safety of Siemplify, Google, our customers, users, and the public as required or permitted by law.
      If Siemplify or Google is involved in a reorganization, merger, acquisition, or sale of assets, we will continue to ensure the confidentiality of your personal information and give affected users notice before personal information becomes subject to a different privacy notice.
  4. 4. HOW WE SECURE YOUR DATA

    1. We implement measures to reduce the risks of damage, loss of information, and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure personal information, it is not guaranteed, and you cannot expect that the Website or Service will be immune from information security risks.
  5. 5. DELETION AND RETENTION OF DATA

    1. We generally retain your information for the duration needed to support our ordinary business activities in providing the Service and Website to you and your business:

      We will retain Service Data for the duration needed to support our ordinary business activities in providing the Service to you and your business. We will delete this information after it is no longer needed for ordinary business activities or after a longer period of time if business and legal requirements oblige us to retain information for specific purposes for an extended period of time.
  6. 6. WHERE DATA IS STORED

    1. Service Data may be stored and maintained by us and our authorized affiliates and service providers in the United States or Germany. Data protection laws vary among countries, with some providing more protection than others. Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security. Regardless of where your Data is processed, we apply the same protections described in this Privacy Notice.

      When transferring Service Data outside of the European Economic Area, we comply with certain legal frameworks as described below.

      1. The European Commission has determined that certain countries outside of the European Economic Area (EEA) adequately protect personal data. You can review current European Commission adequacy decisions here. (To transfer data from the EEA to other countries, such as the United States, we comply with legal frameworks that establish an equivalent level of protection with EU law.)
      2. Standard contract clauses. The European Commission has approved the use of standard contract clauses as a means of ensuring adequate protection when transferring data outside of the EEA. By incorporating standard contract clauses into a contract established between the parties transferring data, personal data is considered protected when transferred outside the EEA or the UK to countries which are not covered by an adequacy decision.
      We rely on these standard contract clauses for data transfers.
  7. 7. ADDITIONAL INFORMATION FOR INDIVIDUALS IN THE EU

    1. If European Union (EU), UK or Swiss data protection law applies to the processing of information about you, you have certain rights, including the rights to access, correct, delete and export your information, as well as to object to or request that we restrict processing of your information.

      For users based in the European Economic Area, UK or Switzerland, the data controller responsible for Service Data is CyArx Technologies Ltd. However, where our customer has entered into an agreement covering the Services with a different Siemplify affiliate, that affiliate will be the data controller responsible for processing Service Data in connection with billing for the Services only.

      If you want to exercise your data protection rights with regard to information we process in accordance with this Privacy Notice and are not able to do so via the tools available to you or your organization’s administrator, you can always contact Siemplify at siemplify-gtm@google.com. And you can contact your local data protection authority if you have concerns regarding your rights under local law.

      In addition to the purposes and grounds described in this Privacy Notice, we may process information on the following legal grounds:

      • Where necessary for the performance of a contract with you. We may process your information where necessary for us to enter into a contract with you or to comply with our contractual commitments to you.
      • When we are complying with legal obligations. We’ll process your information when we have a legal obligation to do so.
      • When we are pursuing legitimate interests. We may process Service Data based on our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means that we process your information in the interests of providing the Services you request; making recommendations to optimize use of the Services; maintaining and improving the Services; providing and improving other services you request; assisting you; and protecting against harm to the rights, property or safety of Siemplify, Google, our users, our customers, and the public, as required or permitted by law.
  8. 8. CALIFORNIA REQUIREMENTS

    1. The California Consumer Privacy Act (CCPA) requires specific disclosures for California residents.

      This Privacy Notice is designed to help you understand how we handle your information:

      We explain the categories of information we collect and the sources of that information in Section 1. INFORMATION WE COLLECT (above).

      We explain how we use information in Section 2. WHY WE PROCESS DATA (above).

      We explain when we may share information in Section 3. HOW WE SHARE DATA (above). Siemplify does not sell your personal information.

      The CCPA also provides the right to request information about how Siemplify collects, uses, and discloses your personal information. And it gives you the right to access your information and request that Siemplify delete that information. Finally, the CCPA provides the right to not be discriminated against for exercising your privacy rights.

      We provide the information and tools described in this Notice so you can exercise these rights. When you use them, we will validate your request by verifying your identity (for example, by confirming that you are signed in to your Siemplify Account). If you have questions or requests related to your rights under the CCPA, you (or your authorized agent) can also contact Siemplify at siemplify-gtm@google.com.

      The CCPA requires a description of data practices using specific categories. This table uses these categories to organize the information in this Privacy Notice.

      Categories of personal information we collect Business purposes for which information may be used or disclosed Parties with whom information may be shared
      Service Data is the personal information Siemplify collects or generates during the provision and administration of the Service excluding any Customer Data.

      Service Data includes:

      Identifiers such as your name, phone number, and address, as well as unique identifiers tied to the browser, application, or device you’re using.

      Demographic information, such as your preferred language. Commercial information such as records of charges, payments, and billing details and issues.

      Internet, network, and other activity information such as device identifiers, identifiers from cookies or tokens, IP addresses, and information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain the Services and related software.

      Geolocation data, such as the country you are in, as may be determined by GPS or IP address, depending in part on your device and account settings.

      Audio, electronic, visual and similar information, such as audio recordings of your calls with our technical support providers.

      Inferences drawn from the above, like aggregated performance metrics for a new product feature to determine product strategy.
      Siemplify processes Service Data for the following purposes:

      Protecting against security threats, abuse, and illegal activity. Siemplify uses and may disclose Service Data to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, Siemplify may receive or disclose information about IP addresses that malicious actors have compromised.

      Auditing and measurement. Siemplify uses Service Data for analytics and measurement to understand how our services are used, and to provide you and our customers with recommendations and tips.

      Maintaining our services. Siemplify uses Service Data to provide the Services, technical support, and other services you request, and ensure they are working as intended, for example by tracking outages or troubleshooting bugs and other issues that you report to us.

      Product development. Siemplify uses Service Data to improve the Services and other services you request, and to develop new features and technologies that benefit our users and customers.

      Use of service providers. Siemplify shares Service Data with service providers to perform services on our behalf, in compliance with this Privacy Notice and other appropriate confidentiality and security measures. For example, we may rely on service providers to help provide technical support.

      Legal reasons. Siemplify also uses Service Data to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.
      We do not share Service Data with companies, organizations, or individuals outside of Siemplify or Google except in the following cases:

      With your consent. We’ll share Service Data outside of Siemplify or Google when we have your consent. For example, when you or our customer chooses to use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.

      With your administrators and authorized resellers. When you use the Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:

      • View account and billing information, activity and statistics.
      • Change your account password.
      • Suspend or terminate your account access.
      • Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request.
      • Restrict your ability to delete or edit your information or your privacy settings.
      • For external processing. We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.

        For legal reasons. We may share Service Data outside of Siemplify if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:

      • Comply with applicable law, regulation, legal process, or enforceable governmental request. Enforce applicable agreements, including investigation of potential violations.
      • Detect, prevent, or otherwise address fraud, security, or technical issues.
      • Protect against harm to the rights, property or safety of Siemplify, Google, our customers, users, and the public as required or permitted by law.
  9. 9. UPDATES TO THIS NOTICE

    1. We may update this Privacy Notice from time to time. We will not make any significant changes without notifying you in advance by posting a prominent notice on this page describing the changes or by sending you a direct communication. We encourage you to regularly review this Privacy Notice, and we will always indicate the date the last changes were published.