Privacy Shield Policy

Last Updated: March 12, 2019

Alert Logic, Inc. (Alert Logic) complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.

Alert Logic respects individuals’ privacy, and strives to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it and its subsidiaries do business. This Privacy Shield Policy (the “Policy”) describes the privacy principles as follows with respect to certain Personal Data (as defined below) of residents of the European Economic Area and the United Kingdom which is Processed (as defined below) by Alert Logic and its Agents in the United States of America (the “U.S.”), including Personal Data Processed by Alert Logic and its Agents for its customers.

1. PRIVACY SHIELD OVERVIEW
Alert Logic has adopted this Privacy Shield Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection.

Alert Logic complies with the US-EU Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from Individual Customers in the European Union Economic Area countries and the United Kingdom. Alert Logic has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Privacy Principles, the Privacy Shield Privacy Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

The Federal Trade Commission (FTC) has jurisdiction over Alert Logic’s compliance with the Privacy Shield.

All Alert Logic employees who handle Personal Data from countries located within the European Economic Area and the United Kingdom are required to comply with the Principles stated in this Policy.

2. SCOPE
This Policy applies to the Processing of Personal Data of residents of the European Economic Area and the United Kingdom which is Processed (as defined below) by Alert Logic and its Agents in the U.S., including Personal Data Processed by Alert Logic and its Agents for its customers.

3. DEFINITIONS
For purpose of this Policy, the following definitions shall apply:

“Personal Data” and “Personal Information” means data about an identified or identifiable individual that are within the scope of the Directive 95/46/EC, received by an organization in the United States from the European Union, and recorded in any form. Personal Data includes all Sensitive Personal Data (as defined below).

“Sensitive Personal Data” or “Sensitive Personal Information” means personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual or, where received from a third party, data that is identified and treated as sensitive by the third party.

“Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Agent” means any third party that collects or uses Personal Data provided by Alert Logic to perform tasks on behalf of Alert Logic under the instructions of, and solely for, Alert Logic.

Alert Logic” “we,” “our” or “us” means Alert Logic Inc. and its successors, assigns and wholly-owned affiliates and subsidiaries and their respective divisions and groups, each of which are located within the U.S.

4. PRIVACY PRINCIPLES FOR PROCESSING OF PERSONAL DATA RECEIVED FROM THE EEA AND UNITED KINGDOM
The privacy principles set forth in this Policy have been developed based on the Privacy Shield Principles.

4.1 NOTICE
Where Alert Logic collects Personal Data directly from residents of countries located within the European Economic Area and the United Kingdom or receives Personal Data from its European or United Kingdom affiliates, Alert Logic or its European or United Kingdom affiliates will inform those individuals about the purposes for which they collect and use Personal Data about them; the transfer of Personal Data to Alert Logic in the U.S.; the types or identity of third parties to which Alert Logic discloses that information and the purposes for which it does so; and the choices and means Alert Logic offers individuals for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to Alert Logic, or as soon as practicable thereafter, and in any event before Alert Logic uses the information for a purpose other than that for which it was originally collected.

Alert Logic may from time to time process certain Personal Data about customers, business partners, employees and candidates for employment, including information recorded and stored on various types of media, including electronic media.

Alert Logic will process these types of Personal Data in conformity with the EU-U.S. Privacy Shield Principles and will continue to apply the Principles to Personal Data received under the application of the Privacy Shield as long as it holds the Personal Data.

Purposes for which Alert Logic may collect and use Personal Data include:

  • to carry out obligations arising from any contracts entered into with our customers and to provide our customers with the information, products and services that they request;
  • to provide our customers with information about Alert Logic products and services that are similar to those that our customers have already purchased or enquired about and to tell our customers about special offers;
  • to provide our customers with reminders and updates relating to Alert Logic products and services that our customers use;
  • to deliver relevant information and advertising to our customers; and
  • to process applications for employment via the Careers section of the Alert Logic website.

Alert Logic may also share Personal Data with its third-party Agents for the sole purpose of, and only to the extent needed to, support Alert Logic’s or our customers’ business needs. We may also disclose Personal Data to our Agents in the U.S. and other third parties when required to do so under law or by legal process. Third Party Agents are required to keep confidential Personal Data received from Alert Logic and may not use it for any purpose other than originally intended.

4.2 CHOICE
Alert Logic will offer individuals residing in the European Economic Area and the United Kingdom the opportunity to choose (by either opt-out or opt-in) if their Personal Data is (a) to be disclosed to a third party that is not an Agent, or (b) to be used for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the individual.

For Sensitive Personal Data, Alert Logic will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to permit Alert Logic to (a) disclose their Sensitive Personal Data to a third party that is not an Agent or (b) use Sensitive Personal Data for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the individual.

Alert Logic will provide individuals with reasonable, clear and conspicuous and readily available mechanisms to exercise these choices.

4.3 ACCOUNTABILITY FOR ONWARD TRANSFER
Alert Logic will transfer Personal Data to third parties only for limited and specific purposes. Alert Logic will obtain assurances from its Agents that they will safeguard Personal Data in a manner consistent with this Policy. Examples of appropriate assurances that may be provided by Agents include: (a) a contract obligating the Agent to provide at least the same level of protection as is required by the relevant Privacy Shield Principles; (b) the Agent’s certification that they participate in the EU-U.S. Privacy Shield; or (c) being subject to EU Data Protection Directive (EU Directive 95/46/EC) or being subject to another European Commission adequacy finding. Alert Logic recognizes its responsibility and potential liability for onward transfers to Agents. Where Alert Logic has knowledge that an Agent is using or disclosing Personal Data in a manner contrary to this Policy and/or the level of protection as required by the Privacy Shield Principles, Alert Logic will take reasonable steps to prevent, remediate or stop such use or disclosure.

If Alert Logic transfers Personal Information to non-agent third parties acting as a Controller, Alert Logic will apply the Notice and Choice principles and will obtain assurance from these parties that they will provide the same level of protection as is required under the principles unless a derogation for specific situations under European data protection law applies.

4.4 ACCESS
Upon request and in accordance with the Privacy Shield Principles, Alert Logic will grant individuals reasonable access to their Personal Data that is held by Alert Logic. In addition, Alert Logic will take reasonable steps to permit individuals to correct, amend, or delete their Personal Data that is demonstrated to be inaccurate, incomplete or processed in violation of the Privacy Shield Principles. In accordance with the Privacy Shield Principles, Alert Logic may limit or deny access to Personal Data where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy, where the legitimate rights of persons other than the individual would be violated or if necessary to safeguard important countervailing public interests (e.g., national security) or in other limited circumstances (e.g., disclosure would breach a legal or other professional privilege).

4.5 SECURITY
Alert Logic will take reasonable precautions to protect Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.

4.6 DATA INTEGRITY AND PURPOSE LIMITATION
Alert Logic will use Personal Data only in ways that are compatible with the purposes for which it was originally collected or as subsequently authorized by the individual. Alert Logic will also take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current. Alert Logic will adhere to the Privacy Shield Principles for as long it retains Personal Information received under its Privacy Shield certification.

4.7 RECOURSE, ENFORCEMENT AND LIABILITY
Alert Logic utilizes the self-assessment approach to verify its compliance with this Policy. Alert Logic periodically verifies that this Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the Privacy Shield Principles. Alert Logic will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Privacy Shield Principles. Alert Logic will also investigate suspected infractions of this Policy.

If Alert Logic determines that any employee of Alert Logic is in violation of this Policy, such person will be subject to disciplinary action up to and possibly including termination of employment.

In compliance with the Privacy Shield Principles, Alert Logic commits to resolve complaints about our collection or use of your personal information. European Economic Area and United Kingdom residents with inquiries or complaints regarding our Privacy Shield policy should first contact the Data Protection Officer at the address given below.

Alert Logic will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

If neither Alert Logic nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.

5. LIMITATIONS
Alert Logic’s adherence to the Privacy Shield Principles may be limited (a) to the extent necessary to meet applicable national security, public interest, or law enforcement requirements, e.g. in the course of lawful requests by public authorities (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, an organization can demonstrate that its non-compliance with the principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization; or (c) if the effect of the Directive or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts.

6. CONTACT INFORMATION
Questions or comments regarding this Policy or our practices concerning Personal Data should be submitted to Alert Logic by mail or e-mail as follows:

Alert Logic, Inc. 1776 Yorktown 7th Floor Houston, TX 77056  Attn: Data Protection Officer.

[email protected]

7. MODIFICATIONS
Alert Logic reserves the right to modify this Privacy Shield Policy from time to time consistent with the requirements of the Privacy Shield Principles without notice and at Alert Logic’s sole discretion. Such modifications shall be effective when posted.