Privacy Policy

GENERAL INFORMATION

We, at Global Hunterstech Technologies (Pvt) Ltd. and its subsidiaries (collectively, “we” or “the Company”), are committed to protect the privacy of our business partners who are licensed to use our software (“the “Software”) on their internal network (“you” or “Client”) and our Clients' end users which have access to any of the data resources monitored by our Software (“End Users”).

We encourage you and your End Users to read this “Software Privacy Policy” (“Privacy Policy”) carefully and use it to make informed decisions. By using our Software, you agree to the terms of this Privacy Policy, and your continued use of the Software constitutes your ongoing agreement to it.

CLIENT’S OBLIGATION

Without derogating any of the terms and warranties of the Master License Agreement or Subscription Service Agreement and our website’s privacy policy, Client shall ensure that all End Users have been informed of, and have given their consent to, Company’s use and process of any information, as detailed in this Privacy Policy, to the extent such consent is required by applicable law.

WHAT INFORMATION DO WE PROCESS AND HOW WE COLLECT IT?

We collect two types of information when you or your End Users are using our Software:

• The first type of information is information that identifies an individual or may with reasonable effort identify an individual (“Personal Information”), which includes the following:
  • Client’s Information: We may collect contact information (including Personal Information) from you when you register on our site, subscribe to our newsletter, register for an event, respond to a survey or fill out a form. Please review our website’s privacy policy in order to learn more about our privacy practices with regard to Client’s Personal Information.
  • Feedback: When you allow us (or our trusted third party service providers) to receive your End Users’ feedback and rating with regard to Software (“Feedback”), we may gather Personal Information which may include the following: email address of the End User, End User’s full name, End User’s IP address, and the End User’s email. In addition, we may collect Personal Information which your End User voluntarily shares with us when he/she sends us Feedback (e.g., identifying content, images, etc.).
  • End Users' Information: In order to provide our Software as a Service (“SaaS”) products, we will collect Personal Information about your End Users, including their account details, IP addresses, MAC addresses, user agent, identifiers issued by Client, path of files and file names. Under certain applicable privacy laws, some of this metadata may be considered Personal Information.
• The second type of information is non-identifiable information pertaining to you or to your End Users, which may be made available or gathered via your use of the Software (“Non-Personal Information”). We are not aware of the identity of the user from which the Non-Personal Information was collected. Non-Personal Information which is being collected may include usernames, directory names, server names, share names, file names, configurations, logs related to Software and Client (e.g. event logs), browsing events and technical information transmitted by your device or your End Users’ devices, including certain software and hardware information (e.g., the type of browser and operating system the device uses, language preference, access time and the domain name from which you or your End Users are linked to the Software; etc.).

In addition, when you allow us (or our trusted third party service providers) to receive your End Users’ Feedback with regard to Software, we may gather Non-Personal Information which may include the following: Feedback rating, Feedback tags, Feedback text, browser type and language, operating system, viewport of the screen, page URL on which the Feedback has been given, screenshot of the screen on which Feedback was provided (with all textual strings redacted), and our clients.

We are not aware of the identity of the Client or End User from which the Non-Personal Information was collected.

Please note that when the Software is deployed by our Clients, it analyzes unstructured data that is stored on the Clients’ platforms. The Clients maintain sole ownership of this data and determine their own policies regarding the storage, access, deletion, sharing and retention of this data. This data is hosted and stored only on the Clients’ servers (not on the Company’s servers).

HOW DO WE USE THE INFORMATION WE COLLECT?

In addition to the purposes listed herein, the information we collect, which may include your Personal Information, is used for legitimate business purposes, only to the extent required or otherwise reasonably necessary for one or more of our functions or activities, and while maintaining your right to privacy. Such legitimate business purposes include:

• Setting up your account and to provide our services to you and to your End Users;

• Identifying and authenticating End Users’ access to the Software;

• Obtaining End Users’ Feedback with regard to the Software;

• Improving our Software;

• If we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets;
• Supporting and troubleshooting our Software and to respond to queries; and
• For other purposes for which we obtain your consent.

In addition, we may use and/or disclose Personal Information, or any information you submitted to us, if we have a good faith belief that use and/or disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, court/tribunal order, regulation, legal process, including alternative dispute resolution process, or governmental request; (ii) enforce our policies, including investigations of potential violations thereof; (iii) investigate, detect, prevent or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) lessen or prevent harm or serious threat to the rights, property life, health or safety of us, our users, yourself or any third party; (vi) locating a person reported as missing; or (vii) for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.

WHAT ARE THE CONDITIONS FOR PROCESSING OF PERSONAL INFORMATION?

We will process your Personal Information based on the following legal basses, each of which is prescribed by relevant data protection laws.

• Performance of a contract, compliance with a legal obligation: We will process your Personal Information where it is necessary for the performance of a contract (such as for our agreement) or in order for us to comply with our various legal and/or regulatory responsibilities.
• Legitimate interests: We also process your Personal Information where we deem such processing to be in our (or a third party’s) legitimate interests and provided always that such processing will not prejudice your interests, rights and freedoms. Examples of us processing in accordance with legitimate interests would include: (i) where we disclose your Personal Information to any one or more of our associate/subsidiary companies following a restructure or for internal administrative purposes; (ii) processing for the purposes of ensuring network and information security, including preventing unauthorized access to our electronic communications network; (iii) sharing personal information with our advisers and professional services providers (such as auditors).

• Consent: On certain occasions we may ask for your consent to processing Personal Information. In these instances, your Personal Information will be processed in accordance with such consent and you will be able to withdraw this consent in writing at any time. If you reside in Singapore, we will process your Personal Information only where we have your consent or "deemed consent", unless such processing is required under applicable laws or where the legitimate interest exception applies.

WITH WHOM WE SHARE THE INFORMATION WE COLLECT; INTERNATIONAL DATA TRANSFERS

We do not disclose your Personal Information to third parties except as described in this Privacy Policy, or as permitted by applicable law

We may transfer or disclose Personal Information to our subsidiaries and other affiliated companies. In addition, Client’s and End User’s Personal Information may be disclosed to other trusted third party service providers or partners for the purpose of: (i) storing Personal Information on our behalf (e.g., cloud computing service providers); (ii) assisting us with our business operations and Software and improving it (e.g., processing and analyzing End Users’ Feedback); and (iii) performing research, technical diagnostics and analytics with regard to the Software.

Since we operate globally, it may be necessary to transfer, store and process Personal Information in other countries in which we or our affiliates, subsidiaries or service providers maintain facilities, such as the United States, Israel, United Kingdom, Australia, Singapore and the European Union (in particular, France, Germany, Ireland, Netherlands, Belgium and Luxemburg). The data protection and other laws of these countries may not be as comprehensive as those in your jurisdiction of residence. EU and UK residents, please note that we may transfer your personal information to countries outside the EEA or the UK In these instances, we will take steps, as required by applicable law, to ensure that a similar level of protection is given to Personal Information, including, when applicable, through contractual means (for example, when the GDPR or UK law applies, we will rely on the standard contractual clauses approved by the European Commission for data transfers, the UK International Data Transfer Addendum (IDTA), or transfer data only to recipients located in jurisdictions which were granted an “adequacy decision” with regard to their level of protection of personal data by the European Commission).

We may also disclose your information when we believe disclosure is required to comply with the law, enforce our policies or protect ours or others’ rights, property or safety.

You hereby consent to the transfer of your and your End Users’ Personal Information, as described in this Privacy Policy.

THIRD PARTY COLLECTION OF INFORMATION

Our policy only addresses our use and disclosure of personal information from you and from your End Users through the Software (as described under the “With whom we share the information we collect” section herein). To the extent that you or your End Users disclose your information to other parties through the Software, different rules may apply to their use or disclosure of the information disclosed to them.

HOW LONG DO WE RETAIN THE INFORMATION WE COLLECT?

Unless you instruct us otherwise for justified reasons, we retain the information we collect for as long as needed to provide our services (including marketing and communication, as described in our website and marketing privacy policy available on our website) and to comply with our legal obligations, resolve disputes and enforce our agreements (including exercising any of our rights under our agreements, such as audit and record-keeping). All other Personal Information is periodically deleted.

As for the retention of the Subscriber Data (as defined in the Subscription Service Agreement of our SaaS products) – our default retention policy is a sliding window of 180 days during the subscription term (unless a longer period was approved by Varonis, at its sole discretion). Upon the end/termination of the subscription term, Subscriber Data which was held by Varonis at such time shall be kept by Varonis for a period of 30 days after termination of the subscription.

We may rectify or remove incomplete or inaccurate information, at any time and at our own discretion.

At any time, you may request to view, change and update your Personal Information by contacting us in one of the ways described in the 'How to contact us' section below.

HOW DO WE SAFEGUARD YOUR INFORMATION?

We are committed to making reasonable efforts, in accordance with market best practices, to ensure the security, confidentially and integrity of the Personal Information. We take great care in implementing and maintaining the security of the Software and the Personal Information. Access to the Personal Information is based on the ‘least to know’ concept together with role-based access control systems, ensuring only authorized access to the Personal Information. We employ market best practice security measures to ensure the safety of your End Users’ Personal Information and prevent unauthorized use of any such information. Although we take steps to safeguard such information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Software, and we make no warranty, express, implied or otherwise, that we will prevent such access. If a password is used to help protect your accounts and Personal Information, it is your responsibility to keep your password confidential.

We use best efforts to ensure that your Personal Information is protected in accordance with our Privacy Policy, through contractual means (such as by using the standard contractual clauses approved by the European Commission for data transfers) or other means (such as by transferring data only to recipients located in jurisdictions which were granted an “adequacy decision” with regard to their level of protection of personal data by the European Commission). For more information see the 'with whom we share the information we collect; International data transfers' section above.

WHAT ARE YOUR RIGHTS?

Certain jurisdictions provide individuals with certain statutory rights to their Personal Information. To the extent these rights apply to you, you may exercise the following rights with respect to your Personal Information:

• To receive confirmation as to whether or not Personal Information concerning you is being processed, and access your stored Personal Information, together with certain supplementary information.
• To receive Personal Information you directly volunteer to us in a structured, commonly used and machine-readable format.
• To request rectification of your Personal Information that is in our control.
• To request erasure of your Personal Information.
• To object to the processing of Personal Information by us.
• To request to restrict processing of your Personal Information by us.

However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements. 

If you wish to exercise your data protection rights or raise a complaint on how we have handled your Personal Information, you can contact us as set forth below. In addition, you have the right to lodge a complaint with the supervisory authority, as detailed below.

MINORS

The Software is not designated to End Users under the age of majority (as determined under the applicable laws where the individual resides; “Age of Majority”). In the event that we become aware that End Users under the Age of Majority have shared any information, we will discard such information. If you have any reason to believe that a minor has shared any information with us, please contact us as set forth below.

UPDATES OR AMENDMENTS TO THE PRIVACY POLICY

We may revise this Privacy Policy from time to time, in our sole discretion, and the most current version will always be posted on the website. We encourage you to review this Privacy Policy regularly for any changes. In the event of material changes, we will notify you through our Software or by email.

Your continued use of the Software, following the notification of such amendments, constitutes your acknowledgement and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.