Privacy Policy

‍

To provide the Platform to a Business, we process personal information of the Business’s end-users. We do this as a data processor (also known as a service provider) on behalf of the Business and under the Business’s instructions. We call this the “Business’s Internal Data”.

Subject to the Business’s discretion, the personal data information that the Platform processes for the Business can include, among others, directory information; configuration information; meta-data of files (folder name, list of files, and date created and modified); audit log events (username, user ID, the action taken, timestamp, token/app name, specific resource name/id, like OneDrive file name, IP address, user agent (browser version), success/failure).

Methods and sources for collecting your personal information

We collect the personal information from several sources:

• Directly from you as when you provide it to us through email communications, a registration form, or when you give us your business card. You are not legally obligated to provide us your personal information, but if you do not, we will not be able to handle or respond to your inquiry, maintain our business contact with you, or fulfill your request to see a demo, or register to our webinar, conference, or newsletter.
• If another Representative of your Business organization provides us with your information. 
• Through the device you use to access our Website, such as when we use cookies.
• If you reside in the United States and we call you to interest you in using our Platform, we receive your contact information from data brokers.
• The personal information that the Platform processes about the Business’s end-users is obtained from the Business who configures the Platform’s processing of this information.

Sharing your personal information

We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent. We do not sell your personal information to third parties.

Data retention and security

Our retention schedule is as follows:

We implement measures to secure your information

We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.

Additional information for individuals in the EU or UK 

Controllers and processors

The following companies in the Valence Security group are the joint controllers of your personal data, except for the Business’s Internal Data (for which Valence Security is a processor on behalf of the Business who is the controller).

‍

The responsibility for compliance with the obligations under the GDPR, in particular in exercising of the rights of the data subject and the duty to provide the information referred to in Articles 13 and 14 of the GDPR, vests with Valence Security Ltd.

International data transfers

To facilitate processing your information within the companies in our corporate group and by our service providers, we will transfer your information to countries such as the United States and Israel. We do so under the terms of a data transfer agreement which contain standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.

Legal basis for processing your personal data

‍

Data subject rights

If you are in the EU or the UK, you have the following rights under the GDPR with respect to personal data for which we are the controllers:

Right to Access and receive a copy of your personal information that we process.

Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.

Right to easily and at any time withdraw your consent to us processing your personal data to email you our newsletters or to the use of non-essential cookies on our Website. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Right to Data Portability, that is, to receive the candidate personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your candidate personal information transmitted directly from us to the person or entity you designate. 

Right to Object to our processing of your candidate personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such candidate personal information for the establishment, exercise, or defense of legal claims. 

Right to Restrict us from processing your candidate personal information (except for storing it): (a) if you contest the accuracy of the candidate personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the candidate personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the candidate personal information rather than requiring the deletion of such data by us; (c) if we no longer need the candidate personal information for the purposes outlined in this Notice, but you require the candidate personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).

Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your candidate personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your candidate personal information. However, notwithstanding such request, we may still process your candidate personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Notice.

When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason.

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.

If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here.

Additional information for individuals in California

Disclosures to third parties

California Civil Code Section 1798.83 (and other, similar state statutes) permits our customers who are California residents (or residents of states with similar legislation) to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@valencesecurity.com. Please note that we are only required to respond to one request per customer each year.

Do Not Track

Our Do Not Track Notice. We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about a person’s online activities over time and across third-party web sites or online services.