- The background for this Policy
- The types of personal data processed by Tufin
- How Tufin uses personal data
- Where Tufin stores personal data
- With whom may we share personal data
- Communications from Tufin
- How Tufin safeguards personal data
- The rights and choices available to you regarding your personal data
- How long may Tufin keep Personal Data
- General matters concerning this policy
- Ways in which you may contact Tufin or Tufin's Data Protection Officer
You are not legally required to provide us with any Personal Data, but without it we will not be able to provide you with the full range or with the best experience of using our Websites or Solutions.
2. Types of Personal Data
Tufin collects four main types of data regarding the customers, visitors, users and end-users of Tufin's Websites and Solutions, as well as Tufin's potential customers, and any end-users of our customers' systems utilizing Tufin's Solutions (to extent that you are any of such individuals, "you"):
- Data collected or generated about you: such Personal Data includes data and information concerning your usage of Tufin's Websites and Solutions, or usage of Tufin's customers' systems (where such Data is collected using Tufin's Solutions). Such Data could include IP addresses, device, system and software details, cookies and similar tracking data, click-stream and usage logs, and similar data and information concerning log-in attempts, usage and use preferences regarding any of Tufin's Websites or Solutions.
- Data provided by third parties: such Personal Data may include your name, company, position, contact details and professional experience, preferences and interests, as may be made available to us by our business partners, customers or service providers, such as the organizers of events that both you and Tufin participated in, your employers or colleagues, LinkedIn and similar data services and sources.
You are not legally required to provide us with such Personal Data, or to have such Personal Data collected about you, but in some cases the lack of certain Personal Data may prevent us from providing our Websites and Solutions or any parts or features thereof.
3. Uses of Personal Data
We collect and use Personal Data for the following purposes and uses, in accordance with Tufin's legitimate interests and/or as necessary for the performance of our contracts and agreements, or negotiation thereof:
- To facilitate, operate, and provide our Websites and Solutions;
- To verify the identity and access privileges of our customers and their end users;
- To further develop, customize and improve our Websites and Solutions, and to provide you with any such enhanced Websites and Solutions, as we put together and analyze all data available to us to maximize their relevance, effectiveness and quality;
- To improve your user experience, e.g. by remembering data so that you will not have to re-enter it during your current or next visit to the Websites or Solutions;
- To provide our customers and their users with customer assistance and technical support, and to diagnose or fix technical problems reported by our users or engineers;
- To monitor and improve the effectiveness of our Websites and Solutions, and of our marketing efforts;
- To be able to contact you with general and personalized service-related notices, surveys, informational materials and promotional messages;
- To monitor aggregate metrics and create aggregated statistical data and other aggregated and/or inferred Non-personal Data, including anonymized and/or pseudonymized Personal Data, which we, our customers, users or business partners may use and disclose at our discretion;
- To manage and assess risk, enhance our and our customers' data security and fraud prevention capabilities, and help protect against error, fraud or any illegal or prohibited activity;
- To act as permitted by, and to comply with, any legal or regulatory requirements;
- With respect to Personal Data of our customers' end-users, to act as instructed by the respective customer acting in its capacity of "Data Controller", whereas we act in our capacity as "Data Processor" (as both such terms are commonly interpreted under EU data protection and privacy laws); and
- To conduct any additional activities that may require the use of your Personal Data, for which we will request your specific approval in advance.
4. Locations of Personal Data
Tufin is mainly based in the United States and Israel, with headquarters in Boston and Ramat Gan, respectively, and additional offices in North America, Europe and Asia-Pacific.
Israel is considered by the European Commission to be offering an adequate level of protection for the Personal Data of EU Member State residents.
Tufin's U.S. subsidiary is self-certified and adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. To learn more, please visit our Privacy Shield Notice.
5. With whom may we share Personal Data
Tufin may share your Personal Data with third parties (or otherwise allow them access to it) only in the following manners and instances:
Sharing Personal Data with your organization or other users in your organization: We may share a user's or end-user's Personal Data with their affiliated organization, or the organization to which systems (powered by Tufin's Solutions) they attempted to access.
In certain cases, other users from your organization may control your account and will be entitled to monitor, process and analyze your data and associated content, including (i) view any content you submit and your activities on the Solutions; (ii) view statistics regarding your account; (iii) change your account password or other access credentials or privileges; (iv) suspend or terminate your account access; and (v) access or retain data stored as part of your account. Please note that we are not responsible or liable for any disclosure, use or monitoring by your organization.
Third Party Services: Tufin has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server co-location services, data analytics services, data and cyber security services, banks, payment processors and correspondents, fraud detection and prevention services, e-mail distribution and monitoring services, session recording, remote access services, and our business, legal and financial advisors (collectively, "Third Party Services"). Such Third Party Services may receive or otherwise have access to your Personal Data, depending on each of their particular roles and purposes in facilitating and enhancing our Websites, Solutions and business, and may only use it for such purposes. Such disclosure or access is normally subject to the recipient's undertaking of confidentiality obligations, and the prevention of any independent right to use this information by the recipients, except as required to help us provide our Websites and Solutions.
Governmental/Law Enforcement Agencies and Legal Requests or Duties: We may disclose or otherwise allow access to your Personal Data pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.
Protecting Rights and Safety: We may share your Personal Data with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Tufin, any of our customers or users, our customers' end-users, or any members of the general public.
For the avoidance of doubt, Tufin may share your Personal Data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so. Additionally, we may transfer, share or otherwise use Non-personal Data in our sole discretion and without the need for further approval.
Tufin and some of its Service Providers utilize "cookies", anonymous identifiers and othertracking technologies, which help us to provide and improve our Websites and Solutions, and in order to provide a better experience to our visitors and users. For example, these technologies enable us to keep track of our visitors' and users' preferences and authenticated sessions, to better secure our Websites and Solutions, and detect abnormal behaviors, to identify technical issues, and to monitor and improve the overall performance of our Websites and Solutions.
In order for some of these technologies to work properly, a small data file ("cookie") must be downloaded and stored on your device. Some cookies and other technologies serve to recall Personal Data, such as an IP address, and are used for purposes of session and user authentication, security, keeping the user's preferences, connection stability, monitoring performance and generally providing and improving our Websites and Solutions.
While we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser, most browsers allow you to control cookies, including whether or not to accept them and to remove them. You may set most browsers to notify you if you receive a cookie, or to block cookies with your browser.
7. Communications from Tufin
Service Communications: Tufin may contact you with important information regarding our Websites and Solutions. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, payment issues, service maintenance, etc. You will not be able to opt-out of receiving such service communications.
Promotional Communications: We may also notify you about new services, events, and special opportunities or other information we think you will find valuable. We will provide such notices through any of the contacts means available to us (e.g. phone, mobile or e-mail), through the Websites or Solutions, or through our marketing campaigns on any other sites or platforms.
If you wish not to receive such promotional communications, you may notify Tufin at any time by e-mailing us at firstname.lastname@example.org, by contacting us through the contact form at www.tufin.com, or by following the "unsubscribe", "change preferences" or "stop" instructions contained in the promotional communications you receive.
8. How Tufin safeguards Personal Data
In order to protect your Personal Data held with us and our Service Providers, we are using industry-standard physical, procedural and electronic security measures, including encryption where deemed appropriate. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any Personal Data stored with us or with any third parties.
9. The rights and choices available to you regarding your Personal Data
If you wish to exercise your right to access and/or request us to make corrections to your Personal Data that you have stored with us (either yours or your organization's end-users), or to delete it, please send us an e-mail to email@example.com, and we will respond within a reasonable timeframe and in accordance with applicable laws.
If you are a user or an end-user of a Tufin customer organization, we recommend that you contact such organization's administrator directly if you wish to access, correct, amend or delete inaccurate information processed by Tufin on behalf of such customer.
Please note that once you contact us by e-mail, we may require additional information and documents, including certain Personal Data, in order to authenticate and validate your identity and to process your request. Such additional data will be then retained by us for legal purposes (e.g. so we have proof of the identity of the person submitting the request), in accordance with our data retention policy.
10. How long may Tufin keep Personal Data?
We may retain your Personal Data for as long as your organization's account with us is active or as reasonably necessary for us to provide or offer our Solutions to you and your organization. We may retain such Personal Data even after the organization or a particular user deactivates their account or cease to use our Websites and Solutions, as may be requested by their organization, and possibly longer as reasonably necessary to comply with our legal obligations, to resolve disputes regarding any of our customers, users or their end-users, prevent fraud and abuse, enforce our agreements and/or protect our legitimate interests.
Our Websites and Solutions are not intended for use by children under the age of 18. We do not knowingly collect Personal Data from minors under the age of 18 and do not wish to do so. In the event that it comes to our knowledge that a minor is using the Websites and Solutions, we will prohibit and block such user from accessing the Websites and Solutions and will make all efforts to promptly delete any Personal Data stored with us with regard to such user.
12. Ways in which you may contact Tufin or Tufin's Data Protection Officer
Tufin has designated Tufin Software Germany GmbH as its representative in the European Union, pursuant to Article 27 of the GDPR, and Mr. Aner Rabinovitz of PrivacyTe.am as its Data Protection Officer, for monitoring and advising on Tufin's ongoing Privacy compliance and serving as a point of contact on Privacy matters for data subjects and supervisory authorities. Mr. Rabinovitz may be reached at firstname.lastname@example.org.
If you are not satisfied with the response you receive from our Privacy team, you may escalate concerns to the applicable data protection authority in your jurisdiction.
Effective Date: August 7, 2018