Tufin Software North America, Inc. (“Tufin US”, "us", “we” or “our”) has self-certified with the EU-US Privacy Shield and the Swiss-US Privacy Shield Frameworks with respect to the personal data of any individuals residing in the EU or Switzerland that we receive or process, including on behalf of our parent company, Tufin Software Technologies Ltd., or any of our affiliated companies worldwide (collectively, “Tufin Group”).

Accordingly, Tufin US adheres to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework principles as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States.

If there is any conflict between this notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.

  1. Scope

Our participation in the Privacy Shield applies to personal data that Tufin US receives from and processes on behalf of any other member of the Tufin Group, and any customers, business partners, suppliers, employees or candidates of the Tufin Group, that reside in the EU or Switzerland.

Tufin US acts as a sub-processor or processor of the personal data we process on behalf of our customers or any other member of the Tufin Group (who are data controllers with respect to the personal data we process on their behalf). 
 

  1. Onward Transfers of Personal Data 

We will not transfer personal data originating in the EU or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to such personal data as required by the Privacy Shield principles. In cases of such onward transfer, Tufin US remains responsible and potentially liable, other than for events outside of its reasonable control.

 

  1. Right to Access, Change or Delete Personal Data

EU and Swiss data subjects have the right to access personal data about them, and in some cases to limit use and disclosure of their personal data. If you would like to request access to the personal data we process, please contact privacy@tufin.com and provide your name and contact information. If your request pertains to data processed on behalf of another member of the Tufin Group, or on behalf of any of our customers, will refer your request to them, and will support them as needed in responding to your request.

 

  1. Compelled Disclosures

Tufin US may be required in certain circumstances to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirement. 

 

  1. Recourse Mechanism

In compliance with the Privacy Shield Principles, Tufin US is committed to resolve complaints about our collection or use of personal data. EU and Swiss individuals with inquiries or complaints regarding our Privacy practices should first contact Tufin US at privacy@tufin.com or by postal mail sent to:

Tufin Software North America, Inc.
Attn: Privacy Shield Inquiry
2 Oliver Street, Boston
MA, 02109
United States

Tufin US is committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles and the Swiss-US Privacy Shield Principles to JAMS, a non-profit alternative dispute resolution provider located in the United States to assist with the complaint resolution process. If you do not receive acknowledgment of your complaint in a timely manner, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. The services of JAMS are provided at no cost to you. 
 

  1. Enforcement

Tufin US is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) to ensure compliance with the EU-US Privacy Shield Principles and the Swiss-US Privacy Shield Principles outlined in this notice. 
 

  1. Arbitration

Under certain conditions, more fully described on the Privacy Shield website, you may also be able to invoke binding arbitration when other dispute resolution procedures have been exhausted.