Privacy Policy
Important: California consumers can find specific disclosures, including “Notice at Collection” details, by clicking here.
SYSDIG PRIVACY POLICY
Last updated March 20, 2023
This Privacy Policy sets out how Sysdig, Inc. and our Affiliates identified below (collectively “Sysdig,” “we,” “us,” or “our”) may collect, use, retain or disclose your personal information in connection with your use of the Sysdig platforms, the Sysdig websites, and any Sysdig products or services that reference or otherwise incorporate this Privacy Policy as well as your attendance at, or participation in, Sysdig events (collectively “the Services”).
In addition to this Privacy Policy, in certain cases, we may also provide you with notice of additional practices concerning how we use your personal information in connection with a particular Service or activity.
Please note that this Privacy Policy does not apply in the following circumstances:
- Third-Party Sites. The Services may include links, integrations or references to websites, services or materials that are controlled by third parties and which maintain different data practices than we do. If you provide personal information to any of those third parties, or direct us to share personal information with them, that personal information is governed by their privacy statements.
- Existing Customers and Users: In some cases, we may access or use your personal information on behalf of your organization who is our customer. In such cases, we are a “service provider” or a “data processor” to those organizations and we will treat your information as prescribed in the respective agreements between us and your organization rather than as described in this Privacy Policy. Please reach out to your organization for more information or if you would like to exercise any of your data subject rights in connection with our use of your personal information.
From time to time, we may update this Privacy Policy as we adopt new privacy practices or as applicable laws and regulations change. Each time this Privacy Policy is updated, we will update the “Last Updated” date at the top of the page. If we make any material changes to this Privacy Policy, we will notify you by email or by means of a notice on this website.
1. INFORMATION WE COLLECT ABOUT YOU.
We will only collect your personal information in accordance with applicable law. The information we collect depends on the context of your interactions with us and the choices you make, including your own privacy settings and the specific Services you use.
As further detailed below, we collect your personal information from different sources, including information you provide directly, information collected automatically, information from third-party data sources, and information we infer or generate ourselves. We may collect your information both online (for example, through your use of the Services) and offline (for example at events or over the phone) and we may combine information collected from disparate sources.
Personal information collected directly from you. Most of the personal information we collect or maintain about you is provided directly by you to us. For example, we receive and store personal information you voluntarily enter on our Services or otherwise provide to us (e.g., when you register for and use the Services, when you make payments to us, or submit requests for support to us or when you have a direct communication with us).
Personal information we collect directly from you includes:
- Identifiers (such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name or other similar identifiers);
- Commercial and payment information (such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, credit card numbers (collected by our payment processors), financial account information and other payment details);
- Audio/visual information;
- Professional, educational or employment related information; and
- Any other personal information that you elect to communicate to us directly during your communications with us or use of the Services.
When you are asked to provide personal information, you may decline. As further described below, in certain cases, you may use web browser or operating system controls to prevent certain types of automatic data collection. However, if you choose not to provide or allow personal information that is necessary for certain services or features, those services or features may not be available or fully functional.
If you choose to provide us with personal information about another person, you shall ensure that you have obtained the consent of that person to share their information with us.
Personal information collected automatically. We also collect some personal information automatically when you use our Services, including:
- Identifiers and device information. When you visit our websites, our web servers automatically log your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. Additionally, as further described in Sysdig’s Cookie Policy, our websites and online services store and retrieve cookie identifiers, mobile IDs, and other data.
- Geolocation data. Depending on your device and app settings, we collect geolocation data when you use our apps or online services.
- Usage data. We automatically log your activity on our websites, apps and connected products, including the URL of the website from which you came to our sites, pages you viewed, how long you spent on a page, access times, and other details about your use of and actions on our website.
- Audio/visual information.
Personal information from third-party sources. In certain cases, the personal information we obtain is from third party sources, including:
- Data brokers. Data brokers and aggregators from which we obtain personal information to supplement the data we collect.
- Third party partners. Third party applications and services, including those you choose to connect with or interact with through our services.
- Co-branding/marketing partners. Partners with which we offer co-branded services or engage in joint marketing activities.
- Service providers. Third parties that collect or provide personal information in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address.
- Publicly available sources. Public sources of personal information such as open government databases.
Inferences about you. Finally, we may also infer new information from other personal information we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address.
2. HOW WE USE YOUR INFORMATION.
At all times in accordance with, and solely where permitted by, applicable law, we use the personal information we collect for the purposes described in this Privacy Policy or as otherwise described to you at the point of collection. For example, we use the categories of personal information identified above for the following purposes:
- communicating with you,
- facilitating and responding to your requests and processing your transactions,
- operating, improving, and developing our Services,
- customizing your experience, including to understand you and your preferences to enhance your experience and enjoyment using our services,
- providing you with quality assurance and support for our Services,
- conducting our business operations, such as ensuring our own compliance with legal obligations and preventing or investigating fraudulent or inappropriate uses of our Services, and
- marketing and analytics purposes, including to communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and, in certain cases, those of our selected partners (see the “Choice and Control of your personal information” section of this Privacy Policy for information about how to change your preferences for promotional communications).
Cookies and related technology. We may also use your personal information collected from cookies and related technologies for the purposes identified above and as further described in Sysdig’s Cookie Policy. From time to time, electronic communications we provide may contain code that enable our database to understand whether the communication was opened and/or what links (if any) you have clicked.
Legal bases for processing. Some applicable laws require that Sysdig has a “legal basis” for its processing of personal information. We rely on different legal bases for collecting and processing personal information about you, depending on the particular context. Generally, where we are acting as a data controller under applicable laws, we process your personal information only: (i) where the processing is in our legitimate interests (which are not overridden by your data protection interests or fundamental rights and freedoms); (ii) in connection with the creation (at your request) or performance of a contract with you; (iii) where such processing is necessary for our compliance with a legal obligation to which we are subject; or (iv) where we have collected your consent to do so.
For the sake of clarity, where we are using your personal information based on the legal basis of consent, we will seek consent from you independent of this Privacy Policy. You can withdraw such consent at any time by contacting us at: [email protected].
3. WHEN WE SHARE YOUR INFORMATION WITH OTHERS.
We share your personal information solely as permitted by law and only with your consent, as necessary to complete your transactions or provide the services you have requested or authorized or as further described herein. In particular, we may share the categories of personal information described in Section 2 above with the types of third parties described below. All such third-parties are obligated to keep your information confidential, secure and in a manner compliant with applicable law.
- Public Information. Through your use of the Services, you may choose to publicly display and disclose your name and/or username and certain other information, such as your profile, demographic data, content and files, or geolocation data.
- Service providers and contractors. We share personal information with vendors, contractors or agents working on our behalf for the purposes described in this Privacy Policy. These parties provide services directly to us upon our instruction such as delivery services, business administration and payment services, fulfillment services, system administration and technical support, advertising support, public relations, media and marketing services, legal services, call-in centers, e-commerce and other web-related services such as web hosting and web monitoring services.
- Financial services & payment processing. When you provide payment data, for example to make a purchase, we will share payment and transactional data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.
- Affiliates. We enable access to personal information across our Affiliates, for example, where we share common data systems or where access is needed to provide our services and operate our business.
- Third parties in connection with corporate transactions. We may disclose personal information as part of a corporate transaction or proceeding such as a merger, reorganization, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
- Legal and law enforcement. We may access, disclose, and preserve personal information when we believe that doing so is necessary to comply with applicable law, to bring or defend against a legal action, or to respond to valid legal process, including from law enforcement or other government agencies.
- Third parties in connection with the protection of security, safety, and legal rights. We may disclose personal information if we believe it is necessary to:
- protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone;
- operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
- protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.
Third-parties providing analytics or advertising. Third party analytics and advertising companies acting on our behalf as our service providers also collect personal information through our website and apps including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data, as further described in Sysdig’s Cookie Policy.
4. LOCATION AND INTERNATIONAL TRANSFER OF YOUR INFORMATION.
We may process (including transfer or store) your personal information in your country or region or in any other country or region where we or our Affiliates or service providers have a presence or maintain data processing facilities, including the United States, the European Union, the United Kingdom, Costa Rica, Canada, Israel, India, Serbia, and Japan.
We will comply with all applicable laws relating to the processing of your personal information in such location. Where applicable law requires consent for such international processing or transfer, we will seek consent from you independent of this Privacy Policy.
Location of Processing of European personal information. We transfer personal information from the European Economic Area (EEA), United Kingdom (UK), and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this privacy policy. To learn more about the European Commission’s decisions on the adequacy of personal information protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
You may be entitled by applicable laws to request more information about the details of international transfers of your information and the security measures taken by us in connection with that transfer. To obtain more information about exercising such rights, please contact us at: [email protected].
5. CHOICE AND CONTROL OVER YOUR PERSONAL INFORMATION.
We provide a variety of ways for you to control the personal information we hold about you, including choices about how we use that data. In some jurisdictions, you may have the right to request access to or correction or erasure of your personal information. You may also have the right to request that a copy of your personal information be provided to you in a readily useable format. In particular, see below for more information about your individual rights under California and European privacy laws.
In order to process your request, we may need to ask you to provide specific information to help us verify your identity and applicable rights. You may also designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under certain laws. Before accepting such a request from an agent, Sysdig may require the agent to provide proof you have authorized it to act on your behalf and may need you to verify your identity directly with us.
We may, in limited circumstances, refuse to comply with your request or charge you a reasonable fee if your request is clearly unfounded or excessive. In all cases, we will notify you of any fee in advance. Alternatively, we may refuse to comply with the request in such circumstances. If you receive a response from us informing you that we have declined your request, in whole or in part, you may appeal that decision by submitting your appeal to our data protection officer using the contact method described at the bottom of this privacy statement.
To obtain more information, including information about how to designate an authorized agent to make a request for you, please contact us at: [email protected] or 1-888-430-3130. When we are processing personal information on behalf of another party that is the “data controller,” you should direct your request to that party.
Marketing opt-outs. You can unsubscribe from promotional communications sent from us at any time by selecting the “unsubscribe” link or by following other directions included within the various marketing and promotional communications we send you. If you receive a sales call from us, you can ask to be placed on our do-not-call list.
These choices do not apply to certain informational communications including transactional notices or mandatory service communications. Please keep in mind that even if you unsubscribe from our marketing communications, we may still contact you for other legitimate reasons (e.g., in relation to an order you placed, an inquiry you made, a membership you undertook, an event for which you registered, a legally required notice, etc.).
Browser or platform controls.
- Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
- Email web beacons. Most email clients have settings that allow you to prevent the automatic downloading of images, including web beacons, which prevents the automatic connection to the web servers that host those images.
Individual rights for California consumers. If you are a California consumer, you may have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (“the CCPA”), including:
- Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this Privacy Policy by clicking on the above links.
- Right to Know. You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided much of this information in this Privacy Policy.
- Rights to Request Correction or Deletion. You also have the right to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions.
- Right to Opt-Out / “Do Not Sell or Share My personal information”. You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA. Note that we do not “sell” or “share” personal information as defined by the CCPA and have not done so in the past 12 months.
- Right to Limit Use and Disclosure of Sensitive personal information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law. Note that we do not use sensitive personal information for any such additional purposes.
- Right against discrimination. Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.
Residents of Switzerland, the United Kingdom and the European Union. If you are in Switzerland, the United Kingdom or the European Union, you may have the right to:
- Request access to or correction or erasure of your personal information;
- Object to processing of your personal information under certain circumstances;
- Request the restriction of processing of your personal information;
- Transfer or receive a copy of your personal information in a usable and portable format where such personal information is subject to automated processing or processing is based on your consent or a contract with you;
- Withdraw consent at any time for future processing of your personal information where such processing is based on consent; and
- For residents of France, send us specific instructions regarding the use of your personal information after your death.
Additionally, you may have the right to file a complaint with your applicable supervisory authority.
6. SECURITY.
We take reasonable and appropriate steps to help protect your personal information from unauthorized access, use, disclosure, alteration, or destruction, whether in transmission or storage.
Please visit the Sysdig Trust Center to learn more about our security practices.
We will retain your personal information in accordance with applicable law and, unless otherwise provided by applicable law, for no longer than necessary to provide the Services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and in furtherance of our other business purposes outlined hereunder.
Because these needs can vary for different types and uses of personal information, actual retention periods can vary based on criteria such as user expectations or consent, the sensitivity of your personal information, the availability of automated controls that enable you to delete data, and our legal or contractual obligations.
Where there are technical limitations that otherwise prevent the deletion or anonymization of your personal information, we will safeguard and limit the use of your personal information as required by applicable law.
8. CHILDREN.
The Services are not intended for or directed at children and we do not knowingly collect any information from children under 13 years of age through the Services. If we learn that we have collected information from children under 13, we will promptly take steps to delete such information.
9. SYSDIG AFFILIATES; PRIMARY BUSINESS ADDRESS.
This Privacy Policy applies to Sysdig, Inc., including its branch office in Italy, as well as the following Sysdig affiliates: Sysdig, Ltd., Sysdig Japan GK, Sysdig Technology, S.L., Sysdig France, SAS, Sysdig India Private Limited, Sysdig d.o.o Beograd, Sysdig Germany GmbH, Sysdig Costa Rica SRL, Sysdig Canada, Inc., Apolicy Ltd. (collectively “Affiliates”).
10. HOW TO CONTACT US.
If you have a privacy question, concern or complaint for Sysdig, you may contact us at: [email protected], or at our primary place of business at:
Sysdig, Inc. 135 Main Street, 21st Floor, San Francisco, CA 94105, United States