Metallic Privacy Notice

Last Update: June 16, 2021

Scope

This Privacy Notice provides information for our customers, partners, suppliers and other individuals and organisations that we may have a business relationship with about how we collect, use and share personal data in connection with Commvault’s Metallic^® offerings:

(referred to collectively as “Metallic^® Offerings”)

For our global Privacy Policy follow this link: https://www.commvault.com/privacy-policy

Data Controller

Metallic is a Commvault venture. Commvault Systems, Inc. is headquartered in Tinton Falls, New Jersey, United States
with offices around the world.

The EU representative and the main establishment for all our EU and United Kingdom affiliates for purposes of compliance with the GDPR is: 

Commvault Systems International BV, Papendorpseweg 75-79, 3528 BJ Utrecht, the Netherlands.

The personal data that we collect and our basis for processing

Metallic^® Offerings:

For any data that is backed up or otherwise processed using any of the Metallic^® Offerings our Customer remains at all times the Data Controller and Commvault acts as a Data Processor on behalf of the Customer. In certain variations of this scenario our Customer may act as Data Processor (e.g. when our Customer is acting on behalf of its’ affiliates, or where Metallic^® Offerings are provided via authorized service providers) in which case Commvault acts as a Subprocessor. Mutual obligations of the parties are in details addressed by our Data Protection Addendum that forms part of the Terms & Conditions. In the event of a conflict between this Privacy Notice and the terms of any agreement(s) between Customer and Commvault, the terms of those agreement(s) will prevail. Due to the nature of backup & recovery provisioning and encryption involved the exact categories of data subjects and personal data types may vary depending on the exact use case. Metallic^® Offerings enable our Customers to make choices regarding the exact scope of data processing and enable data management through built-in functionalities and privacy settings.

Additional scenarios:

In connection with the backup & recovery and storage functionalities provided by Metallic^® Offerings Commvault collects certain data as Data Controller under the following legal bases:

• Our legitimate business interests (art. 6.1.f) of the General Data Protection Regulation)and
• Legal obligation (art. 6.1.c) of the General Data Protection Regulation)

Personal data that we collect includes:

• Identification data: name and business contact details (such as email address, mailing address, contact phone number, position, company)
• Your interactions with us: other information you choose to provide an inquiry or complaint, seek customer support, respond to a survey, enter a contest or promotion, contact our representatives or content of social media messages, posts, likes and responses to and about
• Service usage and network information: such as usernames and passwords for admin users, license entitlement, IP address, login/logout, domain name, logs, time stamps of usage activities, account modification and account authentication metrics.
  
  

How we use personal data

Purposes for which we process personal data include:

1. Providing Metallic^® Offerings and services under applicable Terms and Conditions and/or Metallic® Recovery Reserve™ Cloud Storage Online Subscription Agreement;
2. Providing technical support, professional planning, advice, guidance, data migration, deployment, and solution/software development services, troubleshooting;
3. Preventing, detecting, investigating, mitigating, and repairing problems, including security incidents;
4. Preventing frauds;
5. Auditing;
6. Marketing and leads generation;
7. Internal analysis of customers – plan strategy and growth
8. Billing;
9. Ongoing Metallic^® Offerings improvement (maintenance, including installing the latest updates and making improvements to the reliability, efficacy, quality and security);
10. Sharing information with other members our corporate group; 
11. Managing third party relationships (customers, vendors, suppliers, media, business partners);
12. Compliance with and enforcement of applicable legal requirements (e.g. maintaining records, litigation, mediation, arbitration, tax law, anti money laundering, trade sanctions, whistle-blowing, complying with data subject requests etc.).
    
    

Providing information to others

In case of selected Metallic^® Offerings you can opt to use a supported cloud service provider of your choice as your Data Processor. If you opt to use Metallic® Recovery Reserve™ cloud storage – Microsoft Corporation shall act as your Sub-processor. In such scenarios respective third party’s terms will apply.

For other data disclosure scenarios and information on international transfers please refer to our Commvault Privacy Policy.

Other

If you have not found the information you are looking for in this Privacy Notice (e.g. on your rights, international transfers, complaints process, retention periods or other), please:

1. Refer to our Commvault Privacy Policy;
2. Review Terms & Conditions (including the Data Processing Addendum), and relevant Product Documentation;
3. Reach out to us in accordance with Contact section below.
   
   

Updates

We regularly review and update this Privacy Notice. If we make a change, we will post the updated version on our site.

Contact

If you have any questions about this Privacy Notice, or would like to exercise your rights with respect to your personal data, please contact our Global Data Governance Officer via GDGO@commvault.com via or write to:

For U.S. and all locations other than EEA, UK and Switzerland:
Commvault Systems, Inc.
Attn: Legal Department & Global Data Governance Officer
1 Commvault Way
Tinton Falls, New Jersey 07724, United States.

For EEA, United Kingdom, Switzerland:
Commvault Systems International BV
Attn: Legal Department & Global Data Governance Officer
Papendorpseweg 75-79, 3528 BJ Utrecht, the Netherlands