Effective Date: August, 2019
Commvault understands the importance of protecting personal information and complying with data protection laws. Please read our Privacy Charter that underlies our approach.
Personal information is any information that can be used to directly or indirectly identify an individual, and may include your name, address, email address, phone number, contact preferences and IP address.
The personal information that we collect and our basis for processing
We may collect personal information about you when you interact with Commvault. For example, this may happen when you:
- Browse and interact with our websites – this may include passwords, IP addresses and browser settings
- Interact with our customer support or marketing teams – calls may be recorded
- Register for a marketing event, subscribe to a newsletter or attend a training session – this may include your name, contact details and title
- Visit a Commvault location. We ask visitors for contact details when they arrive at one of our locations for security purposes
- Email or request information from us, place an order or need support
We may also obtain information about you from other organisations that we use to help us improve our own records. For example, we may use a service to find out your job title to help us ensure that our contact with you is relevant and of interest.
Commvault will use your personal information based on:
- Contract: Where it is necessary in connection with a product or service we are providing to you
- Consent: If we are not relying on another basis for processing your personal information, we will seek your consent prior to any use of your personal information. A clear request for your consent will be presented to you and you will have the ability to withdraw your consent at any time.
How we use personal information
We may use your personal information to operate our business, provide our solutions and for other legitimate purposes permitted by law. Some of the ways we may use your information are illustrated below:
- To communicate with you regarding our products and services, including for marketing and customer satisfaction surveys;
- To provide you with a newsletter subscription;
- To provide customer support;
- To carry out business analytics. For example we may process information in the email header of business emails sent and received by us (including the names of recipient and sender, date and time of the email) for the purposes of evaluating our existing or prospective business relationship; and
- To listen to a call recording for training, quality control or process improvement purposes.
Providing information to others
We may need to share information about you:
- With other companies in the Commvault group, our partners, suppliers or agents who perform services on our behalf, such as processing of orders, providing customer support or providing advertising on the website;
- In response to a request for information from a competent authority if we believe disclosure is in accordance with, or is otherwise required by any applicable law, regulation or legal process with law enforcement bodies or other third parties as necessary to comply with the law, including to meet national security or law enforcement requirements
- If we decide to re-organise or sell our global businesses we may need to disclose your personal information in the course of this activity to prospective purchasers; or
- If we otherwise notify you of the disclosure and you consent to it
International data transfers
This may happen if our servers or our suppliers or service providers are based outside the EU or if you visit our website while traveling to countries outside this area.
We only make these transfers, where the EU has made an “adequacy decision” for the country to which the data will be transferred or where we have put in place the “appropriate safeguards” that the law requires.
We comply with the EU-US Privacy Shield Framework as administered by the US Department of Commerce regarding the collection, use and retention of personal information from the European Union and the United Kingdom to the United States.
Where we contract with other companies to process personal information on our behalf (“our agents”) we will need to share that personal information with them. We are liable under the EU-U.S. Privacy Shield Principles for our agents to process transferred personal information in a manner consistent with the Privacy Shield Principles.
To learn more about the Privacy Shield program, see the US Department of Commerce’s Privacy Shield website located at https://www.privacyshield.gov. To view our certification please visit https://www.privacyshield.gov. In compliance with the Privacy Shield Principles, Commvault commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Commvault’s Global Data Governance Officer at: GDGO@commvault.com
Commvault commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the DPA’s with regard to data transferred from the EU. (For more information, visit https://www.privacyshield.gov/article?id=Privacy-Policy-FAQs-1-5)
Under certain limited circumstances, EU individuals may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.privacyshield.gov/
Commvault is subject to the jurisdiction of the Federal Trade Commission for purposes of Privacy Shield enforcement.
Keeping information secure
We employ information security specialists and invest significant resources on technical and operational security measures to help us protect your personal information from loss, misuse, unauthorised access, modification or disclosure. However, we cannot be held responsible for unauthorised or unintended access that is beyond our reasonable control.
Keeping your personal information
We keep records for as long as necessary to provide the relevant product or service, and in accordance with applicable legal, tax and accounting requirements. When your information is no longer required, we will ensure it is destroyed in a secure manner.
Your local law may provide rights regarding the use of your personal information. Where the General Data Protection Regulation applies to personal information, it gives individuals resident in the EU certain rights that they can exercise free of charge. These include the:
- Right to correct your personal information
- Right to access your personal data
- Right to data portability
- Right to object to use of personal data (for example, where we are using it for direct marketing or our lawful basis is our legitimate interest)
- Right to restrict the use of your data in some circumstances
- Right to erasure in some circumstances
You may also unsubscribe from receiving our email marketing communications at any time by following the “unsubscribe” instructions included in our communication.
If you have a complaint about how we have handled your personal information, you may contact us directly using the details below or you can contact the applicable competent data protection authority.
We regularly review and update this Policy. If we make a change, we will post the updated version on our site.
If you have any questions about this Policy, or would like to exercise your rights with respect to your personal information, please contact our Global Data Governance Officer via GDGO@commvault.com via or write to Global Data Governance Officer, Commvault Systems Limited, Apex Plaza Forbury Road Reading, Berkshire United Kingdom RG1 1AX. With regard to the General Data Protection Regulation the Commvault entity that is the data controller of your personal information will depend on the situation in which the data has been collected. Please use these contact details for additional information.