Commvault Privacy Policy

Effective Date: August, 2019

Commvault understands the importance of protecting personal information and complying with data protection laws. Please read our Privacy Charter that underlies our approach.

This Privacy Policy provides information for our customers, partners, suppliers and other individuals and organisations that we may have a business relationship with about how we collect, use and share personal information. Our products and services are not directed at children.

Personal information is any information that can be used to directly or indirectly identify an individual, and may include your name, address, email address, phone number, contact preferences and IP address.

The personal information that we collect and our basis for processing

We may collect personal information about you when you interact with Commvault. For example, this may happen when you:

  • Browse and interact with our websites – this may include passwords, IP addresses and browser settings
  • Interact with our customer support or marketing teams – calls may be recorded
  • Register for a marketing event, subscribe to a newsletter or attend a training session – this may include your name, contact details and title
  • Visit a Commvault location. We ask visitors for contact details when they arrive at one of our locations for security purposes
  • Email or request information from us, place an order or need support

We may also obtain information about you from other organisations that we use to help us improve our own records.  For example, we may use a service to find out your job title to help us ensure that our contact with you is relevant and of interest.

Commvault will use your personal information based on:

  • Our legitimate business interests: For example, in connection with direct marketing or service improvement. Where we rely on this basis, we carry out a legitimate business assessment to ensure that our business interests do not override your rights. In some cases, you may have the right to object to this use of your personal information. For more information please read the ‘Your Rights’ section of this Privacy Policy.
  • Contract: Where it is necessary in connection with a product or service we are providing to you
  • Consent: If we are not relying on another basis for processing your personal information, we will seek your consent prior to any use of your personal information. A clear request for your consent will be presented to you and you will have the ability to withdraw your consent at any time.

How we use personal information

We may use your personal information to operate our business, provide our solutions and for other legitimate purposes permitted by law. Some of the ways we may use your information are illustrated below:

  • To personalize the look and feel of our websites that you visit, to match personal preferences that we have inferred from your use of the website and to provide you with the appropriate local version of the website (see the “Cookies” section for more information). For example, we may use web log information, cookies or web beacons in ways that help us maintain some of your site preferences. You may choose whether or not to allow cookies or web beacons to track your browser preferences. To find out more about cookies, please read the Cookies section of this Privacy Policy;
  • To communicate with you regarding our products and services, including for marketing and customer satisfaction surveys;
  • To provide you with a newsletter subscription;
  • To provide customer support;
  • To carry out business analytics. For example we may process information in the email header of business emails sent and received by us (including the names of recipient and sender, date and time of the email) for the purposes of evaluating our existing or prospective business relationship; and
  • To listen to a call recording for training, quality control or process improvement purposes.

Providing information to others

We may need to share information about you:

  • With other companies in the Commvault group, our partners, suppliers or agents who perform services on our behalf, such as processing of orders, providing customer support or providing advertising on the website;
  • In response to a request for information from a competent authority if we believe disclosure is in accordance with, or is otherwise required by any applicable law, regulation or legal process with law enforcement bodies or other third parties as necessary to comply with the law, including to meet national security or law enforcement requirements
  • If we decide to re-organise or sell our global businesses we may need to disclose your personal information in the course of this activity to prospective purchasers; or
  • If we otherwise notify you of the disclosure and you consent to it

International data transfers

If you are based in the European Union (EU) we may need to transfer your personal information to recipients outside of the EU. Please note that if you are located in the European Economic Area or the United Kingdom the term personal information used in this Privacy Policy is equivalent to the term ‘personal data’ used in European data protection laws.

This may happen if our servers or our suppliers or service providers are based outside the EU or if you visit our website while traveling to countries outside this area.

We only make these transfers, where the EU has made an “adequacy decision” for the country to which the data will be transferred or where we have put in place the “appropriate safeguards” that the law requires.

We comply with the EU-US Privacy Shield Framework as administered by the US Department of Commerce regarding the collection, use and retention of personal information from the European Union and the United Kingdom to the United States.

We have self-certified to the Department of Commerce that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Where we contract with other companies to process personal information on our behalf (“our agents”) we will need to share that personal information with them. We are liable under the EU-U.S. Privacy Shield Principles for our agents to process transferred personal information in a manner consistent with the Privacy Shield Principles.

To learn more about the Privacy Shield program, see the US Department of Commerce’s Privacy Shield website located at https://www.privacyshield.gov. To view our certification please visit https://www.privacyshield.gov. In compliance with the Privacy Shield Principles, Commvault commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Commvault’s Global Data Governance Officer at: GDGO@commvault.com

Commvault commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the DPA’s with regard to data transferred from the EU. (For more information, visit https://www.privacyshield.gov/article?id=Privacy-Policy-FAQs-1-5)

Under certain limited circumstances, EU individuals may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.privacyshield.gov/

Commvault is subject to the jurisdiction of the Federal Trade Commission for purposes of Privacy Shield enforcement.

Keeping information secure

We employ information security specialists and invest significant resources on technical and operational security measures to help us protect your personal information from loss, misuse, unauthorised access, modification or disclosure. However, we cannot be held responsible for unauthorised or unintended access that is beyond our reasonable control.

Keeping your personal information

We keep records for as long as necessary to provide the relevant product or service, and in accordance with applicable legal, tax and accounting requirements. When your information is no longer required, we will ensure it is destroyed in a secure manner.

Cookies

Our websites use cookies (which includes third-party cookies to support analytics functionality) and other similar technologies to improve the user experience. For more information on this, please see our Cookie Policy.

You can check and adjust your cookie preferences by clicking the link below.

Your rights

Your local law may provide rights regarding the use of your personal information. Where the General Data Protection Regulation applies to personal information, it gives individuals resident in the EU certain rights that they can exercise free of charge. These include the:

  • Right to correct your personal information
  • Right to access your personal data
  • Right to data portability
  • Right to object to use of personal data (for example, where we are using it for direct marketing or our lawful basis is our legitimate interest)
  • Right to restrict the use of your data in some circumstances
  • Right to erasure in some circumstances

If you would like to assert one or more of these rights, please email or write to us at the address set out in the Contact section of the Privacy Policy. We will respond to your requests within all applicable timeframes.

You may also unsubscribe from receiving our email marketing communications at any time by following the “unsubscribe” instructions included in our communication.

Complaints Process

If you have a complaint about how we have handled your personal information, you may contact us directly using the details below or you can contact the applicable competent data protection authority.

Terms of Use

This Privacy Policy sets out how we may collect and use information about you. For the terms and conditions that apply to your use of our website, please refer to the Terms of Use.

Updates

We regularly review and update this Policy. If we make a change, we will post the updated version on our site.

Contact

If you have any questions about this Policy, or would like to exercise your rights with respect to your personal information, please contact our Global Data Governance Officer via GDGO@commvault.com via or write to Global Data Governance Officer, Commvault Systems Limited, Apex Plaza Forbury Road Reading, Berkshire United Kingdom RG1 1AX. With regard to the General Data Protection Regulation the Commvault entity that is the data controller of your personal information will depend on the situation in which the data has been collected. Please use these contact details for additional information.