Last Updated August 1, 2018
Information You Give
EU-U.S. Privacy Shield
Druva participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Druva is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list
Druva is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Druva complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Druva is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Druva may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Changes to This Policy
We may change this Policy from time to time to reflect changes to our information practices. If we make any changes to this Policy, we will change the “last updated” date above. If we make any material changes we will notify you by email, sent to the e-mail address specified in your account, or by means of a notice on this InSync Application prior to the change becoming effective. We encourage you to check this Policy whenever you use our InSync Application to understand how your personal information is used.
We collect information from you in various ways when you use our InSync Application. We collect two general types of information, namely, personal information and aggregate data. As used in this Policy, the term “personal information” means information that specifically identifies an individual (such as a name and email address), and demographic and other information when directly linked to information that can identify an individual. Our definition of personal information does not include “aggregate” data. Aggregate data is information we collect about a group or category of services or users from which individual user identities have been removed. In other words, no personal information is included in aggregate data. Aggregate data helps us understand trends in our users’ needs so that we can better consider new features or otherwise tailor our services. This Policy in no way restricts or limits our collection and use of aggregate data, and we may share aggregate data about our users with third parties for various purposes, including to help us better understand our customer needs, improve our services, and for advertising and marketing purposes. We collect information you give us when you download our InSync Application. Examples include the following:
- Registration and profile information — when you register to use our application or update your profile, we may collect various kinds of information about you, including your name and email address; your title, company and other profile information you provide; demographic information; and information you upload like photos, files, and documents.
- Google User Data — when you download our application, inSync may access your G Suite account subject to approval by enterprise administrator. If the access is not granted, the application will not access any of the Google user data. The Google user data is encrypted by the inSync Application prior to being backed up to the cloud.
- Payment information — if you choose to use a paid Druva account or service, our payment processing vendor collects your credit card information and billing address.
- Remote Wipe — Our InSync Device Application for Android uses a special permission BIND_DEVICE_ADMIN from end users to allow administrators to securely remotely delete data from inSync Application in an event of the device being stolen or lost. This feature is subject to enterprise administrator’s enablement and must be accepted by the end user.
- Submissions and customer service — from time to time we may use surveys, contests, or sweepstakes requesting personal or demographic information and customer feedback. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information.
- When you download and use our services — we automatically collect information on the type of device you use, operating system version, and the device identifier (or “UDID”). We also access the device file storage for photos and contacts. You can opt out of this at the device level.
- We do not ask for, access or track any location-based information from your mobile device at any time, unless the Data Loss Prevention (DLP) add-on is activated when using our Mobile Apps or Services. A user must explicitly turn on the location information feature but may or may not be able to disable this feature depending on their organization policy.
- Mobile Analytics – We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and from where the application was downloaded. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
Information Related to Data Collected through the Druva inSync Platform
Druva collects information under the direction of its clients, and has no direct relationship with the individuals whose personal data it processes. The use of information collected through our service shall be limited to the purpose of providing the service for which the client has engaged Druva.
Choice of Data Controlled by Our Clients
If you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly.
Service Provider, Sub-Processors/Onward Transfer
Druva may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this policy regarding notice and choice and the service agreements with our clients.
Access to Data Controlled by Our Clients
An individual who seeks access, or who seeks to correct, or delete inaccurate data should direct his query to Druva’s client, the data controller. If the client requests Druva to remove the data, we will respond to their request within 30 business days.
Retention of Data Controlled by Our Clients
Druva will retain personal data we process on behalf of our clients for as long as needed to provide services to our client. We will retain this personal information we process for our clients as necessary to comply with our obligations, resolve disputes, and enforce our agreements.
Use of Personal Information
In general, we use your personal information to process your requests or transactions, to provide you with information or services you request, to inform you about other information, events, promotions, products, or services we think will be of interest to you, to facilitate your use of, and our administration and operation of the InSync Application, and to otherwise serve you and our users. For example, we may use your personal information:
- To request feedback and to enable us to develop, customize, and improve the Site and our publications, products, and services;
- To conduct marketing analysis, to send you surveys or newsletters, to contact you about services, products, activities, special events, or offers from Druva or our partners, and for other marketing, informational, product development, and promotional purposes;
- To send you a welcoming email and to contact you about your use of the InSync Application; to respond to your emails, submissions, comments, requests, or complaints; to perform after-sales services; to anticipate and resolve problems with our service; to respond to customer support inquiries, for assistance with our product and service development; and to inform you of updates to products and services from Druva that better meet your needs;
- To store contacts you enter or upload into your contacts list for your private use and viewing;
To send emails to users you invite (and contacts you invite to become users) to collaborate and access your files;
- To enable you to communicate, collaborate, and share files with users you designate;
- To contact you if you win a contest; and
- For other purposes about which we notify you.
Sharing of Personal Information
If you are an individual Druva registered user, and the domain of the primary email address associated with your Druva account is owned by your employer and that email address was assigned to you as an employee of that organization, and that organization wishes to establish a Druva corporate account and add you to it, then certain information concerning past use of your individual account may become accessible to that organization’s administrator including your email address. Druva includes collaboration features that by their nature support sharing with users you choose. Those users can see your name, email address, photo and information from your Profile page, and any files you choose to share; and they can post comments and email you. Collaborators you invite as editors can also edit your shared files, upload documents and photos to your shared files, share those documents outside of Druva, and give other users rights to view your shared files.
Network and Information Security
Druva takes reasonable steps to protect information we collect from you and our platform to prevent loss, misuse and unauthorized access, disclosure, alteration, and destruction. In addition, highly confidential personal information, such as passwords that we request from you on our Site and the platform, is protected with encryption, such as Secured Socket Layer (SSL) protocol, during transmission over the Internet. The servers on which information is stored are kept in a controlled environment with limited access. While we take reasonable efforts to guard personal information we knowingly collect directly from you, no security system is impenetrable. In addition, we cannot guarantee that any passively-collected personal information you choose to include in documents you store on our systems are maintained at adequate levels of protection to meet specific needs or obligations you may have relating to that information. For some customers, your account information and access to our service is accessible only through the use of an individual user ID and password. To protect the confidentiality of personal information, you must keep your password confidential and not disclose it to any other person. Please advise us immediately if you believe your password has been misused. In addition, always log out and close your browser when you finish your session. Please note that we will never ask you to disclose your password in an unsolicited phone call or email.
Access and Choice
Upon request Druva will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by emailing email@example.com. We will respond to your request within 30 days.
Druva acknowledges that you have the right to access your personal information. Druva has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to Druva’s Client (the data controller). If requested to remove data we will respond within a reasonable timeframe.
We send you push notifications from time-to-time in order to perform administrator initiated backups and restores and device decommissioning. If you wish to opt out of push notifications on your mobile device, please change your settings at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We do not retain geo-location information, except current known location when DLP service is activated.
Druva may send you communications or data regarding our services, including but not limited to (i) notices about your use of our services, including any notices concerning violations of use, (ii) updates, (iii) promotional information and materials regarding our products and services, and (iv), newsletters. You may opt-out of receiving promotional emails and newsletters from Druva by following the opt-out instructions provided in those emails. You may also opt-out of receiving promotional emails and other promotional communications from us at any time by emailing firstname.lastname@example.org with your specific request. Opt-out requests will not apply to transactional service messages, such as security alerts and notices about your current account and services.
If you have any questions about this Policy, you should first contact us at email@example.com.
Additional Limits on Use of Your Google User Data
- Druva will only use access to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings to provide users with backup, download, restore, delete and search capabilities and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
- Druva will not use this Gmail data for serving advertisements.
- Druva will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for Druva’s internal operations and even then only when the data have been aggregated and anonymized.
Any questions about this Policy should be addressed to firstname.lastname@example.org or through the contact information below.
800 W. California Avenue, Suite 100
Sunnyvale, CA 94086
1 Druva means Druva Technologies Pte. Ltd., a Republic of Singapore company, Druva Data Solutions Private Limited, a Republic of India company, Druva Europe Limited, an England and Wales, United Kingdom company, Druva Inc., a Delaware, United States company, Druva G.K., a Japan company, Silver Lining Cloud Consulting Limited (CloudRanger) and all other Druva subsidiaries