Privacy Notice of Stormshield Data Security

Stormshield SAS (also known as, "Stormshield", or "we" or "us") appreciate your interest in our products, services and business lines and your use of our websites, portals and "apps" ("Websites"). Your privacy is important to us and we want you to feel comfortable using our websites. The protection of your privacy and Personal Data is an important concern to which we pay special attention throughout our business processes. Personal Data collected during use of our website is processed by us according to the legal regulations valid in European Union.

However, the website will include links to other websites or applications which are not necessarily covered by this Privacy Notice. In this event, we encourage you to carefully read the privacy policies of such websites.

Personal data that is collected when you use the services of SDS Management Center and Encryption Portal are processed by us in accordance with the regulations in force in the European Union.

Stormshield is committed to protecting the rights of individuals in line with the General Data Protection Regulation (reference EU2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (hereinafter referred as: 'GDPR') as well as each applicable national Personal Data protection laws and regulations (collectively referred as "Data Protection Laws and Regulations").

This Privacy Notice will inform you of the Personal Data we collect when you access/use the service; how we use and disclose your data; how you can control the use and disclosure of your data; and how we protect your Personal Data.

What is Personal Data?

Personal Data is information that can be used to identify a person either directly or indirectly (hereinafter referred as : 'Personal Data'. A 'personal identifier' is a piece of information that can identify an individual. This definition covers a wide range of personal identifiers to constitute Personal Data, including name, address, email address, identification number, location data or online identifier.

Which sources and what Personal Data do we use?

When you use this service, Stormshield will collect, use and process any Personal Data you provide us (e.g. your name, date of birth, company name etc.) and any information generated as a result of using the service, such as IP address, the date and length of visit to the site, the pages you view etc.

What are the purposes of the processing of your Personal Data?

By using the Website, Stormshield will collect and process your Personal Data in accordance with this Notice. Your Personal Data may be used for the following purposes (hereinafter referred as : the 'Purposes'):

1. Website Browsers / Administration

We use your Personal Data for administrative purposes, including to help us better understand how our customers access and use our websites and applications; to provide reports to prospective partners, service providers, regulators, and others; to implement and maintain security, anti-piracy, fraud prevention, and other services designed to protect our customers, partners and us; and to enforce our policies, directives and processes.

2. Marketing

To the extent permitted by law, we may use your Personal Data for marketing and promotional purposes, including communications through email or equivalent electronic means. For example, we use your Personal Data, such as your email address, to send news and newsletters, special offers, promotions and competitions, to invite you to an event organized by STORMSHIELD or to otherwise contact you about services or information we think will interest you.

3. Communication

We use your Personal Data to communicate with you, including responding to requests for assistance. We can communicate with you in a variety of ways, including email and via your social media accounts if you have agreed, and/or text message.

4. Customer service

We use your Personal Data for customer service purposes, including providing services to you, for technical support or other similar purposes and provide you with tailored and personalized content and information based on your purchases of STORMSHIELD products; provide you with new updates; track the registration of your products; generate statistics on the deployment and use of our solutions; manage the exchange of defective products; determine the effectiveness of our marketing campaigns...

5. Research and development

We use your Personal Data for research and development purposes, including improving our websites, applications, services, and customer experience and for other research and analytical purposes dedicated to improving our products, services, businesses, operations and processes.

6. Legal compliance

We use your Personal Data to comply with applicable legal obligations, including responding to an authority or court order or discovery request.

7. To protect us and others

Where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of policies, terms, and other policies.

What is the basis for processing of your Personal Data?

As a responsible company, we need a lawful basis for collecting and/or processing your data. We generally rely on a number of grounds (reasons) for our business processing.

We process your Personal Data in accordance with the provisions set out in the GDPR and the relevant applicable Data Protection Laws and Regulations. The legal basis for processing your Personal Data are:

1. To comply with contractual obligations

When you subscribe to a particular service through the service, the purposes of processing your Personal Data are primarily determined by that service and we will process your information so that we can provide that service to you.

2. As a result of your consent

When you have consented to the processing of your Personal Data by us for certain services through the service, you can withdraw consent at any time by following the instructions provided in the application process or by contacting us at dpo@stormshield.eu. For further information on the right of withdrawal, please see below Section "Am I obliged to provide my Personal Data?"

3. Within the scope of a legitimate interest

On occasion we may not need your consent to use your data, given our legitimate interest to do so but we must inform you that we do this; examples of this are:

  • For the analysis and optimisation of the service.
  • For ensuring IT security and the IT operation of Stormshield.
  • For prevention and investigation of criminal acts.

4. On the basis of Stormshield' legal obligations or in the public interest

Stormshield, as any other company, is subject to legal obligations and regulations. In some cases the processing of your Personal Data will be necessary for Stormshield in other to fulfil these obligations.

Who will receive your Personal Data?

  • Authorised persons working for or on behalf of Stormshield;
  • Stormshield, on a need-to-know basis for the purposes as outlined in this Privacy Notice;
  • Our agents, service providers and advisers (e.g. Third party service providers and advisers providing the variety of products and services we need such as IT maintenance and support, procurement services, logistic services, etc.);
  • Law enforcement or government authorities where necessary to comply with applicable law.

Will your Personal Data be transferred to a third country outside the European Economic Area (EEA)?

Stormshield processes your Personal Data mostly in the EEA.

Which countries will Stormshield transfer Personal Data to?

Stormshield is based in Europe, we are processing of personal information mainly in Europe.

For how long will your Personal Data be stored?

We process and store your Personal Data for 30 (thirty) days.

If your Personal Data is no longer required for the performance of the contractual or statutory obligations, these will be erased on a regular basis unless further processing is necessary, for instance, for preserving particular evidence under the applicable Data Protection Laws and Regulations, or in the context of legal statutes of limitation.

Security

We use technical and organisational security measures in order to protect the data we have under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorised persons. Our security procedures are continually enhanced as new technology becomes available.

What are your rights and how to exercise them?

You may at any time exercise your data protection rights:

  • Right to access/obtain a report detailing the information held about you: You have the right to obtain confirmation as to whether or not your Personal Data is being processed by Stormshield and if so, what specific data is being processed.
  • Right to correct Personal Data: You have the right to change any inaccurate Personal Data concerning you.
  • Right to be forgotten: In some cases, for instance, when the Personal Data is no longer necessary in relation to the Purposes for which they were collected, you have the right for your Personal Data to be erased.
  • Right to stop the processing of your data: You have the right to restrict the processing of your Personal Data by Stormshield, for instance when the processing is unlawful and you oppose the erasure of your Personal Data. In such cases, your Personal Data will only be processed with your consent or for the exercise or defense of legal claims.
  • Right to data portability: Under some circumstances provided by law, you have the right to receive the Personal Data concerning you in a structured, commonly used and machine-readable format and/or transmit those Personal Data to another data controller.
  • Right to object and to withdraw consent: please see below section "Am I obliged to provide my Personal Data?"

To this effect, please contact Stormshield in writing either by e-mail at the following address: dpo@stormshield.eu or by writing to the addresses below, enclosing a copy of a document evidencing your identity.

Stormshield, Data Protection Officer, 1 Place VERRAZZANO, 69009 LYON, France

Am I obliged to provide my Personal Data?

You may at any time object to the processing of your Personal Data or where your consent is required, withdraw such consent by contacting us at dpo@stormshield.com; However, please note that if you withdraw your consent, you may not be able to access and use certain information, features or services of the service.

To what extent will decision-making be automated?

As a matter of principle, we do not use fully automated decision-making processes. In the event that we should use such processes in individual cases, we will if prescribed by law, specifically inform you of this and of your rights in this respect.

Will profiling take place?

As a matter of principle, your Personal Data will not be processed automatically with the objective of evaluating certain personal aspects (profiling). In the event that we should process your Personal Data with the objective of conducting profiling, we will, if prescribed by law, specifically inform you of this and of your rights in this respect.

How can I contact Stormshield in respect of my Personal Data?

If you are unhappy with the way in which your Personal Data has been processed or should you have questions regarding the processing of your Personal Data, you may refer in the first instance to the Stormshield Data Protection Officer, who is available for enquiries or complaints, at the following email address: dpo@stormshield.eu or you can write to the address below:

Stormshield, Data Protection Officer, 1 Place VERRAZZANO, 69009 LYON, France

Can I ask for assistance to the competent authorities?

If you remain unsatisfied, then you have the right to apply directly to a Data Protection Supervisory Authority. Listed below are the four main European countries where Stormshield operates and the relevant Supervisory Authority.

FRANCE: CNIL: Supervisory Authority France

GERMANY: Datenschutz-hamburg: Supervisory Authority for Stormshield Operations GmbH

or lda Bayern: Supervisoy Authority for Stormshield Companies in Bavaria, Germany

or any other competent regional German authority as the case may be,

SPAIN: AGPD.Supervisory Authority Spain

UK: ICO: Supervisory Authority UK

Cookies

What are cookies?

Cookies are small files that may be downloaded on your device when you access and use our Website. They allow the Website to recognise your device and store information about your preferences or past actions. We use cookies to record the preferences of our users, to enable us to optimise the design of our Website. They ease navigation, and increase the user-friendliness of websites and applications. Cookies also help us to identify the most popular sections of our Website. This enables us to provide content that is more accurately suited to your needs, and, in doing so, improve our service. Cookies can be used to determine whether there has been any contact between us and your device in the past.

Only the cookie on your device is identified. Personal details can be saved in cookies, provided that you have consented. For example, cookies may be used to facilitate secure online access so that you do not need to enter your user ID and password again.

Which cookies do we use?

Please find below a table with specific information for each cookie that we may use on our Website:

Name Description Lifecycle
acceptanceCookie Storage of cookie acceptance 13 months
languageCookie Language for product administration session
tokenCookie User authentication token 200 min
NG_TRANSLATE_LANG_KEY User language infinite
sds.cookies Date on which the user accepted the cookie infinite
sds.user User information Delete when user logs out

If you continue browsing this Website, we understand that you accept the use of cookies. You can revoke this consent at any time. You can also manage and control the cookies we use on our Website through the use of cookies tools.

How can you disable or delete cookies?

If you choose not to accept cookies, you can't access and use our Website. Most browsers automatically accept cookies. You can prevent cookies from being stored on your device by setting your browser to not accept cookies. The exact instructions for this can be found in the manual for your browser. You can delete cookies already on your device at any time. However, if you choose not to accept cookies that are strictly necessary for the provision of our services provided by our Website, it may result in a reduced availability of such services.

For the purpose of statistical analysis, we use analytics tools such as Adobe Analytics, or Google Analytics. You may object at any time to the collection and analysis of statistical data regarding your access to and use of our Website by contacting us using the "contact us" function within our Website.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Modification of the Privacy Notice

Stormshield will update this Privacy Notice from time to time in order to reflect the changes in our practices and services and also to remain compliant to Data Protection Laws and Regulations. We will inform you of any substantial modification in how we process your Personal Data.