BetterCloud Product Privacy Statement
Effective Date: December 19, 2019
BetterCloud, Inc. (“BetterCloud”) provides a SaaS Operations Management & Security platform that empowers IT and Security teams to define, remediate, and enforce management and security policies for SaaS applications. This Product Privacy Statement explains how BetterCloud collects, uses, discloses, and otherwise processes end user personal information or personal data on behalf of its corporate customers in connection with our products and services (collectively, the “Services”).
Personal information or personal data refers to any data or information which relates to an identified or identifiable natural person, and are subject to applicable data protection laws, such as the EU General Data Protection Regulation 2016/679 (“GDPR”) or the California Consumer Privacy Act (Assembly Bill 375), as amended (“CCPA”). BetterCloud is the data processor (under GDPR) or service provider (under CCPA) and BetterCloud’s customers are the data controllers (under GDPR) or businesses (under CCPA) with respect to such personal data or personal information.
BetterCloud’s processing of personal information in connection with the Services is governed by this Product Privacy Statement and our agreements with each customer (in each case, a “Customer Agreement”). In the event of any conflict between this Product Privacy Statement and the corresponding Customer Agreement, the Customer Agreement will control to the extent permitted by applicable law. Please note that in certain instances, BetterCloud may act as an independent controller or business of personal information or personal data with respect to its own processing activities.
This Product Privacy Statement is not a substitute for any privacy notice that BetterCloud customers are required to provide to their employees or other end users.
Data We Collect
Data provided to us by our customers and their end users in connection with their use of the Services. This may include personal information or personal data that end users provide when they:
- Set up an account or create a user profile (such as first and last name, address, email address, telephone number, department and job title, profile picture, and IP address),or
- Contact customer support or otherwise correspond with us by phone, email, or other means.
Data about end users’ use of the Services. We collect data about end users’ use of the Services as necessary to implement customer-created alerts and policies, including:
- Data provided through customer applications connected to the Services, such as first and last name, gender, address, email address, telephone number, department and job title, photograph, IP address, and operating system and domain information, and
- Data collected by automated means, such as cookies (e.g., essential cookies) and web beacons. For example, through our use of Pendo.io and FullStory. For more information, please visit our sub-processor page.
How We Use Data
We use the data we collect at the instruction of our customers and in accordance with our Customer Agreements, to provide the Services and for related internal purposes, including:
- Enable end users to access and use the Services;
- Provide the Services, including investigating customer-designated triggered events, remediating customer-designated policy violations, and enforcing customer-created alerts and policies;
- Provide information about the Services, such as important updates or changes to the Services, security alerts, training and the availability of new features;
- Improve the Services and develop new products and services;
- Respond to inquiries, complaints, and requests for customer support;
- We may also use personal information or personal data as we believe necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity; and
- In an aggregated, de-identified and generic manner: to market the Services, survey usage, set benchmarks, feature suggestions, product analytics, new product features or Services, Services utilization analyses and related purposes.
How We Share Data
We share the data we collect:
- With BetterCloud customers, to the extent the data pertains to the customer’s end users;
- With third party service providers that help us provide, manage and improve the Services (you can see our list of third party Sub-Processors here), and
- With BetterCloud subsidiaries and corporate affiliates.
We may also share personal information or personal data with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity, in the event of active or prospective litigation or arbitration, for regulatory compliance efforts and/or audit.
Information Security and Protection of Data
BetterCloud uses appropriate, commercially reasonable physical, electronic, and procedural safeguards to protect personal data from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction in accordance with applicable law. We cannot, however, guarantee that any safeguards or security measures will be sufficient to prevent a security problem. We recommend that our customers take steps to protect against unauthorized access to any devices, networks and applications connected to the Services. See the Security & Compliance section of the website and the Customer Agreements for additional information regarding BetterCloud’s information security practices.
Data Subject Rights under GDPR & Right to Request to Know or Request to Delete under CCPA
BetterCloud customers are the data controllers/businesses of end users’ personal information or personal data. As the data controllers/businesses, BetterCloud customers are responsible for receiving and responding to requests from end users and other individuals to exercise any rights afforded to them under applicable data protection law. BetterCloud will assist customers in responding to such requests as set forth in the Customer Agreement.
Cross-Border Data Transfer
BetterCloud provides its Services primarily from the United States, where we are headquartered. In order to provide the Services, BetterCloud or its Sub-Processors may transfer personal information or personal data about its end users outside of the country in which end users are located, including to the United States or to other jurisdictions that may not be subject to equivalent data protection laws. See the Customer Agreements for additional information regarding how BetterCloud and its Sub-Processors safeguard the personal information they, respectively, transfer across borders.
When transferring personal information or personal data across borders we take steps reasonably necessary to ensure that the information or data is subject to appropriate safeguards, is treated securely and is transferred under an approved data transfer mechanism pursuant to applicable data protection laws.
In order to sign BetterCloud’s GDPR Data Protection Agreement with BetterCloud, please click here.
EU-U.S. and Swiss-U.S. Privacy Shield
BetterCloud, participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom (UK), and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List.
BetterCloud retains personal information or personal data for as long as necessary to (a) provide the Services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of Customer Agreements. Please see your Customer Agreement for additional information regarding BetterCloud’s data retention practices.
Non-BetterCloud Applications & Third Party Products and Services
The Services may integrate with or enable access to Non-BetterCloud Applications or third party tools. End users that register, install or access any Non-BetterCloud Applications or third party tools may be required to accept privacy notices provided by those third parties. Please review those notices carefully, as BetterCloud does not control and cannot be responsible for these providers’ privacy or information security practices.
Additional Information regarding European Union, Swiss, and UK Personal Data
BetterCloud’s legal bases for our processing of personal information is based on one or more of the following:
|Bases for Processing||Explanation
|Contract||Our performance of the Customer Agreements|
|Legitimate Interest||For example, we may use your data for fraud and security monitoring to ensure our networks and websites are secure, to administer or conduct our business (for example, record keeping and billing), and to respond to your inquiries and complaints.|
|Legal Obligation||Our compliance with a legal obligation that we are or may be subject to.|
|Consent||The consent provided to us when an end user shared or submitted their personal information with or to us.|
Additional Information regarding Californian Personal Information BetterCloud understands and will comply with the foregoing restrictions and the applicable requirements of the CCPA. For the purposes of the CCPA, BetterCloud is a service provider. BetterCloud does not receive any personal information, as defined by the CCPA, from its customers as consideration for the Services. BetterCloud will not collect, retain, share or use personal information except as necessary to provide the Services. We do not, and will not, sell, as defined under CCPA, personal information. For additional information, please visit our “Do Not Sell My Info” page here and refer to your Customer Agreement.
Changes to the Product Privacy Statement
If we make material changes to this Product Privacy Statement, we will notify you in a manner that we believe will be reasonably likely to reach you (which may include email, a specific announcement on this page, our website, or on our blog).
If you have any questions about this Product Privacy Statement, you can contact our privacy team at email@example.com or write to us at:
330 7th Avenue
New York, NY 10001
If you need to access this notice in an alternative format, please contact us at firstname.lastname@example.org.