Product Privacy Statement
BetterCloud Product Privacy Statement
Effective Date: August 14, 2020
BetterCloud, Inc. (“BetterCloud”) provides a SaaS Operations discovery, management & security platform that empowers IT and security teams to define, remediate, and enforce discovery, management and security policies for SaaS applications. This Product Privacy Statement explains how BetterCloud collects, uses, discloses, and otherwise processes end user personal information or personal data on behalf of its corporate customers in connection with our products and services (collectively, the “Services”).
Personal information or personal data refers to any data or information which relates to an identified or identifiable natural person, and are subject to applicable data protection laws, such as the EU General Data Protection Regulation 2016/679 (“GDPR”); any laws or regulations that amend, supplement, supersede, repeal or replace the GDPR or that are intended to ensure the continued application of the GDPR in the United Kingdom once it ceases to be a member state of the European Union (including the Data Protection Act 2018 (collectively, “UK Privacy Law”); and the California Consumer Privacy Act (Assembly Bill 375), as amended (“CCPA”), or any successor laws of the above. BetterCloud is the data processor (under GDPR and UK Privacy Law) or service provider (under CCPA) and BetterCloud’s customers are the data controllers (under GDPR and UK Privacy Law) or businesses (under CCPA) with respect to such personal data or personal information.
BetterCloud’s processing of personal information in connection with the Services is governed by this Product Privacy Statement and our agreements with each customer (in each case, a “Customer Agreement”). In the event of any conflict between this Product Privacy Statement and the corresponding Customer Agreement, the Customer Agreement will control to the extent permitted by applicable law. Please note that in certain instances, BetterCloud may act as an independent controller or business of personal information or personal data with respect to its own processing activities.
This Product Privacy Statement is not a substitute for any privacy notice that BetterCloud customers are required to provide to their employees or other end users.
Data We Collect
Data provided to us by our customers and their end users in connection with our customers’ use of the Services. This may include personal information or personal data that our customers or their end users provide when they:
- Set up an account or create a user profile (such as first and last name, address, email address, telephone number, department and job title, profile picture, and IP address)/li>
- Connect customer applications to the Services, such as first and last name, gender, address, email address, telephone number, department, job title, manager, profile picture, and other contact or job-related information; or
- Contact customer support or otherwise correspond with us by phone, email, or other means.
Data about end users’ use of the Services. We collect data about end users’ use of the Services as necessary to implement customer-created alerts, policies, workflows, and searches, including:
- Data provided through the SaaS applications connected to the Services, such as email address, IP address, and operating system and domain information; and
- Data collected by automated means, such as cookies (e.g., essential cookies) and web beacons. For example, through our use of Pendo.io and FullStory. For more information, please visit our sub-processor page.
How We Use Data
We use the data we collect at the instruction of our customers and in accordance with our Customer Agreements, to provide the Services, and for related internal purposes, including to:
- Enable end users to access and use the Services;
- Provide the Services, including sending customer-designated alerts and enforcing customer-created policies;
- Provide information about the Services, such as important updates or changes to the Services, security alerts, training and the availability of new features;
- Improve the Services and develop new products and services;
- Respond to inquiries, complaints, and requests for customer support;
- We may also use personal information or personal data as we believe necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity; and
- In an aggregated, de-identified and generic manner: to market the Services, survey usage, set benchmarks, feature suggestions, product analytics, new product features or Services, Services utilization analyses and related purposes.
How We Share Data
We share the data we collect:
- With BetterCloud customers, to the extent the data pertains to that customer’s end users;
- With third party service providers that help us provide, manage and improve the Services (you can see our list of third party Sub-Processors here), and
- With BetterCloud subsidiaries and corporate affiliates.
We may also share personal information or personal data with government, law enforcement officials (you can review Our Transparency Report for more information), or private parties, when we believe such disclosure is necessary or appropriate to (a) comply with applicable law (but only if strictly required in the reasonable opinion of Our counsel); (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity, in the event of active or prospective litigation or arbitration, for regulatory compliance efforts and/or audit.
Information Security and Protection of Data
BetterCloud uses appropriate, commercially reasonable physical, electronic, and procedural safeguards to protect personal data from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction in accordance with applicable law. We cannot, however, guarantee that any safeguards or security measures will be sufficient to prevent a security problem. We recommend that our customers take steps to protect against unauthorized access to any devices, networks and applications connected to the Services. See the Security & Compliance section of the website and the Customer Agreements for additional information regarding BetterCloud’s information security practices.
Data Subject Rights under GDPR and UK Privacy Law & Right to Request to Know or Request to Delete under CCPA
BetterCloud customers are the data controllers/businesses of end users’ personal information or personal data. As the data controllers/businesses, BetterCloud customers are responsible for receiving and responding to requests from end users and other individuals to exercise any rights afforded to them under applicable data protection law. BetterCloud will reasonably assist customers in responding to such requests as set forth in the Customer Agreement.
Cross-Border Data Transfer
BetterCloud provides its Services primarily from the United States, where we are headquartered. In order to provide the Services, BetterCloud or its Sub-Processors may transfer personal information or personal data about its end users outside of the country in which end users are located, including to the United States or to other jurisdictions that may not be subject to equivalent data protection laws. See the Customer Agreements for additional information regarding how BetterCloud and its Sub-Processors safeguard the personal information they, respectively, transfer across borders.
When transferring personal information or personal data across borders we take steps reasonably necessary to ensure that the information or data is subject to appropriate safeguards, is treated securely and is transferred under an approved data transfer mechanism pursuant to applicable data protection laws, including for example Standard Contractual Clauses.
In order to sign BetterCloud’s Data Protection Agreement with Standard Contractual Clauses with BetterCloud, please click here.
EU-U.S. and Swiss-U.S. Privacy Shield
BetterCloud, participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List.
BetterCloud retains personal information or personal data to (a) provide the Services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of Customer Agreements. Please see your Customer Agreement for additional information regarding BetterCloud’s data retention practices.
Non-BetterCloud Applications & Third Party Products and Services
The Services may integrate with or enable access to Non-BetterCloud Applications or third party tools. End users that register, install or access any Non-BetterCloud Applications or third party tools may be required to accept privacy notices provided by those third parties. Please review those notices carefully, as BetterCloud does not control and cannot be responsible for these providers’ privacy or information security practices.
Additional Information regarding European Union, Swiss, and UK Personal Data
BetterCloud’s legal bases for our processing of personal information is based on one or more of the following:
|Bases for Processing||Explanation
|Contract||Our performance of the Customer Agreements|
|Legitimate Interest||For example, we may use your data for fraud and security monitoring to ensure our networks and websites are secure, to administer or conduct our business (for example, record keeping and billing), and to respond to your inquiries and complaints.|
|Legal Obligation||Our compliance with a legal obligation that we are or may be subject to.|
|Consent||The consent provided to us when an end user shared or submitted their personal information with or to us.|
Additional Information regarding Californian Personal Information BetterCloud understands and will comply with the foregoing restrictions and the applicable requirements of the CCPA. For the purposes of the CCPA, BetterCloud is a service provider. BetterCloud does not receive any personal information, as defined by the CCPA, from its customers as consideration for the Services. BetterCloud will not collect, retain, share or use personal information except as necessary to provide the Services. We do not, and will not, sell, as defined under CCPA, personal information. For additional information, please visit our “Do Not Sell My Info” page here and refer to your Customer Agreement.
Changes to the Product Privacy Statement
If we make material changes to this Product Privacy Statement, we will notify you in a manner that we believe will be reasonably likely to reach you (which may include email, a specific announcement on this page, our website in our platform, or on our blog).
If you have any questions about this Product Privacy Statement, you can contact our privacy team at email@example.com or write to us at:
330 7th Avenue
New York, NY 10001
If you need to access this notice in an alternative format, please contact us at firstname.lastname@example.org.