Privacy Policy
Last Reviewed on: July 1, 2024
This Privacy Policy (“Privacy Policy”) describes how Akeyless Security Ltd., together with its subsidiary Akeyless Security USA, Inc. (collectively, “Akeyless”, “we”, “us” or “our”) collect, use and disclose certain information including Personal Data, and the choices you make about the information.
This Privacy Policy is an integral part of our Terms of Service (“Terms”), and governs the processing and transfer of Personal Data (as defined below) collected when you sign up for and use our cloud-based SaaS solution (“Customer” and “Services” respectively), or merely when you visit and browse our website available at: https://www.akeyless.io/ (“website“), apply for a job (“Candidate”), or engage with our blogs, demos, or other similar forums available through the website (“Prospect”).
Any capitalized terms not defined herein shall have the meaning ascribed to them in the Terms. Visitors and Customers shall be further, collectively and separately, referred to as “you“.
Note you are not required by law to provide us with any Personal Data. Sharing any data with us is entirely voluntary.
This Privacy Policy applies to all individuals world-wide, however, certain jurisdictions require that applicable disclosures will be provided in a certain way and format, and therefore additional notices apply as follows:
Additional Information to California Residents: In the event you are a California resident– please also review our CCPA Privacy Notice to learn more about our privacy practices with respect to the California Consumer Privacy Act.
Additional Notice to Specific US States Residents: In the event you are a resident of certain US states, additional disclosures and rights may apply to you – please also review Section 13 below, ”US States Privacy Notices”, to learn more about our privacy practices and your rights under the privacy and data protection legislation which may apply to you as a resident of those states.
1. POLICY AMENDMENTS
We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of thus Privacy Policy will always be posted on the website and the update date will be reflected in the “Last Amended” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.
2. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION
Akeyless Security Ltd. incorporated under the laws of the state of Israel, is the Controller (as such term is defined under the General Data Protection Regulations “GDPR” or equivalent privacy legislation) of the Personal Data we collect from you.
For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact as follows:
DPO Contact Information: [email protected]
By Mail:
Akeyless Security Ltd.
Ze’ev Jabotinsky St. 7, 33 Floor, Ramat Gan, Israel 5252007
Representative for data subjects in the EU and UK Contact Information:
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website https://prighter.com/q/19968914192
3. INFORMATION PROCESSED BY AKEYLESS
We may collect two types of information from you, depending on your interaction with us.
The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual from who we have collected the Non-Personal Data. Non-Personal Data which is being gathered consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, your action in the website or Services (such as session duration and page impressions), or approximate geo-location.
The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data”).
For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.
The table below details the types of Personal Data we process, the purpose, lawful basis, and our processing operations:
| Type of Data | Purposes of Processing | For EU individuals – Legal Basis under the GDPR |
|---|---|---|
| PROSPECTS | ||
| Online Identifiers and Telemetry Data: When you interact with our website, landing pages, or otherwise, we may collect your online identifiers, such as IP address and Cookie ID, unique identifiers, etc. (“Online Identifiers”). We further collect information regarding your use and interaction with our website, this information includes the referring URL, the webpage directing you to our website, and other websites you visited in the session, your interests in our competitors, how you interact with our webpage, time, duration of use, pages you have viewed or clicked on our website (“Telemetry Data”). We are further able to track your behavior with other assets, such as- did you open and read the emails we sent. | Operation, Marketing and Analytics: Online Identifiers and cookies are used, in particular, to automatically recognize you the next time you enter the website, to authorize you are a person, and to operate the website, enable its proper functionality. Telemetry Data are indirectly processed by marketing and analytic tools, for analytic and remarketing and retargeting purposes, inter alia, through the use of third-party tools. | Strictly necessary cookies which are required for the proper and basic operation of the website will be processed in our legitimate interest. Other cookies, including any analytic or marketing cookies, will be processed based on your consent which we will obtain through our cookie notice and consent management. You may withdraw consent at any time by using the cookie preference settings: https://www.akeyless.io/cookie-declaration/ |
| Contact Information: In the event you contact us any other inquiries, either through an online form available on the website (i.e., the contact us page or support ticket), by sending us an email or by any other means of communications we may make available to you, register to webinar, newsletter, provide your feedback, respond to a survey, or otherwise, you will be requested to provide us certain information such as your name, job title, company name, email address, phone number, as applicable (“Contact Information”). | Newsletter Registration, Respond to Query: We will use your Contact Information for the purpose of responding to your inquiries. The correspondence and its contents with you may be processed and stored by us in order to improve our customer service and in the event we believe it is required to continue to store it, for example, in the event of any claims or in order to provide you with any further assistance (if applicable). We will use your Contact Information to send you emails and other information you requested. | We process this information subject to our legitimate interest. If you are contacting us on behalf of another person, we value your assistance and care for others, please note that it is your responsibility to make sure that any person whose Personal Data you provide is aware of the principles of this statement and agrees that you will provide Personal Data to us on this basis. If you register to our newsletter we process this information subject to your consent. You may withdraw consent at any time using the “unsubscribe” option within the email. |
| CUSTOMERS | ||
| Contact Information: When you contact us for customer support, we will process your Contact Information. In order to use our Services, (including the free trial) you will be required to register and open an account. During the registration process you will be requested to provide us with your Contact Information and additional information on the company you represent. You may register through your GitHub or Google account, which may share certain information about you. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting it to the Services. | Customer Support, free trial, direct marketing and account creation: We will use the Contact Information to provide the customer support needed, the Services and to send you service communications, promotions, such as new features, additional offerings, special opportunities etc. (“Direct Marketing”). We will retain such correspondence for as long as needed. | We process such information to fulfill our contractual obligations and provide the support services, creating an account, provide the services, demo or free trial, all as agreed in the terms of use, EULA or other agreement governing your use of the Service. Processing of this Contact Information for Direct Marketing purposes is made subject to our legitimate interest. You can opt-out at any time using the “unsubscribe” option within the email. |
| Payment Details: As part of the Services, you may need to provide us with your payment details including credit card and bank account information. | We use this information for billing purpose, for the purpose of enabling you to use the Services. | We process this information for the purpose of performing our contract with you. |
| Telemetry Data: When you use the Services, access your account, the web-app cloud-based environment is monitored, we automatically process generate and collected, information on how you use the Services, the click streams within Services, the features used, duration, the credentials (access logs that identify your email, user name, and credentials), crash data and analytics, etc. We record how you interact with our Service. We log crashes and access. | Safety, Providing/improving the Services, and Operations: We use this information to help us to understand how you are using the Services, and how to better provide and improve our Services. This helps us to better understand our business, analyze our operations, maintain, improve, innovate, plan, design, and develop the Service and our new products. We also use such data for statistical analysis purposes, to test and improve our offers, decide how to improve the Service based on the results obtained from this processing. | We process this information subject to our legitimate interest. |
| Telemetry Data: When you use the Services, access your account, the web-app cloud-based environment is monitored, we automatically process generate and collected, information on how you use the Services, the click streams within Services, the features used, duration, the credentials (access logs that identify your email, user name, and credentials), crash data and analytics, etc. We record how you interact with our Service. We log crashes and access. | Safety, Providing/improving the Services, and Operations: We use this information to help us to understand how you are using the Services, and how to better provide and improve our Services. This helps us to better understand our business, analyze our operations, maintain, improve, innovate, plan, design, and develop the Service and our new products. We also use such data for statistical analysis purposes, to test and improve our offers, decide how to improve the Service based on the results obtained from this processing. | We process this information subject to our legitimate interest. |
| CANDIDATES | ||
| Candidate Information: When you apply for a job, promoted on our website, we will process your CV (and the information included therein), as well as additional information such as your Contact Information, information regarding your education and skills, employment history, and your photo (to the extent provided by you). Further, where required by law, we may process diversity and inclusion data regarding your candidacy, such as ethnicity, gender, or any disability. In addition, we may collect further information from public and online sources, referees, and former employers and combine such data with your other data. (collectively “Recruitment Information”) | Recruitment: We will use Recruitment Information to process your job application and for our internal recruitment management purposes, for further recruitment steps (e.g., interview), and to enable us to comply with corporate governance and legal and regulatory requirements. Following the completion of the recruitment process, we may further retain and store the Recruitment Information (including other interactions with us under such process) as part of our internal record keeping, including for legal defense from any future claim, as well as, where we find applicable and subject to applicable law requirements, to contact you in the future for other position we believe you qualify for. If you are hired, your Recruitment Information will be kept on our HR systems as part of your employment and our corporate management. | We process Recruitment Information subject to our legitimate interest. In some cases, for example, where we will ask you to provide health related information or diversity and inclusion data, we will process your such data based upon your consent. You may always withdraw consent at any time. We will retain your data for records keeping and future defense from legal claims under our legitimate interest, or if you have provided consent to contact you in the future. We currently use Comeet to manage our recruitment process. We made sure to sign a data processing agreement to ensure your information is secure and processed lawfully. For additional information regarding the Recruitment Information collected and processed by Akeyless please review Akeyless Job Candidates Privacy Policy. |
Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in the “Data Transfer” section 9 below, is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, EULA or other agreement, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.
We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services provided through the website and Services, as detailed above.
4. HOW WE COLLECT INFORMATION
Depending on the nature of your interaction with the website and Services, we may collect information as follows:
- Information you provide us directly – for example, when you register and create an account, apply for a job or correspond with us.
- Information we receive from third parties – for example, through data enrichment partners or if you access the Services through a third-party connection or log-in, such as your GitHub or Google account, such third party may pass certain information about your use of their service to us.
- Information we receive automatically – we will collect your Online Identifiers and Telemetry Data including analytics data (or use third-party measurement and marketing tools). For more information on the cookies, we use and how to opt out of third-party collection of this information, please see our Section 5 below “Cookies & Tracking Technologies”.
5. COOKIES & TRACKING TECHNOLOGIES
We use “cookies” (or similar tracking technologies) when you access or interact with the Services. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, for statistical purposes, as well as for advertising purposes. You can find more information about our use of cookies, as well as change your settings and preferences, as detailed under cookie declaration.
6. SHARING PERSONAL DATA
We share your Personal Data with third parties, including our partners or service providers that help us provide our Services. You can find in the table below information about the categories of such third-party recipients.
| Category of Recipient | Data That Will Be Shared | Purpose of Sharing |
| Service providers | All types of Personal Data | We employ other companies and individuals to perform functions on our behalf. Examples include: sending communications, processing payments, analyzing data, providing marketing and sales assistance (including advertising and event management), identifying errors and crashes, conducting customer relationship management, and providing training. These third-party service providers have access to Personal Data needed to perform their functions, but they are prohibited from using your Personal Data for any purposes other than providing us with requested services. |
| Any acquirer of our business | All types of Personal Data | We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy. |
| Affiliated company | All types of Personal Data | We may share certain information with our affiliated company, for sales and marketing purposes. |
| Law enforcement, governmental agencies or authorized third parties | Subject to law enforcement authority request | For law enforcement, enforcement of our policies and agreements other customer rights and security detections, etc. We may share certain data when we believe it is appropriate to with, governmental agencies or authorized third parties, or protect the rights, property, or security of Akeyless, our customers, or others. |
7. DATA RETENTION
We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out.
Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.
8. SECURITY
At Akeyless, security is our highest priority. We design our systems with your security and privacy in mind. We have implemented physical, technical, and administrative security measures for the Services that comply with applicable laws and industry standards. The methods that we use to protect your Personal Data includes: maintaining compliance programs that validate our security controls; protecting the security of your information during transmission to or from our website, applications, products, or Services by using encryption protocols and software; following the Payment Card Industry Data Security Standard (PCI DSS) when handling credit card data.
Please review our Data Protection Measures to learn more.
Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.
Please contact us at: [email protected] if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.
9. DATA TRANSFER
Due to our global business operation, your Personal Data may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different to the laws of your country. However, in all cases, we will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer.
Specifically, if and where Personal Data collected within the EU are transferred outside the EU (except for transfers to the U.S.), to countries which were not granted with an adequacy decision by the European Commission and therefore do not provide an adequate level of protection to your Personal Data while it is transferred to such third-country, such transfer is subject to and made pursuant with the standard contractual clauses.
Additionally, if and where Personal Data collected within the United Kingdom are transferred outside the United Kingdom (except for transfers to the U.S.), to countries which were not granted with an adequacy decision by the UK Information Commissioner Office (“ICO”) and therefore do not provide an adequate level of protection to your Personal Data while it is transferred to such third-country, such transfer is subject to and made pursuant with the UK standard contractual clauses.
Personal Data transferred from within the EU and the UK to Akeyless Security USA Inc., are subject to the EU-U.S. DPF Principles and to Akeyless adherence to the EU-U.S. DPF and the UK Extension to the EU-U.S, as applicable, as all detailed below under Section 10 “Data Privacy Framework”.
10. Data Privacy Framework
Akeyless Security USA Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF“) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.
The terms “Akeyless”, “we” or “our” as used in this Section 10, shall mean and refer to Akeyless Security USA Inc.
Akeyless has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles“) with regard to the processing of Personal Data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the EU-U.S. DPF Principles shall govern.
To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Independent Recourse Mechanism and Arbitration
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Akeyless commits to resolve all EU-U.S. DPF related complaints about our collection and use of your Personal Data in accordance with the EU-U.S. DPF Principles. EU and UK individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, should first contact the Company at: [email protected]. We will investigate and attempt to resolve any Data Privacy Framework-related complaints or disputes within forty-five (45) days of receipt.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Akeyless further commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (“DPAs”) and the ICO with regard to unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Complaints may be submitted to the EU DPAs or the UK ICO, as appropriate, at no cost to you.
Please note that if your complaint is not resolved through these methods above, a binding arbitration option may be available under limited circumstances. Additional information can be found here: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.
Choice
Akeyless provides data subjects with an opportunity to “opt-out” from any Personal Data Processing where such Personal Data is:
- disclosed to a third party (other than a third party acting on behalf of Akeyless); or
- used for a reason that is incompatible with the purposes for which it was originally collected.
This option to opt-out complements the rights you hold under section 11 below.
To exercise, please act as instructed under section 11 below, or contact us through: [email protected].
Onward Transfers of Personal Data
Akeyless will not transfer Personal Data originating in the EU or the UK to third parties acting as Controllers without your consent unless ensuring those third parties: (a) provide at least the same level of protection to the Personal Data as required by the EU-U.S. DPF Principles; (b) process such Personal Data for limited and specified purposes consistent with any consent provided; (c) Notify Akeyless and cease processing of Personal Data or take other reasonable and appropriate steps to remediate if it makes a determination it can no longer ensure the lawfulness of processing. Should Akeyless become aware that a third-party Controller is managing Personal Data in violation of the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF principles, it will undertake reasonable measures to halt or rectify such processing.
Further information about sharing data with third parties in certain circumstances can be found in section 6 above.
Akeyless assumes responsibility for any onward transfers to third parties in accordance with the EU-U.S. DPF and the and the UK Extension to the EU-U.S.
U.S. Federal Trade Commission Enforcement
Akeyless is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), and the FTC has jurisdiction over Akeyless’ compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
11. YOUR RIGHTS RELATED TO YOUR PERSONAL DATA
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.
In the table below you can review your rights depending on your interaction with us, how you can exercise them, and appeal a decision we take in this regard, any specification per geo-location or territory are available below the table:
| RIGHT TO BE INFORMED, RIGHT TO KNOW | You have the right to confirm whether we collect Personal Data or Personal Information about you, if you wish to know if we collect Personal Data about you, please review this Privacy Policy. |
| ACCESS RIGHTS | You further have the right to know which Personal Data or Personal Information we specifically hold about you, and receive a copy of such or access it, if you wish to receive a copy of the Personal Data or Personal Information, please submit a Data Subject Request form (“DSR”) as available here. |
| RIGHT TO CORRECTION | You have the right to correct inaccuracies in your Personal Data or Personal Information, taking into account the nature and purposes of each processing activity. Please submit a DSR as available here. |
| RIGHT TO BE FORGOTTEN, RIGHT TO DELETION | In certain circumstances, you have the right to delete the Personal Data or Personal Information we hold about you. Please submit a DSR as available here. |
| RIGHT TO PORTABILITY | You have the right to obtain the Personal Data or Personal Information in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. We will select the format in which we provide your copy. If you wish to exercise this right, please submit our DSR as available here. |
| RIGHT TO OPT OUT OR WITHDRAW CONSENT UNDER THE EU, AND IN THE US THE RIGHT TO OPT OUT FROM: (I) SELLING PERSONAL DATA; (II) RIGHT TO OPT OUT FROM TARGETED ADVERTISING; AND (III) RIGHT TO OPT OUT FROM PROFILING AND AUTOMATED DECISION MAKING | Direct Marketing: You have the right to opt-out from Direct Marketing, by unsubscribing through the email received. Newsletter: you have the right to withdraw consent when you no longer wish to be in our newsletter list. Cookies: or when you no longer wish for cookies to track your behavior for analytic and marketing purposes here. Sale of Personal Data for targeted advertising, monetary gain or profiling, or Share or Sale of Personal Information for analytic or marketing: If and to the extent applicable, you have the right to opt out of the sale of your Personal Data, for the purposes of targeted advertising, sale to a third party for monetary gain, analytic, etc. through the cooking setting on our website, available here. Last, you are able to install privacy-controls in the browser’s settings to automatically signal the opt-out preference to all websites you visit (like the “Global Privacy Control”). We honor the Global Privacy Control, where applicable, subject to your jurisdiction, as a valid request to opt-out of the sharing of information linked to your browser. Note you may have the right to authorize another person acting on your behalf to opt out (including by technical tools and opt out signals). |
| RIGHT TO APPEAL OR COMPLAINT | If we decline to take action on your request, we shall so inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable. Under the EU you have the right to lodge a complaint with the supervisor authority or the Information Commissioner in the UK. |
| NON-DISCRIMINATION | Such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate our users. |
12. CHILDREN
Our Services are not intended for use by children and we do not knowingly collect or maintain information about anyone under the age of 16. Please contact us at: [email protected]if you have reason to believe that a child has shared any information with us.
13. US STATES PRIVACY NOTICES
- (A) ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 effective November 2020, and as amended by the CPRA, effective January 1, 2023 (collectively “CCPA”).
Please see the CCPA Privacy Notice, available here, which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom we share the personal information for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident. - (B) ADDITIONAL INFORMATION FOR SPECIFIC US STATES RESIDENTS
This section applies to residents of specific US States under their applicable state laws, including residents of Virginia, Connecticut, Colorado, Utah, Texas, Oregon, Montana (effective of October 1, 2024), and effective of January 1, 2025 – Nebraska, New Hampshire, New Jersey, Delaware, and Iowa, as amended or superseded from time to time and including any implementing regulations and amendments thereto (collectively, “US Privacy Laws”). Any term not defined herein under this section shall have the meaning ascribed to such term in our general Privacy Policy above or applicable US Privacy Laws.
The specific disclosures hereunder supplement our general Privacy Policy above and provides additional details to the extent we are deemed as a “Business” or “Controller” under applicable US Privacy Laws – for example where we process your Personal Information regarding your use of the website.
The Personal Information We Process
Section 3 of the Privacy Policy “The Personal Data We Collect & Our Lawful Basis for Processing Your Personal Data”, describes the categories of Personal Data that are collected and processed by us as a “Business” or “Controller” (i.e., the legal owner of such data), and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent. As further set forth there, collected Personal Data may include, depending on your interaction with us:
- Online Identifiers and Telemetry Data – your IP address, location and time zone setting, operating system and platform, browser plug-in types, domain name and your choice of browser, approximate location (derives from IP address), etc. – processed as part of our technical website and Platform management and operation, analytics and online marketing activity (on the website).
- Contact Communications data Newsletter & Updates Registration – including your identifiers and contact information (name, email, phone, etc.), the content of your inquiry (whether as a prospect or as a customer), and additional information as provided voluntarily by you, such as your workplace and position, country of residence, etc. – collected and processed to respond to your inquiry and to keep a record of our interaction with you. Such data is also collected and processed for sending you news, promotional material and updates regarding our services per your consent and subject to applicable law, and to offer you to participate in certain events. Further, we will use such information, subject to applicable law, for our marketing and promotional communications, including by email or SMS.
- Customer Data – your identifiers and related information as a Customer of the Platform, account creation data, free trial, etc., including username and password, company name, your position and other required data. We will use such customer data to provide you with access to the services per your engagement, and per applicable law to send you service communications, promotions, such as new features, additional offerings, special opportunities etc.
- Payment Details – As part of the Services, you may need to provide us with your payment details including credit card and bank account information. We use this information for billing purposes, for the purpose of enabling you to use the Services.
- Candidate Information – When you apply for a job, promoted on our website, we will process your CV (and the information included therein), as well as additional information such as your Contact Information, information regarding your education and skills, employment history, and your photo (to the extent provided by you). We will use Recruitment Information to process your job application and for our internal recruitment management purposes, for further recruitment steps (e.g., interview), and to enable us to comply with corporate governance and legal and regulatory requirements. For additional information regarding the Recruitment Information collected and processed by Akeyless please review Akeyless Job Candidates Privacy Policy.
- Online Identifiers and Telemetry Data – your IP address, location and time zone setting, operating system and platform, browser plug-in types, domain name and your choice of browser, approximate location (derives from IP address), etc. – processed as part of our technical website and Platform management and operation, analytics and online marketing activity (on the website).
“Sensitive Data” under US Privacy Laws is generally defined as data revealing racial or ethnic origin, religious beliefs, mental or physical health history, condition or diagnosis, sex life or sexual orientation, citizenship or immigration status, genetic or biometric data that can be processed/is processed to uniquely identify an individual, precise geolocation or personal data from a known child. As a “Business” or “Controller” (i.e. the legal owner of personal data), we do not collect or process or use any of your Sensitive Data.
Further, under US Privacy Laws, Personal Data does not include publicly available information and information that cannot be reasonably linked to you, directly or indirectly, such as de-identified or aggregated data, and information governed by other state or federal laws, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA), Personal Data covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), etc.
Disclosures of your Personal Data to Third Parties, and Sale or Share of Personal Data
Under Section 6 of our Privacy Policy, “Sharing Personal Data”, you will find details regarding the categories of third parties we share Personal Data with for business purposes.
We do not sell your personal information for profit. However, we do engage in targeted advertising on the website. Some of those marketing activities, when conducted through the use of third parties, may be considered a “Sale” or “Share” under certain US Privacy Laws. In this context, as is common practice among companies that operate online, we permit third party advertising networks, social media companies and other third-party businesses to collect information directly from your browser or device through cookies or similar tracking technology when you visit or interact with the website, for example, for collection of Online Identifiers and Advertising and Targeting data as detailed above. These third parties use this personal information to deliver targeted advertising (also known as “cross-context behavioral advertising”) and personalized content to you on our website, on other sites and services you may use, and across other devices you may use, as well as to provide advertising-related services such as reporting, attribution, analytics, and market research. To learn more about this please read section 5 of the Privacy Policy regarding Cookies. Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit or opt-out of the sale of personal information or the processing of personal information for purposes of targeted advertising through the use of the Cookie Toolbar on the website’s footer or as described above in Section 11 of the Privacy Policy.
We do not knowingly sell or share personal information of individuals younger than 16 years of age. Similarly, as a “Business” or “Controller”, we do not collect or process, therefore not Sell or Share, any Sensitive Data.
Exercising Your Privacy Rights
Subject to certain legal limitations and exceptions, you may be able to exercise some or all of the rights detailed in Section 11 of the Privacy Policy, “Your Rights”, through filling out our DSR form and sending it to us by email at: [email protected]. We reserve the right to ask for reasonable evidence to verify your identity before providing you with any such information per applicable law, including requesting a photo ID or other similar documentation and records. We will always maintain the privacy and security of such evidence.
Further, and as explained in Section 11 above, certain rights can be easily executed independently by you without the need to contact us, for example: (i) You can opt-out from receiving our marketing emails by clicking the “ unsubscribe” link; and (ii) You can use the cookie settings tool on our Website to change your preferences.
Furthermore, you can also opt-out from Interest-Based Advertising (“IBA”) using certain available tools and features, as further details in the links below:
- Digital Advertising Alliance (US) https://www.aboutads.info/choices/
- Digital Advertising Alliance (Canada) https://youradchoices.ca/en/tools
- Digital Advertising Alliance (EU) https://www.youronlinechoices.com/
- Network Advertising Initiative https://optout.networkadvertising.org/?c=1
Authorized Agents
In certain circumstances, and subject to applicable US Privacy Laws, you may permit an authorized agent to submit requests on your behalf. The authorized agent must provide a letter signed by you confirming the agent has permission to submit a request on your behalf or provide sufficient evidence to show that the authorized agent has been lawfully vested with power of attorney. For security purposes, we may need to verify your identity and confirm directly with you that you have provided the authorized agent with permission to submit the request, and it may take additional time to fulfil agent-submitted requests. We may deny a request in the event we are not able to verify the authorized agent’s authority to act on your behalf. Please note that for privacy and security reasons, we will direct future communications to the individual on whose behalf the request was made.
Appeal Rights
Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request, by contacting us as instructed in our response. Please send your appeal request with a summary of the request and decision you want to appeal to [email protected].
Not more than 60 days after receipt of an appeal, and always in accordance with the timelines set by the applicable US Privacy Laws, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decision.
If you are not happy with our response, depending on your jurisdiction, you may have the right to lodge a complaint against us with the relevant State’s Attorney General:
- Colorado Attorney General as follows: Colorado AG at https://coag.gov/file-complaint .
- Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint / or by phone (860) 808-5318.
- Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform .
- Utah Attorney General at https://www.attorneygeneral.utah.gov/contact/complaint-form/.
- Texas Attorney General at https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint.
- Oregon Attorney General at https://www.doj.state.or.us/consumer-protection/contact-us/.
- Montana Attorney General at https://dojmt.gov/consumer/consumer-complaints/.
- Nebraska Attorney General https://ago.nebraska.gov/constituent-complaint-form.
- New Jersey Attorney General at https://www.njoag.gov/contact/file-a-complaint/.
- New Hampshire Attorney General at https://onlineforms.nh.gov/app/#/formversion/e0c5d644-c9d8-4056-a7cc-24d29c446fcb.
- Delaware Attorney General at https://attorneygeneral.delaware.gov/fraud/cmu/complaint/.
- Iowa Attorney General at https://www.iowaattorneygeneral.gov/for-consumers/file-a-consumer-complaint.
