We, at Valence Security (the “Company”, “we”, “us”, “our”), respect the privacy and data protection rights of our website visitors, business contacts and the users of our service.
This Privacy Notice (the "Notice") describes the personal information we have and the policies and procedures we use regarding personal information, in each of the following contexts:
We are committed to complying with applicable data protection laws, including the EU and the UK General Data Protection Regulation (GDPR).
We will update this Notice from time to time. We will post any change to this Notice on our Website a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes to the Notice if we have your email address.
If you have any questions, comments or concerns regarding this Notice or our processing of your personal information, please contact us at email@example.com.
To provide the Platform to a Business, we process personal information of the Business’s end-users. We do this as a data processor (also known as a service provider) on behalf of the Business and under the Business’s instructions. We call this the “Business’s Internal Data”.
Subject to the Business’s discretion, the personal data information that the Platform processes for the Business can include, among others, directory information; configuration information; meta-data of files (folder name, list of files, and date created and modified); audit log events (username, user ID, the action taken, timestamp, token/app name, specific resource name/id, like OneDrive file name, IP address, user agent (browser version), success/failure).
We collect the personal information from several sources:
We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent. We do not sell your personal information to third parties.
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.
The following companies in the Valence Security group are the joint controllers of your personal data, except for the Business’s Internal Data (for which Valence Security is a processor on behalf of the Business who is the controller).
The responsibility for compliance with the obligations under the GDPR, in particular in exercising of the rights of the data subject and the duty to provide the information referred to in Articles 13 and 14 of the GDPR, vests with Valence Security Ltd.
To facilitate processing your information within the companies in our corporate group and by our service providers, we will transfer your information to countries such as the United States and Israel. We do so under the terms of a data transfer agreement which contain standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.
If you are in the EU or the UK, you have the following rights under the GDPR with respect to personal data for which we are the controllers:
Right to Access and receive a copy of your personal information that we process.
Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.
Right to easily and at any time withdraw your consent to us processing your personal data to email you our newsletters or to the use of non-essential cookies on our Website. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Right to Data Portability, that is, to receive the candidate personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your candidate personal information transmitted directly from us to the person or entity you designate.
Right to Object to our processing of your candidate personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such candidate personal information for the establishment, exercise, or defense of legal claims.
Right to Restrict us from processing your candidate personal information (except for storing it): (a) if you contest the accuracy of the candidate personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the candidate personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the candidate personal information rather than requiring the deletion of such data by us; (c) if we no longer need the candidate personal information for the purposes outlined in this Notice, but you require the candidate personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).
Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your candidate personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your candidate personal information. However, notwithstanding such request, we may still process your candidate personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Notice.
When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here.
Disclosures to third parties
California Civil Code Section 1798.83 (and other, similar state statutes) permits our customers who are California residents (or residents of states with similar legislation) to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Please note that we are only required to respond to one request per customer each year.
Do Not Track
Our Do Not Track Notice. We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about a person’s online activities over time and across third-party web sites or online services.