Privacy Policy

December 2022

Privacy Notice

Introduction

We, at Valence Security (the “Company”, “we”, “us”, “our”), respect the privacy and data protection rights of our website visitors, business contacts and the users of our service.

This Privacy Notice (the "Notice") describes the personal information we have and the policies and procedures we use regarding personal information, in each of the following contexts: 

  1. The data practice on our website valencesecurity.com  (the “Website”).
  2. The data practices relating to the collaborative SaaS security remediation solution (our “Platform”) that we offer organizations (“Businesses”).
  3. Our relationship with representatives of existing and prospective Businesses using our platform (the “Representatives”).

We are committed to complying with applicable data protection laws, including the EU and the UK General Data Protection Regulation (GDPR).

We will update this Notice from time to time. We will post any change to this Notice on our Website a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes to the Notice if we have your email address.

Contact us

If you have any questions, comments or concerns regarding this Notice or our processing of your personal information, please contact us at privacy@valencesecurity.com

What we collect and why

Scenario
Purposes
Categories of information processed
You contact us with an inquiry through the Website
Promoting and marketing Valence Security's products and services
Name, corporate email address, company affiliation, and content of inquiry
You request access to download reports or white papers from the Website, or ask to view a demo of our Platform
Promoting and marketing Valence Security's products and services
Name, corporate email address, company affiliation, and nature of request
We send you marketing emails and newsletters
Promoting and marketing Valence Security's products and services
Name, corporate email address, company affiliation
We call you to interest you in using our Platform
Promoting and marketing Valence Security's products and services
Name, company affiliation, phone number
A Business and its Representatives are using our Platform
Administering the relationship and service agreement we have with the Business

Facilitating the provision of the Platform and support for the Platform
Name, username, email address, password, company; position; phone number; country; past communications; activities performed on the platform.
If a person abused their rights to use the Website, the Platform, or violated any applicable law while doing Business with us
Responding to, handling, and mitigating suspected violations of law in connection with our business
Any of the information mentioned above
Use of essential cookies on the Website
Facilitate a website feature that the user specifically requested
IP address, pages visited, Website functions used, fields completed in forms
Use of essential cookies on the Website
Facilitate a website feature that the user specifically requested
IP address, pages visited, Website functions used, fields completed in forms
Use of non-essential cookies on the Website
Analyze site usage to evaluate and improve its performance, improve user experience on the site, inform and serve personalized ads more relevant to user interests
IP address, pages visited, Website functions used, fields completed in forms

To provide the Platform to a Business, we process personal information of the Business’s end-users. We do this as a data processor (also known as a service provider) on behalf of the Business and under the Business’s instructions. We call this the “Business’s Internal Data”.

Subject to the Business’s discretion, the personal data information that the Platform processes for the Business can include, among others, directory information; configuration information; meta-data of files (folder name, list of files, and date created and modified); audit log events (username, user ID, the action taken, timestamp, token/app name, specific resource name/id, like OneDrive file name, IP address, user agent (browser version), success/failure).

Methods and sources for collecting your personal information

We collect the personal information from several sources:

Sharing your personal information

We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent. We do not sell your personal information to third parties.

Scenario
Purposes
Examples of Third parties involved
We will share your personal information with our service providers who assist us with the internal operations of our business and the Website. These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes.
Operating the Website, the Platform, and our business in general.
Hubspot, Amazon Web Service, Sendgrid, Zendesk, Google, Auth0
If you abused your rights to use the Website or the Platform or violated any applicable law while doing business with us.
Responding to, handling, and mitigating suspected violations of law in connection with our business.
Competent authorities, legal counsels, and advisors.
If a judicial, governmental, or regulatory authority requires us to disclose your information.
Complying with a binding request from a competent authority.
Competent authorities.
If the operation of the Website or our business is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition).
Enabling a structural change in the operation of the Website and our business.
The target entity of the merger or acquisition, legal counsels, and advisors.
Third party cookies
See the information presented in the Website’s cookie settings mechanism
See the information presented in the Website’s cookie settings mechanism

Data retention and security

Our retention schedule is as follows:


Scenario
Retention period
Contact information and correspondence – marketing and prospective sales
Until 2 years of inactivity with the contact person have elapsed
Representatives of Businesses using the platform – contact information, technical support correspondence, and activities performed on the Platform
Until 7 years after the end of the contractual relationship with the Business

We implement measures to secure your information

We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.

Additional information for individuals in the EU or UK 

Controllers and processors

The following companies in the Valence Security group are the joint controllers of your personal data, except for the Business’s Internal Data (for which Valence Security is a processor on behalf of the Business who is the controller).

Location
Name
Address
United States
Valence Security Inc.
c/o the Corporation Trust Company, Corporation Trust Center 1209 Orange St. Wilmington, Delaware, 19801, United States
Israel
Valence Security Inc.
150 Menachem Begin Road, Tel Aviv-Yafo, 6492105, Israel

The responsibility for compliance with the obligations under the GDPR, in particular in exercising of the rights of the data subject and the duty to provide the information referred to in Articles 13 and 14 of the GDPR, vests with Valence Security Ltd.

International data transfers

To facilitate processing your information within the companies in our corporate group and by our service providers, we will transfer your information to countries such as the United States and Israel. We do so under the terms of a data transfer agreement which contain standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.

Legal basis for processing your personal data

Purpose or Scenario
Retention period
Responding to your inquiry

Giving you access to download reports or white papers from the Website, or providing you a demo of our Platform
Legitimate interests in developing potential leads and responding to business inquiries
Sending you marketing emails and newsletters
Your consent
Administering the business and professional services relationship with the Business.

Facilitating the provision of the Platform and support for the Platform.
Legitimate interests in administering and performing the contractual obligations with, and provision of the Platform to, Businesses and their Representatives
Cookies that facilitate a Website feature that the user specifically requested
Legitimate interests in the proper operation of the Website
Cookies that analyze site usage to evaluate and improve its performance, improve user experience on the site, inform and serve personalized ads more relevant to user interests
Consent
Responding to, handling, and mitigating suspected violations of law in connection with our business
Legitimate interests in defending and enforcing against violations and breaches that are harmful to our business
Complying with a binding request from a competent authority
Legitimate interests in complying with mandatory legal requirements imposed on us
Enabling a structural change in the operation of the Website and our business
Legitimate interests in our business continuity

Data subject rights

If you are in the EU or the UK, you have the following rights under the GDPR with respect to personal data for which we are the controllers:

Right to Access and receive a copy of your personal information that we process.

Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.

Right to easily and at any time withdraw your consent to us processing your personal data to email you our newsletters or to the use of non-essential cookies on our Website. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Right to Data Portability, that is, to receive the candidate personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your candidate personal information transmitted directly from us to the person or entity you designate. 

Right to Object to our processing of your candidate personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such candidate personal information for the establishment, exercise, or defense of legal claims. 

Right to Restrict us from processing your candidate personal information (except for storing it): (a) if you contest the accuracy of the candidate personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the candidate personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the candidate personal information rather than requiring the deletion of such data by us; (c) if we no longer need the candidate personal information for the purposes outlined in this Notice, but you require the candidate personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).

Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your candidate personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your candidate personal information. However, notwithstanding such request, we may still process your candidate personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Notice.

When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason.

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.

If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here.

Additional information for individuals in California

Disclosures to third parties

California Civil Code Section 1798.83 (and other, similar state statutes) permits our customers who are California residents (or residents of states with similar legislation) to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@valencesecurity.com. Please note that we are only required to respond to one request per customer each year.

Do Not Track

Our Do Not Track Notice. We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about a person’s online activities over time and across third-party web sites or online services.