Effective Date: September 1, 2023
Last modified: September 1, 2023
This Privacy Notice describes how Actifio, Inc. (“Actifio” or “we”) collects and processes your personal information when you access or use our website, products, and services that link to this notice (together, “Actifio Services”) or when you otherwise interact with us.
We offer the Actifio Services either directly, through the Google Cloud Marketplace, or via our authorized partners. Where we refer to our customers in this notice, we also mean our partners and their customers. Where we refer to “Google” in this notice, we mean Google, LLC, our parent company.
Information We Collect
Actifio processes Customer Data, Partner Data and Service Data in order to provide Actifio Services. This Privacy Notice applies solely to Service Data and does not apply to Customer Data or Partner Data.
Customer Data and Partner Data are defined in our agreement(s) covering Actifio Services and represent the data that you and our customers provide for processing in the ActifioServices. For more information about how we process Customer Data and Partner Data, see our Actifio Data Processing and Security Terms.
Service Data is the personal information Actifio collects or generates during the provision and administration of the Actifio Services, excluding any Customer Data and Partner Data. Service Data includes:
- Payments and transactions. We keep reasonable business records of charges, payments, and billing details and issues.
- Settings and configurations. We may record your configuration and settings, including resource identifiers and attributes, when you choose to send it to us. This includes service and security settings for data and other resources.
- Technical and operational details of your usage of Actifio Services. We may collect information about usage, operational status, software errors and crash reports, authentication details, quality and performance metrics, and other technical details necessary for us to operate and maintain Actifio Services and related software, including when you send such information to us or use our Call Home functionality. This information may include device identifiers, identifiers from cookies or tokens, and IP addresses.
- Your direct communications. We keep records of your communications and interactions with us and our partners, for example, when you provide feedback or contact information, ask questions or seek technical support.
Why We Process Data
Actifio processes Service Data for the following purposes:
- Provide the Actifio Services you request. Service Data is primarily used to deliver the Actifio Services that you and our customers request. This includes a number of processing activities that are necessary to provide the Actifio Services, including processing to bill for the services, to ensure the services are working as intended, to detect errors, issues, or other problems you might experience, and to secure your data and the services you use.
- Make recommendations to optimize use of the Actifio Services. We may process Service Data to provide you and our customers with recommendations and tips. These suggestions may include ways to better secure your account or data, improving the self-help tools we provide to help you get answers to your questions more quickly, options to reduce service charges or improve performance, and information about new or related products and features. We may also evaluate your response to our recommendations.
- Maintain and improve Actifio Services. We evaluate Service Data to help us improve the performance and functionality of Actifio Services. As we optimize Actifio Services for you, this may improve them for our customers and vice versa.
- Provide and improve other services you request. We may use Service Data to deliver and improve other services that you and our customers request, including Actifioor third-party services that are enabled via the Actifio Services, administrative consoles, or APIs.
- Assist you. We use Service Data when needed to provide technical support and professional services as requested by you and our customers, and to assess whether we have met your needs. We also use Service Data to improve our online and self-help support, and to communicate with you and our customers. This includes notifications about updates to Actifio Services, and responding to support requests.
- Protect you, our users, the public, and Google. We use Service Data to improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm our users, our customers, the public, Actifio, or Google. These activities are an important part of our commitment to secure our services.
- Comply with legal obligations. We may need to process Service Data to comply with our legal obligations, for example, where we’re responding to legal process or an enforceable governmental request, or to meet our financial record-keeping obligations.
- Other purposes with your consent. We may ask for your consent to process information for other purposes not covered in this Privacy Notice. You have the right to withdraw your consent at any time.
To achieve these purposes, Actifio and Google may use Service Data together with information we collect from other Google products and services. We may use algorithms to recognize patterns in Service Data. Manual collection and review of Service Data may also occur, such as when you interact directly with our billing or support teams. We may aggregate and anonymize Service Data to eliminate personal details, including for internal reporting and analysis of product and business operations described above.
Where Data Is Stored
We maintain data centers around the world. Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security.
Data protection laws vary among countries, with some providing more protection than others. Regardless of where Service Data is processed, we apply the same protections described in this Privacy Notice. We also comply with certain legal frameworks relating to the transfer of data, such as the frameworks described below..
- Adequacy decision
The European Commission has determined that certain countries outside of the European Economic Area (EEA) adequately protect personal data, which means that data can be transferred from the European Union (EU) and Norway, Liechtenstein, and Iceland to that third country without any further safeguard being necessary. The UK and Switzerland have approved similar adequacy decisions. We rely on the following adequacy decisions in some cases:
- Standard contract clauses
Standard contractual clauses (SCCs) are written commitments between parties that can be used as a ground for data transfers from the EU to third countries by providing appropriate data protection safeguards. SCCs have been approved by the European Commission and can’t be modified by the parties using them (you can see the SCCs adopted by the European Commission here, here, and here). Such clauses have also been approved for transfers of data to countries outside the UK and Switzerland. We rely on SCCs for our data transfers where required. If you want to obtain a copy of the SCCs, you can contact us via our contact email address below.
- Data Privacy Framework
As described in our parent company Google LLC’s Data Privacy Framework certification, we comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework ( collectively the “Data Privacy Framework” or “DPF”), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information received in the U.S. from the European Union (including the European Economic Area), the United Kingdom, and Switzerland in reliance on the DPF. Google LLC and its wholly-owned U.S. subsidiaries (unless explicitly excluded), including Actifio, has certified to the Department of Commerce that it adheres to the DPF Principles. Actifio remains responsible for any of your personal information that is shared under the Accountability for Onward Transfer Principle with third parties for external processing on our behalf, as described in the “How We Share Data” section. To learn more about the DPF certification program, and to view our parent company Google LLC’s certification, please visit the Data Privacy Framework website.
If you have an inquiry or complaint regarding our privacy practices in relation to our DPF certification, we encourage you to contact us at email@example.com. Google is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). You may also refer a complaint to your local data protection authority and we will work with them to resolve your concern. In certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework Principles.
How We Secure Data
We build the Actifio Services with strong security features to protect information. The insights we gain from providing our services help us detect and automatically block security threats from ever reaching you.
We work hard to protect you and Actifio from unauthorized access, alteration, disclosure, or destruction of information we hold, including:
- We encrypt Service Data at rest and while in transit between our facilities.
- We regularly review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
- We restrict access to personal information to Google employees, contractors, agents, and other third parties who need that information in order to process it for us. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
How We Share Data
We do not share Service Data with companies, organizations, or individuals outside of Actifio or Google, our parent company, except in the following cases:
- With your consent
We’ll share Service Data outside of Actifio and Google when we have your consent. For example, when you or our customer chooses to procure a third-party service through the Google Cloud Platform Marketplace, or use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
- With your administrators and authorized resellers
When you use the Actifio Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
- View account and billing information, activity and statistics
- Change your account password
- Suspend or terminate your account access
- Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
- Restrict your ability to delete or edit your information or your privacy settings
- For external processing
We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
- For legal reasons
We may share Service Data outside of Actifio and Google if we have a good-faith belief that access to, or use, preservation, or disclosure of the information is reasonably necessary to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request.
- Enforce applicable agreements, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security, or technical issues.
- Protect against harm to the rights, property or safety of Google, our customers, users, and the public as required or permitted by law.
Access to Data
Your organization may allow you to access and export your data in order to back it up or transfer it to a service outside of Actifio. You or your organization may also use various tools to access, control, and export data.
You and your organization’s administrator may be able to access several categories of Service Data directly from Actifio, including your billing contact information, payment and transaction information, as well as product settings and configurations.
If you’re otherwise unable to access your data, you can always request it by emailing us at firstname.lastname@example.org.
Deletion and Retention of Data
We retain Service Data for different periods of time depending on what it is, how we use it, and how you configure your settings.
Service Data is deleted or anonymized once it is no longer needed. For each type of data and operation, we set retention timeframes based on the purpose for its collection, and ensure it is kept for no longer than necessary.
Sometimes we need to retain certain information for an extended period of time for legitimate business or legal purposes. For example, when Actifio or Google processes a payment for you, or when you make a payment to Actifio or Google, we’ll retain data about those transactions as required for tax or accounting purposes. Other legitimate business or legal purposes that may require us to retain data include security, fraud and abuse prevention, ensuring continuity of our services, and complying with legal or regulatory requirements.
When we delete data, we follow detailed steps to make sure that the data is securely and completely removed from our active systems or retained only in anonymized form. We take measures to ensure that our services protect information from accidental or malicious deletion through the use of backup systems.
European Privacy Standards and GDPR
If European Union (EU), UK, or Swiss data protection law applies to the processing of information about you, you have certain rights, including the rights to access, correct, delete and export your information, as well as to object to or request that we restrict processing of your information.
For users based in the European Economic Area, UK, or Switzerland, the data controller responsible for Service Data is Actifio, Inc. However, where our customer has entered into an agreement covering the Actifio Services with a different Google affiliate, that affiliate may be processing Service Data in connection with billing for the Actifio Services as a controller.
If you want to exercise your data protection rights with regard to information we process in accordance with this Privacy Notice and are not able to do so via the tools available to you or your organization’s administrator, you can always contact us at email@example.com. And you can contact your local data protection authority if you have concerns regarding your rights under local law.
In addition to the purposes and grounds described in this Privacy Notice, we may process information on the following legal grounds:
- Where necessary for the performance of a contract with you
We may process your information where necessary for us to enter into a contract with you or to comply with our contractual commitments to you.
- When we’re complying with legal obligations
We’ll process your information when we have a legal obligation to do so.
- When we’re pursuing legitimate interests
We may process Service Data based on our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means that we process your information in the interests of providing the Actifio Services you request; making recommendations to optimize use of the Actifio Services; maintaining and improving the Actifio Services; providing and improving other services you request; assisting you; and protecting against harm to the rights, property or safety of Actifio, Google, our users, our customers, and the public, as required or permitted by law.
For the purposes of EEA data protection law, Actifio has appointed Google Cloud EMEA Ltd. as its local representative in the EEA. Google Cloud EMEA Ltdis located at Gordon House, Barrow Street, Dublin 4, Ireland (Registered Number: 660412). For the purposes of UK data protection law, Actifio has appointed Google UK Ltd. as its local representative in the UK. Google UK Limited is located at Belgrave House, 76 Buckingham Palace Road, London, SW1W 9TQ, UK(Registered Number: 03977902).
Additional information (Switzerland)
If Swiss data protection law applies to the processing of your Service Data, the following additional information is relevant.
Please see the section titled ‘Where Data is Stored’ (above) for information on where we and our affiliates process Service Data. We also disclose your Service Data to service providers, partners and other recipients (see the section titled ‘How We Share Data’) that are located or process information in any country in the world.
We comply with certain legal frameworks relating to the transfer of information as set out in the section titled ‘Standard contract clauses’ (above). We may also transfer your information to a third country based on an exception provided for by the Swiss Federal Data Protection Act.
An exception may apply in the event of legal proceedings abroad, in cases of overriding public interest or if the performance of a contract with you or in your interest requires disclosure, if you have consented, if the information has been made generally available by you and you have not objected to the processing, or the disclosure is necessary in order to protect the life or the physical integrity of you or a third party and we can’t get consent within a reasonable period of time, or the information originates from a register provided for by Swiss law which is accessible to the public or to persons with a legitimate interest, provided that the legal conditions for the consultation of such
register has been met in the specific case.
U.S. State Privacy Law Requirements
Some U.S. state privacy laws require specific disclosures. These laws may include
- California Consumer Privacy Act (CCPA);
- Virginia Consumer Data Protection Act (VCDPA);
- Colorado Privacy Act (CPA);
- Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA); and
- Utah Consumer Privacy Act (UCPA)
This Privacy Notice is designed to help you understand how Actifio and Google handle your information:
- We explain the categories of information Actifio collects and the sources of that information in the Information We Collect section above.
- We explain how Actifio uses information in the Why We Process Data section above.
- We explain when Actifio may share information in the How We Share Data section above. Actifio does not sell your Service Data to any third parties. Actifio also does not “share” your Service Datapersonal information as that term is defined in the California Consumer Privacy Act (CCPA).
- We explain how Google retains Service Data in Deletion and Retention of Data. We maintain policies and technical measures to avoid re-identifying that information.
U.S. State privacy laws also provide the right to request information about how Actifio collects, uses, and discloses Service Data. And it gives you the right to access your Service Data, sometimes in a portable format; and correct Service Data; and request that Actifio delete that Service Data. They also provide the right to not be discriminated against for exercising your privacy rights.
We provide the information and tools described in this Notice so you can exercise these rights. When you use them, we’ll validate your request by verifying your identity. If you have questions or requests related to your rights under the U.S. state privacy laws, you (or your authorized agent) can also contact us.
Some U.S. state privacy laws require a description of data practices using specific categories. This table uses these categories to organize the information in this Privacy Notice.
|Categories of personal information we collect||Business purposes for which information may be used or disclosed||Parties with whom information may be used or disclosed|
|Service Data is the personal information Actifio collects or generates during the provision and administration of the Actifio Services, excluding any Customer Data and Partner Data. Service Data includes:|
Identifiers such as your name, phone number, and address, as well as unique identifiers tied to the browser, application, or device you’re using.
Demographic information, such as your preferred language.
Commercial information such as records of charges, payments, and billing details and issues.
Internet, network, and other activity information such as device identifiers, identifiers from cookies or tokens, IP addresses, and information about usage, operational status, software errors and crash reports, authentication details, quality and performance metrics, and other technical details necessary for us to operate and maintain the Actifio Services and related software.
Audio, electronic, visual and similar information, such as audio recordings of your calls with our technical support providers and vendors.
Inferences drawn from the above, like aggregated performance metrics for a new product feature to determine product strategy.
|Actifio processes Service Data for the following purposes:|
Protecting against security threats, abuse, and illegal activity. Actifio uses and may disclose Service Data to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, Actifio may receive or disclose information about IP addresses that malicious actors have compromised.
Auditing and measurement. Actifio uses Service Data for analytics and measurement to understand how our services are used, and to provide you and our customers with recommendations and tips.
Maintaining our services. Actifio uses Service Data to provide the Actifio Services, technical support, and other services you request, and ensure they are working as intended, for example by tracking outages or troubleshooting bugs and other issues that you report to us.
Product development. Actifio uses Service Data to improve the Actifio Services and other services you request, and to develop new features and technologies that benefit our users and customers.
Use of service providers. Actifio shares Service Data with service providers to perform services on our behalf, in compliance with this Privacy Notice and other appropriate confidentiality and security measures. For example, we may rely on service providers to help provide technical support.
Legal reasons. Actifio also uses Service Data to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.
|We do not disclose Service Data with companies, organizations, or individuals outside of Actifio or Google except in the following cases:|
With your consent. We’ll disclose Service Data outside of Actifio or Google when we have your consent. For example, when you or our customer chooses to procure a third-party service through the Google Cloud Platform Marketplace, or use a third-party application that requests access to your information, we’ll seek permission to disclose information with that third party.
With your administrators and authorized resellers. When you use the Actifio Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
– View account and billing information, activity and statistics
– Change your account password
– Suspend or terminate your account access
– Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
– Restrict your ability to delete or edit your information or your privacy settings
For external processing. We disclose information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
For legal reasons. We may disclose Service Data outside of Actifio and Google if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
– Comply with applicable law, regulation, legal process, or enforceable governmental requests.
– Enforce applicable agreements, including investigation of potential violations.
– Detect, prevent, or otherwise address fraud, security, or technical issues.
– Protect against harm to the rights, property or safety of Actifio, Google, our customers, users, and the public as required or permitted by law.
Updates to this Notice
We may update this Privacy Notice from time to time. We will not make any significant changes without notifying you in advance by posting a prominent notice on this page describing the changes or by sending you a direct communication. We encourage you to regularly review this Privacy Notice, and we will always indicate the date the last changes were published.