Effective Date: September 1, 2023
Last modified: September 1, 2023
This Privacy Notice describes how Actifio, Inc. (“Actifio” or “we”) collects and processes your personal information when you access or use our website, products, and services that link to this notice (together, “Actifio Services”) or when you otherwise interact with us.
We offer the Actifio Services either directly, through the Google Cloud Marketplace, or via our authorized partners. Where we refer to our customers in this notice, we also mean our partners and their customers. Where we refer to “Google” in this notice, we mean Google, LLC, our parent company.
Actifio processes Customer Data, Partner Data and Service Data in order to provide Actifio Services. This Privacy Notice applies solely to Service Data and does not apply to Customer Data or Partner Data.
Customer Data and Partner Data are defined in our agreement(s) covering Actifio Services and represent the data that you and our customers provide for processing in the ActifioServices. For more information about how we process Customer Data and Partner Data, see our Actifio Data Processing and Security Terms.
Service Data is the personal information Actifio collects or generates during the provision and administration of the Actifio Services, excluding any Customer Data and Partner Data. Service Data includes:
Actifio processes Service Data for the following purposes:
To achieve these purposes, Actifio and Google may use Service Data together with information we collect from other Google products and services. We may use algorithms to recognize patterns in Service Data. Manual collection and review of Service Data may also occur, such as when you interact directly with our billing or support teams. We may aggregate and anonymize Service Data to eliminate personal details, including for internal reporting and analysis of product and business operations described above.
We maintain data centers around the world. Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security.
Data protection laws vary among countries, with some providing more protection than others. Regardless of where Service Data is processed, we apply the same protections described in this Privacy Notice. We also comply with certain legal frameworks relating to the transfer of data, such as the frameworks described below..
The European Commission has determined that certain countries outside of the European Economic Area (EEA) adequately protect personal data, which means that data can be transferred from the European Union (EU) and Norway, Liechtenstein, and Iceland to that third country without any further safeguard being necessary. The UK and Switzerland have approved similar adequacy decisions. We rely on the following adequacy decisions in some cases:
Standard contractual clauses (SCCs) are written commitments between parties that can be used as a ground for data transfers from the EU to third countries by providing appropriate data protection safeguards. SCCs have been approved by the European Commission and can’t be modified by the parties using them (you can see the SCCs adopted by the European Commission here, here, and here). Such clauses have also been approved for transfers of data to countries outside the UK and Switzerland. We rely on SCCs for our data transfers where required. If you want to obtain a copy of the SCCs, you can contact us via our contact email address below.
As described in our parent company Google LLC’s Data Privacy Framework certification, we comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework ( collectively the “Data Privacy Framework” or “DPF”), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information received in the U.S. from the European Union (including the European Economic Area), the United Kingdom, and Switzerland in reliance on the DPF. Google LLC and its wholly-owned U.S. subsidiaries (unless explicitly excluded), including Actifio, has certified to the Department of Commerce that it adheres to the DPF Principles. Actifio remains responsible for any of your personal information that is shared under the Accountability for Onward Transfer Principle with third parties for external processing on our behalf, as described in the “How We Share Data” section. To learn more about the DPF certification program, and to view our parent company Google LLC’s certification, please visit the Data Privacy Framework website.
If you have an inquiry or complaint regarding our privacy practices in relation to our DPF certification, we encourage you to contact us at support@actifio.com. Google is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). You may also refer a complaint to your local data protection authority and we will work with them to resolve your concern. In certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework Principles.
We build the Actifio Services with strong security features to protect information. The insights we gain from providing our services help us detect and automatically block security threats from ever reaching you.
We work hard to protect you and Actifio from unauthorized access, alteration, disclosure, or destruction of information we hold, including:
We do not share Service Data with companies, organizations, or individuals outside of Actifio or Google, our parent company, except in the following cases:
We’ll share Service Data outside of Actifio and Google when we have your consent. For example, when you or our customer chooses to procure a third-party service through the Google Cloud Platform Marketplace, or use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
When you use the Actifio Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
We may share Service Data outside of Actifio and Google if we have a good-faith belief that access to, or use, preservation, or disclosure of the information is reasonably necessary to:
If Actifio or Google is involved in a reorganization, merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of your personal information and give affected users notice before personal information becomes subject to a different privacy policy.
Your organization may allow you to access and export your data in order to back it up or transfer it to a service outside of Actifio. You or your organization may also use various tools to access, control, and export data.
You and your organization’s administrator may be able to access several categories of Service Data directly from Actifio, including your billing contact information, payment and transaction information, as well as product settings and configurations.
If you’re otherwise unable to access your data, you can always request it by emailing us at support@actifio.com.
We retain Service Data for different periods of time depending on what it is, how we use it, and how you configure your settings.
Service Data is deleted or anonymized once it is no longer needed. For each type of data and operation, we set retention timeframes based on the purpose for its collection, and ensure it is kept for no longer than necessary.
Sometimes we need to retain certain information for an extended period of time for legitimate business or legal purposes. For example, when Actifio or Google processes a payment for you, or when you make a payment to Actifio or Google, we’ll retain data about those transactions as required for tax or accounting purposes. Other legitimate business or legal purposes that may require us to retain data include security, fraud and abuse prevention, ensuring continuity of our services, and complying with legal or regulatory requirements.
When we delete data, we follow detailed steps to make sure that the data is securely and completely removed from our active systems or retained only in anonymized form. We take measures to ensure that our services protect information from accidental or malicious deletion through the use of backup systems.
If European Union (EU), UK, or Swiss data protection law applies to the processing of information about you, you have certain rights, including the rights to access, correct, delete and export your information, as well as to object to or request that we restrict processing of your information.
For users based in the European Economic Area, UK, or Switzerland, the data controller responsible for Service Data is Actifio, Inc. However, where our customer has entered into an agreement covering the Actifio Services with a different Google affiliate, that affiliate may be processing Service Data in connection with billing for the Actifio Services as a controller.
If you want to exercise your data protection rights with regard to information we process in accordance with this Privacy Notice and are not able to do so via the tools available to you or your organization’s administrator, you can always contact us at support@actifio.com. And you can contact your local data protection authority if you have concerns regarding your rights under local law.
In addition to the purposes and grounds described in this Privacy Notice, we may process information on the following legal grounds:
For the purposes of EEA data protection law, Actifio has appointed Google Cloud EMEA Ltd. as its local representative in the EEA. Google Cloud EMEA Ltdis located at Gordon House, Barrow Street, Dublin 4, Ireland (Registered Number: 660412). For the purposes of UK data protection law, Actifio has appointed Google UK Ltd. as its local representative in the UK. Google UK Limited is located at Belgrave House, 76 Buckingham Palace Road, London, SW1W 9TQ, UK(Registered Number: 03977902).
Additional information (Switzerland)
If Swiss data protection law applies to the processing of your Service Data, the following additional information is relevant.
Please see the section titled ‘Where Data is Stored’ (above) for information on where we and our affiliates process Service Data. We also disclose your Service Data to service providers, partners and other recipients (see the section titled ‘How We Share Data’) that are located or process information in any country in the world.
We comply with certain legal frameworks relating to the transfer of information as set out in the section titled ‘Standard contract clauses’ (above). We may also transfer your information to a third country based on an exception provided for by the Swiss Federal Data Protection Act.
An exception may apply in the event of legal proceedings abroad, in cases of overriding public interest or if the performance of a contract with you or in your interest requires disclosure, if you have consented, if the information has been made generally available by you and you have not objected to the processing, or the disclosure is necessary in order to protect the life or the physical integrity of you or a third party and we can’t get consent within a reasonable period of time, or the information originates from a register provided for by Swiss law which is accessible to the public or to persons with a legitimate interest, provided that the legal conditions for the consultation of such
register has been met in the specific case.
Some U.S. state privacy laws require specific disclosures. These laws may include
U.S. State privacy laws also provide the right to request information about how Actifio collects, uses, and discloses Service Data. And it gives you the right to access your Service Data, sometimes in a portable format; and correct Service Data; and request that Actifio delete that Service Data. They also provide the right to not be discriminated against for exercising your privacy rights.
We provide the information and tools described in this Notice so you can exercise these rights. When you use them, we’ll validate your request by verifying your identity. If you have questions or requests related to your rights under the U.S. state privacy laws, you (or your authorized agent) can also contact us.
Some U.S. state privacy laws require a description of data practices using specific categories. This table uses these categories to organize the information in this Privacy Notice.
| Categories of personal information we collect | Business purposes for which information may be used or disclosed | Parties with whom information may be used or disclosed |
| Service Data is the personal information Actifio collects or generates during the provision and administration of the Actifio Services, excluding any Customer Data and Partner Data. Service Data includes: Identifiers such as your name, phone number, and address, as well as unique identifiers tied to the browser, application, or device you’re using. Demographic information, such as your preferred language. Commercial information such as records of charges, payments, and billing details and issues. Internet, network, and other activity information such as device identifiers, identifiers from cookies or tokens, IP addresses, and information about usage, operational status, software errors and crash reports, authentication details, quality and performance metrics, and other technical details necessary for us to operate and maintain the Actifio Services and related software. Audio, electronic, visual and similar information, such as audio recordings of your calls with our technical support providers and vendors. Inferences drawn from the above, like aggregated performance metrics for a new product feature to determine product strategy. | Actifio processes Service Data for the following purposes: Protecting against security threats, abuse, and illegal activity. Actifio uses and may disclose Service Data to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, Actifio may receive or disclose information about IP addresses that malicious actors have compromised. Auditing and measurement. Actifio uses Service Data for analytics and measurement to understand how our services are used, and to provide you and our customers with recommendations and tips. Maintaining our services. Actifio uses Service Data to provide the Actifio Services, technical support, and other services you request, and ensure they are working as intended, for example by tracking outages or troubleshooting bugs and other issues that you report to us. Product development. Actifio uses Service Data to improve the Actifio Services and other services you request, and to develop new features and technologies that benefit our users and customers. Use of service providers. Actifio shares Service Data with service providers to perform services on our behalf, in compliance with this Privacy Notice and other appropriate confidentiality and security measures. For example, we may rely on service providers to help provide technical support. Legal reasons. Actifio also uses Service Data to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement. | We do not disclose Service Data with companies, organizations, or individuals outside of Actifio or Google except in the following cases: With your consent. We’ll disclose Service Data outside of Actifio or Google when we have your consent. For example, when you or our customer chooses to procure a third-party service through the Google Cloud Platform Marketplace, or use a third-party application that requests access to your information, we’ll seek permission to disclose information with that third party. With your administrators and authorized resellers. When you use the Actifio Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to: – View account and billing information, activity and statistics – Change your account password – Suspend or terminate your account access – Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request – Restrict your ability to delete or edit your information or your privacy settings For external processing. We disclose information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures. For legal reasons. We may disclose Service Data outside of Actifio and Google if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to: – Comply with applicable law, regulation, legal process, or enforceable governmental requests. – Enforce applicable agreements, including investigation of potential violations. – Detect, prevent, or otherwise address fraud, security, or technical issues. – Protect against harm to the rights, property or safety of Actifio, Google, our customers, users, and the public as required or permitted by law. |
We may update this Privacy Notice from time to time. We will not make any significant changes without notifying you in advance by posting a prominent notice on this page describing the changes or by sending you a direct communication. We encourage you to regularly review this Privacy Notice, and we will always indicate the date the last changes were published.