Sandvine Privacy Policy

Sandvine Corporation and its Affiliates (“Sandvine”, “we”, “our” or “us”) value and respect your privacy and personal information.  This privacy policy (this “Policy”) applies to your use of our websites, hardware, software, applications, tools, scripts, and/or services (collectively, the “Products”) and describes the kinds of personal information we collect about you, how we use it, how we protect it, and under what circumstances we share it with third parties. This Policy also describes the decisions you can make about your personal information.  “Affiliates” means any entity directly or indirectly controlling or controlled by, or under control with, Sandvine Corporation.  This Policy supplements any other information we have made available to you about the handling of your personal information.  For example, if you work for Sandvine, this supplements the Employee Privacy Policy.

 

If this Policy changes in the future, we will post an updated version on our website at www.sandvine.com (the “Website”). We recommend that you check this Website periodically in order to review our current Policy. You can tell if this Policy has changed by checking the effective date that appears at the bottom of this Policy.  Depending on the circumstances, we may also decide to send you a notice in other ways in our discretion, such as via email or other contact information you have provided that the Policy was changed. If you continue to use our Products after the Policy changed or notice of the change has been given, then to the extent permitted under applicable law, you will be deemed to have accepted such changes.

Policy Summary

• Sections 1 and Section 2 of this Policy tell you what information we may hold about you in connection with your use of our Products. This includes information gathered through the use of cookies and related technologies.
• Section 3 describes what that information is used for. For example, it is used to provide and improve the Products, and as necessary for legal compliance purposes.
• Section 4 sets out the other entities that might receive the information, for example: (i) our Affiliates; (ii) vendors that help us to provide, improve or market the Products, or to help us achieve the other uses we described in Section 3; (iii) your employer, if you use one of our enterprise Products at work; (iv) authorities and civil parties as part of complaints, disputes, investigations or prosecutions; and (v) in connection with mergers and acquisitions.
• Section 5 describes rights you may have in relation to information about you, although these can depend on the relevant jurisdiction.
• Section 6 provides some information about cookies and related technologies. These collect data in the background about the devices and Products you use, and help us support, improve and market those and other Products.
• Section 7 is about information security, and in particular, how you can be notified of relevant incidents.
• Section 8 provides more information about international data transfers.
• Section 9 describes our general data retention policy.
• Section 10 warns that we cannot control third party sites and how they use your data.
• Section 11 makes it clear that we do not offer services to children, and do not knowingly collect or use personal information from children under 13 years of age.
• Section 12 describes specific rights under California law.
• Section 13 tells you how to get in touch with us if you have any questions or comments.

 

1. Personal Information

"Personal Information," as used in this Policy, is information that can be directly or indirectly related to an identified or identifiable individual, such as an individual's name, address, telephone number, or email address. Personal Information also includes information, such as demographic information (e.g., date of birth, gender, geographic area, and preferences) and Product-related information, when any of this information is capable of being linked to Personal Information that identifies that individual.

Personal Information does not include "aggregate" or other non-personally identifiable information. We may use and disclose aggregate information, and other non-personally identifiable information, for various purposes at our sole discretion and without notice or liability to you.

Such de-identified and/or aggregated information will be deemed to be owned by us and we shall have unrestricted title, rights, and interest to the de-identified and/or aggregated information which may include, without limitation, the right to use, distribute, transmit, transfer, license, trade, rent, share, assign, and sell the de-identified and/or aggregated information.

 

2. Information We Collect From You

When you use our Products, we collect the following types of information from you:

• Account information: When you use our Products you may need to create an account with us. In order to create an account, you will need to provide us with login credentials (which include your username and password), and may need or be invited to provide your name, company name, title, email address, postal address, phone number and profile photo.  Certain networks using our Products may require users to establish or use login credentials. In connection with supporting this login functionality, we may collect information such as email addresses, telephone numbers, or user or administrator-created usernames, along with user-created or administrator-created passwords, to facilitate such login functionality and otherwise to provide our Products.  If you have requested specific Products or resources (through APIs or otherwise), we will also record the purpose and parameters of the request.  Login credentials (e.g., username, random password, random project name, and random SSH key) may be automatically assigned to you; we will retain a record of these credentials.

General usage data: When you use our Products we may also collect information about the actions you take on our Products (e.g., logging in, administering other users of the Products, and approving resource requests), the content, features, and activities that you access and engage with on our Products, the resources you use (e.g., amount of data stored or transferred, time spent on the Product, number of queries run) and, in the case of websites, the referring webpage address and the links you clicked on.  Some of our Products collect information from terminal devices connected to networks that are managed by those Products. Those Products also collect information regarding the performance of, and certain other information regarding, such networks. This information includes, for example, MAC address, device type, operating system, geolocation information, and network traffic information (e.g., hostnames, protocols, port numbers, and IP addresses). This information may be made available to administrators of networks managed by our Products through an online interface.

We may also collect information regarding your interaction with email messages from Sandvine, such as whether you opened, clicked on, or forwarded a message.

We may collect this information passively, on or from your device, using technologies such as server logs, cookies, scripts and clear GIFs (also known as “Web beacons”).  These are further described below, under the heading “Our Use of Cookies, Log Files, Web Beacons, and Embedded Scripts”.

• Purchase and Payment Information: We collect information to administer, manage, and fulfil the purchases you make. For example, we may collect your name, email address, account information, what is ordered, the date and time of the order, the quantity and price of the order, whether payment was made, method of payment, purchase history, and if you re-ordered.
• Location information: When you use our Products, we may collect your postal address and Internet Protocol (“IP”) address.
• Quality assurance and customer service: Your customer service communications with us or our service providers, if any, (such as, telephone calls and emails) may be recorded, logged, and/or monitored for quality assurance and customer service purposes to assist in addressing your inquiries, troubleshooting, training and analytics to identify trends and make improvements to our Products and customer service. As part of the recording and logging of the calls and emails, we will collect information like the identity of the caller or sender of email, the date and time of the call or email, and the subject and resolution of the issue.

We may indicate that some Personal Information is required (e.g., for you to register for the account or to create the profile), while some is optional.  Where we require Personal Information to comply with legal or contractual obligations, then provision of such information is mandatory; if such data is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us.

Information from Other Sources

In some cases, some of the information listed above will be provided by another person, such as your employer or colleagues when setting up an account for you on our Products; or when your employer or colleagues forward correspondence with/concerning you, or if they provide packet captures, memory dumps, files or equipment (such as hard drives) for support and diagnostic purposes.

We may also receive personal information about you from third parties involved in providing you with the Products you are utilizing or who facilitate the integration of third party hardware, software, applications, tools, scripts, and/or services with our Products.

If we do so, this Policy governs our own use of any combined information that we maintain in a personally identifiable format.  However, the third party's own use of your personal information in such cases will be determined by their own policies and with your agreement(s) with them, if any.

If we are asked to provide support or information to law enforcement authorities, courts, regulators, customers or other third parties, they may provide personal information about you as part of their correspondence with us.

Please be aware that in the course of your use of the Products, certain websites or other services provided by third parties ("Third-Party Services"), including, for example, Google Analytics, AdRoll, Google Remarketing, Marketo, and Google Adwords, may set cookies on your hard drive or use other means of passively collecting information about your use of their Third-Party Services or other services or content. To do this, they may use first-party cookies (which are set by the same domain your browser is receiving data from) or third-party cookies (which are set by a different domain). Sandvine also may make information available to Third-Party Services, and these Third-Party Services may collect such information, to assist such parties in understanding our users’ activities and usage patterns on the Products. If desired, you may use the Google Analytics Opt-out Browser Add-on to opt-out of having information collected by Google Analytics.  We also use Google Conversion Tracking, which tracks whether users engage in certain activities (e.g., filling out a form to receive more information about our products or services) after they view one of our advertisements on a Third-Party Service. Google uses cookies to track conversions and to report that information to us.  Additionally, Google and these other third-party vendors may use information about activities, recorded using cookies or other technologies, to inform, optimize, and serve advertisements. In particular, we may use Google and other third-party vendors to engage in “remarketing,” in which advertisements you see on third-party websites and services may for example be based on your prior use of our Products.

To learn more about these practices, and to opt-out from Google’s and other vendors’ use of information collected on the Products through cookies for advertising purposes, you may visit Google’s Ads Preferences Manager or the Network Advertising Initiative opt-out page. Please note that opting-out will not prevent advertisements from being served to you on the internet; it will only result in advertisements that utilize cookies to serve advertisements on the specified advertising networks from which you opt-out no longer being targeted.

We are not responsible for the activities of other parties that may not comply with your opt-out requests, and we generally do not have access to, or control over, the actions of Third-Party Services. Each provider of Third-Party Services uses information that it collects in accordance with its own privacy and security policies.

Information We Generate

We will also collect Personal Information about you that we generate based on the correspondence we send to you, the information you provide, and/or which others provide about you – such as records of messages we sent you, notes of meetings we hold with you, or records of the Products you have inquired about or that we provide to you.

 

3. Our Use of Information We Collect

We collect, use and share the personal information we collect about you:

• to establish and fulfil contracts with you (if you contract with us directly), or in your and our legitimate business interests, to understand and meet your needs and preferences, and/or to provide our Products, for example:
  • for purposes related to the billing, activation, provision, maintenance, support, troubleshooting, resolving of disputes, deactivation, upgrade, or update of Products;
  • to process and fulfil orders, send emails to confirm order status and shipment, send Products or goods that are ordered, and allow customers to pay for Products and goods they order;
  • to demonstrate new Products to our customers prior to or pursuant to contracting, and to allow customers to trial new policies and customizations for existing Products;
  • to ensure Products are technically functioning as intended and to help identify and troubleshoot issues;
  • to manage or respond to inquiries;
• in your, our or third parties’ legitimate business interests, to develop new and enhance existing Products, including to communicate with you about them using various means, for example to make available or send to you upgrades or updates, or notices of upgrades or updates of Products;
• in your, our or third parties' legitimate business interests, to manage our business and operations, for example:
  • to detect, monitor, investigate, mitigate or attempt to prevent fraud and technical or security issues or to protect our property;
  • to allow for business continuity and disaster recovery operations;
  • to enforce our legal rights, including to fulfil or enforce any agreements or notices associated with a particular Product (“Notices”);
  • for statistical purposes;
• to meet legal and regulatory requirements and to respond to emergency situations, for example:
  • to respond to court orders, warrants or other lawful requests or legal processes;
  • to provide emergency assistance in situations that may threaten the life or physical safety of you or others; or
• for other purposes for which you have consented, such as those that may be set out in Notices, and other purposes as permitted or required by any applicable law.
  

4. To Whom We Disclose Your Personal Information

In accordance with this Policy, we may share your personal information:

• within Sandvine (such as our offices in Canada, the United States, India, or the EEA);
• with our service providers, such as (i) cloud service providers (such as Dropbox) for data storage and processing; (ii) backup/archiving services (such as Iron Mountain); (iii) contact relationship management services (such as Salesforce), (iv) marketing platforms (such as HubSpot); and (v) payment service providers;
• with our financial, insurance, legal, accounting or other advisors that provide professional services to us;
• if we have your consent;
• with third parties involved in marketing or providing our Products to you which may include authorized resellers and distributors;
• in respect of information about your use of the Products, with your co-workers, employer or its agents, if your employer has provided you with access to the Products (e.g., we may provide your employer with a report showing the various individuals to whom it has given an account, and how they have been making use of the Products);
• with our customers/partners, such as when giving them the results of debugging or other analysis that they asked to run on data they provided to us;
• as necessary to complete any transactions concerning our Products;
• to respond to a subpoena, order, legal process, or government request;
• to protect, establish or exercise our legal rights or defend against legal claims;
• to investigate, detect, suppress, prevent or take action regarding illegal or prohibited activities, suspected fraud, or situations involving potential threats to the reputation or physical safety of any person;
• as otherwise required by law; or
• if we are to be sold, merged, or amalgamated or substantially all of our assets are to be sold or disposed of, in which case your personal information may be transferred to a potential purchaser if, and to the extent necessary, it is required for the purposes of deciding whether to proceed with the proposed transaction and completing it. If such a sale, merger, acquisition, or disposal is completed, we will use reasonable efforts to direct the transferee to use personal information you have provided to us in a manner that is consistent with this Policy. Following such a sale or transfer, you may contact the entity to which we transferred your personal information with any inquiries concerning the processing of that information.
  
  

5. Your Decisions About Your Personal Information

At any time you can contact us to: stop receiving emails from us; review the personal information held by us in connection with your account; withdraw any consents you previously provided for our use and disclosure of your information; request a description of third parties to which we may have provided your personal information; close your account; and amend your personal information. Depending on jurisdiction, you may have other rights to control the use or Personal Information about you, including to ask us to cease or suspend certain processing of it, to erase it, or to provide a copy of it to you or to another service provider.

You can make such requests by emailing us at privacy@sandvine.com or writing to us at Sandvine Corporation, 408 Albert Street, Waterloo, Ontario, Canada, N2L 3V3, Attention: Legal Department.  In some cases, your employer or another third party may provide and administer your account or other Personal Information processed in connection with the Products; in that case, they should be your first point of contact for any requests of this nature.

You can always unsubscribe from receiving promotional emails from us by simply clicking the “unsubscribe” link provided at the bottom of every promotional email from us.  Additionally, if we offer user account functionality on the Products, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us.

Please be aware that if you opt-out of receiving commercial email from us, it may take up to 10 business days for us to process your opt-out request, and you may receive commercial email from us during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our Products.

If you contact us to do any of the things listed above, we may require you to provide sufficient personal information to allow us to identify you and tell you about the existence, use and disclosure of your personal information, and this personal information will only be used for this and connected purposes (such as resolving related complaint). If you contact us about your personal information, we will respond to your request within a reasonable time and at minimal cost or no cost to you in accordance with applicable laws.

Generally, you may withdraw at any time your previously-given consents for us to collect, use, and disclose your personal information in accordance with this Policy, subject to legal or contractual restrictions and reasonable notice. We may however continue to collect, use, and disclose your personal information as may be required to provide you with our Products, and to the extent that we are contractually obligated to do so or as necessary to enforce any contractual obligations you may have with us. If you refuse to provide us with the information we require or later contact us to withdraw your consent for us to use and disclose your personal information, we may no longer be able to provide you with our Products.

6. Our Use of Cookies, Log Files, Web Beacons, and Embedded Scripts

When you visit the Website, we collect certain information by automated means, such as through server log files, cookies (text files sent to and stored on your device when you access the Website), web beacons (also known as clear GIFs and pixel tags, which may be used to transmit information back to the Website), and embedded scripts (programming code that is designed to collect information about your interactions with the Website, such as the links you click on, and which is active only when you are accessing the Website).

The information we collect in this manner may include details about the computer, mobile phone, or other device used to access the Website (such as browser type, operating system, and IP address), referring URLs and information on actions taken or interaction with our digital assets.

We may use third-party web analytics services to help us analyze how visitors use the Website. As discussed under Information from Other Sources above, we may permit these third parties to operate directly on the Website, use their own technology (such as cookies or web beacons), and collect information about you on our behalf.

When you visit our Website, we may allow some third parties (such as advertising networks and data analytics companies) to collect information about your online activities over time and across different websites.

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. However, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” visit http://www.allaboutdnt.com.

7. Security

We aim to provide you with a safe experience. We have in place certain physical, technical, and administrative safeguards designed to appropriately protect the security and privacy of your personal information against loss, theft, and unauthorized access, disclosure, copying, use, or modification. Please note, however, that we cannot guarantee that the measures we maintain will guarantee the security of the information.

We limit access to your personal information within Sandvine to individuals with a need to know.

If we learn of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. Sandvine may post a notice through the Products if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

To receive a free written notice of a security breach, you should notify us at privacy@sandvine.com.

8. International Data Transfers

Your Personal Information may be collected, used, processed, transferred, and retained in multiple countries including Canada, the United States, the European Economic Area and India. Each region can have its own privacy and data security laws, some of which may be less stringent as compared to those of your own region.

To the extent permitted by applicable law, by providing your Personal Information to us through your use of the Service, you agree to that transfer, storage, and processing in these countries.

Where we transfer your Personal Information internationally, we will comply with applicable law in doing so, including by assessing and, where necessary, implementing additional safeguards to maintain continuity of protection.  To learn more about those transfers and any safeguards we may have put in place, contact us at privacy@sandvine.com.

9. Data Retention

We will retain Personal Information we process on your behalf for as long as needed for the uses detailed above.  If hard drives are returned to us by our customers, all drives that are refurbished or decommissioned are securely wiped before re-use or secure destruction (respectively).

10. Links to Other Sites

We provide links on our Website to third party sites. These sites operate independently of us and may have established their own privacy and security policies. Any personal information you provide on linked pages or other sites is subject to that third party’s privacy policy. We strongly encourage you to review these policies at any site you visit. This Policy does not apply to such linked pages or other sites, and we are not responsible for the content or practices of any linked websites which are provided solely for your convenience.

11. Children’s Online Privacy Protection

The Website and Products are not intended for use by children under 18 years of age. We do not knowingly collect or use any personal information from any children under 13 years of age. If we become aware that we have unknowingly collected personal information from a child under the age of 13, we will make commercially reasonably efforts to delete such personal information from our database.

12. California Residents – Your California Privacy Rights

If you are a California resident and you have questions about our practices with respect to sharing information with third parties and affiliates for their direct marketing purposes, please send your request by email to privacy@sandvine.com or write to us at Sandvine Corporation, 408 Albert Street, Waterloo, Ontario, Canada, N2L 3V3, Attention: Legal Department. You must put the statement “Your California Privacy Rights” in the subject field of your email or include it in your writing if you choose to write to us at the designated mailing address. You must include your name, street address, city, state, and ZIP code. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.

13. Questions or Comments

If you have any questions or comments or wish to make a complaint about this Policy, please feel free to contact us by delivery in person, by courier or by mail, to us at Sandvine Corporation, 408 Albert Street, Waterloo, Ontario, Canada, N2L 3V3, Attention: Legal Department, by calling us at +519 880-2400, or by email to privacy@sandvine.com.

If you contact us about your personal information, we will respond to your request within a reasonable time and at minimal cost or no cost to you in accordance with applicable laws.  Depending on the circumstances and applicable laws, we may refuse to process certain access requests (e.g., access requests that are unreasonably repetitive or systematic, would be extremely impractical or require disproportionate technical effort).

If you are in the EEA, you also have the right to complain to a data protection supervisory authority.  Details of national supervisory authorities in the EU can be obtained here: https://edpb.europa.eu/about-edpb/board/members_en

Effective Date: March 12, 2019