Privacy Policy

Welcome to the website (the “Site”) of Exabeam, Inc. (“Exabeam”, “we”, “us” and/or “our”). This Site is operated by Exabeam and has been created to provide information about our company, our products and the related Exabeam services (together with the Site, the “Services”) to our visitors (“you” and/or “your”).

The purpose of this Privacy Policy is to provide you with a clear understanding of the information we collect, how we will use it and the rights that you have.

For customers of Exabeam, further details may be described in your customer contract. Also, notices highlighting certain uses we wish to make of the information we collect together with the ability to opt in or out of selected uses may also be provided at the time we collect the information from you.

CONTENT

Here is an outline of the Privacy Policy content that follows:

1. Information We Collect
2. How We Use Your Information
3. How Long We Retain Your Information
4. Your Rights
5. Exclusions
6. Links to Other Websites
7. Do We Use Cookies?
8. Data Security
9. Children & the COPPA (Children Online Privacy Protection Act)
10. California Online Privacy Protection Act
11. Data Privacy Framework
12. CAN SPAM Act
13. Terms of Services
14. Changes to Exabeam’s Privacy Policy
15. Contacting Exabeam
16. Last Updated

INFORMATION WE COLLECT

The information we collect includes personally identifiable data that we receive from visitors to the Site and users of our Services, which includes information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context (“Personal Data”). For example, details such as your name, email address, mailing address, phone number, title and even IP address might be collected to the extent permitted by local laws.

By voluntarily providing us with Personal Data, you are consenting to our use of it in accordance with this Privacy Policy. If you provide Personal Data to the Site or Services, you acknowledge and agree that such Personal Data may be transferred from your current location to the offices and servers of Exabeam as well as third parties that may be located in the United States.

You can visit the Site without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain portions of the Site or Services.

Personal Data: We collect Personal Data from you when you voluntarily provide such information, such as when you contact us with inquiries, respond to one of our surveys, register for access areas of the Site or use the Services. Whenever and wherever Exabeam collects Personal Data, you should see a link to this Privacy Policy.

Non-Identifiable Data: When you interact with Exabeam through the Site or Services, we receive and store certain personally non-identifiable data. Such data, which is collected passively using various technologies, cannot presently be used to specifically identify you. Exabeam may store such data itself or such data may be included in databases owned and maintained by Exabeam affiliates, agents or service providers. As part of the Services, we may pool this data and use it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors’ Internet service providers. It is important to note that no Personal Data is available or used in this process.

Aggregated Personal Data: In an ongoing effort to better understand and serve the users of the Site and Services, Exabeam often conducts research on its customer demographics, interests and behavior based on Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and Exabeam may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally. Exabeam may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

Third Party Analytics: We may allow third-party service providers to use cookies or similar technologies to collect information, which may include Personal Data, about you or your browsing activities on our Site or over time and across different websites following your use of the Services. For example, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze how users use the Site and enhance your experience when you use the Service. Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on. For more information on how Google uses this data, go to http://www.google.com/policies/privacy/partners/.

HOW WE USE YOUR INFORMATION

Exabeam is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. Any use of your information by Exabeam must be justified in accordance with the following legal grounds:

• Consent: You have consented to our use of your information. Requirements include that the consent must be clear, affirmative and freely given.
• Contract Performance: Use of the information is necessary to enter into or perform an Exabeam contract with you.
• Legal Obligation: Exabeam’s use of your information is for compliance with our legal obligations.
• Legitimate Interests: Your information is used to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
• Legal Claims: Use of your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.

We may use the information we collect from you in the following ways to:

• Personalize your experience and to allow us to deliver the type of Services and product offerings in which you are most interested;
• Improve our Site to better serve you;
• Allow us to better respond to customer service requests;
• Administer a contest, promotion, survey or other Site feature;
• Quickly process your transactions;
• Ask for ratings and reviews of the Site, Services or products; and
• Follow up with you after correspondence (live chat, email or phone inquiries).

There are, however, certain circumstances in which we may share your Personal Data with certain third parties or transfer your Personal Data without further notice to you, as set forth below:

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.

Related Companies: We may share your Personal Data with affiliated companies, such as subsidiaries, for purposes consistent with this Privacy Policy.

Agents, Consultants and Related Third Parties: Exabeam, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function.

Legal Requirements: Exabeam may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to: (i) comply with a legal obligation, (ii) protect and defend the rights or property of Exabeam, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.

Marketing: In relation to Direct Marketing, where we are required to do so, we will obtain your consent before using your Personal Data for this purpose. If you prefer not to receive our Direct Marketing communications and/or not have your Personal Data shared the purpose of marketing, you can contact us to have your Personal Data erased from our Direct Marketing lists.

“Direct Marketing” means our communication with you such as mail, telemarketing or email, using your Personal Data, to inform you about products and Services that we think may be of interest and value to you. This does not include communications regarding products or Services that you currently have, including improved ways to use the products, or additional features of the products as well as transactional information.

Channel Partners: In some cases, a distributor or reseller who is part of Exabeam’s network of channel partners may assist us to deliver products and Services. Exabeam may share your Personal Data with its approved channel partners so that they may follow up with you after correspondence (live chat, email or phone inquiries).

Transfers outside of the EEA: Your Personal Data may be accessed, transferred or stored by staff, partners or other persons outside the European Economic Area (EEA), and these locations may have data protection laws of a lower standard than in the EEA. We will, in all circumstances, safeguard Personal Data as set out in this Privacy Policy.

Where we transfer Personal Data from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Data. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Data to these jurisdictions. In countries which have not had these approvals, we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements. For a listing of countries and rules applicable to each, please visit https://ec.europa.eu/info/law/law-topic/data-protection_en.

HOW LONG WE RETAIN YOUR INFORMATION

Our retention periods for Personal Data are based on business needs and legal requirements. We retain your Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Data is no longer needed, we either irreversibly anonymize the Personal Data (and we may further retain and use the anonymized information) or securely destroy the Personal Data.

YOUR RIGHTS

If you have any questions in relation to our use of your Personal Data, you should first contact us as per the “Contacting Exabeam” section below. Under certain conditions, you may have the right to require us to:

• Provide you with further details on the use we make of your Personal Data;
• Provide you with a copy of information that you have provided to us;
• Update any inaccuracies in the Personal Data we hold;
• Delete any Personal Data the we no longer have a lawful ground to use;
• Where processing is based on consent, to withdraw your consent so that we stop that processing;
• Object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
• Restrict how we use your information while a complaint is being investigated.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, then we will check your entitlement and respond in most cases within a month.

EXCLUSIONS

This Privacy Policy does not apply to any Personal Data collected by Exabeam other than Personal Data collected through the Sites or Services. This Privacy Policy shall not apply to any unsolicited information you provide to Exabeam through the Site or Services or through any other means. This includes, but is not limited to, information posted to any public areas of the Site or Services, such as forums, any ideas for new products or modifications to existing products or Services, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and Exabeam shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.

LINKS TO OTHER WEBSITES

This Privacy Policy applies ONLY to the Site and Services. The Services may contain links to other websites not operated or controlled by Exabeam (the “Third-Party Sites”). The rights and obligations we describe do NOT apply to the Third-Party Sites. The Third-Party Sites will have their own privacy policies for collecting and processing your Personal Data, and we urge you to check these policies before you submit Personal Data to the Third-Party Sites.

Please understand that links from the Site or Services do not imply that Exabeam endorses or has reviewed the Third-Party Sites, and we do not accept any responsibility or liability for your use of the Third-Party Sites.

DO WE USE COOKIES?

Cookies are small files that our Site and Service transfers to your computer through your web browser (if you allow) that enables the us to recognize your computer and capture and remember certain information. They are also used to help us understand your preferences based on previous or current Site activity, which enables us to provide you with improved Services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.

If you do disable cookies, it will turn off some of the features of the Site.

DATA SECURITY

Exabeam maintains electronic, physical and procedural safeguards so that we meet or exceed the applicable privacy regulations for the protection of Personal Data provided via the Services from loss, misuse, unauthorized access, disclosure, alteration or destruction.

The Site is scanned on a regular basis for security holes and known vulnerabilities, which includes scanning for malware, to make your visit safe. Personal Data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, Exabeam utilizes Transport Layer Security (TSL, which used to be known as SSL) technology across the Site.

Exabeam will NEVER ask anyone for a password to be sent separately or in clear text. Anyone making such a request is probably trying to gain access to something that does not belong to them. If you ever receive such a request, please contact Exabeam ([email protected]).

However, no Internet or email transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to Exabeam via the Internet.

CCPA; GLB; MASS PRIVACY ACT

Exabeam will not retain, use, or disclose any Personal Data in its possession for any purpose other than: (i) as authorized for the provision of products and/or services; and (ii) as may be required by applicable law, including, but not limited to, the Gramm-Leach-Bliley Act of 1999 (“GLB Act”), the Massachusetts Standards for the Protection of Personal Information (“Mass Privacy Act”), and the California Consumer Privacy Act (“CCPA”). Exabeam has implemented and will continue to maintain appropriate information security safeguards reasonably designed to prevent the destruction, loss, unauthorized acquisition, unauthorized use, or alteration of Personal Data in its possession.

California Privacy Rights Act (CPRA)

Pursuant to CPRA, as of January 1, 2023, California consumers (as defined in CPRA) have the following rights;

• Deletion, correction, and Disclosure: California Consumers have the right to request deletion of, correction of inaccurate, and disclosure of personal information Exabeam has collected from you.  Please note that these rights are subject to certain exceptions under CPRA.  To exercise any of these rights, you should contact us pursuant to “Contacting Exabeam” section of this Policy.
• Non-Discrimination: Exabeam will not discriminate against California Consumers for exercising their rights under CPRA.

Categories of Personal Information	Business Purpose	Collected from the following categories of sources	Disclosed to the following categories of third parties
Identifiers	Legal Requirement Marketing, Direct Marketing Communicating with you Hiring activities Contract performance Research and development Quality assurance	Directly from you This website Service providers	Affiliated companies Channel partners Service providers
Personal Information, as defined under 1798.80(e)	Legal Requirements Marketing, Direct Marketing Communicating with you Hiring activities Contract performance Research and development Quality assurance	Directly from you This website Service providers	Affiliated companies Channel partners Service providers
Protected characteristics under California or federal law	Legal Requirements Diversity reporting	Directly from you This website Service providers	Affiliated companies Service providers
Commercial Information (records of personal property, products or services purchased, obtained, or considered, etc.)	Legal Requirements Marketing, Direct Marketing Contract performance Research and development Quality assurance	Directly from you This website Service providers Channel partners Affiliated companies	Affiliated companies Channel partners Service providers
Biometric Information	Safety, security, and protection Compliance Legal requirements	Directly from you In person meeting/events Visiting our office locations	Affiliates
Internet or other electronic network activity information (browsing or search history, interaction with website, application, or advertisement)	Contract performance Research and development Quality assurance Product and Platform Improvement	This website Service providers	Affiliated companies Channel partners Service providers
Geolocation data	Marketing, Direct Marketing Legal Requirements Contract performance Research and development Quality assurance Compliance	Directly from you This website Service providers	Affiliated companies Channel partners Service providers
Audio, electronic, visual, thermal, olfactory, or similar information	Security and monitoring premises Communicating with you Safety, security, and protection	Directly from you In person meeting/events Visiting our office locations (e.g. surveillance cameras) Recordings from audio or video calls
Professional or employment-related information	Recruitment and hiring activities Contract performance	Directly from you From partners and/or recruiting agencies	Affiliated companies Channel partners Service providers
Non-public education information	Recruitment and hiring activities Contract performance		Affiliated companies Channel partners Service providers
Inferences (drawn from any of the information identified above)	Contract performance Research and development Quality assurance Legal requirements Security and monitoring premises Communicating with you Marketing, Direct Marketing	Directly from you This website Service providers Channel partners Affiliated companies In person meeting/events Visiting our office locations (e.g. surveillance cameras) Recordings from audio or video calls	Affiliated companies Channel partners Service providers
Sensitive personal information	Compliance Legal Requirements	Directly from you Job applications	Government entities Affiliated companies Service providers

CHILDREN & THE COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

Exabeam does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data without their permission.

If you have reason to believe that a child under the age of 13 has provided Personal Data to Exabeam through the Site or Services, please contact us, and we will work with you to erase that information from our databases.

CALIFORNIA ONLINE PRIVACY PROTECTION ACT

CalOPPA was the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personal Data from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. In compliance with CalOPPA, we agree to the following:

• Users can visit our site anonymously.
• We have a link to this Privacy Policy on our home page.
• Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.
• We will provide a notification of any Privacy Policy changes on our Privacy Policy page by revising the “Last Updated” date.
• You can change your Personal Data by emailing us.

For more information, please visit http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

DATA PRIVACY FRAMEWORK

Exabeam complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Exabeam has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Exabeam has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Exabeam commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Exabeam pursuant to the “Contacting Exabeam” section of this Policy.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Exabeam commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

The Federal Trade Commission has jurisdiction over Exabeam’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

In the context of an onward transfer, Exabeam has responsibility for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf.  Exabeam shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms as further set forth at in ANNEX I.

CAN SPAM ACT

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address to:

• Send information, respond to inquiries, and/or other requests or questions;
• Process orders and to send information and updates pertaining to orders;
• Send you additional information related to our products and/or Service; and
• Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CANSPAM, we agree to the following:

• Not use false or misleading subjects or email addresses
• Identify the message as an advertisement in some reasonable way;
• Include the physical address of our business or site headquarters;
• Monitor third-party email marketing services for compliance, if one is used;
• Honor opt-out/unsubscribe requests quickly; and
• Allow users to unsubscribe by using the link at the bottom of each email or specifying that user can respond “unsubscribe”.

TERMS OF SERVICES

Your access to and use of the Site and Services is subject to the Terms of Service at https://www.exabeam.com/legal/terms-and-conditions/

.

CHANGES TO EXABEAM’S PRIVACY POLICY

The Services and our business may change from time to time. As a result, Exabeam may make changes to this Privacy Policy. Exabeam reserves the right to update or modify this Privacy Policy at any time without prior notice. Please review this policy periodically, and especially before you provide any Personal Data. This Privacy Policy was last updated on the date indicated at end. Your continued use of the Site or Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

CONTACTING EXABEAM

If you have any questions about your Personal Data, then please contact us as specified below. We will take reasonable steps to update or correct Personal Data in our possession that you have previously submitted via the Site or Services. Please also feel free to contact us if you have any questions about Exabeam’s Privacy Policy or the information practices of the Services.

You may contact us as follows:

Attn: Data Protection Officer
Exabeam, Inc.
1051 E Hillsdale Boulevard, 4th Floor
Foster City, CA 94404
[email protected]
1-800-237-6070

LAST UPDATED

This Privacy Policy was last updated on March 31, 2024.