This Privacy Policy was last updated on April 12, 2017.

Bitglass, Inc. (referred to herein as “Bitglass,” “we” or “us”) recognizes that your privacy and the protection of your personal information is important to you and we are committed to protecting your privacy. This Privacy Policy describes the measures taken by us to protect your privacy in connection with your use of the www.bitglass.com website (the “Site”) and the services available through the Site (the “Services”) and is intended to inform you of our practices and policies regarding the collection, use and disclosure of information that you provide to us through the Site, including Personal Data (as defined below).  This Privacy Policy is incorporated into the Bitglass Subscription Agreement and Terms of Service available at https://www.bitglass.com/terms-of-service , which govern your use of the Site and the Services. 

PLEASE READ THIS PRIVACY POLICY CAREFULLY.  BY ACCESSING OR USING OUR SITE OR THE SERVICES OR BY SUBMITTING DATA THROUGH THE SITE OR IN CONNECTION WITH THE SERVICES, YOU ACCEPT AND AGREE TO THE TERMS OF THIS PRIVACY POLICY AND EXPRESSLY CONSENT TO THE PROCESSING, USE AND SHARING OF YOUR DATA (INCLUDING PERSONAL DATA) AND OTHER INFORMATION IN ACCORDANCE WITH THE TERMS OF THIS POLICY. 

Types of Information Collected

• Data You Provide to Us. When you register to use, express interest in using, or use any of the Services, when you engage in certain activities on the Site (such as filling out a survey, submitting a review or other feedback, seeking customer support, applying for a job, or requesting information from us), or when you contact us with questions or comments, you may be asked or required to provide certain data, including Personal  Depending on the activity, some of the data we ask you to provide will be designated as “required” and some as “optional.”  If you do not provide the required data, which may include Personal Data, for a particular service or activity, you will not be permitted to use that service or engage in that activity. We use your data in providing services to you under the Site and otherwise. “Personal Data” means data that allows someone to identify or contact you, including, without limitation, your name, billing and mailing address, phone number, e-mail address, date of birth, as well as other non-public information about you that is associated with or linked to any of that data.  When you purchase Services on behalf of a company, you also may be required to provide us with company payment information such as a credit card number and related expiration date, authentication code and other similar data, which information is referred to herein as “Payment Data.”  When you register for and utilize Services on behalf of a company, we also may ask you to provide information regarding the company, such as the company’s name, address, phone number and other contact information, the designated administrator or point of contact for the company’s account with us (“Your Administrator”), the number of individuals employed by the company, the number of employees and consultants within the organization who will be using the Services, a description of the company’s products or services, the location of the company’s offices and certain financial information about the company, which information is referred to herein as “Company Data.”  We may collect data about you or your company from other sources with which you have registered, including our partners, and may associate this information with the other data we have collected about you or your company.  The term “your Personal Data” as used in this Privacy Policy includes your Personal Data as well as the Personal Data of Your Administrator. 
• Usage Information and Data Collected via Technology. To make our Site and Services more useful to you, we may collect information regarding your browser type, operating system, internet protocol (IP) address, domain name and/or a date/time stamp of your visit.  If you are logged into your account, we may associate that information with your account. We may also use cookies, which are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website, and navigational data, such as URLs, web beacons (also known as action tags or single-pixel gifs), and other technology, to gather information regarding the date and time of your visit and the items that you viewed, searched and/or clicked on.  We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or other device until you delete them). If you choose to disable cookies, some areas of our Site or portions of our Services may not work properly for you.  Like many web sites, we will automatically gather this information and store it in log files each time you access our Site.  When you use our Service or Site with a mobile device, such as a smartphone or tablet, or make use of any location-enabled service, we may receive information about your physical location (such as data from your device that provides information on nearby cell towers and wi-fi access points) and your mobile device itself, including a unique identifier to your device.
• Collection of Information by Third Parties. Our Site may include third-party advertising, links to other websites, and other content from third party businesses. The content posted by these parties will be reasonably identifiable as coming from a third party. Except as otherwise described in this Privacy Policy, we do not provide any of your Personal Data to these advertisers, third-party websites, or other businesses, although on occasion we may share non-personally-identifiable (e.g., demographic) information to facilitate delivery of relevant advertisements. These third-party websites, businesses, and advertisers, or advertising companies working on their behalf, sometimes use technology to deliver (or ‘serve’) the advertisements that appear on our Site directly to your browser. They automatically receive your IP address when this happens. They may also use cookies, JavaScript, URLs, web beacons, and other technologies to measure the effectiveness of their ads and to personalize or optimize advertising content. We do not have access to or control over cookies or other technologies that they may use, and the information practices of these advertisers and third-party websites or businesses are not covered by this Privacy Policy but are covered by their respective privacy policies.

Purposes of Information Collection - Uses and Disclosure

• We take the privacy of our users and customers seriously.  Except as otherwise stated in this Privacy Policy, we will not sell, rent, or otherwise provide your e-mail address or other Personal Data, Payment Data or Company Data that we receive from you to any third parties for marketing purposes or allow any other user of the Site or the Services, in their capacity as such, to have access to your account information without your authorization.  We do not use your e-mail address or other Personal Data to send commercial or marketing messages without your ability to opt out.  Additionally, we do not disclose your Personal Data to third parties (other than those third parties performing tasks on our behalf and under our instructions, such as third-party service providers who work on behalf of us to provide or enable some of the services and/or features of our Site and Services or to help us communicate with you), or use  your personal information for a purpose that is materially different from the purpose(s) for which it was originally collected (as described in this Privacy Policy) or subsequently authorized by you, without your ability to opt out.  We require your opt-in consent for the disclosure of any of your sensitive personal information (which refers to personal information relating to confidential medical facts or health condition, racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, information regarding sexuality or sexual behavior, or any other personal information that you identify, and treat, as sensitive) to a third party or for the use of such information for a purpose other than those for which it was originally collected (as described in this Privacy Policy) or subsequently authorized by your opt-in consent.  We may, however, contact you or Your Administrator via e-mail for non-marketing administrative or transactional purposes (such as notifying you of major Site changes, for customer service purposes, for purposes of providing the Services and for other administrative purposes).
• We may use your Personal Data, non-personally-identifiable information (such as anonymous usage data, cookies, IP addresses, browser type, click stream data, etc.) and Company Data internally to establish your account and identify you as a user in our system, improve the quality and design of the Site and the Services and to create new features, promotions, functionality, and services by storing, tracking, and analyzing user preferences and trends.  We also may publish or disclose the non-personally-identifiable information related to user preferences, usage and trends for promotional purposes or for the purpose of attracting advertisers.  We may use your Personal Data, Company Data and other information for internal troubleshooting and other administrative purposes and for the purpose of enforcing our agreements with you, including this Privacy Policy and our subscription agreements and terms of service or use.
• We use cookies and log file information to: (i) store information so that you will not have to re-enter it during your visit or the next time you visit the Site; (ii) provide custom, personalized content and information; (iii) monitor aggregate metrics such as total number of visitors, pages viewed, etc.
• We may collect and process information about your physical location, such as signals sent by a mobile device.
• We use Payment Data solely to check creditworthiness and collect payments, for which we may utilize third-party service providers.
• We may provide your Personal Data or other information to third-party service providers who work on behalf of or with us to provide or enable some of the services and/or features of our Site and Services or to help us communicate with you.  Examples of such services include sending e-mail, analyzing data, providing marketing assistance, providing assistance in operating the Site and Services and providing customer service. We require our third-party service providers to agree not to use such information except as necessary to provide the relevant services to us and you.  However, once we have disclosed your information, including Personal Data, to a third party as described in this Privacy Policy, we cannot control and assume no responsibility for the manner in which that third party uses or further discloses such information.
• We may provide Payment Data to third-party service providers to manage credit card payments and processing. These service providers are not permitted to store, retain, or use Payment Data except for the sole purpose of processing credit card payments on our behalf.  However, we cannot control such third-party service providers and we assume no responsibility for their improper use or disclosure of your information.
• We may share non-personally-identifiable information, such as aggregated demographic information or information about your visits to this and other websites, with partners and/or advertisers to enable them to promote or advertise goods and/or services that may be of interest to you.
• We may use your comments and feedback for promotional and marketing purposes (including in connection with advertisements or customer testimonials), unless you opt out.
• We may disclose your Personal Data and other information if required to do so by law or if we believe in good faith that such action is necessary to (i) conform to the requirements of the law, (ii) comply with legal process served on us or the Site, or (iii) protect and defend our rights or property or those of our users or other parties.
• Although we currently do not have any parent company or subsidiary, we may in the future and, if so, we may share some or all of the information we collect from users, including Personal Data, Payment Data and Company Data with those companies in which case we will require them to honor our Privacy Policy.

How your information is protected:

We protect the security of the personal information you provide.  Personal information we collect is stored in password-controlled servers with limited access, and we carefully protect this information from loss or misuse, and from unauthorized access, disclosure, alteration, or destruction in accordance with industry standards.  Unfortunately, no data transmission over the internet or any wireless network can be completely secure.  Although we use commercially reasonable measures to protect the security of data transmitted to us, we cannot guarantee the security of any information transmitted to or from the Site and are not responsible for the actions of any third party that may obtain unauthorized access to that data.

Updates to this Privacy Policy:

We may occasionally update this Privacy Policy.  When we do, we will also revise the “last modified” date at the top of the Privacy Policy.  If the changes to the Privacy Policy are significant, we will notify you by sending a notice to the primary e-mail address specified in your account, by sending a notice to Your Administrator, or by placing a prominent notice on the Site.  Modifications to this Privacy Policy may affect our use of Personal Data, Payment Data and Company Data that you provided to us prior to such modifications. The modified Privacy Policy will be effective immediately when posted to our Site.  If you do not wish to permit such changes in our use of your Personal Data, Payment Data or Company Data you must notify us immediately that you wish to deactivate your account with us.  It is your responsibility to periodically review this Privacy Policy to stay informed about how we are using and protecting the personal information we collect and what changes, if any, we have made to the Privacy Policy.  Your continued access to or use of the Site, or submission to us of data and other information, constitutes your acceptance of and agreement to the modified Privacy Policy.

Merger or acquisition:

In the event that we merge with or into, or are acquired by, another entity or substantially all of the business or assets related to the Bitglass Site are acquired by another entity, all customer information, including Personal Data, Payment Data and Company Data that we have collected will likely be transferred to such entity.  You acknowledge that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of us or the assets related to the Site and/or the Services may continue to process your Personal Data, Payment Data and Company Data and other information as described in this Privacy Policy, as may be modified from time to time.

Third party links:

In an attempt to provide you with increased value, we may include third party links on the Site. These linked sites have separate and independent privacy policies.  This Privacy Policy only covers our Site and does not cover any other website.  We therefore have no responsibility or liability for the content of these linked sites, the activities of their owners and operators, or the use or disclosure by them or others of any information you provide to them.  Nonetheless, we seek to protect the integrity of the Site and welcome any feedback about these linked sites (including if a specific link does not work).  We encourage you to review the privacy policies of each website that you visit.

Voluntary sharing of information on the Site:

You understand that when you post or transmit content or information, including Personal Data and Company Data, to publicly accessible portions of the Site (including forums, chat rooms and bulletin boards) or to other Site users, that such content or information will be made available to other parties who then may collect and use or further disclose such content or information.  We have no obligation with respect to information, including Personal Data, Payment Data and Company Data, that you post to publicly accessible areas of our Site or with respect to how other parties may use or disclose information that you transmit or make available to them.

Your ability to access and edit your Personal Data:

You have the ability to view and edit the Personal Data that you provide to us by accessing and editing the profile under your password-protected account. We encourage you to promptly update the Personal Data previously provided to us if it changes. When updating your Personal Data, we may ask you to verify your identity before we can act on your request.  We may reject requests that are overly broad or unduly burdensome or that violate the privacy of others.  In circumstances where we can provide access and editing, we will do so for free unless it would require a disproportionate effort on our part in which case we reserve the right to assess an appropriate fee to perform the request. Even though you edit your Personal Data, we may keep a copy of the prior version(s) for our archives.

Your choices regarding our collection, retention and use of your Personal Data; requests for deletion of your Personal Data:

You can always choose not to provide personal information, although you may be prevented from using all or portions of the Site or Services by making that choice.  You can opt out of our promotional or marketing e-mails at any time by clicking the unsubscribe link at the bottom of any such promotional or marketing e-mail or by sending an e-mail indicating your desire to opt out of such future promotional or marketing e-mails to privacy@bitglass.com.  You cannot opt out of administrative or transactional e-mails.  If you do not want us to use your Personal Data to allow third parties to personalize advertisements we display to you or if you do not want us using your Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected (as described in this Privacy Policy) or subsequently authorized by you, please send an e-mail with that request to privacy@bitglass.com. You may set your browser, and/or browser add on, to block  cookies, including cookies associated with the Services, but you should be aware that our Services, or a portion thereof, may not function properly if your cookies are disabled.  You may request deletion of your Personal Data by contacting us at privacy@bitglass.com, but please note that we may be required by law or otherwise to retain this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements).  Note also that if we do delete such information, you may be prevented from using any services for which that information was required and such deletion likely will be limited to removing the information from our active database, allowing us to retain the information in our archives.

Children:

Protecting the privacy of children is very important to us.  The Site and the Services are not intended or directed to persons who are minors (typically persons under the age of 18, depending on where you live) and we do not intentionally collect Personal Data or other information from minors.  By setting up an account on the Site, a user represents to us that he or she is not a minor.  If we obtain actual knowledge that a user is a minor, we will take steps to remove that user’s Personal Data from our databases.

US-EU & Swiss-US Privacy Shield

Bitglass is a participant in the European Union (EU)–United States (US) Privacy Shield as well as the Switzerland (Swiss) – US Privacy Shield.

Bitglass complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Bitglass has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

The types of data we are collecting under the EU-US and Swiss-US Privacy Shield, the purposes for which each such type of data is being collected and used, and the types of third parties to which we may disclose such information (and the purposes of such disclosure) are set forth above in this Privacy Policy.

Please note that we may be required to disclose your personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

You have rights, as set forth above in this Privacy Policy, to access, edit and have deleted your personal information.  The choices and means offered you for limiting use and disclosure of your personal information are set forth above in this Privacy Policy.

Notwithstanding any language to the contrary in this Privacy Policy, in cases of onward transfer to third parties of personal information of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, Bitglass is potentially liable.

In compliance with the US-EU and Swiss-US Privacy Shield Principles, Bitglass commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Bitglass at:

Bitglass, Inc.
Attention: Privacy Complaints
675 Campbell Technology Parkway Suite 225
Campbell, CA  95008
e-mail: privacy@bitglass.com

Bitglass has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

Please note that if your complaint is not resolved through the above channels, you may have the right, under certain limited conditions, to invoke binding arbitration before the Privacy Shield Panel to be created by the US Department of Commerce and the European Commission.

Bitglass is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the EU-US & Swiss-EU Privacy Shield.

 

Contacting us:

We would like to receive your comments and questions about this Privacy Policy.  Please address comments, requests, questions or complaints to us via e-mail at: privacy@bitglass.com.