Effective Date: July 23, 2024
We at Cohesity, Inc. (“Company,” “we,” “us,” “our”) know that our visitors and users (“you,” “your”) care about your privacy and how your personal information is used and shared. We take your privacy seriously.
This Privacy Policy (“Policy”) is intended to help you understand:
1. What this Policy covers:
This Policy covers our use and treatment of personally identifiable information (also referred to as personal data) (“Personal Information”):
By accessing or using our Services, you acknowledge and agree that you consent to the practices and policies outlined in this Policy. If you do not agree with this Policy, please do not access or use our Services or interact with any other aspect of our business.
This policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage. Where you access the Services under contract with an organization (for example your employer), that organization controls the information processed by the Services. For more information, please see Notice to End Users below.
Choices
This Policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you.
Children
We do not knowingly collect or solicit personal information from children or anyone under the age of 16 or knowingly allow such persons to use, access or register for the Services. Neither our websites, Services, nor this Policy, are directed to such persons. If you are a child or under 16, please cease use of the websites, do not attempt to use the Services or send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from such persons without a lawful basis, we will delete that information as quickly as possible. If you believe that we might have any information from or about such a person, please contact us immediately at privacy@cohesity.com.
2. What information we collect about you
a. Information you provide to us
We receive and store any information you knowingly provide to us. For example, we collect Personal Information, including but not limited to your name, title, company, email address, phone number, address, location and device/browser information when you provide feedback to us, engage with interactive features, or participate in events or promotions. We also collect and store information you provide if you apply for or accept a position at Cohesity. You can choose not to provide us with certain information, but then you may not be able to register with us or to take advantage of some of our features. Unless another policy applies, we also collect and use information you submit through any support or customer portal related to the Services.
If you have provided us with a means of contacting you for particular purposes, we may use such means to communicate with you for those purposes. For example, we may send you promotional offers on behalf of other businesses, or communicate with you about your use of the Services. Also, we may receive a confirmation when you open a message from us. This confirmation helps us make our communications with you more interesting and improve our services. If you previously provided us with such information but no longer wish to receive communications from us, please indicate your preference by sending an email to privacy@cohesity.com. Please note that if you do not want to receive legal notices from us, those legal notices will still govern your use of the Services, and you are responsible for reviewing such legal notices for changes.
b. Information we collect automatically
Whenever you interact with our websites, we automatically receive and record information on our server logs from your browser including your IP address, “cookie” information, and the page you requested. “Cookies” are identifiers we transfer to your computer or device that allow us to recognize your browser or mobile device and tell us how and when pages and features are visited and by how many people. We and our third-party partners, such as our advertising and analytics partners, may use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different websites and devices. You may be able to change the preferences on your browser or device to prevent or limit your computer or device’s acceptance of cookies, but this may necessarily prevent you from taking advantage of some of our features. If you click on a link to a third party website, such third party may also transmit cookies to you. This Policy does not cover the use of cookies by any third parties.
We may collect information about your computer, phone, tablet, or other devices you use to access the websites. This device information may include your connection type, settings, operating system, browser type, IP address, URLs of referring/exit pages, or device identifiers. We may use your IP address and/or country preference in order to approximate your location to provide you with a better experience. How much of this information we collect may depend on the type and settings of the device you use and the settings you choose on such device and/or in your browser.
When we collect usage information (such as the numbers and frequency of visitors to the website), we only use this data in aggregate form, and not in a manner that would identify you personally. For example, this aggregate data tells us how often users use parts of the Services, so that we can make the Services appealing to as many users as possible. We may also provide this aggregate information to our partners; our partners may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal experience. We never disclose aggregate information to a partner in a manner that would identify you personally.
c. Information we receive from other sources
We may receive information about you from:
3. How we use information we collect
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
We may use information about you, for example:
Legal bases for processing (for UK, Switzerland, and EEA users):
If you are an individual in the UK, Switzerland, European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable UK, Switzerland, and EU laws, respectively. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer being able to use the Services or having reduced usability.
4. How we share information we collect
We neither rent nor sell your Personal Information in personally identifiable form to anyone. However, we do share your Personal Information with third parties as described in Section 3 and in this Section:
a. Affiliated businesses and third party websites we do not control
In certain situations, businesses or third party websites we’re affiliated with may sell items or provide services to you through the Services (either alone or jointly with us). You can recognize when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies.
The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. Your use of and any information you submit to any of those third-party sites is governed by their privacy policies, not this one.
Some of our Services may contain widgets and social media features. These widgets and features may collect your IP address, which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it.
b. Agents:
We employ other companies and people to perform tasks on our behalf and may need to share your information with them to provide products or services to you. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us. If an agent needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
c. Business transfers:
We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information would be one of the assets transferred to or acquired by a third party (including prospective affiliates, acquirers or similar). The protections of this Policy apply to the information we share in these circumstances. You will be notified via email and/or a prominent notice on the Services if a transaction takes place, as well as any choices you may have regarding your information.
d. Protection of company and others:
Strictly to the extent permitted by law, we reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Company, our employees, our users, or others. This may include exchanging information with other companies and organizations for fraud protection.
e. With your consent:
We share information about you with third parties when you give us consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial. Except as set forth above, you will be notified when your Personal Information may be shared with third parties in personally identifiable form, and will be able to prevent the sharing of this information.
If you register or access the Services using an email address with a domain that is owned by your employer or organization, and such organization wishes to establish an account or site, certain information about you including your name, contact info, content and past use of your account may become accessible to that organization’s administrator and other Service users sharing the same domain.
If we make a forum, message board or similar facility available, you should be aware that any information you provide – including profile information associated with the account you use to post the information – may be read, collected, and used by any person who accesses these facilities (including us). Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you input into these Services. To request removal of your information from publicly accessible websites operated by us, please contact us as provided below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.
5. How we store information we collect
a. Security:
We endeavor to protect the privacy of your Personal Information we hold in our records, including using what we believe to be appropriate technical and organizational measures, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of your information at any time.
The Services may contain links to other sites. We are not responsible for the privacy policies and/or practices on other sites. When following a link to another site you should read that site’s privacy policy.
b. Retention:
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible. For example,
6. Data Subject Rights
You can always opt not to disclose information to use, but some information may be needed to register with us or to take advantage of some of our special features. This section summarizes some of the other rights and tools available to you, including:
7. How we transfer information internationally
We collect information globally and primarily store that information in the United States. We may transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services. Whenever we transfer your information, we take steps to protect it.
To facilitate our global operations, we may allow access to information from countries in which a company owned or operated by us has operations for the purposes described in this policy. These countries may not have equivalent privacy and data protection laws to the laws of many of the countries where you reside. In addition, some of the third parties described in this Policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information about you in this way, we endeavor to provide appropriate protections including by making use of standard contractual data protection clauses (approved by the European Commission) binding corporate rules for transfers to data processors, or other appropriate mechanisms to safeguard the transfer.
We encourage you to contact us as provided below should you have a complaint. You may also contact your local data protection authority within the European Economic Area or Switzerland (as applicable) for unresolved complaints.
8. California and Virginia resident privacy information
These additional state-specific privacy disclosures are required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and Virginia Consumer Data Protection Act (“VCDPA”) and are effective as of December 30, 2022, and Colorado (effective July 1, 2023), Connecticut (July 1, 2023), and Utah (December 31, 2023):
Categories of Personal Information We May Collect
The following chart details the categories of Personal Information that we may collect and/or have collected over the past twelve (12) months.
Category of Personal Information | Personal Information Collected (Examples) | What is the source of this Personal Information? | |
A. | Personal identifiers | Real name, alias, postal address, identification, unique personal identifier, online identifier, email address, Social Security number (if shared with us for specific purposes such as employment). | You/ Affiliates/ Third Parties |
B. | Records identified by state law | Name, signature, address, telephone number, identification documents or numbers, insurance, education, employment, bank or health insurance information. | You/ Affiliates/ Third Parties |
C. | Protected classification characteristics under state or federal law | We would only collect this kind of information if you provide it to us in accordance with law, e.g. race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex/sexual orientation, veteran or military status or genetic information. | You/ Affiliates/ Third Parties |
D. | Internet or other similar network activity information | Limited information on a consumer’s interaction with a website, application or advertisement. | You/ Affiliates/ Third Parties |
E. | Sensory data | If you work for us, we may collect your photograph for ID or similar purposes. | You/ Affiliates/ Third Parties |
F. | Professional or employment-related information | Current or past job history or performance evaluations. | You/ Affiliates/ Third Parties |
G. | Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records in the context of assessing an employment application you may submit. | You/ Affiliates/ Third Parties |
How we use and share these categories of personal information
See Section 3 “How we use information we collect” above for more information. We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
As noted above, we may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us, which helps us improve our services. If you do not want to receive communications from us, please indicate your preference by emailing us at privacy@cohesity.com.
Disclosures of Personal Information for a Business Purpose
We may disclose or have disclosed in the past 12 months your Personal Information to service providers and other parties for legitimate business purposes, only if connected to the purpose for which you provided us the Personal Information, such as auditing, security, processing orders, or providing services or benefits. We may also disclose or have disclosed in the past 12 months your Personal Information to the following other parties:
Virginia and California Resident Rights
If you are a Virginia or California resident, you have the rights outlined in this section. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. If there are any conflicts between this section and any other provision of this Privacy Policy and you are a Virginia or California resident, the portion that is more protective of Personal Information shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at privacy@cohesity.com.
Access
You have the right to request certain information about our collection and use of your Personal Information over the past 12 months. We will provide you with the information required by law.
Deletion
You have the right to request that we delete the Personal Information that we have collected from you. Under the CCPA, this right is subject to certain exceptions. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Exercising Your Rights
To exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Information, and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” Valid Requests must be sent to privacy@cohesity.com. We may not respond to requests that do not meet these criteria. We will only use Personal Information provided in a Valid Request to verify you and complete your request.
We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA
We will not discriminate against you for exercising your rights under the CCPA or VCDPA.
9. Nevada Resident Rights
Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A.
10. Other US State Resident Rights
To the extent other US States adopt data privacy laws after the Effective Date of this Privacy Policy, the notices and Cohesity’s obligations herein shall apply mutatis mutandis
11. Non-US Resident Rights (EEA, UK, Switzerland etc.)
For clarity, data subject rights referred to in Section 6 of this Privacy Policy apply to non-US residents (e.g. EEA or UK residents).
12. Other important information
Notice to End Users
Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
If you use an email address provided by an organization (such as your work email address) to access the Services, then the owner of the domain associated with your email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. If you do not want an administrator to be able to assert control over your account or use of the Services, use your personal email address to register for or access the Services (if permitted).
13. Changes to the Policy
In this Version:
We have worked hard to make sure our business takes action in light of the developments in relation the European Union General Data Protection Regulation (GDPR), UK GDPR, and US state specific data privacy laws, and our updates in this version of the Policy are part of that work. To make the policy easier to understand, we use clear, plain language and examples that illustrate our activities. We also reformatted our Policy so you can quickly find the information that matters most to you. We will continue to monitor the implementation and interpretation of the GDPR, and update this Policy as necessary. As such, we ask that even if you do not reside in the EEA you review changes to this Policy each time you use the Services.
General:
We are committed to complying with data privacy laws in every jurisdiction we do business. As such, we may amend this Policy from time to time. Use of information we collect now is subject to the Policy in effect at the time such information is used. If we make changes in the way we use Personal Information, we will notify you by posting an announcement on our website, sending you a message, and/or by some other means. You can monitor the timing of the changes by the ‘Effective Date’ shown at the top of this Policy. You are bound by any changes to the Policy when you use the Services after such changes have been first posted. If you disagree with any changes to this Policy, you will need to stop using the Services.
14. How to contact us
Your Personal Information is controlled by Cohesity, Inc.
Please ensure that you keep your contact information up to date and accurate so that we may process your requests in accordance with applicable law.
Cohesity cannot provide legal advice to third parties, and we recommend consulting a legal counsel if you have legal questions regarding data protection.
Cohesity Candidate Privacy Policy located here.