Last Updated: April 15, 2022
This privacy policy (“Privacy Policy”) describes how Armis, Inc., Armis Security Ltd., Armis Security UK Ltd. and associated entities (collectively, “Armis”, “we”, “our” or “us”), collect, process, use, share and safeguard Personal Information (as defined below) we collect from our customers and users (“you” or “user”), or that you provide to us, in connection with your use of our website at www.armis.com (the “Website”) or our agentless device security platform (the “Platform”) (together with the Website, the “Services”). This Privacy Policy also describes the choices available to you regarding your Personal Information and how you can contact us if you have any questions or concerns.
Please read this Privacy Policy carefully so that you understand the choices available to you in relation to your Personal Information, and how we will collect, use and process your Personal Information. If you do not agree with this Privacy Policy or any part thereof, you should not access or use any part of the Services. If you change your mind in the future, you must stop using the Services and you may exercise your rights in relation to your Personal Information as set out in this Privacy Policy.
We collect Personal Information about you from different sources listed below. In this Privacy Policy, “Personal Information” means any information related to an identified or identifiable individual and does not include data whereby personally identifiable information has been removed (such as aggregate or anonymous data).
Information Provided by You
Information Collected via Automated Means
Information Collected from Other Sources
We also collect, use and share aggregated data such as statistical or demographic data for our purposes. Aggregated data may be derived from your Personal Information but is not Personal Information as this data will not directly or indirectly reveal your identity. For example, we may aggregate data about your use of our Services to calculate the percentage of users accessing a specific feature. However, if we combine or connect aggregated data with your Personal Information so that it can directly or indirectly identify you, we will treat the combined data as Personal Information which will be used in accordance with this Privacy Policy.
We may use the Personal Information for one or more of the following purposes:
If you are in the European Economic Area (EEA), the United Kingdom (UK) or Switzerland we only process your Personal Information when we have a valid legal basis.
Cookies are small files of letters and numbers that we store on your browser or the hard drive of your computer. They contain information that is transferred to your computer’s hard drive.
Our Services use cookies, beacons, invisible tags, and similar technologies (collectively “cookies”). These technologies may be used to keep track of advertisements and to compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools. We may also use trusted third-party services that track this information on our behalf. We may use this information to analyze trends, administer our Website, and to learn about user behavior.
You can block cookies by setting your internet browser to block some or all or cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Services.
For more information on our use of cookies, please refer to our Cookie Policy found at https://www.armis.com/legal/cookie-policy/.
We disclose Personal Information about you with the following recipients and in the following circumstances:
The Services may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, and governing privacy and security, even if accessed through the Services. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Services and we encourage you to learn about third parties’ privacy and security policies before providing them with your Personal Information.
Promotional materials
If you do not wish to have your email address or other contact information used by Armis for marketing purposes to promote our own or our affiliates’ or subsidiaries’ products or services, you can opt out by contacting us as set out in the ‘Contact Us’ section below. If we have sent you a newsletter or promotional email, you may opt-out of receiving them by following the instructions included in each newsletter or communication.
If you are in the EEA, the UK or Switzerland you also have the following additional rights in relation to your Personal Information that we hold.
Please note that, prior to any response to the exercise of such rights, we will require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. For more information on your rights, please contact us as indicated in the ‘Contact Us’ section below.
As a global company with customers from around the world, Armis, Inc. may process data in multiple countries, including in the United States. Armis, Inc. complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Armis, Inc. has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
Armis, Inc. is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Armis, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Armis, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, Armis, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Armis, Inc. commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Armis, Inc. at: [email protected]
Armis, Inc. has further committed to refer unresolved Privacy Shield complaints to https://www.jamsadr.com/eu-us-privacy-shield, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield, for more information or to file a complaint. The services of https://www.jamsadr.com/eu-us-privacy-shield are provided at no cost to you.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
We may transfer the Personal Information that we collect about you to recipients in countries other than the country in which the Personal Information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the Personal Information.
If you provide us with your Personal Information when using the Services from the European Economic Area (“EEA”), Switzerland or the UK, please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing. When we transfer your Personal Information outside of the EEA, Switzerland or the UK, we will ensure that relevant safeguards are in place to afford adequate protection for your Personal Information. Further details regarding the relevant safeguards can be obtained from us on request.
The period of time for which we keep Personal Information depends on the purpose for which we collected it. In all cases we keep it for as long as necessary to fulfill your requests or inquiries, provide the Services or comply with our legal obligations, resolve disputes and enforce our agreements. We will then delete the Personal Information, in accordance with our retention policy, unless we are legally required to retain it or if we need to retain it in order to comply with our legal obligations (for example, for tax and accounting purposes).
Subject to any applicable legal requirements, we typically retain Personal Information you provide to us through our Services for the duration of our relationship with you and until we do not have any contact with you for an extended period of time. When deleting Personal Information, we will take measures to render such Personal Information irrecoverable or irreproducible, and the electronic files which contain Personal Information will be permanently deleted.
We take reasonable measures to help protect Personal Information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once it is received. To safeguard this information, we use technical, administrative and physical data protection controls including firewall barriers, data encryption techniques and authentication procedures, among others, that are designed to improve the integrity and security of Personal Information that we collect and maintain. However, the transfer of Personal Information through the internet will carry its own inherent risks and we do not guarantee the security of your data transmitted through the internet. You make any such transfer at your own risk.
The Services are not directed to children. We do not knowingly collect Personal Information from children. If you, as a parent or guardian, become aware that your child has provided us with Personal Information without your consent, please contact us as indicated in the ‘Contact Us’ section below. If we become aware that a user is under the age of 18 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.
Should a data breach occur, you will be notified via email to the extent legally required.
If you wish to lodge a complaint about how we process your Personal Information, please contact us at [email protected] We will endeavour to respond to your complaint as soon as possible. If you live in the EEA, Switzerland or the UK, you may also lodge a claim with the Information Commissioner’s Office in the UK or the data protection supervisory authority in the EU country in which you live or work, or where you believe we have infringed data protection laws.
We may change this Privacy Policy from time to time to reflect changes in our privacy practices. It is our policy to post any changes we make to this Privacy Policy online. The date the Privacy Policy was last revised is identified at the top of the page. Please monitor our Services and this Privacy Policy periodically to check for any changes. If we make material changes, we may provide you with more prominent notice (such as adding a statement to our homepage or sending you an email notification). We encourage you to review the Privacy Policy whenever you access the Services to stay informed about our information practices and the ways you can help protect your privacy.
Armis is the entity responsible for the processing of your Personal Information, and for the purpose of the European Union’s General Data Protection Regulation (GDPR), is the data controller in respect of the processing of your Personal Information. If you have any questions or comments about this Privacy Policy, our privacy practices, or if you would like to exercise your rights with respect to your Personal Information, please contact us using the information below:
Armis, Inc.
300 Hamilton Avenue, Suite 500
Palo Alto, California 94301