Armis Privacy Policy

This privacy policy (“Privacy Policy”) describes how Armis, Inc., Armis Security Ltd., Armis Security UK Ltd. and associated entities (collectively, “Armis”, “we”, “our” or “us”), collect, process, use, share and safeguard Personal Information (as defined below) we collect from our customers and users (“you” or “user”), or that you provide to us, in connection with your use of our website at www.armis.com (the “Website”) or our agentless device security platform (the “Platform”) (together with the Website, the “Services”). This Privacy Policy also describes the choices available to you regarding your Personal Information and how you can contact us if you have any questions or concerns.

Please read this Privacy Policy carefully so that you understand the choices available to you in relation to your Personal Information, and how we will collect, use and process your Personal Information. If you do not agree with this Privacy Policy or any part thereof, you should not access or use any part of the Services. If you change your mind in the future, you must stop using the Services and you may exercise your rights in relation to your Personal Information as set out in this Privacy Policy.

1. Personal Information We Collect

We collect Personal Information about you from different sources listed below. In this Privacy Policy, “Personal Information” means any information related to an identified or identifiable individual and does not include data whereby personally identifiable information has been removed (such as aggregate or anonymous data).

Information Provided by You

• Account information. When you create an account for our Platform you provide us with Personal Information, such as your name, email address, telephone number, job title, company name, country, and password.
• Contact information and other information you choose to provide to us. When you contact us via a contact form on our Website, fill out a form on our Website, for example to request a demo, a risk assessment or to read a report, contact us via email, or by other means, you provide us with Personal Information, such as your name, email address, telephone number and the contents and nature of your correspondence with us.
• Event and meeting information. When you register to attend an event, or schedule an in-person meeting with us, you provide us with Personal Information, such as your name, email address, telephone number and details on the event or meeting you would like to attend with us.
• Third Party information. When you engage with Armis content through outside parties, offline or online, or consent to sharing your information with our partnered vendors, we collect or update existing information to ensure we provide you a quality experience and send any appropriate communications. Participating parties may include media agencies, data vendors, and integration partners.
• Support information. When you request technical support services, we will process your Personal Information such as your name and the contact details you use to contact us, as well as information on the reasons for your support request, and any additional information you may provide in that context.

Information Collected via Automated Means

• Identifiers and usage. When you use our Services, we and third parties may automatically collect your IP address, advertising identifiers and potentially non-personal information about your device including model, version and operating system.
• Cookie information. We and third parties may automatically collect information about your visit to and use of the Services via cookies (see below in Section 4: “Cookies and Similar Technologies” and our Cookie Policy for more information). The information they collect may include Personal Information, such as your IP address, advertising identifiers, non-personal information about your device including model, version and operating system, the web pages that you visit just before or just after you use our Website, as well as information about your interactions with our Website, such the time of your visit and where you have clicked.

Information Collected from Other Sources

• Information from third parties. We obtain Personal Information about you from third parties, such as people directories, data brokers, corporate information directories and other entities. This information may include name, email, phone, location, social profile and other similar information. We may also obtain Personal Information from third parties we work with to organize events.

We also collect, use and share aggregated data such as statistical or demographic data for our purposes. Aggregated data may be derived from your Personal Information but is not Personal Information as this data will not directly or indirectly reveal your identity. For example, we may aggregate data about your use of our Services to calculate the percentage of users accessing a specific feature. However, if we combine or connect aggregated data with your Personal Information so that it can directly or indirectly identify you, we will treat the combined data as Personal Information which will be used in accordance with this Privacy Policy.

2. Use of Personal Information

We may use the Personal Information for one or more of the following purposes:

• Providing you with the Services. We use your Personal Information to operate, maintain and provide you with the Services. In particular we will use your Personal Information to perform our contractual obligation towards you to allow you to create an account, browse and use the Platform, and to contact you in case of any issue with your account. The Personal Information we process when doing so includes your registration, contact information and how you interact with the Services.

• Providing you with support and otherwise communicating with you. If you reach out to us for support, we will perform our contractual obligation towards you by using your Personal Information to respond and resolve your queries and facilitate support. We may send you technical notices, updates, security alerts and support and administrative messages and communicate with you through live chat, email or telephone. The Personal Information we process when doing so includes your correspondence with us, your name, contact details, and, to the extent applicable to your query or complaint, transaction and usage information.
• Processing your transactions and executing payments on your account or bill for products or services purchased by you.
• Marketing. We use your Personal Information to communicate with you regarding promotions, events, and other news, products or services we think will be of interest to you. Where required, we will obtain your consent to do so. We may send you periodic emails regarding your order or other products and services. You can opt out of such communications when you register for the Platform, by following the unsubscribe mechanism, or by otherwise emailing us at [email protected].
• Improving or monitoring usage of our Services. It is in our legitimate interests to improve our Services and analyze the use of our Services, which includes conducting troubleshooting, testing and research and to keep the Services secure. When doing so we may use Personal Information that we automatically collect about you, such as identifiers and information.
• Enforcing our Terms and Conditions, to comply with legal obligations and to defend Armis against legal claims or disputes. It is in our legitimate interests to enforce our terms and policies, to ensure the integrity of our Services and to defend ourselves against legal claims or disputes. Where we do so, we will use the Personal Information relevant to such a case. Some processing may also be necessary to comply with a legal obligation placed on Armis, for example to keep records of transactions.
• Events and webinars. We use your Personal Information to organize and invite you to events and webinars.
• Surveys. We may use your Personal Information to solicit and process your opinions through surveys.

3. Our Use of European Personal Information

If you are in the European Economic Area (EEA), the United Kingdom (UK) or Switzerland we only process your Personal Information when we have a valid legal basis.

• Consent. We may use your Personal Information when you have given your consent to do so.
• Contractual necessity. We may use your Personal Information to perform our end of our contracts with you. For example, to provide you with the Services.
• Legal obligation. We may use your Personal Information when we are legally required to. For example, to comply with tax and accounting obligations, or to comply with a court order.
• Legitimate interest. We may use your Personal Information when we, or a third party, have a legitimate interest in doing so. For example, we have a legitimate interest in understanding usage and improving the Services. We only rely on our or a third party’s legitimate interests to process Personal Information when these interests are not overridden by your rights and interests.

4. Cookies and Similar Technologies

Cookies are small files of letters and numbers that we store on your browser or the hard drive of your computer. They contain information that is transferred to your computer’s hard drive.

Our Services use cookies, beacons, invisible tags, and similar technologies (collectively “cookies”). These technologies may be used to keep track of advertisements and to compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools. We may also use trusted third-party services that track this information on our behalf. We may use this information to analyze trends, administer our Website, and to learn about user behavior.

You can block cookies by setting your internet browser to block some or all or cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Services.

For more information on our use of cookies, please refer to our Cookie Policy found at https://www.armis.com/legal/cookie-policy/.

5. Sharing of Your Personal Information

We disclose Personal Information about you with the following recipients and in the following circumstances:

• Vendors and service providers. We rely on vendors and service providers for the provision of our Services, such as cloud service providers who we rely on for data storage, disaster recovery and to perform our obligations to you, such as Amazon Web Services; analytics providers who help us to understand our user base and how our Services are used, such as Google Analytics and 6Sense; providers of data management tools, such as Marketo and Salesforce; and providers of business communication tools, such as Slack. You can learn more about Google’s practices by visiting https://www.google.com/policies/privacy/partners/. Any engagement of a third-party service provider will be governed by appropriate contractual requirements.
• Armis group. We share Personal Information about you with our affiliates and subsidiaries for shared business interests or to process event based requests.
• Law enforcement. Information about our users, including Personal Information, will be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or safety of Armis, our users, a third party, or the public.
• Change of corporate ownership. If we are involved in a merger, acquisition, bankruptcy, reorganisation, partnership, asset sale or other transaction, we may disclose your Personal Information as part of, or in consideration of, that transaction.

6. Third Parties

The Services may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, and governing privacy and security, even if accessed through the Services. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Services and we encourage you to learn about third parties’ privacy and security policies before providing them with your Personal Information.

7. Your Rights and Choices

Promotional materials
If you do not wish to have your email address or other contact information used by Armis for marketing purposes to promote our own or our affiliates’ or subsidiaries’ products or services, you can opt out by contacting us as set out in the ‘Contact Us’ section below. If we have sent you a newsletter or promotional email, you may opt-out of receiving them by following the instructions included in each newsletter or communication.

Your European Privacy Rights

If you are in the EEA, the UK or Switzerland you also have the following additional rights in relation to your Personal Information that we hold.

• Access. You have the right to access the Personal Information we hold about you, and to receive an explanation of how we use it and who we share it with.
• Correction. You have the right to correct any Personal Information we hold about you that is inaccurate or incomplete.
• Erasure. You have the right to request for your Personal Information to be erased or deleted.
• Object to processing. You have the right to object to our processing of your Personal Information where we are relying on a legitimate interest or if we are processing your Personal Information for direct marketing purposes.
• Restrict processing. You have a right in certain circumstances to stop us processing your Personal Information other than for storage purposes.
• Portability. You have the right to receive, in a structured, commonly used and machine-readable format, Personal Information that you have provided to us if we process it on the basis of our contract with you, or with your consent, or to request that we transfer such Personal Information to a third party.

Please note that, prior to any response to the exercise of such rights, we will require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. For more information on your rights, please contact us as indicated in the ‘Contact Us’ section below.

8. Data Hosting and EU-U.S., & Swiss-U.S. and UK Extension, Data Privacy Framework Principles

As a global company with customers from around the world, Armis may process data in multiple countries, including in the United States. Armis complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Armis has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Armis has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

With respect to personal data received or transferred pursuant to the DPF Principles, Armis is subject to the regulatory investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, Armis may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the DPF Principles, Armis commits to resolve complaints about our collection or use of your personal information.  EU individuals with inquiries or complaints regarding our Privacy Policy should first contact Armis, Inc. at: [email protected].

Armis has further committed to refer unresolved DPF complaints to https://www.jamsadr.com/DPF-Dispute-Resolution , an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution, for more information or to file a complaint.  The services of https://www.jamsadr.com/DPF-Dispute-Resolution  are provided at no cost to consumers.

Under certain conditions, more fully described on the DPF website https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Armis acknowledges its responsibility for the processing of personal data received and subsequently transferred (pursuant to the DPF Principles) to third-parties.  Armis remains liable under the DPF Principles if a third-party processes personal data covered by this Policy in a manner inconsistent with the DPF Principles, except where Armis can demonstrate it is not responsible for the event giving rise to the damages.

9. Cross-border Data Transfer

We may transfer the Personal Information that we collect about you to recipients in countries other than the country in which the Personal Information originally was collected.  Those countries may not have the same data protection laws as the country in which you initially provided the Personal Information.

If you provide us with your Personal Information when using the Services from the European Economic Area (“EEA”), Switzerland or the UK, please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing. When we transfer your Personal Information outside of the EEA, Switzerland or the UK, we will ensure that relevant safeguards are in place to afford adequate protection for your Personal Information. Further details regarding the relevant safeguards can be obtained from us on request.

10. Data Retention

The period of time for which we keep Personal Information depends on the purpose for which we collected it. In all cases we keep it for as long as necessary to fulfill your requests or inquiries, provide the Services or comply with our legal obligations, resolve disputes and enforce our agreements. We will then delete the Personal Information, in accordance with our retention policy, unless we are legally required to retain it or if we need to retain it in order to comply with our legal obligations (for example, for tax and accounting purposes).

Subject to any applicable legal requirements, we typically retain Personal Information you provide to us through our Services for the duration of our relationship with you and until we do not have any contact with you for an extended period of time. When deleting Personal Information, we will take measures to render such Personal Information irrecoverable or irreproducible, and the electronic files which contain Personal Information will be permanently deleted.

11. Security of Personal Information

We take reasonable measures to help protect Personal Information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once it is received. To safeguard this information, we use technical, administrative and physical data protection controls including firewall barriers, data encryption techniques and authentication procedures, among others, that are designed to improve the integrity and security of Personal Information that we collect and maintain. However, the transfer of Personal Information through the internet will carry its own inherent risks and we do not guarantee the security of your data transmitted through the internet. You make any such transfer at your own risk.

12. Children

The Services are not directed to children. We do not knowingly collect Personal Information from children. If you, as a parent or guardian, become aware that your child has provided us with Personal Information without your consent, please contact us as indicated in the ‘Contact Us’ section below. If we become aware that a user is under the age of 18 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.

13. Notifications and Complaints

Should a data breach occur, you will be notified via email to the extent legally required.

If you wish to lodge a complaint about how we process your Personal Information, please contact us at [email protected]. We will endeavour to respond to your complaint as soon as possible. If you live in the EEA, Switzerland or the UK, you may also lodge a claim with the Information Commissioner’s Office in the UK or the data protection supervisory authority in the EU country in which you live or work, or where you believe we have infringed data protection laws.

14. Changes to this Privacy Policy

We may change this Privacy Policy from time to time to reflect changes in our privacy practices. It is our policy to post any changes we make to this Privacy Policy online. The date the Privacy Policy was last revised is identified at the top of the page. Please monitor our Services and this Privacy Policy periodically to check for any changes. If we make material changes, we may provide you with more prominent notice (such as adding a statement to our homepage or sending you an email notification). We encourage you to review the Privacy Policy whenever you access the Services to stay informed about our information practices and the ways you can help protect your privacy.

15. Contact Us

Armis is the entity responsible for the processing of your Personal Information, and for the purpose of the European Union’s General Data Protection Regulation (GDPR), is the data controller in respect of the processing of your Personal Information. If you have any questions or comments about this Privacy Policy, our privacy practices, or if you would like to exercise your rights with respect to your Personal Information, please contact us using the information below:

Armis, Inc.
548 Market Street, Suite 97439
San Francisco, CA 94104-5401

[email protected]