Privacy Shield Notice

Effective: July 2020

Armis Inc. (“Armis”, “We” or “Our”) has certified with the EU-U.S. Privacy Shield with respect to the Personal Data (defined below) that We receive from the entities of Armis group and the Customers (defined below).

Armis complies with the principles of the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred to the United States. Armis has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and Our Privacy Shield certification, when approved, will be available here.

If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/welcome.

1. DEFINITIONS.

Customer(s)” means prospective, current, or former customers, or clients of Armis.

Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. SCOPE.

As a global company with customers from around the world, Armis may process data in multiple countries, including in the United States.

Armis, Inc. is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Armis, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

3. PURPOSES OF DATA PROCESSING.

Armis offers remote access to a security management software (the “Service”).

In order to perform the Service, we, Armis, Inc. may use Personal Information, namely, for the purpose of enabling our Customers to create an account, use the Service, fill out a form, request Customer support or otherwise communicate with us, make a purchase, sign up for our newsletter, respond to a survey or marketing communication.

Armis will Process the Personal Data it receives as described in Section 2, for the purposes of offering and/or providing the Service to Customers. To fulfill these purposes, We may, without limitation, use the Personal Data to respond to customer service requests; process transactions, and deliver the Services and products; send periodic emails regarding orders or other products and services; send technical notices, updates, security alerts and support and administrative messages; process payments or bill Customers for products or Services; follow up with Customers after correspondence (live chat, email or phone inquiries); solicit and process opinions through surveys; administer a contest, promotion, feedback or other site feature.

4. ONWARD TRANSFERS OF PERSONAL DATA.

Subject to Section ‎6 below, We will not transfer Personal Data originating in the EU to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of protection to the Personal Data as required by the Principles of the EU-U.S. Privacy Shield Framework. We may transfer Personal Data to processors, service providers, vendors, contractors, partners and agents (collectively "Processors") who need the information in order to provide services to or perform activities on Our behalf. In cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. Privacy Shield, Armis is potentially liable.

The abovementioned Processors and the description of the services that they provide and/or the activities that they perform are set out in the table below:

Categories of Services
Cloud/IaaS Service Offerings
CRM
Marketing Tools
Sales Campaigns

5. RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA.

Data subjects have the right to access Personal Data about them, and in some cases to limit use and disclosure of their Personal Data. If you would like to request access to the Personal Data We have processed on behalf of one of the Customers, please contact: privacy@armis.com and provide your name, contact information and observe the required formalities under applicable law.

6. REQUIREMENT TO DISCLOSE.

Armis may be required in certain circumstances to disclose Personal Data in response to lawful requests by courts or public authorities, including to meet national security or law enforcement requirement.

7. PRIVACY SHIELD INDEPENDENT RECOURSE MECHANISM.

In compliance with the Privacy Shield Principles, Armis commits to resolve complaints about Our collection or use of your Personal Data. EU and Swiss individuals with inquiries or complaints regarding Our Privacy Shield policy should first contact Armis at:  privacy@armis.com or by postal mail sent to:

Armis Inc.
Attn: Privacy Shield Inquiry
300 Hamilton Avenue, Suite 500, Palo Alto,
CA 94301
USA

Armis has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to JAMS, a non-profit alternative dispute resolution provider located in the United States to assist with the complaint resolution process. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. The services of JAMS are provided at no cost to you.

8. U.S. FEDERAL TRADE COMMISSION ENFORCEMENT.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Armis, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, Armis, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

9. ARBITRATION.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may also be able to invoke binding arbitration when other dispute resolution procedures have been exhausted.