Skip to content

Platform Privacy Policy

You, or your organization (collectively, “you”), and VIRTIS (“VIRTIS”, “Company”, “we” or “us”) have executed a Services Agreement (as defined in our TOS) under which you will receive VIRTIS’s security services available via VIRTIS’s platform (which will be accessed by you on a SaaS basis) (the “Services”). 

This policy concerns personal information (i) processed by us on your behalf which pertains to your Web Properties’ (as defined below) users (“End-User(s)” and “End-User Data”, respectively); and (ii) of your representatives who open an Account for use of VIRTIS Dashboard as part of the Services (“Representative” and “Representative Data”, respectively).

Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our terms of service available at: https://virtis-us.com/platform-terms-service/ (“TOS”), into which this Privacy Policy is incorporated by reference.

 

1. End-User Data

  1. WE COLLECT LOG DETAILS AND METADATA PERTAINING TO ANY USAGE MADE BY YOUR END-USERS ON YOUR ORGANIZATION’S WEB PROPERTIES. WE REVIEW SUCH LOG DETAILS AND METADATA IN ORDER TO DETECT ANY SECURITY ANOMALIES AND TO PROVIDE OUR SERVICES. IN ADDITION, WE COLLECT METADATA AND LOG DETAILS REGARDING THE COMMUNICATIONS MADE BY THE END-USERS USING YOUR WEB PROPERTIES. REMEMBER, WE AIM TO PROTECT YOUR ORGANIZATION’S INFORMATION. WE ARE NOT INTERESTED IN WHO YOUR END-USERS COMMUNICATE WITH OR THE CONTENT OF SUCH COMMUNICATIONS. WE ARE ONLY INTERESTED IN DATA THAT MAY FLAG MALICIOUS OR POTENTIALLY HARMFUL CODE OR DATA WHICH IS TRANSMITTED TO YOUR WEB PROPERTIES.

  2. YOU MUST POST A PRIVACY POLICY AND TERMS OF USE ON YOUR WEB PROPERTIES WHICH MUST (1) DISCLOSE (A) THE USAGE OF THIRD-PARTY TECHNOLOGY; AND (B) THE DATA COLLECTION AND USAGE AS RESULTING FROM VIRTIS’S SERVICES AS DETAILED HEREIN (WHETHER BY INCLUDING A LINK TO THIS DOCUMENT IN YOUR WEB PROPERTIES’ PRIVACY POLICY OR BY ENSURING THAT YOUR WEB PROPERTIES’ PRIVACY POLICY SUBSTANTIALLY INCLUDES THE TERMS SPECIFIED HEREIN); AND (2) COMPLY WITH ALL APPLICABLE LAWS, RULES AND REGULATIONS, INCLUDING BUT NOT LIMITED TO PRIVACY LAWS. IT IS BEING UNDERSTOOD THAT THIS CLAUSE WILL NOT BE DEEMED TO REQUIRE TO EXPRESSLY IDENTIFY VIRTIS, UNLESS OTHERWISE REQUIRED BY LAW, RULE OR REGULATION.

  3. You hereby warrant and undertake that you shall receive all required consents from the applicable data subjects for the processing carried out by VIRTIS as part of the Services and that the data subjects shall be informed that their End-User Data could be transmitted to a third country outside of their jurisdiction, including outside the EU/EEA, where applicable. Please note that where relevant under applicable data protection laws, you shall serve as the “data controller” of the End-User Data and VIRTIS acts as the “data processor” of such data, on your behalf. 

  4. To the extent required under applicable data protection laws, we shall execute a Data Processing Agreement with you, and this Policy shall supplement and be incorporated into the Data Processing Agreement by reference. For the avoidance of doubt, in case of any inconsistency between such Data Processing Agreement and this Policy, the terms of the Data Processing Agreement shall prevail.

2. Which End-User Data and/or Representative Data we may collect?

  1. “End-User Data” consists of the following types of information:

  • The first type of information is non-identifiable and anonymous information (“Non-personal Information”). Non-personal Information is any unconcealed information which does not enable identification of an individual End-User. Non-personal Information is available to us while End-Users are communicating with your Web Properties. Non-personal Information which is being gathered may consist of technical information, behavioral information or aggregated information, and may contain, among other things: technical data, e.g. type of operating system and configuration, screen resolution, screen density, logs of the Web Properties’ activities, internet agent, the web site from which the End-User is accessing your Web Properties, hashed communications, hashed information, technical features of the End-User’s communication with your Web Properties, software version, hardware type, usage patterns and other statistical data, the time the End-User spent in your Web Properties, behavioral information which may include the End-User’s click-stream on the Web Properties,  the activities of the User on the Web Properties and additional information of a similar nature, etc. Furthermore, we collect network communication metadata, files metadata, process lists and general events metadata.

  • The second type of information is individually identifiable information (“Personal Information”). This information may identify an individual or may be of a private and/or sensitive nature. In order to provide our Services, we automatically collect the End-User’s IP address and geolocation data to determine the End-User’s location, and other data which may contain Personal Information, including timestamp, user agent (type, version), website that the End-User arrived from, header request details (up to content length value) and any other Personal Information uploaded by End-Users to the Customer’s web-properties.

  1. “Representative Data” consists of Personal Information provided by your Representative and/or by you on behalf of the Representatives when opening an Account. Such information  includes the Representative’s full name, e-mail address, company name and password. We may request additional information in the future.

  2. For avoidance of doubt, any Non-personal Information connected or linked to any Personal Information shall be deemed as Personal  Information as long as such connection or linkage exists.

3. How does VIRTIS Collect End-User Data and/or Representative Data?

  1. We collect End-User Data once you start using our Services. VIRTIS automatically receives End-User Data from the Service incorporated in your Web Properties. The End-User Data may be collected by use of various technologies. We may gather, collect and store the information either independently or through the help of our authorized third-party service providers, as detailed below and as instructed by you.

  2. We collect Representative Data you (or your Representative) provide us voluntarily. When opening an Account, you (and/or your Representative acting on your behalf) are required to provide the details stipulated above.

4. What are the Purposes of the Collection of End-User Data and/or Representative Data?

  1. We will process the End-User Data solely in order to enable the operation and constant improvement of the Services. 

  2. We will use the Representative Data in order to provide access to the Account. We may also add the Representative’s details to our mailing list for the purposes of sending information about our firm and general updates by email, SMS, phone or through web-browser notification. 

  3. We may also process End-User Data and Representative Data to conduct internal operations, such as troubleshooting, data analysis, testing, research, and statistical analysis, to comply with our legal obligations and provide us with the ability to protect our rights and legitimate interests and to maintain our data processing records and general administrative purposes.

  4. In addition, we will collect Non-personal Information in order to (i) create statistics and other aggregate information and analysis with respect to behavioral patterns of the Web Properties; and (ii) use it for statistical, analytical and research purposes and for customization, developing and improvement of our Services. Please note that our analysis of Non-personal Information is cross organizational and we may use such information as necessary to enable and improve our Services.

5. Sharing Information with Third Parties

VIRTIS may share the Personal Information in the following cases: (a) to satisfy any applicable law, regulation, legal process, subpoena or governmental request; (b) to enforce this Privacy Policy, including investigation of potential violations thereof; (c) to detect, prevent, or otherwise address fraud, security or technical issues; (d) to protect the rights, property, or personal safety of VIRTIS, you, your End-Users, or the general public; (e) when VIRTIS is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets; or (f) to collect, hold and/or manage End-Users’ Data (including their Personal Information) through VIRTIS’s authorized third party service providers as reasonable for business purposes; or (g) pursuant to End-User’s explicit approval prior to the disclosure. 

Please note that End-User Personal Information may be accessed by members of our group of companies and by our personnel in order to fulfill the purposes detailed herein. Please note that all VIRTIS personnel that will have access to End-User Data are under an obligation of strict confidentiality with respect to such Personal Information.

For avoidance of doubt, VIRTIS may transfer and disclose Non-personal Information to third parties at its own discretion.

6. Deletion or Modification of Personal Information

Since we have no direct relationship with your individual End-Users, you hereby agree to exclusively handle all End-User’s requests with respect to the exercise of their rights under applicable data protection laws, including deletion and modifications of their Personal Information, to the extent applicable. To the extent that we receive such requests, we will direct them to you. If you are unable to handle such a request independently, and only we possess the ability or power to exercise such End-User rights or respond to any End-User request or issue, please forward that request to us and provide us with the necessary instructions and we will make reasonable efforts to solve the issue pursuant to any applicable privacy laws, taking into account the nature of the Services and the information available to us. 

Requests by Representatives to exercise their data subject rights under applicable law should be forwarded to: GDPR@VIRTIS.com.

Unless you instruct us otherwise, we may retain your End-Users’ Data and/or Representative Data for as long as reasonably required for the purposes for which such Personal Information was collected, all as permitted under any applicable privacy laws. Aggregated and/or anonymous data may remain on our servers indefinitely.

7. Children/Minors End-User Data

VIRTIS does not intend and does not knowingly collect Personal Information from children under the age of sixteen (16) and does not wish to do so. Therefore, you hereby represent and warrant that all of the End-User’s and Representatives are over the age of sixteen (16). If you learn that any information transferred to us via the Services includes Personal Information collected from children under the age of sixteen (16), please inform us immediately and we will delete that information as quickly as possible.

8. Security

We take reasonable measures to maintain the security and integrity of our Service, Representative Data and End-User Data that we collect and prevent unauthorized access to them or use thereof through generally accepted industry standard technologies and internal procedures. Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use will never occur.

9. Third Party Service Providers

We may be using third party service providers, who may collect, store and/or process the Personal Information, as detailed in this Privacy Policy. Note, that we collect, hold and/or manage Personal Information through our authorized third party vendors of certain products or services (such as hosting cloud services) (including, as applicable, their affiliates) solely and limited to providing us with such requested services, and not for any other purposes.

Such third parties service providers include the following service providers: 

  • Public Cloud Providers – such as Amazon Web Services and Microsoft’s Azure;
  • Professional Services Providers – third party consulting services and development services; and
  • MSSP – Managed Services Security Providers.

10. International Transfers

The Personal Information processed by us, as detailed in this Privacy Policy, may be transferred to, processed and stored by the Company and/or its service providers on servers and by staff which may be located in countries outside of your jurisdiction, namely in the European Union, in Israel and in the United States. 

The Company is committed to protecting the Personal Information and will take appropriate steps to ensure that Personal Information is processed and stored securely and in accordance with applicable privacy laws, as detailed in this Privacy Policy. Such steps include putting in place data transfer agreements or ensuring our third-party service providers comply with our data transfer protection measures.

BY SUBMITTING PERSONAL INFORMATION THROUGH THE SERVICES, YOU ACKNOWLEDGE, AND CONSENT, TO SUCH TRANSFER, STORING AND/OR PROCESSING OF PERSONAL INFORMATION.

11. Tracking Technologies/Cookies

When your End-Users are using and/or communicating with your Web Properties, VIRTIS may use industry-wide tracking technologies, cookies, web beacons, pixels, clear gifs and other similar tools, which may collect and/or store certain information on the Web Properties (“Technologies”) and which allow us to collect certain data for the purpose of offering our Services (such as installing on your Web Properties functional and session cookies and/or receiving access to cookies used in your Web Properties by you and/or your business partners). The Technologies may store Non-personal Information as well as the End-User’s persistent identifier.

We may also use Cookies on Representatives’ devices, as follows: 

  • What are cookies? Cookies are small text files which are stored on, and accessed from, your computer or mobile device when the Representative visits our Dashboard. We use cookies, web beacons, pixels, clear gifs and other similar tools (collectively, “Cookies”) on our Dashboard to recognize your device from those of other users of the Dashboard, to improve the Dashboard’s performance, to deliver a better and more personalized service according to the Representative’s individual interests and the device or browser used and/or to prevent fraud and/or abuse.

    In this Privacy Policy, reference to “Cookies” includes cookies and all other files that collect information in a similar manner. Please note that most Cookies do not collect information that identifies you.

  • How long will Cookies stay on the Representative device? Most of the Cookies we use are erased from your device immediately after your browser session terminates (“Session Cookies”). Other Cookies remain saved on your device and enable us to recognize your device in the event of a later visit to our Dashboard (“Persistent Cookies”). Persistent Cookies allow us to make our Dashboard more user-friendly, effective and safe and to record your acceptance of our cookie policy detailed herein. Please note that the data collected through Cookies will not be kept for longer than is necessary to fulfil the purposes mentioned above.

  • What sort of Cookies does our Dashboard use? Generally, our Cookies perform the following functions:

    • Essential Cookies – those Cookies are essential to navigate around the Dashboard and use its features. For example, they allow us to remember your Cookie preferences and to verify if something is not working properly, so we can fix it quickly.

    • Functionality Cookies – those Cookies allow us to operate the Dashboard in accordance with your preferences when browsing the Dashboard. For example, such Cookies save you the trouble of typing in a username every time you access the Dashboard, and recall your customization preferences, such as your preferred text size, fonts, languages and other parts of the Site that are alterable.

  • Can End-Users block Cookies? Most devices and browsers will allow you to erase Cookies from your device’s hard drive, block acceptance of Cookies, or receive a warning before a cookie is stored. However, if you block or erase Cookies, your experience of the Dashboard may be limited. Please note that unless you block the acceptance of Cookies, the Dashboard will utilize Cookies upon your use of the Dashboard (all unless it is required by applicable law to provide a separate consent to use such Cookies, and in which case we will use such Cookies only after we receive your separate consent to such use and subject to your right to withdraw such consent at any time). For detailed instructions regarding the blocking of Cookies, please refer to your browser ‘help’, ‘tool’ or ‘edit’ section or see  https://www.allaboutcookies.org/manage-cookies/. If you want to remove previously stored Cookies, you can manually delete the Cookies at any time. However, this will not prevent the Site from placing further Cookies on your device unless and until you adjust your settings as described above.

12. Changes to the Privacy Policy

The terms of this Privacy Policy will govern the use of the Platform and/or Services and any information collected with respect thereto. The Company reserves the right to change this policy at any time. In case of any material change, we will make reasonable efforts to post a clear notice on the Platform and/or we will send you an e-mail (to the extent that you provided us with such e-mail address) regarding such change. Such substantial changes will take effect seven (7) days after such notice was provided on our Platform or sent by e-mail, whichever is the earlier. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of the Platform after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes. In the event that the Terms should be amended to comply with any legal requirements, the amendments may take effect immediately, or as required by the law and without any prior notice.

13. Forwarding Requests and Notification to VIRTIS

Any request or notification that you are obliged to send to us under this Privacy Policy shall be sent to us by e-mail to the following address: GDPR@VIRTIS.com and we will make an effort to respond or take the necessary actions within a reasonable timeframe.

If you’re looking for our Data Processing Addendum (DPA), it can be found here: https://virtis-us.com/virtis-dpa/


Version 22