Product Privacy Statement
BetterCloud Product Privacy Statement
Effective Date: May 21, 2024
BetterCloud, Inc. (“BetterCloud”) provides a SaaS Management Platform, that empowers IT and security teams to discover, manage, and secure their SaaS applications, including define, remediate and enforce internal policies for SaaS applications. This Product Privacy Statement explains how BetterCloud collects, uses, discloses, and otherwise processes end user personal information or personal data on behalf of its corporate customers in connection with our products and services (collectively, the “Services”).
Scope
Personal information or personal data refers to any data or information which relates to an identified or identifiable natural person, and are subject to applicable data protection laws, such as the EU General Data Protection Regulation 2016/679 (“GDPR”); any laws or regulations that amend, supplement, supersede, repeal or replace the GDPR or that are intended to ensure the continued application of the GDPR in the United Kingdom once it ceases to be a member state of the European Union (including the Data Protection Act 2018 (collectively, “UK Privacy Law”); and the California Consumer Privacy Act (Assembly Bill 375), as supplemented and amended, and as specifically amended by the California Privacy Rights Act of 2020 (“CPRA”) (collectively the “CCPA”), or any successor laws of the above. BetterCloud is the data processor (under GDPR and UK Privacy Law) or service provider (under CCPA) and BetterCloud’s customers are the data controllers (under GDPR and UK Privacy Law) or businesses (under CCPA) with respect to such personal data or personal information.
BetterCloud’s processing of personal information in connection with the Services is governed by this Product Privacy Statement and our agreements with each customer (in each case, a “Customer Agreement”). In the event of any conflict between this Product Privacy Statement and the corresponding Customer Agreement, the Customer Agreement will control to the extent permitted by applicable law. Please note that in certain instances, BetterCloud may act as an independent controller or business of personal information or personal data with respect to its own processing activities.
This Product Privacy Statement does not apply to any personal information or data collected by BetterCloud on our websites or through other channels for marketing purposes. For more information, please visit the BetterCloud Privacy Policy here.
This Product Privacy Statement is not a substitute for any privacy notice that BetterCloud customers are required to provide to their employees or other end users.
Data We Collect
Data provided to us by our customers and their end users in connection with our customers’ use of the Services. This may include personal information or personal data that our customers or their end users provide when they:
- Set up an account or create a user profile (such as first and last name, address, email address, telephone number, department and job title, profile picture, and IP address)
- Connect customer applications to the Services, such as first and last name, gender, address, email address, telephone number, department, job title, manager, profile picture, and other contact or job-related information; or
- Contact customer support or otherwise correspond with us by phone, email, or other means.
Data about end users’ use of the Services. We collect data about end users’ use of the Services as necessary to implement customer-created alerts, policies, workflows, and searches, including:
- Data provided through the SaaS applications connected to the Services, such as email address, IP address, and operating system and domain information; and
- Data collected by automated means, such as cookies (e.g., essential cookies), to provide the Services to You, to provide support services to You, to prevent or address service or technical issues, and to understand how Our users interact and engage with Our Services and how Our Services perform in order to provide a better overall experience to all of Our customers and users. For more information on how we use cookies and other tracking technologies and to learn how to manage them, please visit Our Cookie Settings page
How We Use Data
We use the data we collect at the instruction of our customers and in accordance with our Customer Agreements, to provide the Services, and for related internal purposes, including to:
- Enable end users to access and use the Services;
- Provide the Services, including sending customer-designated alerts and enforcing customer-created policies;
- Provide information about the Services, such as important updates or changes to the Services, security alerts, training and the availability of new features;
- Improve the Services and develop new products and services;
- Respond to inquiries, complaints, and requests for customer support;
- We may also use personal information or personal data as we believe necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity; and
- In an aggregated, de-identified and generic manner: to market the Services, survey usage, set benchmarks, feature suggestions, product analytics, new product features or Services, Services utilization analyses and related purposes.
How We Share Data
We share the data we collect:
- With BetterCloud customers, to the extent the data pertains to that customer’s end users;
- With third party service providers that help us provide, manage and improve the Services (you can see our list of third party Sub-Processors here and sign up for email notifications when we add new Sub-Processors), and
- With BetterCloud subsidiaries and corporate affiliates.
We may also share personal information or personal data with government, law enforcement officials (you can review Our Transparency Report for more information), or private parties, when we believe such disclosure is necessary or appropriate to (a) comply with applicable law (but only if strictly required in the reasonable opinion of Our counsel); (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity, in the event of active or prospective litigation or arbitration, for regulatory compliance efforts and/or audit.
Information Security and Protection of Data
BetterCloud uses appropriate, commercially reasonable physical, electronic, and procedural safeguards to protect personal data from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction in accordance with applicable law. We cannot, however, guarantee that any safeguards or security measures will be sufficient to prevent a security problem. We recommend that our customers take steps to protect against unauthorized access to any devices, networks and applications connected to the Services. See the Security & Compliance section of the website and the Customer Agreements for additional information regarding BetterCloud’s information security practices.
Data Subject Rights under GDPR and UK Privacy Law & Consumer Rights under CCPA/CPRA
BetterCloud customers are the data controllers/businesses of their end users’ personal information or personal data. As the data controllers/businesses, BetterCloud customers are responsible for receiving and responding to requests from their end users and other individuals to exercise any rights afforded to them under applicable data protection law. BetterCloud will reasonably assist customers in responding to such requests as set forth in the Customer Agreement.
The GDPR and UK Privacy Law give end users certain rights regarding their personal information. End users have the right to request the following actions be taken in relation to their personal information that BetterCloud holds:
- Opt-out. Stop sending the end user communications. End users may continue to receive service-related and other non-marketing emails.
- Access. Provide end user with information about BetterCloud’s processing of the end user’s personal information and give end user access to their personal information.
- Correct. Update or correct inaccuracies in the end user’s personal information.
- Delete. Delete end user’s personal information.
- Transfer. Transfer a machine-readable copy of end user’s personal information to end user or a third party of end user’s choice.
- Restrict. Restrict the processing of end user’s personal information.
- Object. Object to BetterCloud’s reliance on BetterCloud’s applicable legal bases for processing end user’s personal information.
The CCPA/CPRA gives end users certain rights regarding their personal information. End users may request that the following actions be taken in relation to their personal information that BetterCloud holds:
- Opt-out. Stop sending the end user communications. End users may continue to receive service-related and other non-marketing emails.
- Access. Give end user access to their personal information up to twice a year without cost.
- Know. Provide end user with information on what personal information BetterCloud collects, how long it is retained, and how it is shared.
- Correct. Update or correct inaccuracies in the end user’s personal information.
- Delete. Delete end user’s personal information collect by BetterCloud in the past 12 months, or as required by law.
- Limit. Limit the use of end user’s personal information from being used to infer characteristics about you or for profiling or target marketing.
- Object. Object to BetterCloud’s reliance on BetterCloud’s applicable legal bases for processing end user’s personal information.
- Exercise Rights. Exercise any of the rights granted under CCPA without concern for reprisal, loss of services, pricing impacts or other unfair treatment.
An end user can submit these requests by email to privacy@bettercloud.com or our postal address at 330 7th Ave, 4th Floor, New York, NY 10001. For requests made under the GDPR, an end user may also contact BetterCloud’s Data Protection Representative (see here for more information). Californian consumers (as defined by the CCPA) may also exercise their rights by submitting this webform. BetterCloud may request specific information from the end user to help BetterCloud confirm end user’s identity and process end user’s request. BetterCloud will reply to end user’s request and contact the applicable BetterCloud customer regarding the end user’s request. Ultimately, the BetterCloud customer (e.g., the end user’s business employer) will be responsible for the outcome of end user’s request. Additionally, applicable law or Customer Agreement may require or permit BetterCloud to decline end user’s request.
Cross-Border Data Transfer
BetterCloud provides its Services primarily from the United States, where we are headquartered. In order to provide the Services, BetterCloud or its Sub-Processors may transfer personal information or personal data about its end users outside of the country in which end users are located, including to the United States or to other jurisdictions that may not be subject to equivalent data protection laws. See the Customer Agreements for additional information regarding how BetterCloud and its Sub-Processors safeguard the personal information they, respectively, transfer across borders.
When transferring personal information or personal data across borders we take steps reasonably necessary to ensure that the information or data is subject to appropriate safeguards, is treated securely and is transferred under an approved data transfer mechanism pursuant to applicable data protection laws, including, for example, Standard Contractual Clauses.
In order to sign BetterCloud’s Data Protection Agreement with Standard Contractual Clauses with BetterCloud, please click here.
EU-U.S. and Swiss-U.S. Privacy Shield
BetterCloud, participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List.
Data Retention
BetterCloud retains personal information or personal data to (a) provide the Services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of Customer Agreements. Please see your Customer Agreement for additional information regarding BetterCloud’s data retention practices.
Non-BetterCloud Applications & Third Party Products and Services
The Services may integrate with or enable access to Non-BetterCloud Applications or third party tools. End users that register, install or access any Non-BetterCloud Applications or third party tools may be required to accept privacy notices provided by those third parties. Please review those notices carefully, as BetterCloud does not control and cannot be responsible for these providers’ privacy or information security practices.
Additional Information regarding European Union, Swiss, and UK Personal Data
BetterCloud’s legal bases for our processing of personal information is based on one or more of the following:
Bases for Processing | Explanation |
---|---|
Contract | Our performance of the Customer Agreements |
Legitimate Interest | For example, we may use your data for fraud and security monitoring to ensure our networks and websites are secure, to administer or conduct our business (for example, record keeping and billing), and to respond to your inquiries and complaints. |
Legal Obligation | Our compliance with a legal obligation that we are or may be subject to. |
Consent | The consent provided to us when an end user shared or submitted their personal information with or to us. |
Additional Information regarding Californian Personal Information
BetterCloud understands and will comply with the foregoing restrictions and the applicable requirements of the CCPA/CPRA. For the purposes of the CCPA, BetterCloud is a service provider. BetterCloud does not receive any personal information, as defined by the CCPA, from its customers as consideration for the Services. BetterCloud will not collect, retain, share or use personal information except as necessary to provide the Services. We do not, and will not, sell or share, both as defined under CCPA, personal information. For additional information, please refer to your Customer Agreement.
Changes to the Product Privacy Statement
If we make material changes to this Product Privacy Statement, we will notify you in a manner that we believe will be reasonably likely to reach you (which may include email, a specific announcement on this page, our website in our platform, or on our blog).
Google API Services User Data Policy
BetterCloud’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Contact Us
If you have any questions about this Product Privacy Statement, you can contact our privacy team at privacy@bettercloud.com or write to us at:
BetterCloud, Inc.
169 Madison Ave
Suite 2674
New York, NY 10016
Phone: 888-999-0805
If you need to access this notice in an alternative format, please contact us at privacy@bettercloud.com.