Privacy Policy

WiteSand understands your desire to protect personal information.

About the Privacy Policy

The intent of this Privacy Policy is to inform you how your personal information will be gathered, tracked, or used, and to give you choices. If choices are not offered on web pages where your personal information is obtained, please select one of the communication channels at the bottom of this statement to indicate your communication preferences. This WiteSand privacy policy (the “Privacy Policy”) governs the processing of personal data collected from individual users and entities (“you” and “your”) through the software-as-a-service available at console.saas.witesand.io and the related services (collectively, the “SaaS”). The SaaS is owned and operated by WiteSand Systems Inc. with registered business address at 2860 Zanker Road, San Jose, CA 95134.

This privacy policy describes the types of personal information we collect and process, how we use it, how long we keep it, when it is shared, how you can manage it, and how we secure it. “Personal Information” means information which identifies, relates to, describes or can be associated with an individual, such as name, email address, physical address, or phone number.

Our agreements with customers may also include provisions related to retention of Personal Information which, with respect to those customers, would take precedence over the general rules specified in this Privacy Policy.

If you have questions or concerns about your privacy, please notify us by contacting us at [email protected].


Types and Purposes of Personal Data

When you use the SaaS, we collect a minimal amount of personal data. Your personal data is used for specified and limited purposes. In this section, we explain what types of personal data we collect from you, for what purposes we use that data, and on what legal bases we rely when processing your personal data.

Personal Data Collected by Us

We comply with data minimization principles. Thus, we collect only a minimal amount of personal data that is necessary for your use of the SaaS. We use your personal data for limited, specified and legitimate purposes explicitly mentioned in this Privacy Policy. In short, we use it only for the purposes of enabling you to use the SaaS, providing you with the requested services, maintaining and improving the SaaS, conducting research about the SaaS and our business activities, replying to your inquiries, and pursuing our legitimate business interests. We do not re-purpose your personal data. It means that we do not use it for any purposes that are different from the purposes for which your personal data was provided.

Portal Users, Who Register and Log in to SaaS

The SaaS portal account provides access to network, security, facility employees with admin, operator, viewer type of privileges. When you register for Portal Account, we collect your email address. And, if chosen to create a local account, we collect your password.
We use such data to (i) register and maintain your Portal Account, (ii) enable your access to the SaaS, (iii) provide you with the requested services, (iv) contact you, if necessary, and (v) maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ‘pursuing our legitimate business interests’ (i.e., analyze, grow, and administer the SaaS).

Employees, Who Connect to Your Network Serviced by SaaS

Customers’ assigned Portal User(s), point their network(s) to WiteSand SaaS for the purpose of one or more services such as: network provisioning, network monitoring, network access control, and network flow analytics.

The Portal Users also provide read-only credentials for identity providers such as LDAP, AD, GSuite etc., through which employees can be authenticated and authorized when they connect to the customer network.

As employees connect to the customer network, authentication/authorization is performed by the WiteSand SaaS in consultation with the configured identity providers according to the authentication protocols chosen by the customer network administrators.

The following information is collected by SaaS for each employee’s endpoint (such as laptop, computer, Mobile phone) connected to network via wired or wireless connection:

  • Username
  • Location information
  • MAC address
  • IP Address
  • OS version
  • Patch level of various applications running on the endpoint
  • Browser UserAgent
  • Netflow/sFlow packet header showing source/destination IP address/ports etc., being accessed

We use such information to provide our services, i.e., to support network connectivity, enable visibility, and debug technical issues. The legal basis that we rely on when processing such information is ‘performing a contract’.


Inquiries

When you contact us, we collect your (i) name, (ii) email address, and (iii) any information that you decide to include in your message. We use such data to respond to your inquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data).


How Long Does WiteSand Keep My Personal Information?

Personal Information related to an individual associated with one of our customers is retained while the customer relationship is in place (and to complete any post-termination transactions or wind-down of activities) or until we are advised that the individual is no longer associated with that customer.

We will store your personal data in our systems only for as long as such personal data is required for the purposes described in this Privacy Policy or until you request us to update or delete your personal data, whichever comes first. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will immediately securely delete your personal data from our systems. We do not store any personal data longer than necessary.


How Can I Manage My Personal Information Retained by WiteSand?

You are in control of whether or not you give us Personal Information and can delete any Personal Information you have provided from the SaaS portal.

  • Portal Users can delete their data anytime from the portal.
  • Portal Users (typically admins or whichever role has authority in your organization) can delete any employee data at any time.

After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will immediately securely delete your personal data from our systems. We do not store any personal data longer than necessary.


Sharing of Personal Information

We do not sell or rent your Personal Information to third parties for purposes unconnected to our uses of the information described above.
We may also provide Personal Information to third parties in connection with legal matters, which includes:

  • providing information where we are legally obligated to do so (such as subpoenas or court orders), and
  • in connection with the investigation, prevention or assisting law enforcement with respect to suspected or known illegal activities, fraud, threats, violations of our terms of service, or as otherwise required by law.


How Does WiteSand Secure My Information?

WiteSand is committed to protecting the Personal Information you share with us. We utilize a combination of industry-standard security technologies, procedures, and organizational measures to help protect your Personal Information from unauthorized access, use or disclosure.

We implement technical and organizational information security measures that protect your personal data from loss, misuse, unauthorized access and disclosure. The security measures taken by us include secured networks, encryption, strong passwords, no access to your personal data by our staff, anonymization of personal data (when possible), and security certificates.

If you have questions or information related to any actual or potential security incident, or unauthorized disclosure access or breach of security, related to our maintenance of information, please notify us by contacting us at [email protected].

Non-Personal Data

When you use the SaaS, we automatically collect certain non-personal data related to the services used by you. The non-personal data includes the following information:

  • Your activity on the SaaS;
  • Your browser type and version;
  • Your operating system;
  • The date and time when you access the SaaS;

We retain non-personal data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include storing non-personal data for the period of time needed for us to fulfill our contractual obligations, pursue our legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.


Provisions Specific to EU Citizens

Rights of EU Citizens Under the GDPR

If you are a citizen of the European Union you have certain rights relating to how others handle your personal information. These rights are:

  1. The right to be informed how your personal information is being used.
  2. The right of access your personal information and how it is processed.
  3. The right to rectify personal information which is inaccurate or incomplete.
  4. The right to erasure – also known as ‘the right to be forgotten,’ this refers to an individual’s right to having their personal data deleted or removed.
  5. The right to restrict processing, that is, the right to block or suppress processing of your personal data.
  6. The right to data portability – this allows individuals to retain and reuse their personal data for their own purpose.
  7. The right to object, in certain circumstances, to use of your personal data in a manner different from the purpose for which it was provided.
  8. Right to prevent automated decision making or profiling based on your data without human intervention.

Identity of Data Controller

When an individual is providing personal information in connection with use of our Service in their capacity as an authorized user of a company which does business with WiteSand, the data controller is generally going to be that company.

If an individual is providing personal information directly to WiteSand, for example, as a WiteSand employee, a visitor to WiteSand’s website, or a party consenting to receive information regarding WiteSand and its Service, then WiteSand is generally going to be the data controller. In circumstances where WiteSand is the data controller, you can contact us at the email and physical addresses provided above in the section named “How can I manage my personal information retained by WiteSand?”

Who we collect personal information from, what information we collect, and how we use it are described at the beginning of this Privacy Policy.


Exporting Personal Data

In the event it becomes necessary to export personal data from the EU or the UK, WiteSand will enter into the Standard Contractual Clauses with the customer applicable to such export.


Compliance with the California Consumer Privacy Act

WiteSand complies with the California Consumer Privacy Act of 2018 (“CCPA”).

The categories of personal information we collect and the purposes for which they are used are set forth in this Privacy Policy. WiteSand will provide information regarding an individual consumer to that consumer upon a verifiable request sent to: [email protected].

We will comply with a request from a consumer to delete information concerning them subject to the exceptions in the CCPA. We do not sell personal information, as “sell” is defined in the CCPA. We will not discriminate in a manner which violates the CCPA against a consumer exercising his or her rights under the CCPA.


Cookies

In some instances, WiteSand may collect non-personal aggregate or demographic data through cookies. This information may be used to better understand and improve the usability, performance, and effectiveness of the website.

In addition, by using some of our Service, anonymous network information (not including Personal Information) may be transmitted back to us such as Product usage information. This information is transmitted back to us so we can determine how users are interacting with our Service, to assist us as we consistently improve our Service and to correct any problems that may occur.

Consent

Consent to the Transfer, Processing, and Storage of Personal Information

WiteSand is required to disclose personal information to public authorities if they provide lawful requests for reasons of national security or law enforcement.

We will ask for your consent before we use or share your Personal Information for any purpose other than the reason you provided it or as otherwise provided by this policy.


Minors

The SaaS is not intended for use by persons under the age of 18. We do not knowingly collect minors’ personal data.


Term, Termination, and Amendments

This Privacy Policy enters into force on the date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us. The Privacy Policy may be changed from time to time to address the changes in laws, regulations, and industry standards. We encourage you to review our Privacy Policy to stay informed. For significant material changes in the Privacy Policy or, where required by the applicable law, we may seek your consent.

Our website will indicate (once we are out of stealth mode) when the policy has been altered. You may access the current version at any time by clicking on the “Privacy Policy” link at the footer on our website. Your continued use of the WiteSand website or Service thereafter, serves as binding confirmation that you agree with such changes.


Contact

Any inquiries about the Privacy Policy and our data protection practices should be addressed to us by using the following contact details:

Email: [email protected]

To contact us via the postal service, send a letter to:
Privacy Officer
WiteSand Systems, Inc.
2860 Zanker Road, Suite 109
San Jose, CA 95134