Darktrace Privacy & Data Protection Policy
Darktrace Holdings Limited (“Darktrace”) is committed to protecting and respecting your privacy. Darktrace collects, uses and keeps information in compliance with the UK Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the California Consumer Privacy Act (“CCPA”) and all relevant regulations.
This Policy aims to give you information on how Darktrace collects and processes your personal data. Please read the following Policy to understand how we collect and use your personal data, for example when you contact us, visit our website (Site), apply for a job, or use our products and services.
Information Darktrace may collect from you
Darktrace may collect and process the following data about you:
- Contact and Identity Data such as your name, email, address and phone number. Phone numbers are used for two factor authentication and support services.
- Technical Data including your Internet Protocol (IP) address, login data, operating system and web browser type, browser plug-in types and version, traffic data, location data and other communication data, and the resources that you access.
- Usage Data including how you use our website, products and services.
- Profile Data including usernames, passwords, and feedback data.
- Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences.
How Darktrace may collect your personal data
Darktrace may collect your personal data when you:
- Contact us and/or provide feedback.
- Provide contact details (e.g. giving business cards) at a marketing event.
- Request and receive marketing communications.
- Submit a job application: If you are making a job application or inquiry, you may provide us with a copy of your CV or other relevant information. We may use this information for the purpose of considering your application or inquiry. Except when you explicitly request otherwise, we may keep this information on file for future reference.
- Purchase our products and services: If you purchase or use our products or services, we may use your personal data for purposes which include but are not limited to:
- verifying your credentials,
- carrying out end user compliance checks for export control purposes,
- processing orders and generating billing information.
Additionally, Darktrace may collect data about you:
- Through our business relationships and contacts.
How Darktrace may use your personal data
Darktrace may use the personal data held about you in the following circumstances:
- To perform the contract we are about to enter into or have entered into with you, including notification of changes to our products and services.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
- To provide you with information, products or services that you request from us, or which Darktrace feel may interest you, where you have consented to be contacted for such purposes.
- To allow you to participate in interactive features of our products or service, when you choose to do so.
We have set out below, in a table format, a description of the primary ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that Darktrace does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Use under the CCPA
We do not sell any data captured as part of your use of Darktrace’s products or services. Our public website uses Google Analytics, which may be considered exchanging data for valuable consideration under CCPA.
If you wish to opt out of Google Analytics, you can use the opt-out browser add-on from Google.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
If you are an existing customer, Darktrace will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those that were the subject of a previous sale to you.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you OR by contacting us via email at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase.
We will not sell or rent your data to third parties or share your data with third parties for marketing purposes. We may use third party software to send you information for marketing purposes, but such third parties will not have access to or be able to read your personal information.
If you receive an email which claims to come from us but does not use our domain, or if you are suspicious that an email may not be approved by us, then please send a copy of the email to email@example.com so we can investigate.
Where your personal data is stored
Your personal data is securely stored by Darktrace on the Darktrace servers located in Cambridge, United Kingdom. Darktrace has set up systems and processes to prevent unauthorized access or disclosure of your personal data.
Transferring personal data
As a global company, we have international sites and users all over the world. When you give us personal data, that data may be used, processed or stored anywhere in the world, including countries outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA, who work for us or for one of our suppliers. Darktrace places substantial importance on protecting the confidentiality of personal information and seeks the cooperation of all its suppliers in furthering this goal. Darktrace will only transfer personal information to a supplier where the supplier has provided assurances that they will provide at least the same level of privacy protection as is required by this Policy. Where Darktrace has knowledge that a supplier is using or sharing personal information in a way that is contrary to this policy, Darktrace will take reasonable steps to prevent or stop such processing.
Darktrace endeavours to hold all personal data securely in accordance with our internal security procedures and applicable law. We update and test our security on an ongoing basis. Darktrace will do its best to protect your personal data, but Darktrace cannot guarantee the security of your data transmitted to our Site through the internet; any such transmission is at your own risk. Once Darktrace have received your information, Darktrace will maintain appropriate administrative, physical, technical and organizational measures to protect your personal data accessed or processed by Darktrace against unauthorized or unlawful processing or accidental loss, destruction, damage or disclosure.
Disclosure of your information
We may share or disclosure your personal data with the parties set out below:
- Within the Darktrace Group for the fulfilment of the activities described in the table above.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data can be requested via our Data Privacy Officer at the contact details provided below.
Your legal rights
GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with the GDPR.
You have the right to request by contacting firstname.lastname@example.org.
- information about how your personal data is processed;
- a copy of your personal data;
- an immediate correction to your personal data.
You can also:
- raise an objection about how your personal data is processed;
- request that your personal data is erased if there is no longer a justification for it;
- ask that the processing of your personal data is restricted in certain circumstances;
- opt out of the use of your personal data for any purposes or a specific purpose, such as the Darktrace Customer Portal.
If you are a resident of California, you have certain rights under the CCPA:
- Right to request disclosure about personal data from a business.
- Right to access personal information held by a business.
- Right to request the deletion of personal data.
- Right to avoid discrimination for exercising their rights.
- Right to opt-out of website requirements.
You can make these requests by emailing email@example.com.
Changes to our Privacy & Data Protection Policy
Darktrace reserves the right to amend this Privacy and Data Protection Policy at any time, for any reason, without notice to you, other than the posting of the amended Privacy and Data Protection Policy at this Site. You should check our Site to see the current Privacy and Data Protection Policy that is in effect and any changes that may have been made to it.
This policy was last amended on 20 February 2020.
Data Privacy Officer
Darktrace is headquartered in Cambridge, United Kingdom. Darktrace has appointed an internal Data Protection Officer for you to contact if you have any questions or concerns about Darktrace’s Privacy and Data Protection Policy. The contact information for the Darktrace Data Protection Officer is as follows:
Darktrace Holdings Limited
Maurice Wilkes Building
St John’s Innovation Park