Skip to content
    Search

    Axonius Global Privacy Policy

    Effective August 28, 2024

    This Privacy Policy describes Axonius Inc. and its affiliated companies (collectively, “Axonius”, “we”, “our” or “us”) privacy practices regarding: 

     

    Personal Data 

    When we use the term Personal Data or Personal Information, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable individual or, where applicable, a household (“Data Subject”). 

    If you are a job candidate or applicant, please refer to our Global Job Candidate Privacy Notice

    If you are an employee, an intern or an individual contractor, please refer to our Global Personnel Privacy Policy available on Axonius’ internal knowledge platform.

    Personal Data does not include aggregated or de-identified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual or household, nor data that solely relates to a non-human entity.

    The categories of Personal Information listed below have been collected, processed and disclosed within the last 12 months.

     

    Data Collection

    We collect Personal Data directly from a Data Subject (such as when a Data Subject submits a form via our websites), indirectly from a Data Subject (such as when a Data Subject interacts with our websites or interacts with our services), or via third parties or sources (such as our customers, vendors, or channel partners). We may combine the Personal Data that the Data Subject provides us with Personal Data provided via third parties and sources.

    The provision of Personal Data is voluntary. We suggest that individuals avoid interacting with us if they do not wish to provide Personal Data.

    We do not knowingly collect sensitive data, special categories of Personal Data, protected classification characteristics under applicable laws, or Personal Data from children under the age of 16 and do not wish to do so. We will make our best efforts to prohibit and block such use and, in case of unwilling collection, to promptly delete any of such Personal Data. 

     

    Data Uses 

    Data Subjects

    Personal Data

    (Business) Purposes of the processing

    Legal basis

    Guest, Prospect, Customer, Vendor and Partner Representative (“Business Contact”)

    Personal Data collected in relation to our marketing initiatives and events, and specifically: 


    Business contact Data, including full name, e-mail address, mobile phone number, address, job title, employer or company name, company department, company address, company website (Identifiers).


    Communication Data, including Personal Data contained in correspondence with us, as well as videocall recordings (voice, image and screensharing images), chats, surveys, feedbacks, and analyses thereof (Commercial Information and related Inferences; Audio, electronic, visual or similar information).


    Commercial Information and Contact activity Data, including event attendance, history of interactions/purchase with us, purchase preferences (Commercial Information).

    To contact with general or personalized product-related messages (as new features, additional offerings, special opportunities), to answer/fulfill website form enquiries, to follow up on our conversations and improve our relationship in order to enter in a contract or renew a contract.

    Performance of contract or of steps prior to a contract; Legitimate interest; Consent where appropriate.

    To contact potential prospects to generate new business opportunities, via electronic communications and telephone, and to manage and deliver advertisements as well as promotional messages, including newsletters and blog updates, that may be of specific interest to the Data Subject, also on other websites and applications. This includes contextual, behavioral and interest-based advertising based on Data Subject's activity, preferences or other data available to us.

    Legitimate interest; Consent where appropriate.

    To analyze, facilitate and optimize our marketing campaigns, ad management and sales operations.

    Legitimate interest; Consent where appropriate.

    To facilitate, sponsor and offer certain events and webinars, contests and promotions.

    Legitimate interest; Consent where appropriate.

    Personnel  training.

    Consent. 

    To enforce our agreements, policies, procedures or Terms and Conditions, to resolve disputes, to manage Axonius’ reporting intake process, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties.

    Performance of contract; Legitimate interest. 

    To comply with our contractual and legal obligations and requirements.

    Performance of contract; Legitimate interest; Legal obligation.

    For any other lawful purpose, or additional purpose that Data Subject consents to.

    Legal obligation; Consent where appropriate.

    Customer’s End Users/Platform’s User (“User”)

    Usage Information, including IP address, device identifiers, browsers metadata, Axonius’ products user profile data and activity logs (Identifiers; Internet or other network

    activity Information).

    To provide, maintain, and enhance security measures for the protection of Personal Data within our cybersecurity program and product security program, including for the detection, forensics, incident response, mitigation, and resolution associated with technical or security issues, fraud prevention, disaster recovery and business continuity, and for the protection against other malicious, deceptive, fraudulent or illegal activity, including violations of policies and terms.

    Performance of contract; Legitimate interest; Legal obligation.

    To enforce our agreements, policies, procedures or Terms and Conditions, to resolve disputes,  to manage Axonius’ reporting intake process, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties.

    Performance of contract; Legitimate interest. 

    To comply with our contractual and legal obligations and requirements.

    Performance of contract; Legitimate interest; Legal obligation.

    Website User

    Personal Data collected in relation to our websites, and specifically:


    Website usage Data related to the manner in which the website user uses our website, including connectivity, technical and aggregated usage data, user agent, IP address, device identifiers (such as type, OS, device ID, browser version, locale and language settings used), approximate geolocation, page visited, time and date of the visit, communication and performance logs, session recordings, issues and bugs, and cookies and pixels installed or utilized on the User device (Internet or other network activity Information; Geolocation Data).

    To ensure website operation, functionality and security, to gain a better understanding of how website users use and interact with our websites, and how we can improve their and other users’ experience, so we can continue improving our websites. 

    Legitimate interest; Consent where appropriate.

    To manage and deliver advertisements as well as promotional messages, including newsletters, that may be of specific interest to the Data Subject, also on other websites and applications. This includes contextual, behavioral and interest-based advertising based on Data Subject’s activity, preferences or other data available to us.

    Legitimate interest; Consent where appropriate.

    To enforce our agreements, policies, procedures or Terms and Conditions, to resolve disputes,  to manage Axonius’ reporting intake process, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties, to help ensure the security and integrity of our websites.

    Performance of contract; Legitimate interest.

    For any other lawful purpose, or additional purpose that Data Subject consents to.

    Legal obligation; Consent where appropriate.

    Office Visitors

    Identity and Business contact Data, including full name, e-mail address, mobile phone number, job title, employer or company name, company department, documentation proving identity, picture (Identifiers).


    Electronic Identification Data, including device identifiers such as user, IP address, approximate geolocation data (Identifiers; Internet of other networking activity Information).


    Office video camera recordings (Electronic, visual or similar information).


    Dietary restriction, allergies, and disabilities (Health Information)

    Office administration and accessibility.


    Office workspace and events organization.


    Office security (visitor identification, and 

    safety and security camera operations and administration). 

    Legitimate Interest; Consent where appropriate.

    Corporate Use: The use of our products within a third-party organization (e.g., the data subject’s employer) is managed and provided by that organization in accordance with its policies regarding the use and protection of personal information. Please refer to the organization's privacy policy and direct any questions to the organization's system administrator.

    If the Data Subject is located in a territory governed by privacy laws under which “Consent” is the only or most appropriate legal basis for the processing of Personal Data as described herein, the acceptance of this Privacy Policy will be deemed to constitute consent to the processing of Personal Data for all purposes detailed in this Privacy Policy.

     

    Data Location

    We, our service providers and contractors maintain, store and process Personal Data in the US, the UK, the EEA, and Israel as well as other locations as reasonably necessary for the purposes of processing listed above, or as may be required by law.

    While privacy laws may vary between jurisdictions, Axonius, its service providers and contractors are committed to handling the transfer of Personal Data in accordance with any appropriate lawful mechanisms and contractual terms, including (where appropriate) standard contractual clauses or similar mechanism adopted by the EU or the UK, to ensure an adequate level of protection.

     

    Data Retention

    We retain Personal Data for as long as we deem reasonably necessary to fulfill the purposes of processing listed above, taking into account the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure, and applicable legal and regulatory requirements. 

     

    Data Security

    We implement systems, applications, and procedures to safeguard Personal Data, to minimize the risks of theft, damage, loss, or unauthorized access or use of information. These measures provide robust, industry-standard security. To learn more about our cybersecurity program, please visit https://www.axonius.com/security.

     

    Data Disclosure

    In order to pursue the purposes of processing listed above, we may disclose Personal Data in the following ways:

    Axonius affiliated companies; Investment and change of control: We may disclose Personal Data internally within our group. In addition, should Axonius or any of its affiliates undergo any change in control or ownership, including by means of merger, acquisition or purchase of substantially all or part of its assets, or undergo an IPO process or other sale of its securities pursuant to a registration statement, or be considered or found eligible for a grant and/or a potential investment, Personal Data may be shared with the parties involved in such an event. 

    Service providers and contractors: We may, upon the execution of a written contract, engage selected service providers, to perform services on our behalf, or contractors, to provide complementary services to our own and, limited to this purpose, grant them access to Personal Data as necessary. Such service providers and contractors may include hosting and server co-location services, communications and content delivery networks (CDNs), internet service providers, operating systems and platforms, data analytics services, marketing and advertising services, data and cybersecurity services, web analytics, e-mail and SMS distribution and monitoring services, session or activity recording services, remote access services, performance measurement services, data optimization services, social and advertising networks, content providers, support and customer relation management systems; and our business, legal, financial and compliance advisors. 

    Governmental or law enforcement authorities: We may disclose Personal Data to governmental or law enforcement authorities if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request; (b) to enforce our agreements, policies, and terms of service; (c) the disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (d) such disclosure is required to protect our legitimate business interests, including the security or integrity of our assets, personnel, and rights. 

    Additional disclosures: We may disclose Personal Data in additional manners, pursuant to the Data Subject request or consent, if we are legally obligated to do so, or if we have successfully anonymized such Personal Data.

     

    Selling and Sharing Practices

    We may share limited Personal Information related to our Website User for cross-context behavioral advertising purposes, as that term is defined in the California Consumer Privacy Act (“CCPA”). Specifically, our websites host targeting cookies which may share Personal Information to third parties. To manage cookies preferences, please refer to the section Cookie and Data Collection Technology below.

    We do not sell Personal Information to third parties.

     

    Cookies and Data Collection Technologies

    Cookies: Axonius and our service providers use cookies and other technologies to make sure the Website User has the best experience on our websites, to improve functionality and performance, ad personalization, and analyzing traffic. Website Users can manage their cookie preferences, including whether or not to accept cookies and how to remove them, through their browser settings or by clicking on our cookie banner, which provides more information about the cookies used. For more information about cookies, please visit: www.allaboutcookies.org, www.youronlinechoices.co.uk.

    Google Analytics: we use Google Analytics only to collect Website usage Data (as described above). We do not merge the information collected through the use of Google Analytics with other Personal Data. Google’s ability to use and share website usage data collected by Google Analytics is restricted by Google Analytics Terms of Service, Google Privacy Policy, and by enabling restricted data processing through our account page. You can learn more about how Google collects and processes data specifically in connection with Google Analytics here. Further information about your option to opt-out of these analytics services is available here

    Do Not Track Signals; GPC: We do not support Do Not Track signals. We have implemented changes to respect the Global Privacy Control signals we receive.

     

    Data Subject Rights

    To the extent available in the appropriate jurisdiction, Data Subjects may have rights concerning their Personal Data. To exercise these privacy rights – please submit a Data Subject Request via our dedicated page or contact us by e-mail at privacy@axonius.com

    When Data Subjects ask us to exercise any of their privacy rights, we may require additional information, including certain Personal Data, in order to authenticate and process the request. Such additional information may be then retained by us for legal purposes (e.g., as proof of the identity of the person submitting the request). 

    US Data Protection Rights

    Depending on the US state of residence and applicable laws, Data Subjects may have the right to:

    • know whether or not we currently process (or have processed in the last 12 months) Personal Information, as well as information regarding our privacy practices related to the handling of Personal Information and, where applicable, the list of specific third parties to whom the Personal Information has been disclosed;
    • access and receive a copy of the Personal Information we have collected in the prior 12 months;
    • request that we correct inaccuracies in Personal Information;
    • request the deletion of Personal Information that we have collected, subject to certain conditions and exceptions;
    • opt-out of targeted advertising; 
    • opt-out of sale or sharing of Personal Information. We do not currently sell Personal Information;
    • opt out of automated decision-making or profiling in furtherance of decisions that produce a legal or similarly significant effect, where applicable.  We do not currently process Personal Information in this manner;
    • receive a copy of Personal Information in a portable and readily usable format;
    • not be subject to discrimination for the exercise of these privacy rights;
    • appeal if we decline to take action regarding a Data Subject’s request, where applicable. We will notify the Data Subject providing our reasons and instructions for appealing the decision. Where applicable, the Data Subject may have the right to contact the competent Attorney General if they have concerns about the result of the appeal;
    • designate someone as an authorized agent to submit requests and act on Data Subject’s behalf. 

    Provided that we only interact with Data Subjects in a commercial context, some of the above rights may not apply. 

    Israel Data Protection Rights

    Subject to applicable laws, Data Subjects may have the right to:

    • request confirmation of the processing of Personal Data;
    • request access to Personal Data;
    • receive copies of Personal Data;
    • request that we correct inaccuracies in Personal Data;
    • withdraw consent;
    • delete Personal Data.

    European Economic Area (EEA) and United Kingdom (UK) Data Protection Rights 

    Subject to applicable laws, Data Subjects may have the right to:

    • request access to, or to receive copies of, Personal Data, as well as with information regarding our privacy practice related to the handling of Personal Data;
    • request rectification of any inaccuracies in Personal Data;
    • request, on legitimate grounds, the erasure of Personal Data; 
    • request, on legitimate grounds, the restriction of Personal Data processing activities;
    • object, on grounds relating to their particular situation, to the processing of Personal Data by us or on our behalf; and the right to object to the processing of Personal Data, by us or on our behalf for direct marketing purposes; 
    • have the Personal Data transferred to another controller, to the extent applicable;
    • withdraw consent, where we process the Personal Data on the basis of it;
    • not be subject to automated decision making, including profiling, which produces legal effects concerning the Data Subject, under certain conditions;
    • lodge complaints with a data protection authority regarding the processing of Personal Data by us or on our behalf.

    Switzerland Data Protection Rights

    Subject to applicable laws, Data Subjects may have the right to:

    • request access to, or to receive copies of, Personal Data, as well as with information regarding our privacy practice related to the handling of Personal Data;
    • request rectification of any inaccuracies in Personal Data;
    • request the erasure, deletion, destruction or anonymization of Personal Data, to the extent applicable; 
    • object, to the processing of Personal Data by us or on our behalf, including the right to restrict or prohibit the processing, or request the prohibition of a specific disclosure, to the extent applicable; 
    • have the Personal Data transferred to another controller, to the extent applicable;
    • not be subject to automated decision making, including the right to be heard in the case of automated decision making, to the extent applicable;
    • have the Personal data marked as being disputed;
    • lodge complaints with a data protection authority regarding the processing of Personal Data by us or on our behalf, and request that any judgment be communicated to third parties or published.

    Data Protection Framework

    Axonius Inc., with business address at 41 Madison Ave., 37th Floor, New York, NY 10010-2257 USA, complies with the  EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), including the onward transfer liability provisions, as set forth by the U.S. Department of Commerce. 

    Axonius Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF Principles for Personal Data received from the European Union, the United Kingdom (and Gibraltar), and Switzerland in reliance on the relevant part(s) of the DPF program, and that it commits to be subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), which has jurisdiction over Axonius Inc. compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF. In certain situations, Axonius Inc. may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If there is any conflict between the terms in this Privacy Policy and the above mentioned DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.

    Axonius Inc. collects Personal Data for specific Purposes of processing described  in the section Data Uses above. Additional information about the types of third parties to which Axonius Inc. discloses Personal Data and the purposes for which it does so, the rights of Data Subjects to access their Personal Data - including the choices and the means the organization offers for limiting the use and disclosure of their Personal Data - are available in the relevant sections of this Privacy Policy. Axonius Inc. commits to be liable for onward Personal Data transfers to third parties acting as controller.

    In compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF, Axonius Inc. commits to resolve DPF Principles-related complaints about collection and use of Personal Data.  EU, UK, and Swiss Data Subjects with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF should first contact Axonius Inc. at the contact addresses listed in the section Contact Details below.

    Axonius Inc. commits to refer unresolved complaints to Jams, an alternative dispute resolution provider based in the United States. If the Data Subject does not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed any DPF Principles-related complaint to the Data Subject’s satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.  The services of Jams are provided at no cost to the Data Subject.

    The Data Subject has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms described above. For additional information, please visit: ANNEX-I-introduction.

     

    Additional Information

    Third-party event. Our websites may contain links to third-party events, webinars or other similar activities. For information about how third-parties may use or access your Personal Data, please refer to the third-party privacy policy.

    Updates and Amendments: We may update and amend this Privacy Policy from time to time by posting an updated version on our websites. The amended version will be effective as of the date it is published.

     

    Contact Details

    For any questions, concerns or complaint regarding this Privacy Policy or our privacy practices, please contact our: 

    • Data Protection Officer at: privacy@axonius.com, or via post at:
      • 41 Madison Ave Floor 37, New York, NY 10010, USA 
      • 16 Great Queen Street, Covent Garden, London, United Kingdom, WC2B 5AH
      • 132 Menachem Begin Street, The Circular Tower, Floor 23 Tel Aviv, Israel 6701101.
    • European Representative in the EU: We have appointed Prighter Group with its local partners as our privacy representative and point of contact in the EU. To contact us via our representative, Prighter, or make use of your data subject rights, please visit the following website