Axonius Global Privacy Policy

This Privacy Policy describes Axonius Inc. and its affiliated companies (collectively, “Axonius”, “we”, “our” or “us”) privacy practices regarding: 

When we use the term Personal Data or Personal Information, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable individual or, where applicable, a household (“Data Subject”). 

If you are a job candidate or applicant, please refer to our Global Job Candidate Privacy Notice. 

If you are an employee, an intern or an individual contractor, please refer to our Global Personnel Privacy Policy available on Axonius’ internal knowledge platform.

Personal Data does not include aggregated or de-identified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual or household, nor data that solely relates to a non-human entity.

The categories of Personal Information listed below have been collected, processed and disclosed within the last 12 months.

We collect Personal Data directly from a Data Subject (such as when a Data Subject submits a form via our websites), indirectly from a Data Subject (such as when a Data Subject interacts with our websites or interacts with our services), or via third parties or sources (such as our customers, vendors, or channel partners). We may combine the Personal Data that the Data Subject provides us with Personal Data provided via third parties and sources.

The provision of Personal Data is voluntary. We suggest that individuals avoid interacting with us if they do not wish to provide Personal Data.

We do not knowingly collect sensitive data, special categories of Personal Data, protected classification characteristics under applicable laws, or Personal Data from children under the age of 16 and do not wish to do so. We will make our best efforts to prohibit and block such use and, in case of unwilling collection, to promptly delete any of such Personal Data.

We, our service providers and contractors maintain, store and process Personal Data in the US, the UK, the EEA, and Israel as well as other locations as reasonably necessary for the purposes of processing listed above, or as may be required by law.

While privacy laws may vary between jurisdictions, Axonius, its service providers and contractors are committed to handling the transfer of Personal Data in accordance with any appropriate lawful mechanisms and contractual terms, including (where appropriate) standard contractual clauses or similar mechanism adopted by the EU or the UK, to ensure an adequate level of protection.

We retain Personal Data for as long as we deem reasonably necessary to fulfill the purposes of processing listed above, taking into account the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure, and applicable legal and regulatory requirements. 

We implement systems, applications, and procedures to safeguard Personal Data, to minimize the risks of theft, damage, loss, or unauthorized access or use of information. These measures provide robust, industry-standard security. To learn more about our cybersecurity program, please visit https://www.axonius.com/security-program.

In order to pursue the purposes of processing listed above, we may disclose Personal Data in the following ways:

Axonius affiliated companies; Investment and change of control: We may disclose Personal Data internally within our group. In addition, should Axonius or any of its affiliates undergo any change in control or ownership, including by means of merger, acquisition or purchase of substantially all or part of its assets, or undergo an IPO process or other sale of its securities pursuant to a registration statement, or be considered or found eligible for a grant and/or a potential investment, Personal Data may be shared with the parties involved in such an event. 

Service providers and contractors: We may, upon the execution of a written contract, engage selected service providers, to perform services on our behalf, or contractors, to provide complementary services to our own and, limited to this purpose, grant them access to Personal Data as necessary. Such service providers and contractors may include hosting and server co-location services, communications and content delivery networks (CDNs), internet service providers, operating systems and platforms, data analytics services, marketing and advertising services, data and cybersecurity services, web analytics, e-mail and SMS distribution and monitoring services, session or activity recording services, remote access services, performance measurement services, data optimization services, social and advertising networks, content providers, support and customer relation management systems; and our business, legal, financial and compliance advisors. 

Governmental or law enforcement authorities: We may disclose Personal Data to governmental or law enforcement authorities if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request; (b) to enforce our agreements, policies, and terms of service; (c) the disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (d) such disclosure is required to protect our legitimate business interests, including the security or integrity of our assets, personnel, and rights. 

Additional disclosures: We may disclose Personal Data in additional manners, pursuant to the Data Subject request or consent, if we are legally obligated to do so, or if we have successfully anonymized such Personal Data.

We may share limited Personal Information related to our Website User for cross-context behavioral advertising purposes, as that term is defined in the California Consumer Privacy Act (“CCPA”). Specifically, our websites host targeting cookies which may share Personal Information to third parties. To manage cookies preferences, please refer to the section Cookie and Data Collection Technology below.

We do not sell Personal Information to third parties.

Cookies: Axonius and our service providers use cookies and other technologies to make sure the Website User has the best experience on our websites, to improve functionality and performance, ad personalization, and analyzing traffic. Website Users can manage their cookie preferences, including whether or not to accept cookies and how to remove them, through their browser settings or by clicking on our Cookies Settings, which provides more information about the cookies used. For more information about cookies, please visit: www.allaboutcookies.org, www.youronlinechoices.co.uk.

Google Analytics: we use Google Analytics only to collect Website usage Data (as described above). We do not merge the information collected through the use of Google Analytics with other Personal Data. Google’s ability to use and share website usage data collected by Google Analytics is restricted by Google Analytics Terms of Service, Google Privacy Policy, and by enabling restricted data processing through our account page. You can learn more about how Google collects and processes data specifically in connection with Google Analytics here. Further information about your option to opt-out of these analytics services is available here. 

Do Not Track Signals; GPC: We do not support Do Not Track signals. We have implemented changes to respect the Global Privacy Control signals we receive.

To the extent available in the appropriate jurisdiction, Data Subjects may have rights concerning their Personal Data. To exercise these privacy rights – please submit a Data Subject Request via our dedicated page or contact us by e-mail at [email protected]. 

When Data Subjects ask us to exercise any of their privacy rights, we may require additional information, including certain Personal Data, in order to authenticate and process the request. Such additional information may be then retained by us for legal purposes (e.g., as proof of the identity of the person submitting the request). 

US Data Protection Rights

Depending on the US state of residence and applicable laws, Data Subjects may have the right to:

• know whether or not we currently process (or have processed in the last 12 months) Personal Information, as well as information regarding our privacy practices related to the handling of Personal Information and, where applicable, the list of specific third parties to whom the Personal Information has been disclosed;
• access and receive a copy of the Personal Information we have collected in the prior 12 months;
• request that we correct inaccuracies in Personal Information;
• request the deletion of Personal Information that we have collected, subject to certain conditions and exceptions;
• opt-out of targeted advertising; 
• opt-out of sale or sharing of Personal Information. We do not currently sell Personal Information;
• opt out of automated decision-making or profiling in furtherance of decisions that produce a legal or similarly significant effect, where applicable.  We do not currently process Personal Information in this manner;
• receive a copy of Personal Information in a portable and readily usable format;
• not be subject to discrimination for the exercise of these privacy rights;
• appeal if we decline to take action regarding a Data Subject’s request, where applicable. We will notify the Data Subject providing our reasons and instructions for appealing the decision. Where applicable, the Data Subject may have the right to contact the competent Attorney General if they have concerns about the result of the appeal;
• designate someone as an authorized agent to submit requests and act on Data Subject’s behalf. 

Provided that we only interact with Data Subjects in a commercial context, some of the above rights may not apply. 

Israel Data Protection Rights

Subject to applicable laws, Data Subjects may have the right to:

• request confirmation of the processing of Personal Data;
• request access to Personal Data;
• receive copies of Personal Data;
• request that we correct inaccuracies in Personal Data;
• withdraw consent;
• delete Personal Data.

European Economic Area (EEA) and United Kingdom (UK) Data Protection Rights 

Subject to applicable laws, Data Subjects may have the right to:

• request access to, or to receive copies of, Personal Data, as well as with information regarding our privacy practice related to the handling of Personal Data;
• request rectification of any inaccuracies in Personal Data;
• request, on legitimate grounds, the erasure of Personal Data; 
• request, on legitimate grounds, the restriction of Personal Data processing activities;
• object, on grounds relating to their particular situation, to the processing of Personal Data by us or on our behalf; and the right to object to the processing of Personal Data, by us or on our behalf for direct marketing purposes; 
• have the Personal Data transferred to another controller, to the extent applicable;
• withdraw consent, where we process the Personal Data on the basis of it;
• not be subject to automated decision making, including profiling, which produces legal effects concerning the Data Subject, under certain conditions;
• lodge complaints with a data protection authority regarding the processing of Personal Data by us or on our behalf.

Switzerland Data Protection Rights

Subject to applicable laws, Data Subjects may have the right to:

• request access to, or to receive copies of, Personal Data, as well as with information regarding our privacy practice related to the handling of Personal Data;
• request rectification of any inaccuracies in Personal Data;
• request the erasure, deletion, destruction or anonymization of Personal Data, to the extent applicable; 
• object, to the processing of Personal Data by us or on our behalf, including the right to restrict or prohibit the processing, or request the prohibition of a specific disclosure, to the extent applicable; 
• have the Personal Data transferred to another controller, to the extent applicable;
• not be subject to automated decision making, including the right to be heard in the case of automated decision making, to the extent applicable;
• have the Personal data marked as being disputed;
• lodge complaints with a data protection authority regarding the processing of Personal Data by us or on our behalf, and request that any judgment be communicated to third parties or published.

Axonius Inc., with business address at 41 Madison Ave., 37th Floor, New York, NY 10010-2257 USA, complies with the  EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), including the onward transfer liability provisions, as set forth by the U.S. Department of Commerce. 

Axonius Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF Principles for Personal Data received from the European Union, the United Kingdom (and Gibraltar), and Switzerland in reliance on the relevant part(s) of the DPF program, and that it commits to be subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), which has jurisdiction over Axonius Inc. compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF. In certain situations, Axonius Inc. may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If there is any conflict between the terms in this Privacy Policy and the above mentioned DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.

Axonius Inc. collects Personal Data for specific Purposes of processing described  in the section Data Uses above. Additional information about the types of third parties to which Axonius Inc. discloses Personal Data and the purposes for which it does so, the rights of Data Subjects to access their Personal Data - including the choices and the means the organization offers for limiting the use and disclosure of their Personal Data - are available in the relevant sections of this Privacy Policy. Axonius Inc. commits to be liable for onward Personal Data transfers to third parties acting as controller.

In compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF, Axonius Inc. commits to resolve DPF Principles-related complaints about collection and use of Personal Data.  EU, UK, and Swiss Data Subjects with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF should first contact Axonius Inc. at the contact addresses listed in the section Contact Details below.

Axonius Inc. commits to refer unresolved complaints to Jams, an alternative dispute resolution provider based in the United States. If the Data Subject does not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed any DPF Principles-related complaint to the Data Subject’s satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.  The services of Jams are provided at no cost to the Data Subject.

The Data Subject has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms described above. For additional information, please visit: ANNEX-I-introduction.

Third-party event. Our websites may contain links to third-party events, webinars or other similar activities. For information about how third-parties may use or access your Personal Data, please refer to the third-party privacy policy.

Updates and Amendments: We may update and amend this Privacy Policy from time to time by posting an updated version on our websites. The amended version will be effective as of the date it is published.

For any questions, concerns or complaint regarding this Privacy Policy or our privacy practices, please contact our: 

• Data Protection Officer at:[email protected], or via post at:
  • 41 Madison Ave Floor 37, New York, NY 10010, USA 
  • 16 Great Queen Street, Covent Garden, London, United Kingdom, WC2B 5AH
  • 132 Menachem Begin Street, The Circular Tower, Floor 23 Tel Aviv, Israel 6701101.
• European Representative in the EU: We have appointed Prighter Group with its local partners as our privacy representative and point of contact in the EU. To contact us via our representative, Prighter, or make use of your data subject rights, please visit the following website.