Centrify Privacy Statement

Centrify Corporation (“Centrify” or the “Company”) is committed to protecting the privacy of individuals who visit the Company's Web sites (“Visitors”), individuals who register to download free or trial software or use the Company's software and services as defined below (“Customers”), and individuals who register to attend the Company's corporate in-person or web-based events (“Attendees”).  This Privacy Statement describes Centrify's privacy practices in relation to the use of the Company's Web sites and the related free and paid software and services offered by Centrify (“Software” and “Services”). It also describes your choices regarding use, access and correction of your personal information.

TRUSTe Privacy Certification

U.S. – Swiss Safe Harbor

Centrify complies with the U. S. – Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. Centrify has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification, please visit https://safeharbor.export.gov/swisslist.aspx.

EU – U.S. Privacy Shield

Centrify participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Centrify is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List

Centrify is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Centrify complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Centrify is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Company may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Web Sites Covered

This Privacy Statement covers the information practices of Web sites that link to this Privacy Statement, including: http://www.centrify.com, http://cloud.centrify.com and other Web sites under the centrify.com domain which are owned and operated by the Company.

Centrify's Web sites may contain links to other external Web sites. The privacy statements of these other Web sites govern the information practices or the content of these other Web sites. The Company encourages you to review the privacy statements of other Web sites to understand their information practices.

Our Web site includes social media features, such as the Facebook 'Like' button and widgets, such as the 'Share this' button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy statement of the company providing it.

Personal Data Collected

When expressing an interest in obtaining additional information about Software and Services or registering to use Software and Services, Centrify requires you to provide the Company with personal contact information, such as name, company name, email address, mailing address and phone number (“Personal Data”). You may also choose to submit additional Personal Data, such as mobile phone number, user photo and manager name, even though not required.  When purchasing Software and Services, Centrify may require you to provide the Company with financial qualification and billing information, such as billing name and address, credit card number, and the number of users or systems within the organization that will be using Software and Services (“Billing Information”). All such Personal Data and Billing Information about Customers are referred to collectively as “Data about Centrify Customers,” or in the case of Attendees, “Data about Centrify Attendees.”

Members of our partner programs may submit the information of 3rd parties as referrals interested in more information about Software and Services. We will ask for the 3rd party's name, contact information and company information. These individuals may contact us using the information below to request that we remove their information from active use or delete it.

As you navigate the Company's Web sites, Centrify may also collect information through the use of commonly-used information-gathering tools, such as cookies (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Company's Web sites (such as the Web pages viewed and the links clicked).

System and Mobile Device Information Collected

When using Software and Services, Centrify collects a Unique Device ID (“UDID”), a system generated unique user ID, and a device IP address in order to identify the device used.

Customer Provided Account Login Credentials Collected

When connecting to Software and Services, customer login information is provided in the form of a username and password to enable single sign on (SSO) functionality.  Centrify maintains a storage of previously used passwords which are hashed to enforce the password policy.  Centrify may also collect a user display name and one-time passcodes for multi-factor authentication.

Certificate Information and Application Passwords Collected

Centrify collects application passwords and application login credentials with Amazon Web Services which utilize secret key and hashed passwords.  Amazon Web Services secret keys are security credentials that are used to validate internet (API) requests and to determine validity of the request being made.

Hashing passwords is a security method where passwords are encrypted using a one-way algorithm.  This ‘hashing’ algorithm is applied to passwords prior to storage into a database.  The purpose of using hashing is to provide robust security for credential storage.

Geolocation Information

When you use Software or Services, we may use geolocation technology together with third party databases to determine your location. This location information allows us to provide certain functionality of Software and Services, such as locating lost or stolen devices. We do not share this location information with persons other than our Customers and their users. If you do not want us to use your location for the purposes described above, you may turn off the location services for the Software or Services located in your account settings or in your mobile phone settings.

Anonymous Data Collected

“Anonymous Data” is collected or generated and is not associated or linked to Personal Data. Anonymous Data does not identify individual persons.  Centrify de-identifies and aggregates data so the data cannot be traced to you or your device.

Use of Information Collected

The Company uses Data about Centrify Customers and Data about Centrify Attendees to perform the services requested. For example, if you fill out a 'Contact Me' Web form, the Company will use the information provided to contact you about your interest in Software and Services.

The Company also uses Data about Centrify Attendees to plan and host corporate events and host online web seminars in which event attendees may participate. The Company may also use Data about Centrify Customers and Data about Centrify Attendees for marketing purposes. For example, the Company may use information you provide, or information provided by partner referrals, to contact you to further discuss your interest in Software and Services and to send you information regarding the Company, its affiliates, and its partners, such as information about promotions or events.  

We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the information below.

Centrify uses Web Site Navigational Information to operate and improve the Company's Web sites. The Company may also use Web Site Navigational Information alone or in combination with Data about Centrify Customers and Data about Centrify Attendees to provide personalized information about the Company.

The Company uses Data about Centrify Customers to gather statistics to enhance Software and Services, to provide technical support and for license enforcement. Centrify does not share Data about Centrify Customers.  Centrify may share Anonymous Data with business partners for use for their business purposes.

Opt-Out  

If at any time after registering for Software or Services you change your mind about receiving information from us, please send us a request specifying your new choice. Simply send your request to privacy@centrify.com. Centrify will respond to your request within at most 30 days from the date of your request.

We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and will only contact you in relation to these items.

For additional information about opting out of Centrify marketing emails and newsletters, please see 'Communication Preferences'.

For additional information about correcting or updating your information, please see section 10.

Cookies and other Tracking Technologies

Centrify uses cookies and other tracking technologies such as beacons, tags and scripts, to make interactions with the Company's Web sites easy and meaningful. When you visit one of the Company's Web sites, Centrify's (or one of our third parties service provider’s) servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to Centrify, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a 'Contact Me' or a 'Centrify Express Registration' Web form), you remain anonymous to the Company.

Centrify uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. We use session cookies to make it easier for you to navigate our Web site. Users can control the use of cookies at the individual browser level. Please note that if you disable your Web browser's ability to accept cookies, you not will be able to use the Company's Support Portal (the knowledge base, case tracking and other features of the Online Support Portal require that you set your browser to accept cookies) and you will not be able to successfully use the Company's Services. These cookies are not used to store personal data such as a username and password. Persistent cookies remain on your computer after you close your browser or turn off your computer. We employ persistent cookies as explained in the subsequent section regarding “3rd Party Tracking.”

Web Beacons

We employ a software technology called clear gifs (a.k.a. Web Beacons), that help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We do not tie the information gathered by clear gifs to our customers' personal data.

3rd Party Tracking

The use of tracking technologies by our service providers, technology partners or other 3rd party assets (such as social media buttons) on the site is not covered by this Privacy Statement. These 3rd parties may use cookies, clear gifs, tags, images, and scripts to help them better manage their content on our site. We do not have access or control over these technologies. We do not tie the information gathered to our Customers' or Users' personal data.

Analytics

As is true of most web sites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and clickstream data. We use this information, to analyze trends, to administer the site, to track users' movements around the site and to gather demographic information about our user base as a whole. Some of this information may be linked to personal data.

Local Storage Objects (HTML5)

We use Local Storage such as HTML5, to store content information and preferences. Third parties with whom we partner to provide certain features on our website or to display advertising based upon your web browsing activity also use Local Storage, such as HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5.

Behavioral Targeting / Re-Targeting

Centrify partners with a third-party ad network to manage our advertising on other sites. Our ad network partner uses cookies and Web beacons to collect non-personal data about your activities on this and other Web sites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

Community Forums

Centrify provides community forums on the Company's Web sites. Any personal data you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. Centrify is not responsible for the personal data you choose to submit in these forums. To request removal of your personal data from our blog or community forum, contact us at privacy@centrify.com. In some cases, we may not be able to remove your personal data, in which case we will let you know if we are unable to do so and why.

Sharing of Information Collected

We will share your personal data with third parties only in the ways that are described in this Privacy Statement. We do not sell your personal data to third parties.

Service Providers

Centrify may share Data About Centrify Customers and Data About Centrify Attendees with the Company's contracted service providers so that these service providers can provide services on our behalf, such as administering email services. Centrify may also share Data about Centrify Customers with the Company's service providers to ensure the quality of information provided. These companies are authorized to use your personal data only as necessary to provide these services to us.

Business Partners

From time to time, Centrify may partner with other companies to jointly promote Software or Services. If you register interest in a jointly promoted Software or Service from Centrify, the Company may share Data about Centrify Attendees collected in connection with your expression of interest with our joint event or promotion with partner(s). Centrify does not control our business partners' use of the Data about Centrify Attendees we collect, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to express interest in a jointly offered product or service. Centrify does not share Data about Centrify Attendees with business partners unless: (1) you specifically opt in to such sharing via an event registration form; or (2) you attend a Company event and have your attendee badge scanned by a business partner. If you do not wish for your information to be shared in this manner, you may choose not to opt in via event registration forms and elect not to have your badge scanned at Company events. If you choose to share your information with business partners in the manners described above, your information will be subject to the business partners' respective privacy statements.

Compelled Disclosure

Centrify reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company's rights, protect your safety or the safety of others, investigate fraud and/or to comply with a judicial proceeding, court order, legal process or other governmental authority; provided, however, that unless prohibited by law, Centrify will use its reasonable efforts to give you notice to enable you to seek a protective order or take other appropriate action.

Privacy and Children

Centrify web sites do not offer information intended to attract children. Centrify does not knowingly solicit personal data from children under the age of 13.  

Communications Preferences

Centrify offers Customers and Attendees who provide contact information a means to choose how the Company uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the 'unsubscribe' link located on the bottom of the Company's marketing emails and newsletters. Customers cannot opt out of receiving transactional emails related to their account associated with Software and Services purchased that are required for support and maintenance of the Centrify products.

Correcting and Updating Your Information

Upon request Centrify will provide you with information about whether we hold any of your personal information. Customers may update or change their registration information by editing their user record. To update a user profile, please login to http://www.centrify.com/support with your Centrify username and password and click 'Manage Accounts.' If you wish to have your user account deactivated, cancel your account and/or have your personal data removed from our system, please contact us using the information below. Data about Attendees and Billing Information may be updated, changed or removed; you can do so by contacting privacy@centrify.com or by regular mail addressed to:

Centrify Corporation
Attn: Privacy
3300 Tannery Way
Santa Clara, CA 95054

Centrify will respond to your correction or update request within at most 30 days from the date of your request.

We will retain your Billing Information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Customer Data

Centrify Customers may electronically submit information for Software and Services ('Customer Data'). Centrify will not share, distribute, or reference any such Customer Data except as provided in the Centrify End User License and Services Agreement (‘EULA’), the Centrify Software License and Services Agreement (‘SLSA’), a similarly executed Customer software licensing or services agreement, or as may be required by law. In accordance with the EULA or the SLSA, Centrify may access Customer Data (other than Anonymous Data) only for the purpose of providing Software and Services, preventing or addressing service or technical problems, license enforcement and at a Customer's request in connection with other customer support matters, professional services, or as may be required by law.

Information Related to Data Collected through the Centrify Services

Centrify collects and processes 3rd party personal data under the direction of our customers and only to provide the Centrify Services the Customer has agreed to. We have no ownership of this information or any direct relationship with individuals whose personal data may be processed as part of providing our Service. If you are a customer of one of our customers and would no longer like to be contacted by one of our customers that use our service, please contact the customer that you interact with directly. Centrify may transfer personal data to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.

Centrify acknowledges that you have the right to access your personal information. An individual who seeks access, who seeks to correct, amend, delete inaccurate data should direct his/her query to the Centrify customer they interact with directly (the data controller). If a Centrify customer requests that we remove personal data on their behalf, we will respond to their request within 30 days.

Centrify will retain personal data we process on behalf of our customers for as long as needed to provide services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Security

The security of our visitors, attendees and customer’s personal data is important to us. Centrify uses robust security measures to protect Customer Data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of Customer Data. When the Services are accessed over the Internet (from a browser or Centrify supplied on-premise software) Transport Layer Security (TLS) technology protects Customer Data using both server authentications for data-in-transit and data encryption of Customer Data stored at rest in Centrify Services. These technologies are intended to ensure that Customer Data is safe, secure, and only available to the Customer to whom the information belongs and those to whom the Customer has granted access using unique encryption keys. Centrify hosts its Services in a secure server environment that uses firewalls, intrusion detection systems, and other advanced technology designed to prevent interference or access from outside intruders. No method of transmission over the Internet, or method of electronic storage, however, is 100% secure. Therefore, we cannot guarantee or warrant its absolute security. If you have any questions about security, you can contact us at privacy@centrify.com. Customers are responsible for maintaining the security and confidentiality of their Centrify usernames and passwords.

Acquisitions

As Centrify continues to develop its business, it may sell or purchase assets or undergo corporate reorganizations such as mergers. If another entity acquires Centrify or all or substantially all of Centrify's assets, Customer Information and any other information that Centrify has collected about Customers will be transferred to such entity as one of the transferred assets. You will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

Processing Data Outside of European Economic Area ('EEA')

Given that Centrify is an international business, Centrify's use of Customer information necessarily involves the transmission of data on an international basis (including the United States and countries outside the EEA). Centrify may store, process and/or transfer personal data to countries outside of the EEA, especially to servers in the United States. The transfer of such data will be in compliance with local legislation for the cross-border transfer of data, where applicable. If you do not agree to this procedure you should not use Software and Services. By using Software and Services, you consent to Centrify's transferring your information to countries outside your own and the EEA, if necessary, for the business purposes as outlined above.

You have a right to see the personal data held by Centrify about you. If you wish to obtain a copy of particular information about you, or if you become aware the information we hold is incorrect and you would like to correct it, please send an e-mail to privacy@centrify.com.

Changes to this Privacy Statement

We may update this Privacy Statement to reflect changes to our information practices. Centrify reserves the right to change this Privacy Statement. Centrify will provide notification of the material changes to this Privacy Statement to Visitors or our customers by email (sent to the e-mail address specified in your account) at least thirty (30) business days prior to the change taking effect. We encourage you to periodically review this page for the latest information on our privacy practices.

Contacting Us

Questions regarding this Privacy Statement or the information practices of the Company's Web sites should be directed to privacy@centrify.com.

Centrify Corporation
3300 Tannery Way
Santa Clara, CA 95054
+1 (669) 444-5200

This Privacy Statement was last modified on 9/21/2016