đŸ”’đŸ€– The Next Step in GitGuardian’s Approach to NHI Security

3
DISCOVER

đŸ”’đŸ€– The Next Step in GitGuardian’s Approach to NHI Security

3
DISCOVER

Client, Partner and Prospect Privacy Notice

Forward arrow

Back to GitGuardian legal

Table of Contents

  1. Placeholder Link
  2. Placeholder Link

Client, Partner and Prospect Privacy Notice

Last updated on 22 May 2024

Dear Client, Partner or Prospect,

At GitGuardian, we care about your privacy and are committed to protect your Personal Data in accordance with all applicable data protection laws and regulations. 

This Privacy Notice (the “Notice”) gives you information about how GitGuardian SAS and GitGuardian Inc. (collectively referred to as “GitGuardian”, “we”, “our”, “us”) collect Personal Data about its clients, partners, suppliers, visitors, vendors, prospects or any third parties (“you” or “your”) with whom we may interact for business purposes, and how and why we use that Personal Data in the course of our business relationship management and event organization.

Please carefully read and fully understand this Notice before submitting your Personal Data to us.

The Notice explains: 

  1. Personal Data we collect
  2. Use of your Personal Data
  3. Legal bases we rely on to process your Personal Data
  4. How we share your Personal Data
  5. How we safeguard your Personal Data
  6. How long we keep your Personal Data
  7. How your Personal Data is transferred internationally
  8. How you can exercise your data subject rights
  9. Cookies
  10. Update of the Notice
  11. Contact us

Please note that this Notice covers all cases where we interact with external third parties with a business purpose, either before or after entering into a business agreement, and where we are the controller of any Personal Data about your business or employees that you choose to give us. This excludes any Personal Data that you specifically ask us to process as part of the services GitGuardian may provide as data processor.

The provision of your Personal Data is necessary in order to process your data with regard to our business relationship management. If you do not provide your Personal Data, we might not be able to manage such a relationship or business agreement.

If you are a California resident, our Notice will provide specific provisions applicable to you as follows:

  • A list of additional types of Personal Data that may be collected in Section 1 ‘Personal Data we collect’;
  • The purpose(s) for which the categories of information are collected and used is in Section 3 ‘Legal bases we rely on to process your Personal Data’
  • In Section 4 ‘How we share your Personal Data’, we explain how we share your Personal Data
  • Our retention period explanation is in Section 6 ‘How long we keep your Personal Data’
  • Your rights regarding your Personal Data are detailed in Section 8 ‘How you can exercise your data subject rights’

Identity and contact details of the Data Controllers

GitGuardan SAS is a company headquartered in France, at the registered address 54 rue de Seine 75006 Paris, France, with a US affiliate, GitGuardian Inc., based at 185 Alewife Brook Parkway Ste 210 Cambridge MA 02138.

When we say “GitGuardian” we’re referring to the GitGuardian entities that control and are responsible for your Personal Data.

1. Personal Data we collect

For the purpose of this Notice, “Personal Data” refers to the information that identifies, relates to, and describes or is reasonably capable of being associated with or being linked (directly or indirectly) to you.

In connection with the purposes mentioned above, we may collect, use and store Personal Data, either:

  • directly from you when you voluntarily supply information to us, or 
  • Indirectly by the legal entity that appointed you as point of contact;
  • from third parties with your approval: either from third parties to which you gave consent to share your data or publicly available information
Type fof Personal Data Examples
Identification and contact information Full name, email address, physical address, telephone number
Marketing and event information Contact history, interactions and communications, events, company information and materials (e.g. blog posts) provided, contact preferences, purchase and service preferences, photos and videos if any
Commercial information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Relationship management information Communication and meetings, references, professional experience, complaints, feedbackPublicly available informationInformation from your LinkedIn or Github’s profile

Regarding sensitive information, please note that we do not collect or process Personal Data that reveals your government identifiers, financial accounts, racial or ethnic origin, religious, political or philosophical beliefs, genetic data, biometric data, trade union membership, or information about your health/sex life/sexual orientation (“Sensitive Personal Data”).

Applicable only to US residents:

Depending on how you interact with us, the following categories of Personal Data may be collected and disclosed in the preceding 12 months:

  • Identifiers, including name, email address, and telephone number;
  • Audio, electronic, visual, or similar information, including photographs;
  • Professional or employment-related information; 
  • Internet or other similar network activity;
  • Commercial information.

We do not infer characteristics using Sensitive Personal Data, and do not use Sensitive Personal Data beyond the limited business purposes permitted by local laws, including the California Consumer Privacy Act.

2. Use of your Personal Data

We only use your Personal Data in order to:

  • Provide you with information that you have requested;
  • Initiate and complete commercial transactions with you or the legal entity that you represent for the purchase of products and/or services;
  • Fulfill a contract we have entered with you or your entity;
  • Provide access to our products and services and deliver the ones you request;
  • Manage our third parties relationships;
  • Manage marketing activities and for research purposes;
  • Organize meetings and networking events;
  • Develop resource plans for business requirements;
  • Manage mutual business communications;
  • Investigate complaints and issues if any.

3. Legal bases we rely on to process your Personal Data

We process your Personal Data based on: 

Purposes Legal bases
Third party relationship management
  • - Managing requests from clients on work, invoicing clients, investigating complaints and other issues, To provide appropriate information about products and services on request;
  • - Delivery of products or services;
  • - To manage invoice transactions for products and services with clients.
  • - Our legitimate interest in establishing and/or maintaining a commercial relationship with you, the company or business to which you belong, or to respond to your requests or questions
  • - Contractual agreement
Marketing and Communication
  • - Personal contact information as provided through website forms or at events or via any social media platforms, while accessing information on our blogs, white papers etc.
  • - To keep you informed of news, updates and other information related to our business and that of other companies in our group.
  • - To invite you to our events
  • - Our legitimate interest to inform you, as our customer or partner, of products, solutions, services and offers that may be of interest to you, to send you invitations to participate in GitGuardian’s activities or events, to share market research with you, to send you marketing or sales promotion activities, or to send you customer satisfaction surveys (Please note that You may object at any time to the use of your Personal Data for marketing purposes. For further details, please see Section 8 ‘How you can exercise your data subject rights?’)
  • - Your consent to receive commercial information, if you are not yet our partner or customer and your Personal Data have been collected through our collection forms on our websites
Monitoring and examining compliance
  • - Development of repositories with respect to the Personal Data of all clients, vendor management and business development;
  • - Determining eligibility of vendors and others including verification of references and qualifications and other background screening checks;
  • - Managing, monitoring and investigating compliance with all relevant legal, regulatory and administrative obligations and responsibilities
  • - Our legal obligations as a business entity; in cases where our client is a natural person, we use your Personal Data to investigate and prevent fraud or misconduct and to protect our economic interests.
  • - Our legitimate interest for monitoring compliance with regulatory obligations.
  • - Comply with any of our legal and regulatory requirements;
    •  
  • - Having evidence in case a legal claim is pursued by you.
  • - Our legal obligation: in order to comply with statutory and/or regulatory requirements and obligations, such as equality and immigration legislation, your data may also be used in investigations or as needed in legal proceedings

4. How we share your Personal Data

We do not sell your Personal Data to third parties. We also do not share your Personal Data to third parties for cross-context behavioral advertising. 

Internally, your Personal Data will be shared, on a need-to-know basis, with the teams that will work with you.

With regard to external third parties, we endeavor to take appropriate steps to ensure that any third party who receives your Personal Data is bound to maintain its confidentiality. 

GitGuardian may share your Personal Data with:

  • Suppliers, subcontractors, and service providers, to maintain an efficient and commercially viable business;
  • Professional advisors and consultants, legal advisors and external auditors for legal advice and to conduct business audits;
  • Administrative or judicial entities: There may be instances where we are obligated by law to share your Personal Data with administrative agencies or public bodies, such as labor authorities, courts, or law enforcement agencies. 

The third parties with whom we share your Personal Data may in some instances independently determine the purposes and uses of your Personal Data (e.g. legal advisers and external auditors); in such cases, the recipient’s own privacy policy will govern their use of your Personal Data.

5. How we safeguard your Personal Data

GitGuardian has implemented and continues maintaining all appropriate technical and organizational measures to protect your Personal Data and ensure the confidentiality, integrity, availability and resilience of all our processing systems and services. We aim to continuously improve our physical, digital and procedural safeguards to prevent any unauthorized access, disclosure, use, modification, damage or loss of your Personal Data.  

6. How long we keep your Personal Data

Unless otherwise required or permitted by applicable laws and regulations, we endeavor not to retain your Personal Data for longer than it takes to complete the legitimate purpose/interests for which it was collected.

This generally means that:

  • We will retain copies of your Personal Data in a form that allows for identification only for as long as:some text
    • We maintain an ongoing relationship with you; 
    • Your Personal Data are necessary in connection with the purposes set out in this Privacy Notice and we have a valid legal basis
  • Data collected when you request information or when you contact us is kept for two (2) years from our last contact, unless you object;
  • Data collected for commercial purposes is kept for two (2) years from our last contact, unless you object;
  • Data collected when you exercise your rights relating to your Personal Data is kept for 5 years in intermediate storage from the time the request is closed;
  • Some Data may be kept at the latest 10 years after collection unless longer retention is required for other valid reasons such as compliance with legal obligations, to resolve disputes or enforce contracts.

Where applicable and for specific Personal Data, as long as needed to comply with any applicable laws or for the establishment, exercise, or defense of a legal challenge related to our business relationship.

7. How your data is transferred internationally

We may share your Personal Data with our US office, which is located outside of the EEA, in the US. This international transfer of your Personal Data is covered by Standard Contractual Clauses approved by the European Commission, as provided for in Article 46 of the RGPD. If you would like to have access to these Standard Contractual Clauses, please contact us as per Section 11 ‘Contact Us’.

Prior to any sharing with third parties as defined in Section 4, all of our third party recipients are required to take appropriate security measures to protect Personal Data in accordance with our policies. We only allow them to process your Personal Data for specific purposes and in accordance with our instructions and, where applicable,  we have taken suitable measures to ensure that your Personal Data is transferred in accordance with applicable data protection law, including, for example, to countries that adequately safeguard Personal Data as approved by the European Commission, or for the transfer of Personal Data to a third country by adopting the standard data protection clauses adopted by the Commission in accordance with Article 46 of the GDPR. 

Further information about the appropriate safeguards may be obtained by contacting us at legal@gitguardian.com.

8. How you can exercise your data subject rights

In accordance with applicable laws and regulations, you have the following rights to your Personal Data:

Your rights Description
Right of access (art. 15 GDPR) You can request a confirmation as to whether or not your Personal Data is processed and you can, where applicable, receive a copy of your Personal Data.
Right of rectification (art. 16 GDPR) You can have your inaccurate Personal Data corrected and incomplete Personal Data completed
.Right of erasure (art. 17 GDPR) You can have your Personal Data erased under certain conditions.
Right to restrict processing (art. 18 GDPR) You can require us to restrict processing your Personal Data under certain conditions.
Right of portability (art. 20 GDPR) You can receive certain Personal Data that you provided in a machine-readable format under certain requirements.
Right to object (art. 21 GDPR) You can object to the processing of your Personal Data for certain purposes such as direct marketing.
Withdraw consent (art. 7 GDPR) You can withdraw consent to the processing of your Personal Data.
Right to lodge a complaint (art. 15 GDPR) If you think that the way we process your Personal Data does not comply with applicable data protection laws, you can contact the relevant competent data protection authority. GitGuardian’s lead supervisory authority under GDPR is the French Data Protection Authority CNIL (https://www.cnil.fr/fr/plaintes)
Right to set post-mortem guidelines You may define specific guidelines for the storage, erasure and communication of your Personal Data after your death. These specific guidelines will only concern the treatments implemented by us and will be limited to this perimeter alone.
Profiling We do not carry out any "profiling" activities in connection with decisions that have legal or similar effects of this importance.
Applicable to data subjects of GitGuardian in the state of California, as per the California (“CCPA”): right to non-discrimination You have the right not to receive discriminatory treatment because you have exercised any of your rights under the CCPA

Before we accede to such a request, we may need to verify your identity. To ensure security and traceability, you may be asked to submit a written request. We always ensure we will promptly respond to such requests. 

You can make such a request on our dedicated portal here. 

We may decline to process or limit certain requests under certain circumstances, e.g. if they are manifestly unfounded or excessive, or if they adversely affect the rights and freedoms of others. 

9. Cookies

If you contact us through GitGuardian’s website, please note that your use of any of our services or website is also governed by our general Privacy Policy (https://www.gitguardian.com/legal/privacy-policy) and Cookie Policy (https://www.gitguardian.com/legal/cookie-policy).

10. Update of the Notice

GitGuardian reserves the right to update or change this Notice at any time. You are informed of the date of the last update at the top of this Notice. We will keep the Notice up to date with any changes.

11. Contact us

Should you have any questions or concerns about this Notice or your privacy, please contact us at legal@gitguardian.com.

GitGuardian leads the way in Non-Human Identity security, offering end-to-end solutions from secrets detection in code, productivity tools and environments to strong remediation, observability and proactive prevention of leaks.

Subscribe to our newsletter to receive the latest content and updates from GitGuardian.

By submitting this form, I agree to GitGuardian’s Privacy Policy

Thank you! Your subscription has been registered!
Oops! Something went wrong while submitting the form.
SOC2 Compliance BadgeAWS Partner logo

© %copyright-year% GitGuardian. All Rights Reserved.

LegalPrivacy PolicyPublic Security PolicyCookies