I. Purpose and Scope
Blue Coat Systems, Inc. (“Company”) and its affiliates (Company and its affiliates are collectively referred to as “Blue Coat”) understand and value the importance of individual privacy.
- how his or her Personal Data (defined below) that is transferred to Company in the United States is processed, disclosed and transferred;
- of his or her choices with regard to how such Personal Data will be used or disclosed by Company; and
- his or her other rights with regard to that Personal Data.
This Policy complies with the Safe Harbor Principles as agreed upon by the U.S. Department of Commerce and the European Commission and the U.S. Department of Commerce and Switzerland ("US-EU and US-Switzerland Safe Harbor Principles").
This Policy applies only to the processing of Personal Data that Company receives in the United States from Blue Coat or Customers (as defined below) located in Europe.
This Policy does not cover data (whether or not the data is Personal Data) through which individuals are no longer identifiable, or identifiable only with a disproportionately large expense in time, cost or labor, or data combined with pseudonyms rather than actual names or other identifiable information.
III. Defined Terms
Capitalized terms in this Policy have the following meanings:
- “Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
- “Customer” means a prospective, current or former partner, vendor, supplier, customer, or client of Blue Coat, or a visitor to a Blue Coat website, who is also a resident of a European Union country, or of Iceland, Lichtenstein, Norway or Switzerland. The term “Customer” shall also include any individual agent, employee, representative, customer, or client of a Customer where Blue Coat has obtained his or her Personal Data from such Customer, as part of its business relationship with that Customer.
- “Personal Data” means data that personally identifies a Data Subject or that may be used to personally identify a Data Subject. Personal Data includes Sensitive Data, as well as an individual’s name, country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password and identification numbers. Personal Data does not include data that is encoded or anonymized, or publicly available information not combined with Personal Data.
- “Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition; race or ethnicity; political, religious or philosophical affiliations or opinions; sexual orientation; or trade union membership.
- “Third Party” means any individual or entity that is neither Blue Coat nor a Blue Coat employee, agent, contractor or representative.
IV. Collection and Use of Personal Data
Blue Coat may collect Personal Data: (1) directly or indirectly from Customers; (2) from Third Parties; (3) from Blue Coat affiliates in Europe, or (4) through other means.
A. How and Why We Collect Personal Data
Blue Coat collects the following information from its Customers, which may contain Personal Data:
- Purchase Related Information. In order to process orders and payments, Blue Coat may collect certain purchase-related information, such as billing address, credit card number, and bank account information.
- Contact Information. In order to communicate with Customers regarding orders, requests for information, or for other reasons related to its business relationship with them, or in some instances for marketing or promotional purposes, Blue Coat may collect contact information such as name, type of business/industry, contact person, telephone number, business address, and e-mail address.
- User Registration Information. Blue Coat collects Personal Data from individuals who create a Blue Coat account. As part of the registration process, such individuals are required to provide certain Personal Data, including name, company name, email address, title, location, phone number, industry, role and purchasing time frame. Blue Coat may use such Personal Data for several purposes, including to inform individuals about products, seminars and services Blue Coat believes may be of interest and to contact individuals as necessary.
- Inquiry Related Information. Blue Coat may collect contact information, business- related information, and other information in order to respond to inquiries made by Customers that contact it via phone or email, or through its website.
- Other Information. Blue Coat collects information in the course of conducting its business operations and in furtherance of its legitimate business interests that may lead to the incidental collection of Personal Data.
In its capacity as a service provider, Blue Coat may also receive, store and/or process Personal Data owned and/or controlled by a Customer, including information about a Customer’s employees, clients, customers or other individuals. In such cases, Blue Coat is acting in its capacity as a data processor and will process the Personal Data of its Customer only on behalf of and under the direction of the Customer (and its designees).
B. How We Use Personal Data
- to process orders and payments;
- to deliver goods and provide services;
- to provide technical support or customer service to Customers;
- to communicate with Customers;
- to assess and improve the quality of its website, products, services and business operations;
- to satisfy governmental reporting and tax requirements;
- to satisfy security, health, and safety concerns;
- to plan and implement potential acquisitions and mergers; and
- for other business-related purposes permitted or required under applicable local laws and regulations.
V. Disclosures/Onward Transfers
A. Personal Data
Except as otherwise provided herein, Blue Coat discloses Personal Data only to Third Parties who reasonably need to know such data for a legitimate business purpose of Blue Coat. Such recipients must agree to abide by confidentiality obligations.
Blue Coat may also provide the Personal Data of Customers to Third Parties who act as agents to perform tasks on behalf of and under the instructions of Blue Coat. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by Blue Coat and they must either: (1) represent that they comply with the US-EU and US-Switzerland Safe Harbor Principles or another mechanism permitted by the EU Data Protection Directive for transfers and processing of Personal Data; or (2) agree to provide adequate protections that are no less protective than those set out in this Policy. Blue Coat may allow exceptions to this Policy, permitting Personal Data to be disclosed, when a Data Subject has consented to the disclosure.
B. Sensitive Data
As a matter of policy, Blue Coat does not disclose Sensitive Data to any Third Party. Likewise, Blue Coat does not use Sensitive Data for any purpose other than: (1) for the purpose for which it was originally provided, (2) for a purpose expressly consented to by the Data Subject, or (3) for a purpose expressly described below.
Blue Coat may disclose Sensitive Data (and Personal Data) without prior express consent if such data is manifestly made public by the Customer, or where such disclosure or use: (1) is in the vital interests of the Customer, or another person; (2) is necessary for the establishment of legal claims or defenses, to obtain legal advice, or for the purposes of establishing, exercising or defending Blue Coat’s legal rights; (3) is required to provide medical care or diagnosis; (4) is necessary to carry out Blue Coat’s obligations under applicable employment or other laws; or (5) as otherwise required by law.
VI. Confidentiality and Security of Personal Data
Blue Coat uses reasonable physical, administrative and technical safeguards designed to secure Personal Data and to prevent unauthorized access to such Personal Data. For example, all electronically stored Personal Data is stored on a secure network with monitored firewall protection. Access to Blue Coat’s electronic information systems requires user authentication via password or similar means. Additionally, all physical media (such as back up tapes and paper files) are physically secured.
Despite these precautions, no data security safeguards are foolproof. Although this may be unlikely, identity thieves, hackers and other unauthorized individuals may find ways to obtain Personal Data. If Blue Coat learns that any Personal Data was obtained without authorization and that there is a risk of fraud or identity theft, Blue Coat will notify the affected Data Subject(s) and take steps to mitigate harm.
VII. Right to Access, Change or Delete Personal Data
Upon reasonable request and to the extent the request does not compromise the protections set forth in this Policy, Blue Coat allows European individuals reasonable access to their own Personal Data. Individuals may request that Blue Coat correct, amend or delete Personal Data where it is inaccurate. Blue Coat will grant such requests, except where doing so would cause unreasonable burden or expense, or pose a risk to such individual’s privacy. If you wish to access, change, or delete your Personal Data held by Blue Coat, please send a request via mail or e-mail to:Director of Intellectual Property, Legal
Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
Blue Coat will endeavor to respond in a timely manner to all reasonable requests.
VIII. Data Integrity
Blue Coat will use reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate.
IX. Changes to this Policy
This Policy may be amended from time to time, consistent with the US-EU and US-Switzerland Safe Harbor Principles and applicable data protection and privacy laws and principles. Changes to the Policy will be posted on Blue Coat’s website. You should check the Blue Coat website regularly for any changes to this Policy. We will also notify you if we make changes that materially affect the way we handle Personal Data previously collected.
X. Questions or Complaints
You may contact Blue Coat with questions or complaints concerning this Policy at the following address:Director of Intellectual Property, Legal
Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
XI. Enforcement and Dispute Resolution
As part of Blue Coat’s annual Safe Harbor re-certification process, Blue Coat will periodically review this Policy for accuracy, as well as for conformity with the US-EU and US-Switzerland Safe Harbor Principles and applicable data privacy and protection laws. If you have any questions, complaints or disputes regarding the manner in which Blue Coat handles or protects your Personal Data, please contact Blue Coat’s Director of Intellectual Property (contact information above). Blue Coat will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Policy. Any questions, comments or complaints about the data practices of Blue Coat’s Customers for which Blue Coat processes Personal Data should be addressed to that Customer.
Any complaints related to this Policy or Blue Coat’s compliance with the US-EU and US-Switzerland Safe Harbor Principles that cannot be resolved through Blue Coat’s internal process shall be subject to the TRUSTe Dispute Resolution Requirements. To raise a complaint that cannot be resolved through Blue Coat’s internal process you may contact TRUSTe by clicking here, by fax at 415- 520-3420, or by mail at Watchdog Complaints, TRUSTe, 55 2nd Street, 2nd Floor, San Francisco, CA, USA 94105. If you are faxing or mailing TRUSTe to lodge a complaint, you must include the following information: the name of company, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaints shared with Blue Coat. For information about TRUSTe or the operation of TRUSTe’s dispute resolution process, please visit TRUSTe or request this information from TRUSTe at any of the addresses listed above. The TRUSTe dispute resolution process shall be conducted in English. In the event that Blue Coat or TRUSTe conclude that Blue Coat did not comply with the Policy, Blue Coat will take appropriate steps to address any adverse affects and effect future compliance.
To the fullest extent allowed by applicable law, Blue Coat retains sole and absolute discretionary authority to handle all questions relating to the administration, interpretation and application of this Policy. This authority includes interpreting the terms of this Policy, including any disputed or ambiguous terms.