Last Updated Date:
- Opening tickets
- Adding comments to existing tickets
- Adding attachment(s) to tickets
- Being authenticated to use the Solutions
- Uploading credentials for application event monitoring
- Obtaining configuration information, reports, and metrics related to the operation of the Solutions within your environment
Customer InformationEach User is responsible for the quality, integrity, reliability, and appropriateness of Customer Information submitted in the Customer Portal and Solutions and must comply with terms contained in the applicable Arctic Wolf Master Solutions Agreement or, in the case of an MSP, by the terms of the applicable Arctic Wolf Master Partner Agreement. The information we may collect from you while using the Customer Portal and Solutions (the “Customer Information”) includes:
Customer Information Obtained via the Customer PortalThe types of Customer Information we collect about Users of the Customer Portal includes:
1) Corporate or Employee Information
Customer Portal Users experiencing issues relating to the Solutions may submit support tickets via the Customer Portal. In the course of your creation of support tickets and our provision of support services, you may provide corporate or employee information that assists us with the definition and resolution of issues.
2) Uploaded Credentials
Customer Portal Users may upload their credentials (such as names, email addresses, phone numbers, usernames, passwords, IP addresses, geolocation data, and device ID identifiers).
Customer Information Obtained via the SolutionsWhen using the Solutions, the Solutions may collect, and/or you may choose to submit to us, the following:
1) System Data
The Solutions, depending on their set up and deployment in your environment, may collect log data from various sources, including your:
- data center,
- infrastructure in the cloud,
- on-premises infrastructure, and
- remote endpoints.
2) Uploaded Credentials
Solutions Users may be required to upload their credentials (such as names, email addresses, phone numbers, usernames, passwords, IP addresses, geolocation data, and device ID identifiers).
How We Use the InformationWe use Customer Information for the following purposes:
1) Support Ticket Management and Resolution
Support tickets are the primary medium that Users and the Concierge Security™ engineers (CSEs) use to communicate issues or requests over the use and improvement of the Solutions. Both parties can comment and provide more information in a support ticket until the issue/request is resolved. The CSEs use a ticketing system to communicate security alerts to Users allowing the Users to respond and see the status of the alert until it is closed.
2) Provision of the Solutions
System Data and uploaded credentials are integral to the functionality of our Solutions. This Information is used to provision the Solutions to you and to monitor and detect security and threat incidents within your network of connected applications and systems. Uploaded credentials can be viewed and managed by Users, including your MSP, and—to a limited extent—may be accessed and viewed by Arctic Wolf employees for support ticket issue resolution. Based on your environment and configuration, Users can upload credentials in the Solutions and/or Customer Portal to:
- configure the Solutions, and to monitor cloud infrastructure resources to detect access and misuse of a User’s networks, resources, and application instances;
- monitor SaaS applications to detect malicious activities and potential data exposures in cloud-based applications; and
- monitor security events related to user single sign-on and malicious endpoint activity for security providers.
Arctic Wolf may use your Customer Information for business purposes of communicating with you about Solutions in which you may be interested, updating you about changes to our terms and conditions, sending you general information about Arctic Wolf and its business, or other similar types of business purposes.
4) Improve the Customer Portal and Solutions
Arctic Wolf may aggregate and anonymize your Customer Information to create our own intellectual property. Such aggregated/anonymized data is owned by us and may be used to improve the Solutions, as well as for any other business purpose.
How We May Share the InformationWe do not share, distribute, use, disclose, review, transfer, or reference any Customer Information except as set forth herein, as expressly permitted in writing by the User, as needed by an MSP to perform services for its end users, or as required or permitted by law. Additional information about our confidentiality and security practices with respect to Customer Information is available on our Information Security Overview page.
We may share Customer Information only in the manner described below. We do not control, however, how you or your third party service providers, collect, uses, shares or discloses Customer Information.
We may share or disclose Customer Information in the following ways:
- When changing our business structure
In the event of a proposed or completed merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets, similar transactions or proceedings, or steps in contemplation of such activities, Customer Information held by us may be among the assets transferred to the buyer or acquirer;
- When conducting our business operations
We may use third party service providers and tools to provide services on our behalf, including billing, customer ticketing and collaboration, internal support ticketing, access and identity management, cloud hosting, customer relations management, marketing and advertising, Solution improvement projects, etc. Our service providers are only provided with information they need to perform their designated functions and are not authorized to use or disclose personal information for their own marketing or other purposes. Our service providers may be located in the U.S., Canada or other foreign jurisdictions;
- To comply with laws
We and our affiliates or service providers in the U.S. or other jurisdictions may disclose Customer Information to comply with applicable legal or regulatory requirements (which may include lawful access by U.S. or foreign courts, law enforcement or other government authorities) and to respond to lawful requests by public authorities, including to meet national security, law enforcement requirements, court orders and legal processes;
- To protect rights and safety
To protect and defend the brand, rights, property and safety of Arctic Wolf Networks, Inc. and its affiliates, Arctic Wolf customers, including enforcing contracts or policies, or in connection with investigating and preventing fraud.
SecurityThe security of Customer Information is important to us. We maintain appropriate administrative, physical, and technical safeguards to help protect the confidentiality and integrity of Customer Information, during transmission and once it is received. However, we cannot guarantee that hackers or unauthorized personnel will not gain access to Customer Information, despite our best efforts. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Customer Information, we cannot guarantee its absolute security. Customer Portal Users are responsible for protecting themselves against unauthorized access to passwords, private keys and computers, and unauthorized disclosure, alteration, and destruction of Customer Information. To learn more about our Security practices, please refer to Information Security Overview.
Location of DataAll Customer Information uploaded to the Customer Portal and the Solutions may be stored within the Amazon Web Services environment, or such other third party cloud service provider(s) selected by us, within the U.S., however, Customer Information may be accessed by employees, including non-US citizens, outside of the U.S.
International Transfer of DataYour personal information may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We ensure that the recipient of your personal information offers an adequate level of data protection, for example, by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of personal information as approved by the European Commission (as described in Article 46 of the General Data Protection Regulation), or we will ask you for your prior consent to such international data transfers.
If you submit personal information about an individual (i.e., your employees, personnel, account administrators, authorized resources, etc.) in connection with the use of Arctic Wolf’s Customer Portal or Solutions, you represent that you have obtained the requisite consent and/or provided appropriate notifications, as required under applicable privacy laws, including such consent and/or notifications as may be required for the transfer of personal information outside of Canada.
- Privacy Rights
Subject to limited exceptions under applicable law, Users may have the right to access, update and correct inaccuracies on their Customer Information. To exercise these rights, please submit a request by emailing firstname.lastname@example.org or you may also call (888) 286-6726. Please be as specific as possible in relation to the Customer Information you wish to access. Once Arctic Wolf receives your request, Arctic Wolf will review it, determine whether Arctic Wolf can verify your identity, and process the request accordingly. If Arctic Wolf needs additional information to verify your identity, Arctic Wolf will let you know.
Please be advised that ifArctic Wolf acts as data processor/service provider to process personal information, we do so on behalf of our Customer or Authorized Partner under the terms of a Master Solution Agreement, Master Partner Agreement or similar agreement, and the information you have requested therefore is under the control of such Customer or Authorized Partner. Accordingly, we will direct your request for access or related inquiry to our Customer or Authorize Partner, as applicable, and will assist our Customer or Authorized Partner to respond to your request as per our Customer’s or Authorized Partner’s instructions and in accordance with the terms of our agreement.
Subject to legal and contractual restrictions, you may wish to withdraw your consent to our further collection, use and disclosure of your personal information upon request. Again, when we act as data processor/service provider to our Customer or Authorized Partner and process your personal information on behalf of such party, we will direct your inquiry to our Customer or Authorized Partner and will assist them in the response to your request as per our Customer’s or Authorized Partner’s instructions and in accordance with the terms of our agreement.
If you have any questions or complaints about our handling of Customer Information including personal information, or rights with respect to the foregoing, please contact us at email@example.com, and we will address your complaint, and otherwise further advise you of any rights you may have to complain to the relevant privacy commissioner(s).
California Consumer Privacy ActThe California Consumer Privacy Act (“CCPA”), which is effective as of January 1, 2020, regulates how Arctic Wolf handles personal information of California residents and gives California residents certain rights with respect to their personal information.
Information Arctic Wolf May Collect:
We may collect the following categories of information:
- Corporate or employee information that you may provide to Arctic Wolf
- Uploaded Credentials – such as names, email addresses, phone numbers, usernames, passwords, IP addresses, geolocation data and device ID identifiers
- System Log Data that may include personal information you elect to provide to us
- provide you with support on the Solutions,
- deliver the Solutions to you,
- protect Arctic Wolf (including the Solutions) and its customers,
- communicate with you regarding our Solutions and terms and conditions,
- conduct internal marketing activities, and
- improve our Solutions.
Arctic Wolf does not sell personal information of any individual, including personal information of minors under 16 years of age.
Arctic Wolf engages certain trusted third parties to perform functions and provide services to us, including auditing, marketing, hosting and maintenance, error monitoring, debugging, performance monitoring, and other short term uses. We may share your Customer Information with these third parties, but only to the extent necessary to perform these functions and provide such services. We require these third parties to maintain the privacy and security of the Customer Information they process on our behalf.
|Identifiers (names, email addresses, phone numbers, mailing address)||YES|
|Commercial Information (Solution information)||YES|
Arctic Wolf does not sell your personal information as defined under CCPA.
You may have certain rights with respect to your personal information, including:
- The right to access, including the right to know the categories and specific pieces of personal information Arctic Wolf collects;
- The right to deletion of your personal information, subject to certain limitations under applicable law;
- The right to request disclosure of information collected;
- The right to disclosure of information disclosed for valuable consideration; and
- The right not to be discriminated against for exercising certain rights under California law.
If you would prefer, you may designate an authorized agent to make a request on your behalf.
Arctic Wolf Networks, Inc.
Attn: Information Security and Data Protection Officer
P.O. Box 46390
Eden Prairie, MN 55344