Privacy Policy for Customer Portal Users

Last Updated: 01/02/2019

Purpose

Arctic Wolf Networks, Inc. (“AWN,” “Arctic Wolf,” “we,” “us,” “our,” or the “Company”) and its affiliates are committed to protecting the privacy of Customers who use the Arctic Wolf Customer Portal (the “Customer Portal”). Arctic Wolf MSP Partners (“MSP,” “MSPs”) using the Customer Portal are considered Customers for the purposes of this Privacy Policy.

This Privacy Policy describes the Information we collect at the Customer Portal and the manner in which the Information is used to support Arctic Wolf Products and Services.

Scope

This Privacy Policy covers our Customer Portal and Customer Information submitted for the purpose of:

  • Opening tickets
  • Adding comments to existing tickets
  • Adding attachment(s) to tickets
  • Uploading credentials

In addition, Customers* are able to view:

  • Dashboards
  • Configuration parameters
  • Security score

*MSPs are able to view all of the above for Customers assigned to an applicable MSP.

For the purposes of this Privacy Policy:

“Customer” is defined as a customer-assigned resource who has been granted access to the Arctic Wolf Customer Portal or—in the case of a Customer using an Arctic Wolf Product or Service through an official Arctic Wolf MSP Partner—the administrator assigned by the Arctic Wolf MSP Partner.

Roles

In the Customer Portal, Customers can view their data, submit and respond to support tickets, and upload credentials for application event monitoring via the Customer Portal. MSP Partners:

  • have access to view MSP data in addition to assigned MSP Customer data, and
  • have the ability to submit and respond to support tickets and upload credentials for application event monitoring for both MSP data and MSP Customer data.

With respect to such data, Arctic Wolf acts as the data processor.

Information Obtained via the Customer Portal

The types of Information we collect about our Customers:

1) Customer Ticket Data
Customers and MSPs experiencing issues relating to Arctic Wolf Products and Services may submit support tickets via the Customer Portal. Tickets may contain corporate or employee Information that assist in the definition and resolution of issues.

2) Customer Credentials
Customers who have subscribed to the monitoring of their cloud infrastructure, SaaS applications and security services will have to upload credentials of these services in the Customer Portal. The uploaded credentials will be used to provision the AWN CyberSOC™ service and other applicable Arctic Wolf Products and Services, in order to monitor activities of connected applications and services. With the exception of Customers accessing an Arctic Wolf Product or Service through an MSP, these credentials can only be viewed and managed by the Customer and—to a limited extent—to be accessed and viewed by Arctic Wolf’s R&D and Security Services groups for the sole purpose of issue resolution.

Safeguarding your Information requires your cooperation. All Customers are responsible for the quality, integrity, reliability, and appropriateness of Information submitted to the Customer Portal and must comply with terms contained in the applicable Arctic Wolf Customer Services Agreement or, in cases where the Customer has purchased an Arctic Wolf Product or Services through an MSP, by the terms of the applicable Arctic Wolf MSP Agreement.

How We Use the Information

We use your Information for the purpose of providing and improving the Arctic Wolf Products and Services.

1) Customer Support Tickets
Customer tickets are the primary medium that you and Concierge Security™ engineers (CSEs) use to communicate issues or requests over the use and improvement of the AWN CyberSOC™ service and other Arctic Wolf Products and Services. Both parties can comment or provide more information in the ticket until the issue/request is resolved. The CSEs use this ticketing system to communicate security alerts to you where you can respond and see the status of the alert until it is closed.

2) Uploaded Credentials
Based on your environment and configuration, you can upload credentials using the Customer Portal to configure the AWN CyberSOC service, and other Arctic Wolf Products and Services (if applicable), and to monitor cloud infrastructure resources in AWS or Azure to detect access and misuse of your networks, resources, and application instances. AWN CyberSOC, and other Arctic Wolf Products and Services (if applicable), will also monitor SaaS applications to detect malicious activities and potential data exposures in cloud-based applications. Your credentials will also be used to monitor security events related to user single sign-on and malicious endpoint activity for security providers such as Okta and Cylance.

We do not sell, rent, or trade Information entered into the Customer Portal. We do not share, distribute, use, disclose, review, transfer, or reference any Information except as expressly permitted in writing by the Customer, as managed by our MSP partners, or as required by law. We never use your Information or derive information from it for the purpose of marketing or advertising. Additional information about our confidentiality and security practices with respect to your Information is available on our  Information Security Overview page.

How We May Share the Information

We may share Information described in this Privacy Policy only in the manner described below. We do not control, however, how a Customer or a third party related to the Customer shares or discloses Customer Information.

1) Customer Information
We may share or disclose Information in the following ways:

  • When changing our business structure
    In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets, similar transactions or proceedings, or steps in contemplation of such activities, Information held by us may be among the assets transferred to the buyer or acquirer;
  • To comply with laws
    To comply with legal or regulatory requirements and to respond to lawful requests by public authorities, including to meet national security, law enforcement requirements, court orders and legal processes;
  • To protect rights and safety
    To protect and defend the brand, rights, property and safety of Arctic Wolf Networks, Inc. and its affiliates, Arctic Wolf Customers, including enforcing contracts or policies, or in connection with investigating and preventing fraud.

2) Other information
We will not share Information to any business partner or third-party service provider. Information of Customers under our Managed Services Provider (MSP) partners will be administered by these entities.

If you have any questions about your Information or your rights with respect to the foregoing, please contact us at  dataprotection@arcticwolf.com or open a ticket via your Customer Portal.

Security

The security of your Information is important to us. We maintain appropriate administrative, physical, and technical safeguards to help protect the confidentiality and integrity of the Information that our Customers submit via the Customer Portal, during transmission and once it is received. However, we cannot guarantee that hackers or unauthorized personnel will not gain access to Information, despite our best efforts. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Information, we cannot guarantee its absolute security. Customers are responsible for protecting themselves against unauthorized access to their passwords, private keys and computers, and unauthorized disclosure, alteration, and destruction of their Information. To learn more about our Security practices, please refer to  https://arcticwolf.com/informationsecurity/.

Location of Data

All Information uploaded to the AWN Customer Portal is always stored within the Amazon Web Services environment in the U.S.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

Arctic Wolf complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Arctic Wolf has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Arctic Wolf may process some personal data from individuals or companies via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. To learn more about the Privacy Shield program, refer to  https://www.privacyshield.gov/welcome.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Updates to the Privacy Policy will be posted on the www.arcticwolf.com website with an indication of when it has been updated. We encourage you to periodically review this Privacy Policy for any changes.

Additional Information

Questions regarding this privacy policy can be directed to us by sending an email to: dataprotection@arcticwolf.com or by regular mail addressed to:

Arctic Wolf Networks, Inc.
Attn: Information Security and Data Protection Officer
111 West Evelyn Ave., Suite 115
Sunnyvale, CA 94086
U.S.A.