Privacy Policy for Customer Portal Users

Last Updated: 07/12/2018

Purpose

Arctic Wolf Networks, Inc. and its affiliates (“AWN,” “we,” “us,” “our,” or the “Company”) are committed to protecting the privacy of Customers who use the Arctic Wolf Customer Portal (the “Customer Portal”). Arctic Wolf MSP Partners (“MSP” or “MSPs”) using the Customer Portal are to be considered Customers for the purposes of this Privacy Policy.

This Privacy Policy describes the Information we collect at the Customer Portal and the manner in which the Information is used to support the AWN CyberSOC™ service.

Scope

This Privacy Policy covers our Customer Portal and Customer Information submitted for the purpose of:

  • Opening tickets
  • Adding comments to existing tickets
  • Adding attachment(s) to tickets
  • Uploading credentials

In addition, Customers are able to view:

  • Dashboards
  • Configuration parameters
  • Security score

*MSPs are able to view all of the above for Customers assigned to an applicable MSP .

For the purposes of this Privacy Policy we define:

“Customer”—means a customer-assigned resource who has been granted access to the Arctic Wolf Customer Portal or in cases of an Arctic Wolf MSP Partner, the administrator assigned by the Arctic Wolf MSP Partner.

Roles

In the Customer Portal, Customers can view their data, submit and respond to support tickets and upload credentials for application event monitoring via the Customer Portal. MSP Partners will:

  • have access to view MSP data in addition to MSP Customer data
  • have the ability to submit and respond to support tickets and upload credentials for application event monitoring for both MSP data as well as MSP Customer data.

With respect to such data, Arctic Wolf acts as the data processor.

Information Obtained via the Customer Portal

The types of Information we collect about our Customers:

1) Customer ticket data

Customers and MSPs experiencing issues relating to the AWN CyberSOC™ service may submit support  tickets via the Customer Portal.  Tickets may contain corporate or employee information that assist in the definition and resolution issues.

2) Customer credentials

Customers who have subscribed to the monitoring of their cloud infrastructure, SaaS applications and security services will have to upload credentials of these services in the Customer Portal. The uploaded credentials will be used to provision the AWN CyberSOC™ service to monitor activities to connected applications and services. With exception to Customers accessing CyberSOC through a MSP, these credentials can only be viewed and managed by the Customer and to a limited extent, to be accessed by our R&D group for the sole purpose of issue resolution.

Safeguarding your Information requires your cooperation. All Customers are responsible for the quality, integrity, reliability, and appropriateness of Information submitted to the Customer Portal and must comply with the AWN CyberSOC Customer Services Agreement or, in cases where the Customer is a MSP, the AWN MSP Agreement and AWN CyberSOC Customer Services Agreement.

How We Use the Information

We use your Information for the purpose of providing and improving the AWN CyberSOC service.

1) Customer Support Tickets

Customer tickets are the primary medium that you and Concierge Security™ engineers (CSEs) will use to communicate issues or requests over the use and improvement of the AWN CyberSOC™ service. Both parties can comment or provide more information in the ticket until the issue/request is resolved. The CSEs use this ticketing system to communicate security alerts to you where can respond and see the status of the alert until it is closed.

2) Uploaded Credentials

Based on your environment and configuration, you can upload credentials using the Customer Portal to configure the AWN CyberSOC service to monitor cloud infrastructure resources in AWS or Azure to detect access and misuse of your networks, resources and application instances. AWN CyberSOC will also be used to monitor SaaS applications to detect malicious activities and potential data exposures in cloud-based applications. Your credentials will also be used to monitor security events related to user single sign-on and malicious endpoint activity for security providers such as Okta and Cylance.

We do not sell, rent or trade Information entered into the Customer Portal. We do not share, distribute, use, disclose, review, transfer or reference any Information except as expressly permitted in writing by the Customer, as managed by our MSP partners, or as required by law. We never use your Information or derive information from it for the purpose of marketing or advertising. Additional information about our confidentiality and security practices with respect to your Information is available on our Information Security Overview page.

How We May Share the Information

We may share Information described in this Privacy Policy only in the manner described below. We do not control, however, how a Customer or a third-party related to the Customer shares or discloses Customer Information.

1) Customer Information
We may share or disclose Information in the following ways:

  • When changing our business structure
    In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets, similar transactions or proceedings, or steps in contemplation of such activities, Information held by us may be among the assets transferred to the buyer or acquirer
  • To comply with laws
    To comply with legal or regulatory requirements and to respond to lawful requests by public authorities, including to meet national security, law enforcement requirements, court orders and legal processes
  • To protect rights and safety
    To protect and defend the brand, rights, property and safety of Arctic Wolf Networks, Inc. and our Customers, including enforcing contracts or policies, or in connection with investigating and preventing fraud

2) Other information
We will not share Information to any business partner or third-party service provider. Information of Customers under our Managed Services Provider (MSP) partners will be administered by these entities.

If you have any questions about your Information or your rights with respect to the foregoing, please contact us at dataprotection@arcticwolf.com or open a ticket via your Customer Portal.

Security

The security of your Information is important to us. We maintain appropriate administrative, physical, and technical safeguards to help protect the confidentiality and integrity of the Information that our Customers submit via the Customer Portal, during transmission and once it is received. However, we cannot guarantee that hackers or unauthorized personnel will not gain access to information, despite our best efforts. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Information, we cannot guarantee its absolute security. Customers are responsible for protecting themselves against unauthorized access to their passwords, private keys and computers, and unauthorized disclosure, alteration and destruction of their Information. To learn more about our Security practices, please refer to https://arcticwolf.com/informationsecurity/.

Location of Data

All Information uploaded to the AWN Customer Portal is always stored within the Amazon Web Services environment in the U.S.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

AWN complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. AWN has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. AWN may process some personal data from individuals or companies via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. To learn more about the Privacy Shield program, refer to https://www.privacyshield.gov/welcome.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Updates to the Privacy Policy will be posted on the www.arcticwolf.com website with an indication of when it has been updated. We encourage you to periodically review this Privacy Policy for any changes.

Additional Information

Questions regarding this privacy policy can be directed to us by sending an email to: dataprotection@AWN.com or by regular mail addressed to:

Arctic Wolf Networks, Inc.
Attn: Information Security and Data Protection Officer
111 West Evelyn Ave
Suite 115
Sunnyvale, CA 94086
U.S.A.