Privacy Policy/Privacy Statement
Last Updated: April 2024
EU-U.S. Data Privacy Framework
Devo Technology Inc and Devo Inc Spanish Branch have certified to the Department of Commerce that we adhere to the Data Privacy Framework Principles (“Principles”) of the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, as further described in the Devo Data Privacy Framework Notice, and Devo complies with all its obligations under the Principles. However, Devo does not currently rely on the frameworks for transfers of Personal Data from the EU/EEA/Switzerland and the UK to the United States in its role as a processor. Instead, we continue to rely on standard contractual clauses. To learn more about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/, where you can view Devo’s certifications.
Skip to the CCPA Addendum
Maintaining the trust of our customers and providing an exceptional customer experience are Devo’s top priorities. We believe in respecting the personal privacy of our customers and simply doing what is right.
Overview and Statement Regarding GDPR. The EU General Data Protection Regulation (GDPR) took effect as of May 25, 2018. The GDPR applies to any companies that collect, use or process personal data of anyone in the European Union (EU). It is designed to strengthen the protection of personal data by requiring companies to adhere to certain security and transparency standards. At Devo, Inc. (“Devo”, “we” or “us”) we are committed to safeguarding your personal information through our compliance with this Privacy Policy. Devo is furthermore firmly committed to GDPR compliance. This Privacy Policy describes the types of information we may collect about visitors to our web site and users of our products and services (collectively our “Products”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
We have drafted this Privacy Policy to be as clear and concise as possible. Please read it carefully to understand our policies and practices regarding your information and how we will treat it. By accessing or using this website or using our Products, you agree to this privacy policy.
Our website and our Products may contain applications and content by third parties. This Privacy Policy does not apply to such applications and third-party content. We encourage you to review the data privacy terms of any third party providers you engage with.
Information You Share With Us. If you communicate directly with Devo, Devo may collect and store personally identifying information that you share with us, including, but not limited to, your name, a home, business, or other address, billing address, phone number, and email address, as well as other information that may be needed to provide a service or information you requested. You may have provided or provide such information (i) through forms you fill out on our website or through your correspondence with us, (ii) if you have requested support from us, (iii) through our blogs, webinars or social media channels or (iv) if you are participating in a survey, contest or other promotional event we may offer from time to time.
Devo may use your information to respond to your concerns and inquiries. The information you provide to Devo’s third party partners will also enable such partners to let us know that you have contacted them. Such communication information may be used to distribute information back to you about Devo. Our web site contains links to other web sites, but Devo does not share your personal information with those web sites and is not responsible for their privacy practices. We encourage you to learn about the privacy policies of such third party partners you communicate with.
Information We Collect From You. As you navigate through and interact with our website, or use our Products, we may use common data collection technologies to collect certain statistical or aggregate non-personal information. In particular, our Products may report telemetry data back to us. Such information may include data about your network, including traffic data, location data, logs and other communication data, devices, internet connection, browser type, internet service provider and operating system. We process and analyze this information in order to build, run and continue to improve our Products and in order to better understand our customers’ needs and to provide you with the best experience possible when you visit our website and use our Products. The information we collect through these tracking tools is statistical in nature, but may be aggregated with personal information in order to help us to deliver a more personalized website and Product, including by enabling us to estimate our audience size and use patterns, store information about your preferences to allow us to customize our website in accordance with your individual interests, speed up your searches and to recognize you when you return to our website. The Product provides you with the opportunity to opt out of the reporting of telemetry or other data back to us. Please contact us if you wish to opt out. Note, that some functionality may be limited if you decide to opt out of the reporting of telemetry data.
The processes we use for automated data collection may include:
Cookies. Cookies are small data files that certain web sites write to your hard drive when you visit them, and they record and store your information. A cookie file can contain information such as a user ID that the site uses to track the pages you’ve visited, but the only personal information a cookie can contain is information you supply yourself. A cookie cannot read data off your hard disk or read cookie files created by other sites. The Devo web site may use cookies to collect this type of information to determine the usefulness of our web site information to our users and to see how effective our navigational structure is in helping users reach that information.
Web Beacons. Web beacons also known as pixel tags are electronic images, contained on a website that permit us to count users who have visited those pages and for other related website statistics. Web beacons are not used to access your personal information on the Website and are only used to compile aggregated statistics concerning use of the Website.
Web Analytics. We also collect some non-personally identifiable information (ourselves or using third party services) using web analytic tools. We use third-party services that use tracking technologies to capture aggregate usage and volume statistics about online activities over time and across our and third party websites and other online services.
Third Party Advertising Technologies. In addition, we may use third party vendors such as Google or others to perform display advertising or remarketing services on our website. These services collect and use data which can help us tailor advertising that we think may be of interest to you, based on your use of our website and/or Products. Third-party vendors may use or place cookies and web beacons on your web browsers to collect non-personal information about your activities on our Website and to provide you with targeted ads. The information they collect may also be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. We do not control these tracking technologies of third parties or how such third parties may use them.
As always, we respect your privacy and do not collect any personally identifiable information through the use of Google or any other third party services. Any information collected is used only for remarketing purposes and will not be used by third-party marketing vendors for any other purpose. To opt out of Remarketing and Advertising, Click Here. To find out more about how Google uses any data it collects please visit here. You may also opt-out of third-party advertisement networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). If you have any questions regarding this practice by NAI members and DAA members, and how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites or contact the third-party provider directly.
How We Use Your Information. Devo uses information that you share with us or that we collect about you, including personal information, for the following purposes: (i) to provide you with the Products you have requested from us and to provide maintenance and support; (ii) to present our website and its contents to you and to personalize your experience on our web site; (iii) to keep you up to date on the latest Product announcements, software updates, special offers, changes to the website or other information we think you would like to hear about either from us or from our business partners – you may opt-out from receiving such communications by following the process described below; (iv) to understand and analyze the usage trends of you and other users of our Products; (v) in anonymized from for internal purposes such as performing research and analysis and to provide reporting internally or externally; (vi) to allow you to purchase and download Products and participate in their interactive features, when you choose to do so; (vii) to better understand your needs and provide you with better Products; (viii) to carry out our obligations and enforce our rights from any contracts entered into between you and Devo such as our license agreements or terms of use, including communications related to payments and changes to our terms, conditions and policies; (ix) in any other way we describe to you at the time you provide the information or for which you have provided your consent.
If you are using our Product, we may from time to time send you certain communications such as service announcements or administrative messages. Such communications are part of the functionality of our Product. You can therefore not opt-out of receiving such Product communications.
How We Retain Your Information. Devo may retain your information only as long as necessary to fulfill our business purposes as outlined in this Privacy Policy, unless applicable law requires us to retain it longer, or if applicable law does not prohibit longer retention. We also keep records of your data requests to implement your choices and for auditing purposes, including requests to opt out of marketing communications.
Information sharing and disclosure. Devo may disclose aggregated anonymous information about our users and visitors to our website without restriction, to the extent such data does not identify any individual. Devo does not share, rent, lease or sell personal information to others, except as specifically described in this Privacy Policy. Devo may send your personal information to other companies or people under any of the following circumstances: (i) to our subsidiaries and affiliated companies; (ii) to Devo’s authorized partners and resellers to fulfil any terms under your licensing relationship with us and to provide you with technical and customer support – these third parties are subject to confidentiality obligations and are prohibited from using the information for their own purposes; (iii) when we have your consent to share the information; (iv) to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization or other sale or transfer of some or all of Devo’s assets; (v) if we want to keep you up to date on the latest product announcements, software updates, special offers or other information we think you would like to hear about; (vi) to apply or enforce our license agreement, terms of use and other agreements, including for billing and collection purposes.
Devo reserves the right to disclose your personally identifiable information if required to do so by law, court order or legal process, including to respond to any government or regulatory request or in the good-faith belief that such action is reasonably necessary to (a) comply with legal process, (b) respond to any claims against Devo, or (c) to protect the rights, property or personal safety of Devo, its employees, its customers or the public – this includes exchanging information with companies and organizations for the purposes of fraud detection and credit risk reduction.
Minors under 13 Devo does not intend to collect information from individuals who identify themselves as under thirteen (13) years of age. No one under the age of 13 may provide any personal information to or on the website or our Products. Devo does not knowingly solicit personal information from children under the age of 13 or send them requests for personal information. Devo will not knowingly disclose personally identifiable information of children under thirteen to any third party. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at [email protected].
Choices About How We Use and Disclose Your Information. We are excited about our Products and would like to tell you about updates and new features from time to time. In case you prefer not to receive such information from us or from third party partners we work with, we strive to give you choices regarding whether or not you are contacted with direct marketing or market research information from us. If you have provided personally identifiable information to Devo, we will provide you with an opportunity to limit promotional email communications from Devo or authorized partners of Devo by “opting-out” of receiving direct marketing or market research information. When applicable, we will provide you with the opportunity to “opt in.” This means we will require your affirmative action to indicate your consent before we use your information for purposes other than the purpose for which it was submitted.
Upon request, Devo will confirm to you whether it stores any personal data about you and what that data is. You may also send us an email to [email protected] to request access to, correct or delete any personal information you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or regulatory requirement, cause the information to be incorrect or impose an undue hardship on us due to technical requirements. If you request that we delete your account, we will do so within a reasonable time. We may however be required to retain some personal information in accordance with legal or regulatory requirements.
Data Security. We have implemented industry-standard safeguards designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Any personal information you provide to us is stored on our secure servers behind firewalls.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our website or in our Product, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website. Any transmission of personal information is at your own risk.
Transferring Your Data. Devo may store or process your personal information in any country where we, our affiliates, or our third party service providers conduct business or host events, including countries where you may not reside. As such, different laws may apply. However, we implement safeguards to ensure that your data is always protected, and you can always exercise your rights as defined by this Privacy Policy and relevant laws. To give you further protection, we require our service providers to agree to appropriate terms and clauses to protect your personal information.
Your California Privacy Rights. California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. To make such a request, please send an e-mail to [email protected].
Changes to this privacy policy Devo may choose to amend this policy at any time. If we make any substantial changes in the way we use your personal information, we will post a notice on this web site informing you of the changes made. Your continued use of our website or our products or services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
Questions or suggestions If you have questions or concerns about how we collect, process, store or disclose personal information, please email us at [email protected]. You may also contact us at one of our corporate locations:
USA: Devo Technology, Inc, 255 Main St Suite 702, Cambridge, MA 02142
EMEA and Rest Of World: Devo Inc, Spanish Branch, 3-5 Calle Estebanez Calderon, 5th Floor, 28020 Madrid, Spain
ADDENDUM: PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
This Privacy Notice for California Residents supplements the information contained in our Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.
The California Consumer Privacy Act (CCPA) applies to most companies who collect information of Californian residents. It is designed to give consumers information regarding how companies collect and use information, as well as give consumers control over the sale of their information. Similar to our commitment to the GDPR, we at Devo are committed to transparency in data collection and disclosure through our compliance with this Privacy Policy. Additionally, we are committed to giving people control over the use of their data where possible. We are firmly committed to CCPA compliance and compliance with future data protection laws.
This Notice does not apply to employment-related personal information collected from our California-based employees, job applicants, contractors, or similar individuals.
Where noted in this Notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some its requirements.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
In particular, we have collected the following categories of personal information within the last twelve (12) months:
Category | Examples | Collected |
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, or other similar identifiers. | Yes |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, physical characteristics or description, address, telephone number, education, employment, or employment history. Some personal information included in this category may overlap with other categories. | Yes |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | No |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Yes |
G. Geolocation data. | Physical location or movements. | Yes |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | No |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | Yes |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No |
We obtain the categories of personal information listed above from the webforms you fill out on our website, cookies, web beacons, web analytics, and third-party advertisement vendors.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information.
- To provide, support, personalize, and develop our Website, products, and services.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about you is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party, such as service providers, for a business purpose. When we disclose personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of personal information to our service providers for a business purpose:
Category | Examples |
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, or other similar identifiers. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, physical characteristics or description, address, telephone number, education, employment, or employment history. Some personal information included in this category may overlap with other categories. |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. |
G. Geolocation data. | Physical location or movements. |
We disclose your personal information for business purposes as needed with marketing and sales tools we use.
If you are a customer, we may share more information as specified in our Terms of Service and any contract between us and you or your employer as necessary to carry out our contractual obligations with you.
Sales of Personal Information
We do not sell, do not plan to sell, and have not sold in the past 12 months, your information as defined by the CCPA. If we do plan to sell information, you will be notified before the sale and given an opportunity to opt out.
Your Rights and Choices
The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
We do not provide these access and data portability rights for B2B personal information.
Deletion Request Rights
You have the right to request that we delete any of your personal information we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We do not provide these deletion rights for B2B personal information.
Exercising Your Rights
To exercise the rights described above, please submit a verifiable consumer request to us by emailing us at [email protected].
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt.
The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected].
Contact Information
If you have any questions or comments about this notice, please do not hesitate to contact us at:
Email: [email protected].
Postal Address:
ATTN: CCPA Requests
Devo Technology, Inc
255 Main St Suite 702
Cambridge, MA 02142
Devo Data Privacy Framework Notice
Devo Data Privacy Framework Certification
Devo Technology Inc. and Devo Inc Spanish Branch (“Devo”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Devo has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Devo has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Data Privacy Framework Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Personal Data Processed by Devo as a Controller
Devo is committed to complying with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all personal data received from the European Union, United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant part(s) of the DPF program. This Devo Data Privacy Framework Notice supplements the Devo Privacy Policy for personal data Devo collects, uses or shares as a controller. The Devo Privacy Policy is where you will find details about the types of personal data we collect, the purpose for which we collect and share personal data, and your rights with respect to our processing of your Personal Data.
Purposes of Personal Data Processing
Please review the Devo Privacy Policy for details on the purposes of data processing for personal data where Devo is a controller.
Third Parties Who May Receive Personal Data
Please review the Devo Privacy Policy for details on the third parties who may receive personal data where Devo is a controller.
Rights to Access, Limit Use, and to Limit Disclosure of Personal Data
Please review the Devo Privacy Policy for details on rights to access, limit use, and limit disclosure of personal data where Devo is a controller.
Personal Data Processed by Devo as a Processor
Devo is committed to complying with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all personal data received from the European Union, the United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant part(s) of the DPF program. Devo provides security and observability tools that our customers use to manage their security and resiliency objectives. In providing these tools, Devo processes data our customers submit to our services or instruct us to process on their behalf. Devo customers decide in their sole discretion what data to submit. It may include include: first and last name, title, position, employer, business contact information (e.g., company email, phone, physical business address), personal contact information (e.g., email, mobile phone, address), ID data, connection data, location data, and file and message content.
Purposes of Data Processing
Devo processes data submitted by customers for the purpose of providing services to our customers and to comply with their processing instructions.
Third Parties Who May Receive Personal Data
Devo uses a limited number of third-party service providers to assist us in providing our services to customers. These third party providers offer hosting and infrastructure services. These third parties may access, process, or store personal data in the course of providing their services. Devo maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and Devo remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
Rights to Access, Limit Use, and to Limit Disclosure of Personal Data
Individuals in the European Union, United Kingdom (and Gibraltar) and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Data Privacy Framework self-certification, Devo has committed to respect those rights. Because Devo personnel have limited ability to access data our customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the Devo customer who submitted your data to our services. We will refer your request to that customer, and will support them as needed in responding to your request.
Inquiries and Dispute Resolution
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Devo commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Devo at [email protected].
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Devo commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If neither Devo nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S.Data Privacy Framework Principles.
U.S. Federal Trade Commission Enforcement
The Federal Trade Commission has jurisdiction over Devo’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Compelled Disclosure
Devo may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Devo will only disclose such personal data in accordance with its Data Request Guidelines.
Devo Data Request Guidelines
This document outlines Devo’s general practices for responding to requests by government agencies and other third parties (“Requesting Parties”) for data belonging to Devo’s customers.
Referral to Customers
Devo will use reasonable efforts where appropriate to refer the Requesting Party to the affected customer so that the customer can work with the Requesting Party to resolve the matter.
Disclosure Only When Necessary
Devo will only disclose customer data in response to legally binding process, such as a valid subpoena, court order, or search warrant. Devo carefully reviews each request to ensure that it complies with applicable law. If a request is overbroad, Devo will try to narrow it and may object to producing any information at all, provided that Devo may voluntarily disclose customer information to a government agency in an emergency involving imminent danger of physical harm or harm to Devo’s services, employees, or customers. Devo does not voluntarily provide governments with access to any data about users for surveillance purposes. If Devo receives legal process subject to an indefinite non-disclosure requirement (including a National Security Letter), Devo will challenge that non-disclosure requirement in court. Devo has never received a FISA order or authorization or a National Security Letter.
Requirement of Proper Domestication
Devo requires that any Requesting Party ensure that the process or request is properly domesticated. For data stored in the United States, Devo does not accept legal process or requests directly from law enforcement entities outside the United States or Canada. Foreign law enforcement agencies seeking data stored within the United States should proceed through a Mutual Legal Assistance Treaty or other diplomatic or legal means to obtain data through a court where Devo is located.
These practices are provided for informational purposes only and do not represent a commitment by Devo to provide information. Devo reserves its rights to respond and/or object to any request for data in any manner consistent with applicable law. Devo also reserves its rights to require reasonable reimbursement in connection with its response to requests for customer data. Devo may revise these guidelines and the underlying processes at any time without notice.