Devo Data Privacy Framework Notice

Last Updated: February 2024

Devo Data Privacy Framework Certification

Devo Technology Inc. (“Devo”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Devo has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Devo has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Data Privacy Framework Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Personal Data Processed by Devo as a Controller

Devo is committed to complying with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all personal data received from the European Union, United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant part(s) of the DPF program. This Devo Data Privacy Framework Notice supplements the Devo Privacy Policy for personal data Devo collects, uses or shares as a controller. The Devo Privacy Policy is where you will find details about the types of personal data we collect, the purpose for which we collect and share personal data, and your rights with respect to our processing of your Personal Data.

Purposes of Personal Data Processing

Please review the Devo Privacy Policy for details on the purposes of data processing for personal data where Devo is a controller.

Third Parties Who May Receive Personal Data

Please review the Devo Privacy Policy for details on the third parties who may receive personal data where Devo is a controller.

Rights to Access, Limit Use, and to Limit Disclosure of Personal Data

Please review the Devo Privacy Policy for details on rights to access, limit use, and limit disclosure of personal data where Devo is a controller.

Personal Data Processed by Devo as a Processor

Devo is committed to complying with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all personal data received from the European Union, the United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant part(s) of the DPF program. Devo provides security and observability tools that our customers use to manage their security and resiliency objectives. In providing these tools, Devo processes data our customers submit to our services or instruct us to process on their behalf. Devo customers decide in their sole discretion what data to submit. It may include include: first and last name, title, position, employer, business contact information (e.g., company email, phone, physical business address), personal contact information (e.g., email, mobile phone, address), ID data, connection data, location data, and file and message content. 

Purposes of Data Processing

Devo processes data submitted by customers for the purpose of providing services to our customers and to comply with their processing instructions.

Third Parties Who May Receive Personal Data

Devo uses a limited number of third-party service providers to assist us in providing our services to customers. These third party providers offer hosting and infrastructure services. These third parties may access, process, or store personal data in the course of providing their services. Devo maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and Devo remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.

Rights to Access, Limit Use, and to Limit Disclosure of Personal Data

Individuals in the European Union, United Kingdom (and Gibraltar) and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Data Privacy Framework self-certification, Devo has committed to respect those rights. Because Devo personnel have limited ability to access data our customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the Devo customer who submitted your data to our services. We will refer your request to that customer, and will support them as needed in responding to your request.

Inquiries and Dispute Resolution

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Devo commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Devo at [email protected].

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Devo commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

If neither Devo nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S.Data Privacy Framework Principles.

U.S. Federal Trade Commission Enforcement

The Federal Trade Commission has jurisdiction over Devo’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Compelled Disclosure

Devo may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Devo will only disclose such personal data in accordance with its Data Request Guidelines.