ɫɫ�о�� Data Privacy Framework

ɫɫ�о�� Data Privacy Framework Notice

Last Updated: February 2024

ɫɫ�о�� Data Privacy Framework Certification

ɫɫ�о��. (“ɫɫ�о��”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. ɫɫ�о�� has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. ɫɫ�о�� has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Data Privacy Framework Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit .

Personal Data Processed by ɫɫ�о�� as a Controller

ɫɫ�о�� is committed to complying with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all personal data received from the European Union, United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant part(s) of the DPF program. This ɫɫ�о�� Data Privacy Framework Notice supplements the ɫɫ�о�� Privacy Policy for personal data ɫɫ�о�� collects, uses or shares as a controller. The ɫɫ�о�� Privacy Policy is where you will find details about the types of personal data we collect, the purpose for which we collect and share personal data, and your rights with respect to our processing of your Personal Data.

Purposes of Personal Data Processing

Please review the ɫɫ�о�� Privacy Policy for details on the purposes of data processing for personal data where ɫɫ�о�� is a controller.

Third Parties Who May Receive Personal Data

Please review the ɫɫ�о�� Privacy Policy for details on the third parties who may receive personal data where ɫɫ�о�� is a controller.

Rights to Access, Limit Use, and to Limit Disclosure of Personal Data

Please review the ɫɫ�о�� Privacy Policy for details on rights to access, limit use, and limit disclosure of personal data where ɫɫ�о�� is a controller.

Personal Data Processed by ɫɫ�о�� as a Processor

ɫɫ�о�� is committed to complying with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all personal data received from the European Union, the United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant part(s) of the DPF program. ɫɫ�о�� provides security and observability tools that our customers use to manage their security and resiliency objectives. In providing these tools, ɫɫ�о�� processes data our customers submit to our services or instruct us to process on their behalf. ɫɫ�о�� customers decide in their sole discretion what data to submit. It may include include: first and last name, title, position, employer, business contact information (e.g., company email, phone, physical business address), personal contact information (e.g., email, mobile phone, address), ID data, connection data, location data, and file and message content.

Purposes of Data Processing

ɫɫ�о�� processes data submitted by customers for the purpose of providing services to our customers and to comply with their processing instructions.

Third Parties Who May Receive Personal Data

ɫɫ�о�� uses a limited number of third-party service providers to assist us in providing our services to customers. These third party providers offer hosting and infrastructure services. These third parties may access, process, or store personal data in the course of providing their services. ɫɫ�о�� maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and ɫɫ�о�� remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.

Rights to Access, Limit Use, and to Limit Disclosure of Personal Data

Individuals in the European Union, United Kingdom (and Gibraltar) and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Data Privacy Framework self-certification, ɫɫ�о�� has committed to respect those rights. Because ɫɫ�о�� personnel have limited ability to access data our customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the ɫɫ�о�� customer who submitted your data to our services. We will refer your request to that customer, and will support them as needed in responding to your request.

Inquiries and Dispute Resolution

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ɫɫ�о�� commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact ɫɫ�о�� at [email protected].

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ɫɫ�о�� commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit for more information or to file a complaint. The services of JAMS are provided at no cost to you.

If neither ɫɫ�о�� nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S.Data Privacy Framework Principles.

U.S. Federal Trade Commission Enforcement

The Federal Trade Commission has jurisdiction over ɫɫ�о��’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Compelled Disclosure

ɫɫ�о�� may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. ɫɫ�о�� will only disclose such personal data in accordance with its Data Request Guidelines.

ɫɫ�о���