Privacy Policy

TRUSTe

Last Updated: June 10, 2024

Druva Privacy Policy

This Privacy Policy (“Policy”) tells you how Druva processes, collects, uses, discloses, and protects your personal information collected through Druva’s websites, products, services, promotions, business partners, in-person and digital events, webinars, surveys,  marketing activities,  and other related business  activities. When this Policy mentions “we,” “us,” or “our,” it refers to Druva. This Policy does not govern the personal information submitted to Druva by job applicants when applying for employment, which is governed by the Druva Applicant Privacy Notice. 

You may print a copy of this Privacy Policy by clicking here. If you have a disability, you may access this Privacy Policy in an alternative format by contacting privacy@druva.com.

About Druva's Services

Druva provides cloud based services, specifically, software-as-a-service solutions for managing data availability and information governance, and related services  to our customers under an agreement with them and solely for our customers’ benefit. Our customers designate which of their personnel are authorized as users of the Druva platform. Druva customers upload data onto the Druva platform for backup purposes, “Customer Data.” This Policy does not apply to Customer Data, which is governed by the customer’s sales agreement and, if applicable, the Data Processing Addendum (“DPA”) with Druva.

Table of Contents:

Applicability of this Policy

This Policy applies to https://www.druva.com/ (“Site”) and services owned and operated by Druva. If you do not agree with the terms, do not access or use the Sites, services, or any other aspect of Druva’s business. By using or accessing the Sites or services in any manner, you acknowledge that you accept the practices and policies outlined in this Policy, and you hereby consent that we will collect, use, and share your information in the following ways.

This Policy does not apply to any third-party applications or software that integrate with Druva’s services through the Druva platform or any other third-party products, services, or businesses.

If you use the Site and services as part of an entity or organization that has a corporate account with Druva, like your employer or a university (“Customer”), that Customer may have entered into a separate agreement with Druva (“Customer Agreement”), which may contain more restrictive terms than what is described in this Policy.

Back to Top

Identifying the Data Controller and Data Processor

Druva acts as a data controller when we collect and process Personal Data (as defined below) for Druva’s legitimate interests, such as conducting its business. Examples include sales and marketing activities, billing, accounting, product improvement and analyzing user interaction with our Site to improve our Site.

Druva acts as a data processor when we provide our products and services to our Customers. When acting as a data processor, Druva will only process Personal Data (as defined below) in accordance with a Customer’s instructions and applicable this Policy. Druva’s affiliates or subsidiaries may also act as data controllers or data processors to the extent Customers purchase the product and services from those entities or Personal Data is shared with those entities.

Back to Top

Information We Collect and Receive

In the normal course of conducting business, Druva may collect and receive customer data and other information in various ways when you use our Site and services. We collect two types of information on individuals: Personal Data (defined below) and Aggregate Data. This Policy covers how we treat Personal Data that we gather when you access or use our services. This Policy does not cover the practices of companies we do not own or control or people we do not manage. We may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our Customers. This Policy applies only to Personal Data that we collect from you directly; if we did not collect data directly from you, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data.

As used in this Policy, “Personal Data” means information that directly or indirectly identifies an individual, such as a name, email address, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual, and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations. “Personal Data” excludes Aggregate Data. As used in this Policy, “Aggregate Data” is anonymized information, learnings, logs, and data we collect about a group or category of services or users. Aggregate Data helps us understand trends in our users’ needs, so that we can consider new features or better tailor our services. This Policy in no way restricts or limits our collection and use of Aggregate Data. We may share Aggregate Data about our users with third parties for various purposes, including to help us better understand our Customers’ needs, improve our services, and for advertising and marketing purposes. We collect information you give us on our Site and when you register for and use our services.

Examples include the following:

  • Registration and Profile Information.  When you register to use our services or update your profile, we may collect various kinds of information about you, including your name, email address, title, company and other profile information you provide, demographic information, and information you upload like photos, files, and documents..
  • Contact Information. We collect the email addresses you provide for contacts you enter or upload into your private contacts page. When you choose to collaborate or share files with others, we also collect email addresses you provide to email invitations to those individuals on your behalf. When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided.
  • Payment Information. If you choose to use a paid Druva account or service, our payment processing vendor collects your credit card information and billing address.
  • Submissions and Customer Service. From time to time, we may use surveys, contests, or sweepstakes requesting personal or demographic information and Customer feedback. Participation in these surveys or contests is completely voluntary and thus, you have a choice whether or not to disclose this information.
  • Automatically Collected Information. We automatically receive certain types of information when you interact with our Site, services, and communications. For example, it is standard for your web browser to automatically send information to every site you visit, including ours. That information includes your computer’s IP address, access times, your browser type and language, Internet service provider (ISP), and referring site addresses. We may also collect information about the type of operating system you use, your account activity, and files and pages accessed or used by you. We do not link this automatically-collected information to personal information.
  • When You Download and Use Our Services. We automatically collect information on the type of device you use, operating system version, and the device identifier (“UDID”). We also access the device file storage for photos and contacts. You can opt out of this at the device level.
  • Mobile Tracking and Data Loss Prevention (DLP). We do not ask for, access, or track any location-based information from your mobile device at any time, unless the DLP add-on is activated when using our mobile applications or services. A user must explicitly turn on the location information feature but may or may not be able to disable this feature depending on your employer’s policy.
  • Mobile Analytics. We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information, such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and from where the application was downloaded. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
  • Cookies and Tracking Technologies. We and our partners, affiliates, or analytics or service providers may also use certain kinds of technology such as cookies, web beacons, scripts, and tags to collect information, analyze trends, administer the Site, track users’ movements around the Site, and gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies from these companies on an individual or aggregated basis. To learn more about our use of cookies, please see https://www.druva.com/cookie-policy/.
  • Local Storage (HTML5). We and our third-party partners use Local Storage (HTML5) to provide certain features on our Site, display advertising based on your web browsing activities, or store content information and preferences. Various browsers may offer their own management tools for removing HTML5.
  • Advertising. We partner with a third party to display advertising on our Site or manage our advertising on other sites. Our third-party partner may use technologies, such as cookies to gather information about your activities on this Site and other sites to provide you advertising based on your browsing activities and interests. To learn more about our use of cookies, please see https://www.druva.com/cookie-policy/.

Back to Top

Categories of Personal Data We Collect

The following chart details the categories of Personal Data that we collect and have collected over the past twelve (12) months. For each category of Personal Data, these subsections also set out our commercial or business purpose for collecting that Personal Data and the categories of third parties with whom we share that Personal Data.

 Category of Personal DataPurposes of UseSource of Personal Data
A.

Personal identifiers. Personal data collected:

Name
Email Address
Phone Number
IP address
Title
Postal Address

Provide the Sites and services

Provide customer service

Personalize your experience

Improve the Sites and services

Conduct marketing analysis

Accomplish other purposes about which we notify you

You

Third Parties

B.

Customer records identified by state law (including the California Customer Records statute (Cal. Civ. Code § 1798.80(e))). Personal data collected:

Name
Signature
Job Title
Company

Provide the Sites and services

Provide customer service

Personalize your experience

Improve the Sites and services

Conduct marketing analysis

Accomplish other purposes about which we notify you

You
C.

Geolocation information. Personal data collected:

Country
State
Region
Zip Code

Compliance with U.S. Import/Export Laws

Provide the Sites and services

Provide customer service

Personalize your experience

You

Third Parties

D.

Commercial information. Personal data collected:

Products or services purchased

Provide the Sites and services

Provide customer service

Personalize your experience

Enable you to share and communicate with users you delegate

Improve the Sites and services

Conduct marketing analysis

Accomplish other purposes about which we notify you

 

You

E.

Internet or other similar network activity information. Personal data collected:

Information on a consumer’s interaction with Site
Cookies
Web Beacons
Scripts
Tracking tags

Provide the Sites and services

Provide customer service

Personalize your experience

Improve the Sites and services

Accomplish other purposes about which we notify you

You

Third Parties

F.

Professional related information. Personal data collected:

Job Title
Company

Provide the Sites and services

Provide customer service

Accomplish other purposes about which we notify you.

You

Back to Top

How We Use Information

To deliver a consistent and personalized user experience, Druva collects your personal information to understand your interests and requests. For example, we may use your personal information to:

  • Facilitate your account administration and use of the operation of the Site and services;
  • Process your request or assist you in completing a transaction;
  • Provide you with information or services you request, including our product documentation and white papers;
  • Inform you about other information, events, promotions, products, or services we find will be of interest to you;
  • Contact you for feedback to enable us to develop, customize, and improve the Site and our publications, products, and services;
  • Conduct marketing analysis, send you surveys or newsletters, contact you about services, products, activities, special events, or offers from Druva or our partners, and for other marketing, informational, product development, and promotional purposes;
  • Send you a welcome email and contact you about your use of the Site and services; to respond to your emails, submissions, comments, requests, or complaints; to perform after-sales services; to anticipate and resolve problems with our service; to respond to Customer support inquiries, for assistance with our product and service development; and to inform you of updates to products and services from Druva that better meet your needs;
  • Store contacts you enter or upload into your contacts list for your private use and viewing;
  • Send emails to users you invite (and contacts you invite to become users) to collaborate and access your files;
  • Enable you to communicate, collaborate, and share files with users you designate;
  • Contact you if you win a contest; and
  • Accomplish other purposes about which we notify you.

Back to Top

How We Share and Disclose Information

This section describes how Druva may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and Druva does not control how they or any other third parties choose to share or disclose Information.

We disclose your Personal Data to service providers and other parties for the following business purposes:

  • Aggregate or De-identified Data. Druva reserves the right to share aggregated demographic information about our Customers, sales, and traffic to our partners and advertisers. We will not share any of your personal information or any data that you store using our services to any third party, except as outlined in this Policy or with your consent.
  • Compliance with Laws. We may disclose information to a third party as required by law when we believe in good faith that disclosure is necessary (a) to protect us, our agents, our Customers, and others, (b) to enforce our agreements, policies, and terms of use, (c) to respond to duly authorized information requests of police and governmental authorities, (d) to respond to an emergency or protect the personal safety of any person, (e) to investigate and help prevent security threats, fraud, or other malicious activity, or (f) to comply with a regulation, subpoena, court order, or similar legal process.
  • Service Providers. We may engage with service providers to perform business functions and provide services to us in the U.S. and other countries. For example, we use a variety of third-party services to help operate our services, such as processing your payment or offering live Customer support chat. Druva may share your Personal Data with these service providers on the condition that they use your Personal Data only on our behalf and pursuant to our instructions and are subject to obligations consistent with this Policy and any other appropriate confidentiality and security measures.
  • Corporate Affiliates. Druva may share other information with its corporate affiliates, parent(s), or subsidiaries.
  • Change in Druva’s Business. We may also share personal information in connection with an acquisition, merger, or sale of all or a substantial portion of our business, with or to another company. In any such event, you will receive notice if your data is transferred and becomes subject to a substantially different privacy policy.

Categories of Sources of Personal Data

We collect Personal Data about you from:

  • You:
    • when you provide such information directly to us, and
    • when Personal Data about you is automatically collected in connection with your use of our Services.
  • Third parties, when they provide us with Personal Data about you (“Third Parties”). Third Parties that share your Personal Data with us include:
    • Service providers. For example, we may use analytics service providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.
    • Social networks connected to the services. If you provide your social network account credentials to us or otherwise sign in to the services through a third-party site or service, you understand some content and/or information in those accounts may be transmitted into your Account with us.
    • Advertising partners. We receive information about you from some of our service providers who assist us with marketing or promotional services related to how you interact with our websites, applications, products, services, advertisements, or communications.
    • Public Sources and Data Providers. We may also obtain personal information from publicly-available information and when Users voluntarily provide data about other companies and other people. Additionally, we may license data from other data providers which may contain personal information.

Categories of Third Parties with Whom We Share Personal Data

We disclose your Personal Data to the following categories of service providers and other parties:

  • Service providers, including:
    • Payment processors;
    • Ad networks;
    • Security and fraud prevention consultants;
    • Hosting and other technology and communications providers;
    • Analytics providers; and
    • Staff augmentation and contract personnel.
  • Our affiliates.
  • Parties who acquire your Personal Data through an acquisition or other change of control.
    • Personal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part).
  • Other parties at your direction.
    • Other users (where you post information publicly or as otherwise necessary to effect a transaction initiated or authorized by you through the services);
    • Social media services, publicly-accessible blogs, and community forums (if you intentionally interact with them through your use of the services);
    • Third-party business partners who you access through the services; and
    • Other parties authorized by you.

If you are an individual Druva registered user, and the domain of the primary email address associated with your Druva account is owned by your employer and that email address was assigned to you as an employee of that organization, and that organization wishes to establish a Druva corporate account and add you to it, then certain information concerning past use of your individual account may become accessible to that organization’s administrator, including your email address. Druva includes collaboration features that, by their nature, support sharing with users you choose. Those users can see your name, email address, photo and information from your profile page, and any feedback or files you choose to share. Further, they can post comments and email you. Collaborators you invite as editors can also edit your shared files, upload documents and photos to your shared files, share those documents outside of Druva, and give other users the rights to view your shared files.

Personal Data that we Share or Use for Targeted Advertising

Druva discloses the following categories of personal data to show you ads promoting Druva’s services on other websites, platforms, and services. These activities may constitute “sharing,” “targeted advertising,” or “selling” under certain state laws and you have the right to opt out of having your information used or disclosed for these purposes. See below for details on how to opt out.

Categories of Sources of Personal Data

Druva discloses the following categories of personal data to show you ads promoting Druva’s services on other websites, platforms, and services. These activities may constitute “sharing,” “targeted advertising,” or “selling” under certain state laws and you have the right to opt out of having your information used or disclosed for these purposes. See below for details on how to opt out.

Categories of Personal Data "Shared", "Sold", or Used for "Targeted Advertising"Categories of Third Parties

Identifiers

Sales and Marketing vendors, advertising providers, service providers, and data analytics providers

Internet, server, or other electronic network activity information

Sales and Marketing vendors, advertising providers, service providers, and data analytics providers

Back to Top

inSync Mobile Application

Our inSync mobile application allows end users to use a special permission BIND_DEVICE_ADMIN to permit administrators to securely and remotely delete data on lost or stolen devices. This feature is subject to enterprise administrator’s enablement and must be accepted by the end user.

Back to Top

Data Retention

Druva will retain data, including Personal Data, in accordance with a Customer’s instructions, any applicable terms in the Customer Agreement, and as required by law. We may retain and use your information, even after your account is suspended or terminated, to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce our agreements. We may further retain information in an anonymous or aggregated form. We do not retain geolocation information, except current known location when DLP service is activated. For more information on Druva’s data retention policies, please email privacy@druva.com.

Back to Top

Security

Druva maintains appropriate technical and organizational safeguards to protect the security, confidentiality, and integrity of the information we collect from you, including any personal information. These safeguards are designed to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction of the information we collect from you and our platform. Such measures include, but are not limited to, logical data segregation, data encryption in flight and at rest, network security, security logging and monitoring, envelope encryption model, and regular third-party penetration testing. For more information on Druva’s security protocols, please email security@druva.com or review Druva's security white papers at https://www.druva.com/resources/white-papers/ or vist our Trust Center.

While we take reasonable efforts to guard personal information we knowingly collect directly from you, no security system is impenetrable. We cannot guarantee that any passively-collected personal information you choose to include in documents you store on our systems are maintained at adequate levels of protection to meet specific needs or obligations you may have relating to that information.

Your account information and access to our service are accessible only through the use of an individual user ID and password. To protect the confidentiality of personal information, you must keep your password confidential and not disclose it to any other person. Always log out and close your browser when you finish your session. Please advise us immediately if you believe your password has been misused. Please note that we will never ask you to disclose your password in an unsolicited phone call or email. If you have any questions about the security of your personal information, please email privacy@druva.com.

Back to Top

Global Operations and Standard Contractual Clauses

We operate globally and have offices, partners, and subprocessors around the world to deliver our services. When you use our Site and services, your collected information may be sent to and processed in countries outside your country of residence, including the U.S. For individuals residing in the European Economic Area (“EEA”) or United Kingdom (“UK”), and for Personal Data (as defined below) subject to European data protection laws, this includes transfers outside of the EEA or UK. Some of these countries may not have data protection laws that provide an equivalent level of data protection as the laws in your country of residence. 

If Druva transfers Personal Data (as defined below) originating from the European Union (E.U.) or UK to other countries not deemed adequate under applicable data protection laws, we will deploy the following safeguards:

Standard Contractual Clauses

If Druva transfers Personal Data protected under this Policy to a jurisdiction for which the European Commission or UK’s Information Commission Officer has not issued an adequacy decision, Druva will ensure that appropriate safeguards have been implemented for the transfer of Personal Data in accordance with EU or UK Data Protection Law; or rely on the approved Standard Contractual Clauses. To view a copy of our standard Customer Data Processing Agreement, incorporating Standard Contractual Clauses, please visit the Druva Customer Agreements Site or click here.

Back to Top

E.U. Data Subject Rights

If you are a resident of the E.U., United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the E.U. General Data Protection Regulation (“GDPR”) or similar laws with respect to your Personal Data as outlined below. 

If there are any conflicts between this this section and any other provision of this Privacy Policy, the Policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at privacy@druva.com. Note that we may also process Personal Data of our Customers’ end users or employees in connection with our provision of certain services to Customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.

Personal Data We Collect. The “Categories of Personal Data We Collect” section above details the Personal Data that we collect from you.

Personal Data Use and Processing Grounds. The “How We Use Your Personal Data” section above explains how we use your Personal Data.

We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.

  • Contractual Necessity: We process the following categories of Personal Data as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Use with you, which enables us to provide you with the services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the services that require such data.
    • A. Personal identifiers.
    • B. Customer records identified by state law.
    • C. Commercial information.
  • Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties.
    • A. Personal identifiers.
    • B. Customer records identified by state law.
    • C. Protected classification characteristics under state or federal law.
    • D. Commercial information.
    • E. Internet or other similar network activity information.
    • F. Professional or employment-related information.

Examples of these legitimate interests include:

    • Operation and improvement of our business, products and Services;
    • Marketing of our products and Services;
    • Provision of Customer support;
    • Protection from fraud or security threats;
    • Compliance with legal obligations; and
    • Completion of corporate transactions.
  • Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
  • Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

Sharing Personal Data. The “How We Share Your Personal Data” section above details how we share your Personal Data with third parties.

Data Processed via Druva’s Services

Personal Data Collected by Druva

Right to Access and/or Rectify

Druva does not have access to the content or data that is uploaded by Customers onto our systems and stored and processed by our services, (“Customer Data”). If you would like to access or correct inaccurate or incomplete Personal Data, please contact your employer. If your employer requests Druva to remove your Personal Data, we will respond to their request within 30 business days. Even if you request that we, or your employer, delete your personal information, we may still retain data collected from you in an aggregated and anonymized form.If you would like to access or correct in accurate or incomplete Personal Data, please contact us at datarequest@druva.com and we will respond to your request within 30 business days. Even if you request that we delete your personal information, we may still retain data collected from you in an aggregated and anonymized form.

Right to Erasure

Druva does not have access to the Customer Data that is stored using our services. If you would like to delete your Personal Data, please contact your employer.You can request your Personal Data to be deleted by contacting us at datarequest@druva.com and we will respond to your request within 30 business days. Even if you request that we delete your personal information, we may still retain data collected from you in an aggregated and anonymized form.

Right to Data Portability

Druva does not have access to the Customer Data that is stored using our services. However, your employer can provide a means to download the information you have shared through our services.If you would like to receive a copy of the personal information Druva has collected about you, please email datarequest@druva.com and we will respond to your request within 30 business days.

Objecting to ProcessingIf you object to any processing by Druva, we will communicate such request to your employer as soon as we can.

Withdrawal of Consent. If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our services.

Restriction of Processing. You can ask us to restrict further processing of your Personal Data.

Right to File Complaint. You have the right to lodge a complaint about Druva practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

Additional Information or AssistanceFrom time to time, we may send you push notifications to perform administrator-initiated backups and restores and device decommissioning. If you wish to opt out of push notifications on your mobile device, please change your settings at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device, such as operating system and user identification information.

Back to Top

California Resident Rights

If you are a California resident and there are conflicts between this section and any other provision of this Policy, the portion that is more protective of your Personal Data shall control. If you have any questions about this section or whether any of the following applies to you, please email privacy@druva.com. If you are a California resident, you may have the rights:

  • Right to Access specific pieces of your Personal Data that Druva has collected about you;
  • Right to Know details about Druva’s processing of your Personal Data;
  • Right to Correct inaccurate data in some circumstances;
  • Right to Opt-Out of Sale and Sharing of Personal Data for Behavioral and Targeted Advertising;
  • Right to Request Deletion of your Personal Data; 
  • Right to Non-Discrimination (for example, to not be denied services for exercising your rights); and 
  • Right to Limit Processing of Sensitive Information, to the extent it’s applicable.

California law treats certain disclosures of Personal Data with third parties in exchange for something of value as a “sale,” even when no money is exchanged. Druva does not disclose your Personal Data for money. However, some of the technologies we use to provide our products and services involve the transfer of Personal Data that may be considered a “sale” under California Law.

Access. You have the right to request certain information about our collection and use of your Personal Data. We will provide you with the following information:

  • The categories of Personal Data that we have collected about you;
  • The categories of sources from which that Personal Data was collected;
  • The business or commercial purpose for collecting or selling your Personal Data;
  • The categories of third parties with whom we have shared your Personal Data; and
  • The specific pieces of Personal Data that we have collected about you.

Deletion. You have the right to request that we delete the Personal Data that we have collected from you. Under the California Consumer Privacy Act of 2018 (“CCPA”), this right is subject to certain exceptions. For example, we may need to retain your Personal Data to provide you with the services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.

Exercising Your Rights. To exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data (this will require you to send an email from the account in question or login credentials), and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Upon authentication, each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria.

We will only use Personal Data provided in a Valid Request to verify you and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes. To submit any California privacy rights request, please email datarequest@druva.com.

You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to do, and we may request a copy of this written permission from your Authorized Agent when they make a request to exercise your rights on your behalf.

We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA

We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates, or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.

Back to Top

Other State Law Privacy Rights

Colorado. If you are a resident of Colorado, you may have the following Personal Data rights (subject to exceptions):

  • Right to Access specific pieces of your Personal Data that Druva has collected about you;
  • Right to Confirm if Druva is processing Personal Data; 
  • Right to Correct inaccurate Personal Data;
  • Right to Data Portability; 
  • Right to Non-Discrimination
  • Right to Opt-Out of the sale of Personal Data, and the processing for targeting advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects;
  • Right to Deletion; and
  • Right to Appeal of a Denial of a consumer rights request.

    To exercise your rights or appeal a decision, please contact us via email at datarequest@druva.com.

Connecticut. If you are a resident of Connecticut, you may have the following Personal Data rights (subject to exceptions):

  • Right to Access;
  • Right to Correct inaccurate Personal Data;
  • Right to Data Portability;
  • Right to Non-Discrimination;
  • Right to Opt-Out of the sale of Personal Data, and the processing for targeting advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects;
  • Right to Deletion; and
  • Right to Appeal of a Denial of a consumer rights request.

    To exercise your rights or appeal a decision, please contact us via email at datarequest@druva.com.

Montana. If you are a resident of Montana, you may have the following Personal Data rights (subject to exceptions):

  • Right to Access;
  • Right to Correct inaccurate Personal Data;
  • Right to Data Portability;
  • Right to Non-Discrimination;
  • Right to Opt-Out of the sale of Personal Data, and the processing for targeting advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects;
  • Right to Deletion; and
  • Right to Appeal of a Denial of a consumer rights request.

    To exercise your rights or appeal a decision, please contact us via email at datarequest@druva.com.

Nevada. If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us at datarequest@druva.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account.

Oregon. If you are a resident of Oregon, you may have the following Personal Data rights (subject to exceptions):

  • Right to Access;
  • Right to Correct inaccurate Personal Data;
  • Right to Data Portability;
  • Right to Non-Discrimination;
  • Right to Opt-Out of the sale of Personal Data, and the processing for targeting advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects;
  • Right to Deletion; and
  • Right to Appeal of a Denial of a consumer rights request.

    To exercise your rights or appeal a decision, please contact us via email at datarequest@druva.com.

Utah. If you are a resident of Utah, you may have the following Personal Data rights (subject to exceptions):

  • Right to Access;
  • Right to Data Portability;
  • Right to Non-Discrimination;
  • Right to Opt-Out of the sale of Personal Data, and the processing for targeting advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects; and
  • Right to Deletion.

    To exercise your rights or appeal a decision, please contact us via email at datarequest@druva.com.

Virginia. If you are a resident of Virginia, you may have the following Personal Data rights (subject to exceptions):

  • Right to Access specific pieces of your Personal Data that Druva has collected about you;
  • Right to Confirm if Druva is processing Personal Data;
  • Right to Correct inaccurate Personal Data;
  • Right to Data Portability;
  • Right to Non-Discrimination;
  • Right to Opt-Out of the sale of Personal Data, and the processing for targeting advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects; and
  • Right to Appeal of a Denial of a consumer rights request.

    To exercise your rights or appeal a decision, please contact us via email at datarequest@druva.com.

Back to Top

Choice and Opt-Out

You may access, correct, or request deletion of the personal information we collect about you at any time by contacting us privacy@druva.com. We will respond to your request within a reasonable timeframe.

Druva may send you communications or data regarding our Site and services, including but not limited to (a) notices about your use of our Site and services, including those concerning violations of use, (b) updates, (c) promotional information and materials regarding our products and services, and (d) newsletters. You may opt out of receiving promotional emails and newsletters from Druva by following the unsubscribe instructions provided in those emails. Alternatively, you can opt out, at any time, by emailing privacy@druva.com with your specific request. Opt-out requests will not apply to transactional service messages, such as security alerts and notices about your current account and services.

If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please email privacy@druva.com.

Back to Top

Personal Data about Children

We do not knowingly collect any personal information directly from children under 16; if you are a child under 16, please do not attempt to register for or otherwise use the Sites or service or send us any Personal Data. If we discover we have received any personal information from a child under 16 in violation of this Policy, we will delete that information as soon as possible. If you believe we have any information from or about anyone under 16, please email privacy@druva.com.

Back to Top

Changes to This Policy

We are constantly trying to improve our services, so we may change this Policy to reflect changes to our information practices from time to time. If we make any changes to this Policy, we will change the “Last Updated” date above. If we make any material changes, we will notify you by email, sent to the e-mail address specified in your account, or by means of a notice on this Site. We encourage you to periodically review this Policy for the latest information on our privacy practices.

Back to Top

Email a Friend

If you choose to use our referral service to tell a friend about our Site, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit our Site. Druva stores this information and is only used for the sole purpose of sending this one-time email and tracking the success of our referral program.

Back to Top

Testimonials

We display personal testimonials of satisfied Customers on our Site and other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, please email privacy@druva.com.

Back to Top

Blogs and Forums

Our Site offers publicly-accessible blogs or community forums. These blogs and forums are created for general informational purposes only and do not constitute legal advice or a solicitation to provide legal services. Although we attempt to post complete, accurate, and up-to-date information, we assume no responsibility for its completeness, accuracy, or timeliness. You should be aware that any information you provide in these blogs or forums may be read, collected, and used by others who access them. To learn more, please visit our https://www.druva.com/terms-of-use/. To request removal of your personal information from our blogs or community forums, please email privacy@druva.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Back to Top

Social Media Widgets

Our Site includes social media features. Your use of these features may result in the collection or sharing of information about you. This may include your IP address, which pages you are visiting on our Site, and cookies to enable certain features to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy policies of the companies providing these features. We encourage you to carefully review the privacy policies and settings of any social media websites, services, and applications you access.

Back to Top

Data Protection Officer (DPO)

To communicate with our DPO, please address any questions, concerns, or comments to:

Hsinya Shen, General Counsel, DPO
2051 Mission College Blvd
Santa Clara, CA 95054, USA
privacy@druva.com

Back to Top

Contacting Us

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Any questions, concerns, or comments about this Policy should be addressed to:

Druva Inc.
2051 Mission College Blvd
Santa Clara, CA 95054, USA
privacy@druva.com

Back to Top

Druva means Druva Holdings, Inc., a Delaware, United States company, Druva Singapore Pte. Ltd., a Republic of Singapore company, Druva Data Solutions Private Limited, a Republic of India company, Druva Europe Limited, an England and Wales, United Kingdom company, Druva, Inc., a Delaware, United States company, Druva G.K., a Japan company, Druva GmbH, a Germany company, Silver Lining Cloud Consulting Limited (t/a CloudRanger), and all other Druva subsidiaries.

For prior versions of this Privacy Polcy, please contact privacy@druva.com.