Industries
- Information and Communications Technology
- Cybersecurity
Participation
EU-U.S. Data Privacy Framework Framework: Inactive - Lapse
Swiss-U.S. Data Privacy Framework Framework: Inactive - Lapse
Purpose of Data Collection
Avanan processes all files and messages that an organization might store or transmit in a cloud-based service to determine policy compliance or malicious intent. Avanan has no control over the content of these files or messages, which may contain personal data. Once processed, the compliance status or malicious determination is stored as metadata, and the original files deleted after 14 days if non-malicious. A limited amount of personal data may be collected within the metadata to which noncompliant files or malicious code is attached such as email or IP address. The original message or file which could potentially contain personal information is neither stored nor shared with third parties, except in those cases in which the owner of the data has requested that Avanan send files and messages to a third party sub-processor for additional analysis. In these cases, the PrivacyShield and GDPR status of any third party sub-processor is determined and disclosed to the owner.
Dispute Resolution
Questions or Complaints?
If you have a question or complaint, please contact Avanan at:
Compliance Engineer
New York, New York 10001
Appropriate statutory body with jurisdiction to investigate any claims against Avanan regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission