Privacy and Data Protection Policy
We at Skybox Security are committed to the privacy, confidentiality, and security of our customers and their end-users’ data. We invest vast resources towards maintaining the highest levels of data protection and privacy standards.
We are compliant with applicable laws and regulations, including the European General Data Protection Regulation (“GDPR”) and the California Consumer Protection Act (“CCPA”). We are constantly monitoring related regulatory changes and guidelines, as part of our commitment to remain compliant with the applicable laws.
Our Commitment with Regard to processing Personal Data
In order to provide our services, we may be required to process personal data, both of our customers or our customers’ end users.
Accordingly, during the operation of our services, we follow key privacy principles as those are set out in various global privacy frameworks:
Confidentiality and security
Skybox Security has implemented high standards of security measures to ensure the confidentiality of the personal data, in particular for preventing unauthorized access to or use of personal data. We follow and maintain the industry’s best practices in terms of security. In doing so we constantly review our physical, technical and organizational security measures, all in accordance with our documented internal policies in this regard.
Safeguarding data transfers
To ensure the above, we enter into applicable Data Processing Agreements (“DPAs”) with our customers and our vendors, to fully and accurately address the terms and conditions for data sharing between the parties. When needed, we employ legal safeguards to ensure an adequate level of data protection for international transfers.
Acting as a Data Processor
When we act as a “data processor” under the GDPR or a “service provider” under the CCPA for our customers, we take great care in acting only in accordance with the documented instructions of the applicable controller or business. We do not use the data for our own needs and cannot decide on any new purposes for its processing without the customer’s instructions. We also provide the necessary assistance to our customers in order to ensure that they can comply with their respective regulatory obligations.
We also enter into DPAs with our vendors (such as storage providers), who may process personal data on our behalf, to impose the relevant obligations on them and to ensure adequate protection of personal data.
Data protection is embedded as a major part in our work culture and throughout company’s solutions. In addition, to ensure that we comply and operate within the applicable regulatory frameworks, we have appointed a Data Protection Officer (DPO) and have demonstrated our compliance through internal and external facing policies and procedures.
Lawfulness and transparency
If you would like to learn more on Skybox Security’s data protection and privacy practices, please feel free to contact us at GDPR-DP@Skyboxsecurity.com