Sysdig

Data Privacy Framework Notice

Data Privacy Framework Notice
Last updated December 2, 2024

Introduction

On 10 July 2023, the European Commission approved the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) as a valid transfer mechanism to comply with European Union (“EU”) data protection requirements when transferring Personal Data from the European Union to the United States. The decision concluded that the U.S. ensures an adequate level of protection for Personal Data that is transferred from the EU to U.S. companies under the EU-U.S. DPF. 

On 17 July 2023, the United Kingdom Extension to the EU-U.S. Data Privacy Framework (“UK Extension”) became effective. Sysdig, Inc. (collectively “Sysdig,” “we,” “us,” or “our”) participates in the EU-U.S. DPF and the UK Extension (collectively, the “Data Privacy Framework”) and we comply with the applicable principles laid out in the Data Privacy Framework (collectively, the “DPF Principles”).

Sysdig complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.  Sysdig has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

This Data Privacy Framework Notice (“Notice”) supplements our Sysdig Privacy Policy. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in our Privacy Policy.

Certification to the DPF Program

  1. Notice. The types of Personal Data we collect in the U.S., the purposes for which we collect and use such data,  the type and identity of third parties to which the organization discloses Personal Data, and the purposes of such disclosures to third parties are set out in Sysdig’s Privacy Policy and Sysdig’s Global Applicant and Employee Privacy Notice.
     
  2. Choice and Access. Pursuant to the EU-U.S. DPF and the UK Extension, EU and UK individuals have the right to obtain our confirmation of whether we process your Personal Data in the U.S. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you; we will respond within a reasonable timeframe to such requests. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the EU-U.S. DPF or the UK Extension should direct their query to [email protected]

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your Personal Data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Data, please submit a written request to [email protected].  

  1. Data Integrity and Purpose Limitation. We process and retain Personal Data consistently with the DPF Principles and for the purposes indicated in Sysdig’s Privacy Policy and Sysdig’s Global Applicant and Employee Privacy Notice or as otherwise notified to you. Consistent with the DPF Principles, we limit our processing of Personal Data to the information that is relevant for the purposes of processing.
  2. Accountability for Onward Transfer of Personal Data. Sysdig may transfer Personal Data for the purposes described in the Privacy Policy and Sysdig’s Global Applicant and Employee Privacy Notice. In particular, in certain instances, we may be required to disclose Personal Data in response to lawful request by public authorities. We remain liable for the processing of Personal Data received under the Data Privacy Framework and subsequently transferred to a third party acting as an agent if the agent processes such Personal Data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
  3. Security. Sysdig takes reasonable and appropriate precautions, taking into account the risks involved in the processing and the nature of the Personal Data, to help protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
     
  4. Recourse, Enforcement and Liability. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In compliance with the DPF, Sysdig commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU and UK individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the DPF should contact Sysdig at: [email protected] or through one of our other contact methods listed in our Privacy Policy. We will investigate and attempt to resolve any DPF-related complaints or disputes within forty-five (45) days of receipt.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Sysdig commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe are provided at no cost to you.

  1. Employment Data. Sysdig commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, in the context of the employment relationship.
  2. Amendment. This Notice may be amended consistent with the requirements of the Data Privacy Framework. When we update this Notice, we will also revise the “Last Updated” date at the top of this document or as otherwise required by the Data Privacy Framework.
  3. Questions or complaints. If you have any questions, concerns or complaints regarding our privacy practices, or if you’d like to exercise your choices or rights, you can contact us through the contact methods set forth in the Sysdig Privacy Policy and Sysdig’s Global Applicant and Employee Privacy Notice.

If your complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For more information on this option, please see Annex I of the EU-U.S. DPF.