Metallic Privacy Notice
This Privacy Notice provides information for our customers, partners, suppliers and other individuals and organisations that we may have a business relationship with about how we collect, use and share personal data in connection with Commvault’s MetallicTM offerings:
- MetallicTM Core Backup & Recovery
- MetallicTM Office 365 Backup & Recovery
- MetallicTM Endpoint Backup & Recovery
Metallic is a Commvault venture. Commvault Systems, Inc. is headquartered in Tinton Falls, New Jersey, United States with offices around the world.
The EU representative and the main establishment for all our EU and United Kingdom affiliates for purposes of compliance with the GDPR is: Commvault Systems International BV, Papendorpseweg 99, 3528 BJ Utrecht, the Netherlands.
The personal data that we collect and our basis for processing
Primary scenario (Backup & Recovery in SaaS model):
For any data that is backed up using any of the Metallic (TM) Offerings our Customer remains at all times the Data Controller and Commvault acts as a Data Processor on behalf of the Customer. In certain variations of this scenario our Customer may act as Data Processor (e.g. when our Customer is acting on behalf of its’ affiliates, or where Metallic(TM) Offerings are provided via authorized service providers) in which case Commvault acts as a Subprocessor. Mutual obligations of the parties are in details addressed by our Data Protection Addendum that forms part of the Terms & Conditions. In the event of a conflict between this Privacy Notice and the terms of any agreement(s) between Customer and Commvault, the terms of those agreement(s) will prevail. Due to the nature of backup & recovery provisioning and encryption involved the exact categories of data subjects and personal data types may vary depending on the exact use case. Metallic(TM) Offerings enable our Customers to make choices regarding the exact scope of data processing and enable data management through built-in functionalities and privacy settings.
In addition to the core backup & recovery functionalities provided by Metallic(TM) Offerings Commvault collects certain data as Data Controller under the following legal bases:
- Our legitimate business interests (art. 6.1.f) of the General Data Protection Regulation)and
- Legal obligation (art. 6.1.c) of the General Data Protection Regulation)
Personal data that we collect includes:
- Identification data: name and business contact details (such as email address, mailing address, contact phone number, position, company)
- Your interactions with us: other information you choose to provide an inquiry or complaint, seek customer support, respond to a survey, enter a contest or promotion, contact our representatives or content of social media messages, posts, likes and responses to and about Metallic(TM)
- Service usage and network information: such as usernames and passwords for admin users, license entitlement, IP address, login/logout, domain name, logs, time stamps of usage activities, account modification and account authentication metrics.
How we use personal data
Purposes for which we process personal data include:
- Provision of the Backup and Recovery in SaaS model (Primary Scenario)
- Providing technical support, professional planning, advice, guidance, data migration, deployment, and solution/software development services, troubleshooting
- Preventing, detecting, investigating, mitigating, and repairing problems, including security incidents;
- Preventing frauds;
- Marketing and leads generation;
- Internal analysis of customers – plan strategy and growth
- Ongoing Metallic(TM) Offerings improvement (maintenance, including installing the latest updates, and making improvements to the reliability, efficacy, quality, and security);
- Sharing information with other members of the corporate group
- Managing third party relationships (Customers, vendors, suppliers, media, business partners)
- Compliance with and enforcement of applicable legal requirements (e.g. maintaining records, litigation, mediation, arbitration, tax law, anti money laundering, trade sanctions, whistle-blowing, complying with data subject requests etc.).
Providing information to others
In order to perform backup & recover in SaaS model we will share your data with cloud service provider of your choice. If you opt to use Microsoft Azure (TM) – Microsoft Corporation shall act as our Subprocessor.
In case of Metallic(TM) Core Backup & Recovery you can opt to use a cloud service provider of your choice as your Data Processor. In such scenario respective third party’s terms will apply.
I you have not found the information you are looking for in this Privacy Notice (e.g. on your rights, international transfers, complaints process, retention periods or other), please:
- review Terms & Conditions (including the Data Processing Addendum) and relevant Product Documentation;
- reach out to us in accordance with Contact section below.
We regularly review and update this Privacy Notice. If we make a change, we will post the updated version on our site.
If you have any questions about this Privacy Notice, or would like to exercise your rights with respect to your personal data, please contact our Global Data Governance Officer via GDGO@commvault.com via or write to:
For U.S. and all locations other than EEA, UK and Switzerland:
Commvault Systems, Inc.
Attn: Legal Department & Global Data Governance Officer
1 Commvault Way
Tinton Falls, New Jersey 07724, United States.
For EEA, United Kingdom, Switzerland:
Commvault Systems International BV
Attn: Legal Department & Global Data Governance Officer
Papendorpseweg 99, 3528 BJ Utrecht, the Netherlands