Metallic Privacy Notice
June 16, 2021
This Privacy Notice provides information for our customers, partners, suppliers and other individuals and organisations that we may have a business relationship with about how we collect, use and share personal data in connection with Commvault’s Metallic® offerings:
- Metallic® VM & Kubernetes Backup
- Metallic® File & Object Backup
- Metallic®Database Backup
- Metallic® Office 365 Backup
- Metallic® Endpoint Backup
- Metallic® Salesforce Backup
- Metallic® Backup for Microsoft Dynamics 365
- Metallic® Active Directory Backup
- Metallic® Security IQ
- Metallic® eDiscovery
- Metallic® Cloud Storage Service
- Metallic® Office 365 for Government Cloud
- Metallic® VM & Kubernetes for Government Cloud
- Metallic® File & Object for Government Cloud
- Metallic® Database for Government Cloud
- Metallic® Endpoint for Government Cloud
- Metallic® Salesforce for Government Cloud
- Metallic® File Migration
( referred to collectively as “Metallic® Offerings”)
Metallic is a Commvault venture. Commvault Systems, Inc. is headquartered in Tinton Falls, New Jersey, United States with offices around the world.
The EU representative and the main establishment for all our EU and United Kingdom affiliates for purposes of compliance with the GDPR is:
Commvault Systems International BV, Papendorpseweg 75-79, 3528 BJ Utrecht, the Netherlands.
The personal data that we collect and our basis for processing
For any data that is backed up or otherwise processed using any of the Metallic® Offerings our Customer remains at all times the Data Controller and Commvault acts as a Data Processor on behalf of the Customer. In certain variations of this scenario our Customer may act as Data Processor (e.g. when our Customer is acting on behalf of its’ affiliates, or where Metallic® Offerings are provided via authorized service providers) in which case Commvault acts as a Subprocessor. Mutual obligations of the parties are in details addressed by our Data Protection Addendum that forms part of the Terms & Conditions. In the event of a conflict between this Privacy Notice and the terms of any agreement(s) between Customer and Commvault, the terms of those agreement(s) will prevail. Due to the nature of backup & recovery provisioning and encryption involved the exact categories of data subjects and personal data types may vary depending on the exact use case. Metallic® Offerings enable our Customers to make choices regarding the exact scope of data processing and enable data management through built-in functionalities and privacy settings.
In connection with the backup & recovery and storage functionalities provided by Metallic® Offerings Commvault collects certain data as Data Controller under the following legal bases:
- Our legitimate business interests (art. 6.1.f) of the General Data Protection Regulation)and
- Legal obligation (art. 6.1.c) of the General Data Protection Regulation)
Personal data that we collect includes:
- Identification data: name and business contact details (such as email address, mailing address, contact phone number, position, company)
- Your interactions with us: other information you choose to provide an inquiry or complaint, seek customer support, respond to a survey, enter a contest or promotion, contact our representatives or content of social media messages, posts, likes and responses to and about
- Service usage and network information: such as usernames and passwords for admin users, license entitlement, IP address, login/logout, domain name, logs, time stamps of usage activities, account modification and account authentication metrics.
How we use personal data
Purposes for which we process personal data include:
- Providing Metallic® Offerings and services under applicable Terms and Conditions and/or Metallic Cloud Storage Service Online Subscription Agreement;
- Providing technical support, professional planning, advice, guidance, data migration, deployment, and solution/software development services, troubleshooting;
- Preventing, detecting, investigating, mitigating, and repairing problems, including security incidents;
- Preventing frauds;
- Marketing and leads generation;
- Internal analysis of customers – plan strategy and growth
- Ongoing Metallic® Offerings improvement (maintenance, including installing the latest updates and making improvements to the reliability, efficacy, quality and security);
- Sharing information with other members our corporate group;
- Managing third party relationships (customers, vendors, suppliers, media, business partners);
- Compliance with and enforcement of applicable legal requirements (e.g. maintaining records, litigation, mediation, arbitration, tax law, anti money laundering, trade sanctions, whistle-blowing, complying with data subject requests etc.).
Providing information to others
In case of selected Metallic® Offerings you can opt to use a supported cloud service provider of your choice as your Data Processor. If you opt to use Metallic® Cloud Storage Service – Microsoft Corporation shall act as your Sub-processor. In such scenarios respective third party’s terms will apply.
If you have not found the information you are looking for in this Privacy Notice (e.g. on your rights, international transfers, complaints process, retention periods or other), please:
- review Terms & Conditions (including the Data Processing Addendum), and relevant Product Documentation;
- reach out to us in accordance with Contact section below.
We regularly review and update this Privacy Notice. If we make a change, we will post the updated version on our site.
If you have any questions about this Privacy Notice, or would like to exercise your rights with respect to your personal data, please contact our Global Data Governance Officer via GDGO@commvault.com via or write to:
For U.S. and all locations other than EEA, UK and Switzerland:
Commvault Systems, Inc.
Attn: Legal Department & Global Data Governance Officer
1 Commvault Way
Tinton Falls, New Jersey 07724, United States.
For EEA, United Kingdom, Switzerland:
Commvault Systems International BV
Attn: Legal Department & Global Data Governance Officer
Papendorpseweg 75-79, 3528 BJ Utrecht, the Netherlands