Nutanix Privacy Shield Notice

Nutanix EU-US and Swiss-US Privacy Shield Notice

Last Updated: May 15, 2023

Advisory: As a result of the decisions issued from the Court of Justice of the European Union on July 16, 2020, and the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland on September 8, 2020, Nutanix no longer relies on the EU- U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework to provide an adequate level of protection for transfers of Personal Information from the European Economic Area (“EEA”) or Switzerland to the United States. To the extent Nutanix transfers Personal Information originating from the EEA or Switzerland to countries that have not been recognized as offering an adequate level of data protection by the relevant authorities, Nutanix relies on approved data transfer mechanisms as further detailed in the Nutanix Privacy Statement.

Commitment to the Privacy Shield Principles

Nutanix is committed to protecting your privacy.  This Privacy Shield Notice (“Notice”) sets out the privacy principles we follow with respect to transfers of Personal Information from the EEA and Switzerland to the United States, including Personal Information we: (i) process as part of our business operations, (ii) receive from individuals who visit our web and mobile sites or otherwise communicate or interact with us, (iii) receive regarding customers, end users, and business partners; and (iv) collect or process on behalf of, or for the benefit of, customers, including through the products and services we provide. Nutanix, Inc. as well as its affiliates Minjar, Inc., Mainframe2, Inc., and Botmetric LLC (collectively, “Nutanix”), have certified and continue to comply with the EU-US and Swiss-US Privacy Shield Frameworks regarding the collection, use and retention of Personal Information from the EEA and Switzerland. For the purposes of this Notice, "Personal Information" means any data relating to an identified or identifiable individual, including, for example, name, address, telephone number and e-mail address, and "processing" means any operation performed on Personal Information, including collection, use, management, storage or disclosure.

Nutanix has certified to the US Department of Commerce that it adheres to the Privacy Shield Principles (“Principles”) of notice, choice, onward transfer, security, data integrity, access, and enforcement for Personal Information received from the EEA and Switzerland in reliance on the Privacy Shield, and our Privacy Shield certification is available here. For more information about the Privacy Shield generally please visit https://www.privacyshield.gov.

If there is any conflict between the terms of this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Notice -Personal Information Processed

The types of Personal Information we may receive in the United States, as well as the purposes for which we collect and use it, are set out in the Nutanix Privacy Statement

Your choices

We will give you an opportunity to opt out where Personal Information we control about you is to be disclosed to an independent third party or is to be used for a purpose that is materially different from those set out in the Nutanix Privacy Statement or subsequently provided to or authorized by you. If you otherwise wish to limit the use or disclosure of your Personal Information, please  contact us using the details set out below.

Transfers to Third Parties

Information about the types of third parties to which we disclose Personal Information, the purposes for which we do so and the transfer mechanisms implemented are described in the Nutanix Privacy Statement.

If we have received your Personal Information in the United States and subsequently transfer that information to a third party acting as an agent, we will comply with the Accountability for Onward Transfer Principle, including ensuring that such agents have written agreements requiring them to provide at least the same level of protection as required by the Principles and/or applicable law. If such third-party agent processes your Personal Information in a manner inconsistent with the Principles, we will remain liable unless we can prove we are not responsible for the event giving rise to the damage.

Security

Taking into account the type of Personal Information and risks involved in the processing, Nutanix will take reasonable and appropriate safeguards to help protect Personal Information from accidental or unlawful destruction, loss, alteration, and unauthorized access or disclosure.

Data Integrity and Purpose Limitation

Any Personal Information received by Nutanix will be used for the purposes indicated in our Nutanix Privacy Statement or as otherwise provided in a notice to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.

We take reasonable steps to: (i) limit the collection and use of Personal Information to that which is relevant for the purposes for which it was collected, and (ii) ensure that such Personal Information is reliable, accurate, complete and current.

We will retain your Personal Information in an identifiable form only for the period necessary to fulfill the purposes outlined in the Nutanix Privacy Statement unless a longer retention period is required or permitted by law or by the Principles. We will adhere to the Principles for as long as we retain the Personal Information collected under the Privacy Shield.

Right of Access

EEA and Swiss residents have rights to access their Personal Information and request that Nutanix correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. If you would like to exercise these rights, please fill out a Privacy Rights Request webform or contact us using the contact details provided above. Nutanix may request specific information from you to confirm your identity and we will respond to your request in accordance with the Principles and applicable data protection laws.

You may also opt-out of receiving marketing communications from us by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by visiting the Nutanix Email Preference Center.

Requirement to Disclose

In certain situations, Nutanix may be required to disclose Personal Information that we process under the Privacy Shield in response to lawful requests by public authorities, including to meet national security, to enforce contractual obligations, or to meet law enforcement requirements.

Questions or Complaints

EEA and Swiss individuals with inquiries or complaints regarding our Privacy Shield practices should first contact us by email at privacy@nutanix.com or in writing to:

Nutanix, Inc.
Attn: Legal Department/ Privacy Shield
1740 Technology Drive, Suite 150
San Jose, CA 95110
United States

We will investigate and attempt to resolve any Shield-related complaints or disputes within forty-five (45) days of receipt.

If you have an unresolved Privacy Shield complaint that we have not addressed satisfactorily, we have committed to refer unresolved Privacy Shield complaints to JAMS which is an independent dispute resolution body located in the United States. These services are provided free of charge to you. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit here (JAMS) to file a complaint or for more information.

You may also have the option to select binding arbitration for the resolution of your complaint under certain circumstances.  To find out more about the Privacy Shield's binding arbitration scheme please see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield. Nutanix remains liable if it fails to meet its obligations under the Privacy Shield and is responsible for the event giving rise to damage.

Changes to this Notice

We reserve the right to amend this Notice from time to time consistent with the Privacy Shield's requirements.