Nutanix Data Privacy Framework Notice
Last Updated: September 8, 2023
Commitment to the DPF Principles
Nutanix is committed to protecting your privacy. This Data Privacy Framework Notice (“DPF Notice”) sets out the privacy principles we follow with respect to transfers of Personal Information from the European Economic Area ("EEA"), the United Kingdom (and Gibraltar) ("UK") and Switzerland to the United States, including Personal Information we: (i) process as part of our business operations, (ii) receive from individuals who visit our web and mobile sites or otherwise communicate or interact with us, (iii) receive regarding customers, end users, and business partners; and (iv) collect or process on behalf of, or for the benefit of, customers, including through the products and services we provide.
Nutanix, Inc. as well as its U.S. affiliates Minjar, Inc., Mainframe2, Inc., and Botmetric LLC (collectively, “Nutanix”, "we", "us", "our"), have certified its compliance with the EU-US Data Privacy Framework ("EU-US DPF"), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework ("Swiss-US DPF") regarding the collection, use and retention of Personal Information from the EEA, UK and Switzerland (collectively, the "DPF"). For the purposes of this DPF Notice, "Personal Information" means any data relating to an identified or identifiable individual, including, for example, name, address, telephone number and e-mail address, and "processing" means any operation performed on Personal Information, including collection, use, management, storage or disclosure.
Nutanix has certified to the US Department of Commerce that it adheres to: (i) the EU-U.S. Data Privacy Framework Principles with regard to the processing of Personal Information received from the EEA in reliance on the EU-US DPF and from the UK in reliance on the UK Extension to the EU-US DPF; and (ii) the Swiss-US Data Privacy Framework Principles with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-US DPF (collectively, the "DPF Principles”). The Federal Trade Commission has jurisdiction over our compliance with the DPF. If there is any conflict between the terms of this DPF Notice and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Personal Information Processed
The types of Personal Information we may receive in the United States, as well as the purposes for which we collect and use it, are set out in the Nutanix Privacy Statement.
We will give you an opportunity to opt out where Personal Information we control about you is to be disclosed to an independent third party or is to be used for a purpose that is materially different from those set out in the Nutanix Privacy Statement or subsequently provided to or authorized by you. If you otherwise wish to limit the use or disclosure of your Personal Information, please contact us using the details set out below.
Transfers to Third Parties
Information about the types of third parties to which we disclose Personal Information, the purposes for which we do so and the transfer mechanisms implemented are described in the Nutanix Privacy Statement.
If we have received your Personal Information in the United States and subsequently transfer that information to a third party acting as an agent, we will comply with the Accountability for Onward Transfer Principle, including ensuring that such agents have written agreements requiring them to provide at least the same level of protection as required by the DPF Principles and/or applicable law. If such third-party agent processes your Personal Information in a manner inconsistent with the DPF Principles, we will remain liable unless we can prove we are not responsible for the event giving rise to the damage.
Taking into account the type of Personal Information and risks involved in the processing, Nutanix will take reasonable and appropriate safeguards to help protect Personal Information from accidental or unlawful destruction, loss, alteration, and unauthorized access or disclosure.
Data Integrity and Purpose Limitation
Any Personal Information received by Nutanix will be used for the purposes indicated in our Nutanix Privacy Statement or as otherwise provided in a notice to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.
We take reasonable steps to: (i) limit the collection and use of Personal Information to that which is relevant for the purposes for which it was collected, and (ii) ensure that such Personal Information is reliable, accurate, complete and current.
We will retain your Personal Information in an identifiable form only for the period necessary to fulfill the purposes outlined in the Nutanix Privacy Statement unless a longer retention period is required or permitted by law or by the DPF Principles. We will adhere to the DPF Principles for as long as we retain the Personal Information collected under the DPF.
EEA, UK and Swiss residents have rights to access their Personal Information and request that Nutanix correct, amend, or delete it if it is inaccurate or processed in violation of the DPF. If you would like to exercise these rights, please fill out a Privacy Rights Request webform or contact us using the contact details provided below. Nutanix may request specific information from you to confirm your identity and we will respond to your request in accordance with the DPF Principles and applicable data protection laws.
You may also opt-out of receiving marketing communications from us by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by visiting the Nutanix Email Preference Center.
Requirement to Disclose
In certain situations, Nutanix may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security requirements, to enforce contractual obligations, or to meet law enforcement requirements.
Questions or Complaints
EEA, UK and Swiss individuals with inquiries or complaints regarding our DPF practices should first contact us by email at firstname.lastname@example.org or in writing to:
Attn: Legal Department/ Privacy Team
1740 Technology Drive, Suite 150
San Jose, CA 95110
We will investigate and attempt to resolve any DPF-related complaints or disputes within forty-five (45) days of receipt.
If you have an unresolved DPF complaint that we have not addressed satisfactorily, we have committed to refer unresolved DPF complaints to JAMS, which is an independent dispute resolution body located in the United States. These services are provided free of charge to you. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit here (JAMS) to file a complaint or for more information.
You may also have the option to select binding arbitration for the resolution of your complaint under certain circumstances. You can find out more about the DPF's binding arbitration scheme here.
The Federal Trade Commission has jurisdiction over our compliance with the DPF. Nutanix remains liable if it fails to meet its obligations under the DPF and is responsible for the event giving rise to damage.
Changes to this DPF Notice
We reserve the right to amend this DPF Notice from time to time consistent with the DPF requirements.