Nutanix Privacy Shield Notice

Nutanix EU-US, UK-US and Swiss-US Privacy Shield Notice

Effective: May 1, 2019

Commitment to the Privacy Shield Principles

Nutanix, Inc. and certain of its controlled US affiliates (collectively, “Nutanix”), has certified with the EU-US and Swiss-US Privacy Shield regarding the personal data we process on behalf of our customers in the European Economic Area (“EEA”), including the United Kingdom (“UK”), through our Offerings. Nutanix certifies that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data submitted by our customers in participating European countries through the Services, and our Privacy Shield certification is available here.

Data Processed

Any personal data we receive may be used by Nutanix for the purposes indicated the Nutanix Privacy Statement or as otherwise notified to you. We will not process personal data in a way that is incompatible with these purposes unless subsequently authorized.

We take reasonable steps to limit the collection and usage of personal data to that which is relevant for the purposes for which it was collected, and to ensure that such personal data is reliable, accurate, complete and current. Individuals are encouraged to keep their personal data with Nutanix up to date and may contact Nutanix as indicated in the Employee Privacy Policy or below or in the Nutanix Privacy Statement to request that their personal data be updated or corrected.

We will retain your personal data in an identifiable form only for the period necessary to fulfill the purposes outlined in the Nutanix Privacy Statement unless a longer retention period is required or permitted by law or by the Principles. We will adhere to the Principles for as long as we retain the personal data collected under the Privacy Shield.

When providing our Cloud Services, we process and retain personal data as necessary to provide our services as permitted in our agreement with customers, or as required or permitted under applicable law.

Third Parties

We use a limited number of third party providers to assist us in providing the Offerings to our customers. These third parties may access, process or store personal data in the course of providing these services, but based on Nutanix’s instructions only.

If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.

Questions or Complaints

Nutanix has an internal recourse mechanism here for handling privacy questions or complaints. If you are a resident of a European country participating in the Privacy Shield and you believe we maintain your personal data within the scope of this Privacy Shield certification, you may direct any questions or complaints concerning our Privacy Shield compliance to privacy@nutanix.com or at our mailing address:

Nutanix, Inc.
Attn: Legal Department/ Privacy Shield
1740 Technology Drive, Suite 150
San Jose, CA 95110
United States

We will work with you to resolve your issue.

Dispute Resolution

If you are a resident of a European country participating in the Privacy Shield and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from JAMS, which is an independent dispute resolution body in the United States.

We also commit to cooperate with competent EU, Swiss and UK data protection authorities (DPAs) with regard to our customers end users’ human resources data transferred from a European country participating in the Privacy Shield in the context of the employment relationship.

Arbitration

You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.

Cooperation with Data Protection Authorities

Nutanix is committed to cooperate with Data Protection Authorities in the EEA and UK and comply with the advice given by such Data Protection Authorities and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to human resources data transferred from participating European countries in the context of the employment relationship. 

US Federal Trade Commission Enforcement

Nutanix is committed to cooperate with Data Protection Authorities in the EEA and UK and comply with the advice given by such Data Protection Authorities and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to human resources data transferred from participating European countries in the context of the employment relationship.

US Federal Trade Commission Enforcement

Nutanix is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Right of Access

EU, UK and Swiss residents have rights to access, correct and delete their personal data, and to limit use and disclosure of their personal data. Nutanix honors these rights by responding to legitimate requests to access, correct, delete, limit use, or disclosure of personal data to our request site. Since Nutanix has a limited ability to access EEA and UK personal data where it acts as a data processor, requests we receive relating to EEA or UK personal data should include the name of the Nutanix customer who provided us with your data. We will refer such requests to the customer who provided us with your data and will support them in responding to the request.

Requirement to Disclose

Nutanix may be required to disclose personal data that we process under the Privacy Shield in response to lawful requests by public authorities, including to meet national security, to enforce contractual obligations, or law enforcement requirements.

Other Helpful Links: