Nutanix Privacy Shield Notice
Last Updated: November 15, 2018
Commitment to the Privacy Shield Principles
Nutanix, Inc. and certain of its controlled US affiliates (collectively, “Nutanix”), has certified with the EU-US and Swiss-US Privacy Shield regarding the personal data we process on behalf of our customers through our Offerings. Nutanix certifies that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data submitted by our customers in participating European countries through the Services, and our Privacy Shield certification will be available here.
Any personal data we receive may be used by Nutanix for the purposes indicated the Nutanix Privacy Statement or as otherwise notified to you. We will not process personal data in a way that is incompatible with these purposes unless subsequently authorized.
We will retain your personal data in an identifiable form only for the period necessary to fulfill the purposes outlined in the Nutanix Privacy Statement unless a longer retention period is required or permitted by law or by the Principles. We will adhere to the Principles for as long as we retain the personal data collected under the Privacy Shield.
When providing our Cloud Services, we process and retain personal data as necessary to provide our services as permitted in our agreement with customers, or as required or permitted under applicable law.
We use a limited number of third party providers to assist us in providing the Offerings to our customers. These third parties may access, process or store personal data in the course of providing these services, but based on Nutanix’s instructions only.
If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.
Questions or Complaints
If you are a resident of a European country participating in the Privacy Shield and you believe we maintain your personal data within the scope of this Privacy Shield certification, you may direct any questions or complaints concerning our Privacy Shield compliance to firstname.lastname@example.org or at our mailing address:
Attn: Legal Department/ Privacy Shield
1740 Technology Drive, Suite 150
San Jose, CA 95110
We will work with you to resolve your issue.
If you are a resident of a European country participating in the Privacy Shield and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from JAMS, which is an independent dispute resolution body in the United States.
We also commit to cooperate with competent EU data protection authorities (DPAs) with regard to our customers end users’ human resources data transferred from a European country participating in the Privacy Shield in the context of the employment relationship.
You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.
US Federal Trade Commission Enforcement
Nutanix is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Right of Access
EU and Swiss residents have rights to access, correct and delete their personal data, and to limit use and disclosure of their personal data. Nutanix honors these rights by responding to legitimate requests to access, correct, delete, limit use, or disclosure of personal data to our request site. Since Nutanix has a limited ability to access EEA personal data where it acts as a data processor, requests we receive relating to EEA personal data should include the name of the Nutanix customer who provided us with your data. We will refer such requests to the customer who provided us with your data and will support them in responding to the request.
Requirement to Disclose
Nutanix may be required to disclose personal data that we process under the Privacy Shield in response to lawful requests by public authorities, including to meet national security, to enforce contractual obligations, or law enforcement requirements.
Other Helpful Links: