Privacy Statement

Statement of “Data Privacy Policy”

Regarding the Removal of Data on Nutanix Equipment

Introduction

This statement of policy explains Nutanix’s general practices for handling products as part of our return, repair, and disposal processes. It also provides guidance for removing data (as defined below) from Nutanix products before Customers return them to Nutanix, and an alternative option for Customers who do not wish to return their defective Hard Disk Drives (HDD) and Solid State Drives (SSD).

Definition

“Data” used in this statement of the policy means any data, facts, or other information generated or collected by a customer, including but not limited to information that enables identification of an individual, such as a name, email address, title, telephone number, employer, physical address, other contact information, birth date, or gender. Data also includes financial or other information, including social security number, driver’s license number, credit card number, account number, password and similar information, and any data identifying racial or ethnic origin, religious, philosophical or other beliefs, , records of criminal offenses and health conditions.

Statement of Volatility

The Nutanix products contains both volatile and non-volatile components. Volatile components lose their data immediately upon removal of power from the component. Non-volatile components continue to retain their data even after the power has been removed from the component. The product contains both HDDs and SSDs that retain customer data after the system is powered off. Data should be removed from these drives using locally approved methods before they are removed from a secured environment.

The Nutanix Statement of Volatility (SOV) is a detailed listing of system components and whether or not the component is volatile. Customers with security concerns may request this information to determine the proper handling of the hardware for situations such as RMA

Nutanix Policy in Handling Returned Products

It is the Customer’s responsibility to remove data from products before such products are returned to Nutanix. Nutanix bears no responsibility for the protection, safeguarding, or return of any data left on the products returned to Nutanix. Nutanix uses various vendors to repair or replace Customer’s defective returned products. These vendors use industry standard data privacy/protection policies to provide an additional layer of protection for data that may not have been removed from the defective part. All Products that are returned become Nutanix’s property. Nutanix will not be responsible for Customer’s or any third party’s software, firmware, information, or memory data contained in, stored on, or integrated with any Product returned to Nutanix for repair, whether under warranty or not. For any products deemed damaged beyond repair, Nutanix will not provide the certificate of destruction. For Customers who do not wish to return their defective HDD or SSD or please see the “Nutanix Non-Returnable Disk Drive (NRDK) Option” listed below.

Guidelines for Customer Removal of Data

For any non-volatile memory, e.g. Flash Memory, Node, Motherboards, SSD, HDD, and SATA DOM – please refer to product specific documentation for clearing memory content. We recommend that Customers use current industry tools and methodologies to remove data.

Nutanix Non-Returnable Disk Drive (NRDK) Option

Nutanix understands that when HDDs or SSDs require replacement, Customer may want to keep their hard drives in-house to protect their data in order to comply with their company data security compliance regulations. For this reason, Nutanix offers a NRDK option, which eliminates the need for Customers to return their defective HDD or SSD drives (see https://www.nutanix.com/support-services/product-support/support-policies-and-faqs). Customers pay annual charge per system (depending on the number and type of HDDs and SSDs) for being released from the obligation to return defective HDD or SSD products to Nutanix. The NRDK program can be added-on to your existing support packages, or purchased up front along with the system. The program applies to all models of the Nutanix product. The customer is responsible for disposing of the replaced HDD or SDD drives in accordance with their own data security compliance requirements or other applicable laws. If the NRDK option is not exercised by the customer at the time of original purchase, or prior to the return of disks, then the customer shall indemnify, defend, release, and hold harmless Nutanix from any and all claims and liabilities relating to confidential data that may be on a previously returned disk drive.

The information set forth in this policy is provided “as is” and is not considered a warranty or guarantee of any kind.