Privacy Commitment - European Union

The following is a brief summary of how Netskope complies with applicable data privacy laws in Europe, including GDPR.

General Data Protection Regulation (GDPR) ePrivacy Directive Local Member State Laws Supervisory Authority Our Commitment to Data Protection Key Definitions Your Rights Under EU Data Protection Laws Our Responsibilities Our Compliance Measures

General Data Protection Regulation (GDPR)

The EU GDPR is a privacy regulation that came into effect on May 25, 2018, to protect the personal data of individuals within the EU and European Economic Area. It grants individuals rights over their data, such as access, correction, and deletion, and requires organizations to handle data transparently, securely, and with consent.

ePrivacy Directive

The ePrivacy Directive is an EU regulation that focuses on privacy and electronic communications. It complements the GDPR by specifically addressing confidentiality, data protection, and consent in online activities such as email marketing, messaging, and the use of cookies or tracking technologies. Adopted in 2002 and amended in 2009, it requires websites and digital services to obtain user consent before storing or accessing information on their devices, ensuring transparency about data usage.

Local Member State Laws

We also adhere to specific data protection laws in the EU member states where we operate.

By adhering to these regulations, we ensure the protection of personal data and comply with both legal and ethical standards, building trust with our stakeholders.

Supervisory Authority

Each EU member state has its own Data Protection Authority, responsible for overseeing compliance with GDPR and other national data protection laws. For a full list of DPAs, visit the European Data Protection Board website.

Our Commitment to Data Protection

At Netskope, safeguarding personal data and ensuring compliance with privacy laws are our top priorities. Below, we explain our approach to data protection as it relates to European privacy laws, your rights as an individual, and our responsibilities as a business.

Key Definitions

Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing Activities: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Your Rights Under EU Data Protection Laws

Under the GDPR, individuals have several rights regarding their personal data, including:

Right to Access: Obtain a copy of the personal data we hold about you.
Right to Rectification: Request corrections to inaccurate or incomplete data.
Right to Erasure: Have your personal data deleted in certain circumstances (“right to be forgotten”).
Right to Restriction: Limit the processing of your data under specific conditions.
Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format.
Right to Object: Object to processing based on legitimate interests, direct marketing, or profiling.
Rights Related to Automated Decision-Making: Challenge decisions made solely by automated means, including profiling.
Right to Withdraw Consent: If you have consented to data processing, you may withdraw it at any time, subject to legal or contractual obligations.

To exercise these rights, please visit our Exercise Your Rights Section.

Our Responsibilities

As a data processor, Netskope processes personal data on behalf of our customers and in accordance with their instructions. Our key responsibilities as a processor include:

We process personal data on behalf of our customers under clear contractual agreements, ensuring that all processing is conducted lawfully, fairly, and transparently.
We implement robust technical and organizational measures to safeguard personal data against unauthorized access, alteration, or loss.
We provide reasonable assistance to customers to help them meet their compliance needs. This may include working with customers to respond to third-party requests, providing information to demonstrate our security and privacy compliance measures, and helping customers complete risk assessments.

As a data controller, Netskope manages the processing of personal data related to employees, marketing activities, training courses, website users, and more. In this capacity, we ensure that:

Data processing is done for legitimate and transparent purposes.
Transparency is maintained by informing individuals about data usage and ensuring their rights to access, correction, and erasure.
Appropriate measures protect personal data from unauthorized access or loss.
Staff receive ongoing training, and internal policies are reviewed to ensure compliance with privacy laws, including GDPR, fostering a culture of data protection.
Procedures are in place to promptly report and address data breaches, including notifications to supervisory authority or affected data subjects when required.

Our Compliance Measures

We maintain strict data protection practices, including:

Europe-based data centers: Providing service selections to enable customers to restrict data location within the bounds of Europe.
Data Protection Policies: Establishing clear and comprehensive internal policies consistent with GDPR and other European States’ privacy laws.
Employee Training: Annual training for all employees on data protection responsibilities.
Data Audits: Netskope undergoes annual SSAE-18 SOC 2 Type II attestation through an independent, third-party auditor.
Security Measures: Technical and organizational measures such as utilizing encryption, securing storage, and having strict access controls are implemented to ensure an appropriate level of security, taking into account the nature, scope, context, purpose of the processing, and the risks for the rights and freedoms of natural persons.
Third-Party Assurance: All partners and vendors undergo security reviews involving a risk assessment and vetting procedure to ensure our partners and vendors meet our high standards.
Breach Management: Privacy and Security Incident Response Plan is well documented, implemented, and regularly reviewed and tested.
EU-based Data Protection Representative: Our Data Protection Representative, located in the EU, handles data protection inquiries, ensures compliance with the GDPR.

This page provides a high-level overview of our data protection practices under European data protection laws. We’re committed to protecting your data and ensuring transparency every step of the way.

If you have questions or concerns about how we handle your data, please contact our Data Protection Officer (DPO) at [email protected].

For more detailed information, please refer to our Privacy Policy or reach out to us directly.

European Union Privacy Commitment