Netskope

Australia Privacy Commitment

The following is a brief summary of how Netskope complies with applicable data privacy laws in Australia, including Australia’s Privacy Act 1988 and the Australian Privacy Principles (APPs).

Privacy Act of 1988 Supervisory Authority Our Commitment to Data Protection Key Definitions Your Rights Under the Privacy Act Our Responsibilities Our Compliance Measures

Privacy Act of 1988

The Privacy Act 1988 regulates how organizations collect, store, use, and disclose personal information. It applies to organizations with an annual turnover of more than AUD 3 million, as well as certain smaller businesses handling sensitive information or disclosing personal information for a benefit.

By adhering to the Privacy Act 1988 and applying the Privacy Principles, we ensure the protection of personal information and comply with both legal and ethical standards, building trust with our stakeholders.

Supervisory Authority

Australia’s data protection authority is the Office of the Australian Information Commissioner (OAIC). The OAIC provides oversight, guidance, and support for both individuals and organizations. You can find more information at OAIC’s official website.

Our Commitment to Data Protection

At Netskope, safeguarding personal information and ensuring compliance with privacy laws are our top priorities. Below, we explain our approach to data protection as it relates to Australian privacy laws, your rights as an individual, and our responsibilities as a business.

Key Definitions

Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not whether the information or opinion is recorded in a material form or not.
Sensitive Information: Information or an opinion about an individual’s racial or ethnic origin or political opinions or membership of a political association or religious beliefs or affiliations or philosophical beliefs or membership of a professional or trade association or membership of a trade union or sexual orientation or practices or criminal record that is also personal information.
Health information about an individual or genetic information about an individual that is not otherwise health information or biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.
Processing Activities: Actions like collecting, storing, using, or sharing of personal information.

Your Rights Under the Privacy Act

Under Australia’s Privacy Act 1988, individuals have several rights regarding their personal information, including:

Right to Access: Request access to the personal information we hold about you.
Right to Correction: Request corrections to any inaccurate or incomplete information.
Right to Withdraw Consent: Withdraw previously given consent for data processing activities.

To exercise these rights, please visit our Exercise Your Rights Section.

Our Responsibilities

As a data processor, Netskope processes personal information on behalf of our customers and in accordance with their instructions. Our key responsibilities as a processor include:

We process personal information on behalf of our customers under clear contractual agreements to ensure data processing is conducted lawfully, fairly, and transparently.
We implement robust technical and organizational measures to safeguard personal information against unauthorized access, alteration, or loss.
We provide reasonable assistance to customers to help them meet their compliance needs. This may include working with customers to respond to third-party requests, providing information to demonstrate our security and privacy compliance measures, and helping customers complete risk assessments.

As a data controller, Netskope manages the processing of personal information related to employees, marketing activities, training courses, website users, and more. In this capacity, we ensure that:

Data processing is done for legitimate and transparent purposes.
Transparency is maintained by informing individuals about information usage and ensuring their rights to access and correction.
Appropriate measures protect personal information from unauthorized access or loss.
Staff receive ongoing training, and internal policies are reviewed to ensure compliance with privacy laws, including the Privacy Act of 1988 and Australian
Privacy Principles, fostering a culture of data protection.
Procedures are in place to promptly report and address data breaches, including notifications to the OAIC or affected individuals when required.

Our Compliance Measures

We maintain strict data protection practices, including:

Australia-based data centers: Providing service selections to enable customers to restrict data location within the bounds of Australia.
Data Protection Policies: Establishing clear and comprehensive internal policies consistent with the Australian Privacy Principles and other Australian privacy laws.
Employee Training: Annual training for all employees on data protection responsibilities.
Data Audits: Netskope undergoes annual SSAE-18 SOC 2 Type II attestation through an independent, third-party auditor.
Security Measures: Technical and organizational measures such as utilizing encryption, securing storage, and having strict access controls are implemented to ensure an appropriate level of security, taking into account the nature, scope, context, purpose of the processing, and the risks for the rights and freedoms of natural persons.
Third-Party Assurance: All partners and vendors undergo security reviews involving a risk assessment and vetting procedure to ensure our partners and vendors meet our high standards.
Breach Management: Privacy and Security Incident Response Plan is well documented, implemented, and regularly reviewed and tested.

This page provides a high-level overview of our data protection practices under Australian data protection laws. We’re committed to protecting data and ensuring transparency every step of the way.

If you have questions or concerns about how we handle your data, please contact our Data Protection Officer (DPO) at [email protected].

For more detailed information, please refer to our Privacy Policy or reach out to us directly.