Skip to main content

Riverbed knows that you care about how your information is used and shared, and Riverbed takes privacy and security very seriously. We’ve created this Privacy Resource Center to provide a centralized source of information about Riverbed’s privacy practices.

Compliance with Privacy Laws

Key Riverbed cross-functional stakeholders, including Riverbed Legal and IT Security, oversee Riverbed’s ongoing compliance and risk management efforts. Riverbed’s privacy and risk management framework is designed to meet Riverbed’s obligations under the EU General Data Protection Regulation (GDPR) and other applicable global privacy laws.


When Riverbed Acts as a Controller:

  • Riverbed’s General Privacy Policy applies to personal data collected through Riverbed’s websites, feedback and surveys, the sales and contracting process, and both online and offline sales and marketing activities.
  • Riverbed’s CCPA Notice supplements Riverbed’s General Privacy Policy and describes the rights of California residents under the California Consumer Privacy Act of 2018 (“CCPA”).
  • The EU Applicant and Candidate Privacy Policy applies to Riverbed’s collection and processing of personal data relating to EU job applicants and candidates during the application and recruitment process.
  • The California Applicant Policy applies to Riverbed job applicants and candidates who are residents of California.

When Riverbed Acts as a Processor:

  • Riverbed offers a Data Processing Addendum that sets out the legal framework under which Riverbed processes Personal Data. Riverbed’s DPA includes key GDPR-related assurances and incorporates the Model Clauses approved by the European Commission to address the transfer of personal data outside of the EEA.

European Union (GDPR)

The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that updates existing EU laws to strengthen the protection of “personal data”. The GDPR replaces the current patchwork of national data protection laws with a single set of rules, directly enforceable in each EU member state. The GDPR took effect on May 25, 2018.

What is the definition of “personal data”?

Personal data means any information relating to an identified or identifiable natural person, so called “data subjects”. Examples of personal data include:

  • First and last name
  • Job title
  • Personal or business email address

The GDPR also makes clear that location data and online identifiers, such as IP addresses, are considered personal data.

Who must comply with the GDPR?

The GDPR applies to:

  • Organizations established (i.e. have entities) in the EU.
  • Organizations that offer goods or services (whether paid or free) to EU data subjects, regardless of where such organization is established.
  • Organizations involved in the processing of personal data of EU data subjects, regardless of where such organization is established.

Under the GDPR, organizations processing personal data are categorized as “controllers”, or the entities which control personal data, and “processors”, the entities that process personal data on behalf of the controllers.

In the context of providing products and services to our partners and customers, generally Riverbed will be considered a processor, and the partner or customer will be considered a controller.

Riverbed is committed to GDPR compliance in connection with the delivery of our products and services to our partners and customers. Riverbed has a dedicated internal team made up of cross-functional stakeholders responsible for Riverbed’s ongoing GDPR compliance efforts. As part of its GDPR readiness efforts, Riverbed underwent a comprehensive assessment of where and how our relevant products and services collect, use, store and dispose of personal data. Our policies, governance and documentation were updated and Riverbed continues to monitor and revisit as needed. A high-level overview of Riverbed’s compliance efforts can be found at

International Transfers of EU Personal Data

Please click here for information about the data transfer mechanisms used by Riverbed to transfer personal data out of the EU.


The California Consumer Privacy Act (CCPA) regulates the processing of personal information of individuals that reside in California.

Riverbed’s CCPA Notice  supplements our General Privacy Policy and describes what personal information Riverbed has collected, its source and the purpose for which such personal information is being used.

Under the CCPA, a “service provider” is any for-profit entity that processes a consumer’s personal information on behalf of another business and to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract. Riverbed acts as a service provider in the context of providing products and services to our partners and customers. In doing so, Riverbed does not process, retain or disclose personal information outside of the scope of the agreement with we have with customers of Riverbed products and services.

Cloud Services


The technical and organizational measures applicable to Aternity are described at

SaaS Accelerator

The technical and organizational measures applicable to SaaS Accelerator are described here.

Support and Professional Services

The technical and organizational measures applicable to Support and Professional Services are described here.