Riverbed knows that you care about how your information is used and shared, and Riverbed takes privacy and security very seriously. We’ve created this Privacy Resource Center to provide a centralized source of information about Riverbed’s privacy practices.
Compliance with Privacy Laws
Key Riverbed cross-functional stakeholders, including Riverbed Legal and IT Security, oversee Riverbed’s ongoing compliance and risk management efforts. Riverbed’s privacy and risk management framework is designed to meet Riverbed’s obligations under the EU General Data Protection Regulation (GDPR) and other applicable global privacy laws.
When Riverbed Acts as a Controller:
- The California Applicant Policy applies to Riverbed job applicants and candidates who are residents of California.
When Riverbed Acts as a Processor:
- Riverbed offers a Data Processing Addendum that sets out the legal framework under which Riverbed processes Personal Data. Riverbed’s DPA includes key GDPR-related assurances and incorporates the Model Clauses approved by the European Commission to address the transfer of personal data outside of the EEA.
European Union (GDPR)
The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that updates existing EU laws to strengthen the protection of “personal data”. The GDPR replaces the current patchwork of national data protection laws with a single set of rules, directly enforceable in each EU member state. The GDPR took effect on May 25, 2018.
What is the definition of “personal data”?
Personal data means any information relating to an identified or identifiable natural person, so called “data subjects”. Examples of personal data include:
- First and last name
- Job title
- Personal or business email address
The GDPR also makes clear that location data and online identifiers, such as IP addresses, are considered personal data.
Who must comply with the GDPR?
The GDPR applies to:
- Organizations established (i.e. have entities) in the EU.
- Organizations that offer goods or services (whether paid or free) to EU data subjects, regardless of where such organization is established.
- Organizations involved in the processing of personal data of EU data subjects, regardless of where such organization is established.
Under the GDPR, organizations processing personal data are categorized as “controllers”, or the entities which control personal data, and “processors”, the entities that process personal data on behalf of the controllers.
In the context of providing products and services to our partners and customers, generally Riverbed will be considered a processor, and the partner or customer will be considered a controller.
Riverbed is committed to GDPR compliance in connection with the delivery of our products and services to our partners and customers. Riverbed has a dedicated internal team made up of cross-functional stakeholders responsible for Riverbed’s ongoing GDPR compliance efforts. As part of its GDPR readiness efforts, Riverbed underwent a comprehensive assessment of where and how our relevant products and services collect, use, store and dispose of personal data. Our policies, governance and documentation were updated and Riverbed continues to monitor and revisit as needed. A high-level overview of Riverbed’s compliance efforts can be found at www.riverbed.com/gdpr.
International Transfers of EU Personal Data
Please click here for information about the data transfer mechanisms used by Riverbed to transfer personal data out of the EU.
The California Consumer Privacy Act (CCPA) regulates the processing of personal information of individuals that reside in California.
Under the CCPA, a “service provider” is any for-profit entity that processes a consumer’s personal information on behalf of another business and to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract. Riverbed acts as a service provider in the context of providing products and services to our partners and customers. In doing so, Riverbed does not process, retain or disclose personal information outside of the scope of the agreement with we have with customers of Riverbed products and services.