Riverbed knows that you care about how your information is used and shared, and Riverbed takes privacy and security very seriously. We’ve created this Privacy Resource Center to provide a centralized source of information about Riverbed’s privacy practices.

When Riverbed Acts as a Controller

• Riverbed’s General Privacy Policy applies to personal data collected through Riverbed’s websites, feedback and surveys, the sales and contracting process, and both online and offline sales and marketing activities.
• Riverbed’s CCPA Notice supplements Riverbed’s General Privacy Policy and describes the rights of California residents under the California Consumer Privacy Act of 2018 (“CCPA”).
• The EU Applicant and Candidate Privacy Policy applies to Riverbed’s collection and processing of personal data relating to EU job applicants and candidates during the application and recruitment process.
• The California Applicant Policy applies to Riverbed job applicants and candidates who are residents of California.

When Riverbed Acts as a Processor

• To learn more about the types of data collected and processed by Riverbed’s SaaS and/or hosted product offerings, please review our Privacy and Security Documentation.
• Riverbed offers a Data Processing Addendum that includes key GDPR-related assurances and incorporates the Model Clauses approved by the European Commission to address the transfer of personal data outside of the EEA.

Riverbed is committed to providing robust privacy and security assurances to our partners and customers. This page provides links to the Privacy and Security Documentation for Riverbed’s Cloud Services.

SteelCentral Aternity Cloud Service Privacy and Security Documentation

SteelCentral AppInternals Cloud Service Privacy and Security Documentation

European Union (GDPR)

The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that updates existing EU laws to strengthen the protection of “personal data”. The GDPR replaces the current patchwork of national data protection laws with a single set of rules, directly enforceable in each EU member state. The GDPR took effect on May 25, 2018.

What is the definition of “personal data”?

Personal data means any information relating to an identified or identifiable natural person, so called “data subjects”. Examples of personal data include:

• First and last name
• Job title
• Personal or business email address

The GDPR also makes clear that location data and online identifiers, such as IP addresses, are considered personal data.

Who must comply with the GDPR?

The GDPR applies to:

• Organizations established (i.e. have entities) in the EU.
• Organizations that offer goods or services (whether paid or free) to EU data subjects, regardless of where such organization is established.
• Organizations involved in the processing of personal data of EU data subjects, regardless of where such organization is established.

Under the GDPR, organizations processing personal data are categorized as “controllers”, or the entities which control personal data, and “processors”, the entities that process personal data on behalf of the controllers.

In the context of providing products and services to our partners and customers, generally Riverbed will be considered a processor, and the partner or customer will be considered a controller.

Riverbed is committed to GDPR compliance in connection with the delivery of our products and services to our partners and customers. Riverbed has a dedicated internal team made up of cross-functional stakeholders responsible for Riverbed’s ongoing GDPR compliance efforts. As part of its GDPR readiness efforts, Riverbed underwent a comprehensive assessment of where and how our relevant products and services collect, use, store and dispose of personal data. Our policies, governance and documentation were updated and Riverbed continues to monitor and revisit as needed. A high-level overview of Riverbed’s compliance efforts can be found at www.riverbed.com/gdpr.

CALIFORNIA (CCPA)

The California Consumer Privacy Act (CCPA) regulates the processing of personal information of individuals that reside in California.

Riverbed’s CCPA Notice  supplements our General Privacy Policy and describes what personal information Riverbed has collected, its source and the purpose for which such personal information is being used.

Under the CCPA, a “service provider” is any for-profit entity that processes a consumer’s personal information on behalf of another business and to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract. Riverbed acts as a service provider in the context of providing products and services to our partners and customers. In doing so, Riverbed does not process, retain or disclose personal information outside of the scope of the agreement with we have with customers of Riverbed products and services.