Privacy Policy

Privacy Statement

Last Updated Feb 01, 2019

At Veracode, Inc. and our global subsidiaries: Veracode Limited, Veracode Securities Corporation, SourceClear Pte. Ltd., and SourceClear, Inc. (“Veracode,” “our,” “us,” or “we”), we care about your privacy and we are committed to protecting your information.

This Privacy Statement governs personal information Veracode collects from customers, event attendees and online visitors (“you” or “your”) in connection with your use of Veracode’s websites and Veracode’s products, applications and services (including support and education), and corporate meetings and other events (collectively, the “Services”) where we post or link to this Privacy Statement, as well as information we automatically collect from your online visits (e.g. data collected via cookies).

For the purposes of this Privacy Statement, “personal information” means any information that, by itself, can identify you or can be combined with other information to identify you.

CONTENTS

WHAT PERSONAL INFORMATION DOES VERACODE COLLECT ABOUT YOU?

HOW DOES VERACODE USE YOUR PERSONAL INFORMATION?

HOW DOES VERACODE SHARE YOUR PERSONAL INFORMATION?

HOW DOES VERACODE PROTECT YOUR PERSONAL INFORMATION?

WHAT CHOICES DO YOU HAVE REGARDING YOUR PERSONAL INFORMATION?

HOW DOES VERACODE USE COOKIES AND OTHER ONLINE TRACKING TECHNOLOGIES

HOW WILL YOU BE NOTIFIED ABOUT CHANGES TO THIS PRIVACY STATEMENT?

WHO SHOULD YOU CONTACT WITH INQUIRIES

PROVISIONS APPLICABLE TO INDIVIDUALS IN THE EU/EEA AND SWITZERLAND

EU/EEA/SWISS DEFINITIONS

NOTICE TO INDIVIDUALS LOCATED IN THE EU/EEA AND SWITZERLAND

EU/EEA/SWISS PERSONAL DATA VERACODE COLLECTS

EU/EEA/SWISS DATA PROTECTION PRINCIPLES

LEGAL BASIS OF PROCESSING PERSONAL INFORMATION

EU/EEA/SWISS PERSONAL DATA TRANSFERS TO INDEPENDENT THIRD PARTIES

HOW LONG VERACODE KEEPS EU/EEA/SWISS PERSONAL DATA

EU/EEA/SWISS PERSONAL DATA RIGHTS INCLUDING UNDER THE GDPR

PERSONAL DATA ACCESS

EXERCISING YOUR PERSONAL DATA ACCESS RIGHTS

OTHER EU/EEA/SWISS PERSONAL DATA RIGHTS

OTHER EU/EEA AND SWISS PROVISIONS

PRIVACY SHIELD FRAMEWORKS

 

WHAT PERSONAL INFORMATION DOES VERACODE COLLECT ABOUT YOU?

Personal Information You Provide

We collect personal information when you:

  • Purchase products or services;
  • Register for webcasts, seminars, conferences, or other events sponsored by us or one of our business partners;
  • Request quotes, services, product support, trials, whitepapers and related downloads, or additional information;
  • Join Veracode Communities;
  • Register for courses or education;
  • Subscribe to newsletters, promotional emails or other Veracode materials;
  • Participate in surveys, sweepstakes or contests;
  • Apply for a job or submit your resume/CV; or
  • Contact us.

Personal information we collect includes your name, business email address, business address, business phone number, title, home email address, home address, home phone number, job history, education, membership in organizations,

When we ask you to provide your personal information, we will advise you at the time of collection whether providing your personal information is necessary for your access to, or use of, Veracode’s products, programs, applications and/or services. When we ask for personal information through one of our registration pages on our website, you will have the option of not providing the information, in which case you may still be able to access other portions of the website, although you may not be able to access certain programs or services.

Personal Information from Other Sources

We may also obtain information about you from other sources and combine that with information we collect through our Services. For example, we may aggregate your personal information with information that you make publicly available on social media or third-party websites to better market our Services to you.

Information Automatically Collected

When you visit our websites, we automatically collect information about your visit, including pages you access, links you click, and actions you take in connection with Veracode’s Services. We also collect certain information from your web browser, such as your device’s operating system, application software, browser type and language, Internet Service Provider, Internet Protocol (IP) address, access times, and the websites you visited before and after our website(s). For more information on information that we automatically collect, please see the “cookies and other tracking technologies” section.

 

HOW DOES VERACODE USE YOUR PERSONAL INFORMATION?

We use your personal information to:

  • Provide and deliver the requested Services;
  • Send you transaction information, including confirmations and transaction status, product and services information, updates, security alerts, and support and administrative messages;
  • Administer your account, including verifying your information;
  • Respond to your comments and questions and provide customer support or other services;
  • Offer Live Chat assistance to facilitate the delivery of the requested Services;
  • Operate and improve our websites, products, and services;
  • Process and deliver sweepstakes and contest entries and rewards;
  • Ask you to take part in surveys used to measure our performance and improve our products, services and customer experience;
  • Communicate with you about new promotions and upcoming events;
  • Provide you with information about products and services offered by Veracode.
  • Plan and host corporate events, online forums, communities and social networks;
  • Link or combine with other information we get from third parties, to help understand your needs, and customize our offerings and market our Services based on your needs; and
  • Perform other functions or serve other purposes, as disclosed to you at the point of collection, or as otherwise required or allowed under applicable law.

Retention of Personal Information

Veracode retains your personal information data as long as is necessary to fulfill the purposes for which it was collected and in accordance with Veracode’s record retention policy and applicable law.

HOW DOES VERACODE SHARE YOUR PERSONAL INFORMATION?

We share your personal information with third parties for the purposes described below.

  • Veracode Subsidiaries. We share your personal information with our subsidiaries worldwide in order to improve our website and/or the Services, and to manage our customer relationships.
  • Third-Party Vendors/Service Providers. We rely on third-party vendors, consultants and other service providers to perform functions on our behalf and under our instructions in order to make our websites and the Services available to you. For example, we engage third parties to provide customer support relating to our products or cloud storage services or assist Veracode in protecting its systems.
  • Business Partners. We share your information with third parties with whom we do business, including in connection with your purchase of a Veracode product through a business partner or attendance at an event jointly hosted by Veracode and our business partner. Depending on Veracode’s business model and its global regional coverage, Veracode may not be able to provide the products or services directly to you. In those instances, Veracode discloses information to its business partners for reselling, marketing and other business purposes related to your demonstrated interest in our products and services. We share your personal information only with business partners who agree in writing to abide by applicable data protection laws and to protect your personal information and use it solely for the purposes specified by Veracode.
  • Legal Obligations and Rights. We disclose your personal information: (i) in connection with the establishment, exercise or defense of legal claims; (ii) to comply with laws or to respond to lawful requests or legal process; (iii) for fraud or security monitoring purposes (e.g., to detect and prevent cyberattacks); (iv) to protect the rights of Veracode or its employees; or (v) as otherwise permitted by applicable law.
  • Business Reorganization. We may share your personal information in connection with a sale or business transaction (e.g., merger or acquisition).

Veracode also uses or shares anonymized aggregate data (data from which personal information has been removed).

Except as described above, Veracode will not disclose your personal information to third parties for their own marketing purposes without your consent.

HOW DOES VERACODE PROTECT YOUR PERSONAL INFORMATION?

Veracode takes all reasonable steps to protect your information from loss, misuse, unauthorized access or disclosure, alteration, or destruction, including through the use of encryption when collecting or transferring personal information including credit card information.

WHAT CHOICES DO YOU HAVE REGARDING YOUR PERSONAL INFORMATION?

Email and Marketing

In most instances, Veracode gives you options with regard to the personal information you provide, including choices with respect to marketing materials. You may manage your receipt of marketing and non-transactional communications by: (i) clicking on the “unsubscribe” link located at the bottom of every Veracode marketing email; or (ii) checking certain boxes on our preference center which can also be found on forms we use to collect personal information.

HOW DOES VERACODE USE COOKIES AND OTHER ONLINE TRACKING TECHNOLOGIES

Cookies

Veracode uses “cookies” on its websites to enable you to sign in to Veracode’s services and personalize your online experience. A “cookie” is a small data file stored on your hard drive. By using cookies, the personal information you previously provided can be retrieved on your next visit to our website(s) so that your use of the website is more efficient.

Cookies are either session-based (which disappear after you close your browser) or persistent (which remain on your computer after you close your browser or turn off your computer). Veracode uses the following types of cookies:

  • Required cookies are essential to the core functioning of our website.
  • Performance cookies collect information about website visits to improve website performance, but do not collect personal information.
  • Functional cookies track your preferences, such as your preferred language or display settings, and customize the website to you. Some of these cookies may be required cookies.
  • Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our websites and our marketing campaigns.
  • Advertising cookies may be set through our website(s) by our advertising partners. Data may be collected by these companies that enable them to deliver customized advertisements on other websites that are relevant to your interests.

List of Temporary Cookies:

Cookie Name

When do cookies expire?

1st party or 3rd party across different sites

Description of Purpose

Has_is

Session cookie

3rd Party

 Checks to see if a visitor to the Sites is javascript enabled.

https://www.drupal.org/privacy

List of Permanent Cookies:

Cookie Name

When do cookies expire?

1st party or 3rd party across different sites

Description of Purpose

_utma, _utmb,

_utmc, _utmv,

_utmz

Expires after 24 months

3rd party

For Google Analytics across Veracode Sites. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout. You may also opt out of Google's use of cookies by visiting http://www.google.com/privacy/ads/.

_mkto_trk

Expires after 24 months

3rd party

Allow us to collect information about how you use the Veracode sites after receiving an email from us, including data such as how you arrived at the site, how often you have visited, and which pages you viewed. To opt out, you can disable cookies or unsubscribe from Veracode emails using the link on the bottom of the email.

http://www.marketo.com/trust/legal/privacy/

Drupal.toolbar.collapsed, Drupal.tableDrag.showWeight

Session cookie

3rd party

Set by the Veracode sites Content Management System (Drupal) upon arrival to the Veracode website.

https://www.drupal.org/privacy

Pcc, pvc, tuuid

Expires after 24 months

3rd party

Set by Demandbase, which uses the cookies to gather information in identifying companies/businesses visiting Veracode Sites.

http://www.demandbase.com/company/privacy-policy/

Some Veracode pages use cookies that permit select third party partners, including Google, to provide you Veracode related content, including Veracode advertisements, on their sites or elsewhere on the Internet. This is based on your prior visits to the Sites.

Additionally, third parties use cookies to allow you to link to social networking sites like Facebook, Twitter and LinkedIn. As noted below, you can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. You can control whether or not these cookies are used, but preventing them may stop us from offering you some services. Alternatively, you may use the third parties' own tools to prevent these cookies.

Managing Cookie Preferences

Many web browsers are set to accept cookies by default, and only you can manage your browser settings.

In addition to the options provided above, you may refuse or accept cookies from Veracode’s websites at any time by activating settings on your browser. Information about the procedure to follow in order to enable or disable cookies can be found on your Internet browser provider’s website via your help screen. You may wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on commonly used browsers. Please be aware that if cookies are disabled, not all features of Veracode’s websites may operate as intended.

You can adjust your cookie preferences by adjusting your browser so that it notifies you when cookies are sent to it or you can refuse cookies altogether. The Help function within your browser should explain how to do this. Alternatively, you may visit www.aboutcookies.org or www.allaboutcookies.org to obtain detailed information on how to prevent cookies from being set on your particular browser.

If you want to clear all cookies left behind by the websites you have visited, here are links where you can download programs that clean out tracking cookies:

To prevent your data from being used by Google Analytics, click here for instructions.

Some of our web pages use “Frames” to serve content to/from our business partners while preserving the look and feel of our website. A Frame is a part of a web page or browser window which displays content independent of its container, with the ability to load content independently. Please be aware that you are providing your Personal Information to these Third Parties and not Veracode.

If you want to opt-out of targeted interest-based advertising, please visit Network Advertising Initiative (NAI) Consumer Opt-Out website at http://www.networkadvertising.org/managing/opt_out.asp, or if you are located in the European Union/European Economic Area, please visit European Interactive Digital Advertising Alliance (EDAA) Your Online Choices website at http://www.youronlinechoices.eu/. Please note you will continue to receive generic ads.

 

Do Not Track

Certain browsers like Internet Explorer, Firefox and Safari offer a “Do Not Track” or “DNT” option that sends a signal to websites visited by the user about the user’s browser DNT preference setting. Because uniform standards for “Do Not Track” have not been established, Veracode does not process or respond to “Do Not Track” signals.

Web Beacons

Veracode also uses web beacons alone or in conjunction with cookies to compile information about your use of our websites and actions regarding emails from us. A web beacon is an electronic image that can be used to recognize a cookie on your computer when you view a web page or email message. Web beacons help Veracode measure the effectiveness of our websites and our advertising in various ways. For example, web beacons count the number of individuals who visit a particular web page after viewing an advertisement or identify the number of individuals who opened or acted upon a marketing email message.

Our third-party ad services providers also use aggregated information collected through web beacons and cookies about your visit to Veracode’s website(s) in order to deliver advertising relevant to your interests and to better understand the usage of our websites and the other sites tracked by these third parties. This Privacy Statement does not apply to, and we are not responsible for, third-party cookies, and Veracode encourages you to check the privacy policies of advertisers and/or ad services to learn about their use of cookies and other tracking technologies.

 

Social Media Accounts

Portions of our websites make chat rooms, forums, blogs, message boards, and/or news groups available to you. Please remember that any information that is disclosed in these areas could be made public so exercise caution when deciding to disclose any personal information. Also, please note that use of these portions of our website may be subject to additional terms. Additional information about community and support sites can be found at our Terms for Use on Veracode.com.

In addition, Veracode’s website(s) may include social media features, including the Facebook “Like” button. These features may collect your IP address and identify the web page you are visiting on Veracode’s website and may set a cookie to enable the feature to function properly. You may be given the option by that social media site to post information about your activities on Veracode’s website(s) to your profile page on that social media site. Your interactions with these features are governed by the privacy policy of the company that is providing them.

Third-Party Websites

Veracode’s websites may contain links to other third-party websites. This Privacy Statement does not apply to, and Veracode is not responsible for, the privacy practices or the content of such third-party websites, including business partner websites, and their use of personal information will be governed by their own privacy policies.

HOW WILL YOU BE NOTIFIED ABOUT CHANGES TO THIS PRIVACY STATEMENT?

Veracode may modify or update this Privacy Statement at any time without prior notice. If we make any changes to this Privacy Statement, we will change the “Last Updated” date at the beginning of this Privacy Statement. If we make material changes to this Privacy Statement that may impact individual rights, Veracode will make prominent note of such change on its website and within its products, services, programs and applications at least one month prior to the change taking place.

WHO SHOULD YOU CONTACT WITH INQUIRIES

If you have any questions, concerns, or comments about this Privacy Statement or our privacy practices, please contact Veracode via email at [email protected] with the words “PRIVACY STATEMENT” in the subject line. You may also reach out by regular mail to:



Veracode, Inc.

65 Network Drive

Burlington, MA 01803

Attention: Veracode Security Operations

PROVISIONS APPLICABLE TO INDIVIDUALS IN THE EU/EEA AND SWITZERLAND

The provisions of this Privacy Statement below are applicable between Veracode and individuals located in the EU/EEA and Switzerland.

EU/EEA/SWISS DEFINITIONS

'Consentor ‘Agree’ means your freely given, specific, informed and unambiguous expression of your wishes through a statement or other clear affirmative action such as checking a box or signing a consent form which indicates your agreement to Veracode’s Processing of personal data relating to you.

'Personal Data' means any Personal Information relating to you from which you can be identified, directly or indirectly, including name, identification number, location, online identifier such as your IP address or device ID, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity. It includes any personal information whether it is held in paper, electronic or any other format.

Process or Processing’ means any use of Personal Data including collecting, recording, organizing, structuring, storing, adapting or altering, amending, retrieving, consulting, sharing, disclosing, making available, aligning or combining, restricting, transferring outside the EU/EEA or erasing or destroying it.

‘Special Categories of Personal Data’ means Personal Data about an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, ideological views or activities, information on social security measures, trade union membership, health, sex life, sexual orientation and biometric data, or any past administrative or criminal proceedings and sanctions.

'Third Party' includes our business partners and service providers who Veracode authorizes to process your Personal Data or other information to help Veracode with the activities described in this Privacy Statement. It may include government bodies and public agencies and authorities.

NOTICE TO INDIVIDUALS LOCATED IN THE EU/EEA AND SWITZERLAND

Veracode has appointed a Privacy Officer as the person with responsibility for Veracode’s EU/EEA and Swiss data protection compliance. Veracode’s Privacy Officer can be contacted at by email at [email protected]. Questions about this Privacy Statement, or requests for further information, should be directed to Veracode’s Privacy Officer.

If you are located in the EU/EEA or Switzerland and Veracode’s business customer (the data “controller” under applicable laws) is using the Veracode Services to Process your Personal Data, you may contact Veracode’s business customer to object, restrict, access, correct, transfer (data portability) or delete your Personal Data. If you need help finding contact information for a Veracode business customer’s privacy office, please contact Veracode at [email protected].

EU/EEA/SWISS PERSONAL DATA VERACODE COLLECTS

In addition to the Personal Information listed above, when you apply for a job with Veracode, Veracode collects your current and past employment information. This includes information in paper, electronic or any other format, including:

  • Identification data such as name, home address, personal telephone number, personal e-mail address, date of birth, social security number, national insurance number, photograph, marital /dependent status, and emergency contact information;
  • Information concerning employment such as salary, work and compensation history, planned salary, earnings, paid time off, salary grade, performance information (including performance appraisal, performance and attendance records), decisions to offer employment, CVs/Resumes, employment applications, employment references and background verification information;
  • Financial information such as credit reports, bank account numbers, tax-related information, and salary-related information;
  • Past administrative or criminal proceedings and sanctions;
  • If disclosed to Veracode by the individual or discoverable by Veracode in open source media: Special Categories of personal data including ethnic origin; political opinions; religion or religious or philosophical beliefs; trade union membership; heath related data; sexual orientation and/or sex life. 
  • Other Information necessary for Veracode’s business purposes which may be voluntarily disclosed by you to Veracode.

For more information about Personal Information Veracode collects when you apply for a job, please contact Veracode’s Human Resources Department or [email protected].

EU/EEA/SWISS DATA PROTECTION PRINCIPLES

Veracode Processes EU/EEA and Swiss Personal Data in accordance with the following data protection principles:

  • Veracode Processes Personal Data lawfully, fairly and in a transparent manner consistent with applicable law;
  • Veracode collects Personal Data only for specified, explicit and legitimate purposes consistent with applicable law;
  • Veracode Processes Personal Data only where it is adequate, relevant and limited to what is necessary for the purposes of Processing consistent with applicable law;
  • Veracode keeps accurate Personal Data and takes all reasonable steps to ensure that inaccurate Personal Data is rectified or deleted without delay consistent with applicable law;
  • Veracode keeps Personal Data only for the period necessary for Processing consistent with applicable law;
  • Veracode adopts appropriate measures to make sure that Personal Data is secure, and protected against unauthorized or unlawful processing, and accidental loss, destruction or damage.

Veracode and/or its customer tells individuals located in the EU/EEA and Switzerland the reasons for Processing their Personal Data, how it uses their Personal Data and the legal basis for Processing by providing them this Privacy Statement and related notices, disclosures, and consent forms consistent with applicable law. Veracode will not process Personal Data for other reasons.

Veracode takes appropriate steps to ensure that Personal Data in its possession is accurate, complete, and current consistent with applicable law. However, all individuals in the EU/EEA or Switzerland are asked to inform Veracode’s relevant customer immediately about any changes in their Personal Data.

Veracode will not Process Personal Data that qualifies as Special Categories of Personal Data for purposes incompatible with those described in this Privacy Statement unless the Processing is:

  • (a) permitted by applicable UK, EU/EEA or Swiss law;
  • (b) necessary for administering justice or for exercising statutory, governmental, or other public functions;
  • (c) necessary for the establishment of legal claims or defenses;
  • (d) in the vital interests of an individual in in the EU/EEA or Switzerland or another person;
  • (e) required to provide medical care or diagnosis; or
  • (f) necessary to carry out Veracode’s legal obligations under applicable law.

LEGAL BASIS OF PROCESSING PERSONAL INFORMATION

In order to collect, use and otherwise process your personal information, Veracode relies on the following legal bases:

  • To fulfill any contractual obligations, such as where you have purchased a product or service from Veracode. For example, we may require your contact details in order to deliver your order if you have purchased a product from us.
  • Veracode’s legitimate interest in providing its websites and making the Services available to you, provided our interest is not outweighed by the risk of harm to your rights and freedoms.
  • Your consent, where Veracode has obtained your consent to process your personal information for certain activities. You may withdraw your consent at any time by contacting [email protected]. However, please note that your withdrawal of consent will not affect the lawfulness of any use of your personal information by Veracode based on your consent prior to withdrawal.
  • For compliance with Veracode’s legal obligations where applicable laws require Veracode to process your personal information.

If you have any questions or would like more information regarding the legal basis on which Veracode collects your personal information, please contact us at [email protected].

EU/EEA/SWISS PERSONAL DATA TRANSFERS TO INDEPENDENT THIRD PARTIES

Veracode will disclose Personal Data to Third Parties other than those identified above only if:

  • required by law or legal process (e.g., lawful requests by public authorities, including disclosures to law enforcement authorities in connection with their duties or to meet national security requirements);
  • to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.
  • to protect and defend the legal rights, property/or and legitimate interests of Veracode and/or members of its workforce, customers, business partners, Sub-contractors and/or Third Parties; or
  • where necessary for Veracode to perform a contractual obligation owed to a customer, member of its workforce or for other lawful purposes.

HOW LONG VERACODE KEEPS EU/EEA/SWISS PERSONAL DATA

Veracode will hold Personal Data

  • for the duration legally required or permitted by applicable law; and
  • as long as it is necessary to comply with Veracode’s legal obligations or to resolve disputes and/or enforce our agreements.

EU/EEA/SWISS PERSONAL DATA RIGHTS INCLUDING UNDER THE GDPR

Individuals in the EU/EEA and Switzerland have a number of rights in relation to their Personal Data. Veracode will maintain a program to ensure compliance with this Privacy Statement. All Veracode workforce members whose responsibilities include the Processing of EU/EEA/Swiss Personal Data are required to adhere to this Privacy Statement and any implementing policies. Failure to do so is deemed a serious offence, for which disciplinary action may be taken, potentially resulting in termination of employment. Equally, the misuse of Personal Data by an individual or organization acting as a Sub-contractor, or service provider to Veracode is deemed a serious issue for which action may be taken, potentially resulting in the termination of any agreement. Veracode will assist individuals in the EU/EEA and Switzerland in protecting their privacy and will provide them opportunities to raise concerns about the Processing of their Personal Data.

PERSONAL DATA ACCESS

Individuals in the EU/EEA and Switzerland have the right to make Personal Data access requests. If an individual makes such a request, Veracode will provide the information requested which may contain some or all of the following information, along with other information as required by applicable law:

  • Whether or not his/her Personal Data is Processed and if so why, the categories of Personal Data Processed and the source of the data if it is not collected from the individual consistent with applicable law, Veracode’s obligations to its customer’s and;
  • To whom his/her Personal Data is or may be disclosed consistent with applicable law, Veracode’s obligations to its customers, including to recipients located outside the EU/EEA or Switzerland and the safeguards that apply to such data transfers; and
  • For how long his/her Personal Data is stored (or how that period is decided).

Disclosures by Veracode will normally be in electronic form if the requester has made a request electronically unless he/she agrees otherwise.

If the requestor wants additional copies, Veracode charges a reasonable fee, which will be based on the administrative cost to Veracode of providing the additional copies.

EXERCISING YOUR PERSONAL DATA ACCESS RIGHTS

To make a personal data access request, individuals in the EU/EEA or Switzerland should send their request to Veracode’s Privacy Officer by email at [email protected] with the words “Data Subject Access Request ” in the subject line.

You may also contact Veracode by regular mail to:



Veracode, Inc.

65 Network Drive

Burlington, MA 01803

Attention: Veracode Security Operations

Veracode may need to ask for proof of identification before a request can be processed. Veracode will inform the requestor if it needs to verify his/her identity and the documents it requires

Veracode will normally respond to a request within a period of 30 days from the date a request is received. In some cases, such as where Veracode Processes large amounts of the individual’s data, it may respond within 90 days of the date the request is received. Veracode will write to the requestor within 30 days of receiving the original request to tell him/her if more time is needed to complete the response to their request.

If an EU/EEA or Swiss individual submits a request which is manifestly unfounded or excessive, Veracode is not required to comply with it. Alternatively, Veracode can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request.

OTHER EU/EEA/SWISS PERSONAL DATA RIGHTS

Individuals in the EU/EEA and Switzerland also have a number of other rights in relation to their Personal Data. They can request Veracode to:

  • Correct inaccurate Personal Data to the extent consistent with applicable law and Veracode’s obligations to its customers;
  • Stop Processing or erase Personal Data that is no longer necessary for Veracode’s purposes of Processing to the extent consistent with applicable law and Veracode’s obligations to its customers;
  • Stop Processing or erase Personal Data if the individual's interests override Veracode’s legitimate grounds for processing the Personal Data including to the extent consistent with applicable law and Veracode’s obligations to its customers;
  • Stop processing or erase Personal Data if the processing is unlawful; and/or
  • Stop processing Personal Data for a period if the requestor asserts the Personal Data is inaccurate or if there is a dispute about whether or not the requestor's interests override Veracode's legitimate grounds for processing the Personal Data.

Where Veracode determines that the requestor’s Personal Data is accurate to the extent consistent with applicable law, Veracode will include in Veracode’s Personal Data file the alternative text that the requestor believes to be appropriate alongside Veracode’s original information. If it is determined that the Personal Data needs to be updated or corrected by Veracode, Veracode will use reasonable efforts to inform the relevant Veracode customer and Third Parties which were provided with the information previously.

To ask Veracode to take any of these steps, individuals in the EU/EEA or Switzerland should contact Veracode by email at [email protected] with the words “DATA SUBJECT REQUEST” in the subject line.

You may also contact Veracode by regular mail to:



Veracode, Inc.

65 Network Drive

Burlington, MA 01803

Attention: Veracode Security Operations

Individuals in the EU/EEA and Switzerland may also make data privacy and/or data use complaint about Veracode to the UK Information Commissioner’s Office (ICO) Here; or by calling the UK ICO helpline at 0303-123-1113. Individuals in Switzerland can also make a complaint to the Swiss Federal Data Protection and Information Commissioner Here. Individuals in the EU/EEA can also make a complaint to the Data Protection Authority in the EU/EEA Member State where they live or work or where an alleged infringement of applicable data protection law occurred listed here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

OTHER EU/EEA AND SWISS PROVISIONS

International Transfers of Personal Information

Veracode’s website is provided from within the United States and is subject to the state and federal laws of the United States. If you are located outside of the United States, your Personal Data is being transferred to, stored, used and shared in the United States. 

If you are located in the European Union, European Economic Area or Switzerland, Veracode transfers your personal information to other Veracode entities located in many different countries around the world if required for the purposes described in this Privacy Statement. This may include the transfer of your personal information to countries outside your home country, including outside the European Economic Area (EEA), which may not have the same level of protection as your home country. For example, since Veracode is headquartered in the United States (US), Veracode entities in the EEA may need to send your personal information to our servers located in the US for legitimate business purposes. In order to provide adequate protection for the transfer of your personal information, we rely on various legal mechanisms, including our Privacy Shield certifications, EU Standard Contractual Clauses and/or the need to process your personal information in order to provide the requested products or services.

Personal Data is also transferred by Veracode to countries outside the EU/EEA or Switzerland for Veracode’s legitimate interests in processing Personal Data where necessary to perform its obligations to its customers and to exercise its rights and fulfill its duties under law.

PRIVACY SHIELD FRAMEWORKS

EU-US and Swiss-US Privacy Shield Frameworks

Veracode complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (including Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Privacy Shield. Veracode has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this Privacy Statement and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Veracode is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain Veracode’s confirmation of whether we maintain personal information relating to you in the United States. Upon your request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to [email protected]. If requested to remove data, we will respond within a 30 days.

We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].

Veracode’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Veracode remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Veracode proves that it is not responsible for the event giving rise to the damage.

Veracode may be required, in certain circumstances, to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Veracode commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Veracode by email at [email protected] with the words “PRIVACY STATEMENT” in the subject line.

You may also contact Veracode by regular mail to:



Veracode, Inc.

65 Network Drive

Burlington, MA 01803

Attention: Veracode Security Operations

Veracode has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our US-based third party dispute resolution provider (free of charge) at ICDR/AAA operated by the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR/AAA). If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://go.adr.org/privacyshield.html for more information and to file a complaint. This service is provided free of charge to you.

If your complaint involves employment or human resources personal data transferred to the United States from the EU and/or Switzerland in the context of your employment relationship with Veracode, and Veracode does not address it satisfactorily, Veracode commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel and/or Commissioner, as applicable with regard to such employment or human resources personal data. To pursue an unresolved employment or human resources personal data complaint, you should contact the state or national data protection or labor authority where you live or work. Complaints related to employment or human resources personal data should not be addressed to the ICDR/AAA operated by the International Centre for Dispute Resolution.

Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

 

 

contact menu