Privacy Policy

1.     Transparency

A topic as dynamic as privacy requires transparency ‐ being open about the data we collect, how that data is used, and where/how long we store the data we collect.

Personal Data We Collect

Our primary reason for collecting data is to provide products and services to our customers.

(a) We collect your data when you:

• visit our offices or contact us;
• request information about our products and services;
• purchase and use our products and related services;
• respond to surveys, request whitepapers/newsletters/access to blogs;
• attend Magnet Forensics’ events and/or Magnet Forensics’ booth at tradeshows; and
• apply for employment at Magnet Forensics.

(b) Data we collect:

• names/addresses/emails/phone numbers, employment information and other types of contact information;
• use cases and other relevant information pertaining to how your organization uses our products and related services; and
• bank account information/ shipping address/ and other information needed to process orders.

(c) How we use the data we collect:

• fulfil contractual requirements;
• improve upon our products and services
• communicate information about Magnet Forensics to potential customers and customers; and
• hire and manage employees.

(d) Why we need the data we collect:

• Names/addresses/emails- for mailing offers, product information; event notification, surveys, quotes/invoices, product demonstration, evaluation and delivery.
• Phone numbers – for customer feedback, product inquiries and reporting/resolving support incidents.
• Employment information – for evaluating your potential to become a Magnet Forensics employee.

(e) Storage location of the data we collect:

• Your personal data is processed, hosted, and/or stored at Magnet Forensics’ Canadian office located at 2220 University Avenue East, Waterloo, Ontario, Canada.
• For certain business practices third‐party providers have limited access to your data. These third-party providers are typically vendors of cloud services or other IT hosting services located in Canada or USA. We also may provide your personal data to such third-party providers or our partners as part of the sales cycle. This can include both pre‐sales activities such as lead generation and activities related to processing orders. When using third‐party providers and partners, as required by applicable law, Magnet Forensics will enter into a data processing agreement to safeguard your privacy rights. When third‐party providers and partners are located outside the EU, Magnet Forensics ensures legal grounds for such international transfers by relying on cross-border transfer agreements or using the EU Model Clauses.

(f) How long we store the data we collect:

• We retain your personal data for as long as necessary to perform our contractual obligations to you and/or as required by law and as documented by our data retention policies. After this period, your personal data will be irreversibly destroyed. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.

(g) Joint Controllership of German Personal Data:

• Personal data of German data subjects collected for purposes of: (i) administering an employment relationship; (ii) facilitating the sale, license, and/or support of our products; or (iii) marketing and/or demand generation of our products and services, is subject to the joint controllership of Magnet Forensics Inc. and Magnet Forensics GmbH, as set out in an Agreement pursuant to Article 26(1) of the GDPR.

2.     Control

Should you believe that any personal data we hold on you is incorrect or incomplete, you can request to see this information, rectify it or have it deleted. Please contact us through a Data Subject Access Request Form located at www.magnetforensics.com/legal .

In the event that you wish to complain about how we have handled your personal data, please contact our General Counsel at dpo@magnetforensics.com or in writing at 2220 University Avenue East, Waterloo, Ontario, Canada. Our General Counsel will then investigate your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Government Data Protection Authority offices for your region and file a complaint with them.

3.     Accountability

The key areas of responsibilities for processing personal data lie with the following organizational roles:

• The Board of Directors is responsible for:
  • making decisions about, and approving Magnet Forensics general strategies on personal data protection.

• The General Counsel is responsible for:
  • managing the personal data protection program and the development and promotion of end‐ to‐end personal data protection policies; and
  • monitoring personal data laws and changes to regulations, developing compliance requirements, and assisting business departments in implementing Magnet Forensics’ Privacy Policy.

• The Chief Operations Officer is responsible for:
  • ensuring all systems, services and equipment used for storing data meet acceptable security standards;
  • performing regular checks and scans to ensure security hardware and software is functioning properly; and
  • passing on personal data protection responsibilities to suppliers and improving suppliers’ awareness levels of personal data protection as well as flow down personal data requirements to any third party a supplier uses.

• VP of Human Resources is responsible for:
  • educating and training all employees of Magnet Forensics’ on the requirement and processes of this Policy. Employees who violate this Policy will be subject to appropriate disciplinary action.

4.     Data Breach Practices

When Magnet Forensics learns of a suspected or actual personal data breach, the General Counsel performs an internal investigation and takes appropriate remedial measures in a timely manner, according to Magnet Forensics’ data breach practices. Where there is any risk to the rights and freedoms of data subjects, Magnet Forensics shall notify the relevant data protection authorities without undue delay and, when possible, within 72 hours.

5.     Using Magnet Forensics’ Products to View/Modify Personal Data

An end user of Magnet Forensics products may use the products to access certain cloud service applications (i.e. Google, Facebook, Instagram, Twitter, Dropbox, Microsoft 365, etc. – collectively referred to as “Cloud Apps”) and make certain actions, view, and/or modify personal data of individuals (“Data Subjects”) in their Cloud Apps. Use, and transfer to any other application of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. If an end user of Magnet Forensics products uses the products to interact with or collect personal data from Data Subjects, the end user is solely responsible for ensuring compliance with all applicable laws in connection with the collection and/or processing of personal data of the Data Subjects (including compliance with the personal data privacy policies of the Cloud Apps). If you are a Data Subject, please note that Magnet Forensics has no relationship with you whatsoever and its only relation is with the end user with whom you may interact. For any questions regarding the collection of your personal data or to amend your personal data, and for all other reasons, you must contact the end user.

6.     Cookies

Privacy Policy (Version 3.3) (October 26, 2021)