Aravolta Logo

Privacy Policy

Aravolta DCIM Privacy Policy

Effective date: March 30, 2025

Table of Contents

This Privacy Policy is designed to help as a website visitor or user of our services understand how Aravolta DCIM collects, uses, and shares your information in order to operate, improve, develop, and protect our services. We encourage you to read this policy thoroughly.

About Aravolta DCIM

Aravolta DCIM is a company that helps businesses align with HIPAA, SOC 2, and other information security compliance frameworks. Our business-to-business SaaS platform guides our customers through the compliance processes and may also include audit management, virtual CISO consulting services, and more.

About this Policy

This policy aims to provide a clear explanation of information Aravolta DCIM collects from and about you as a website visitor and/or user of our services and how we use and share it. Please note that this policy only applies to information that we collect, use, and share. This policy does not apply to any websites, products, or services provided by others, including our customers. If you would like to know more about their practices, we suggest reviewing their privacy policies. This policy does not apply to personal data about current and former Aravolta DCIM employees, job candidates, contractors and agents acting in similar roles.

Data We Collect

Identifiers

As part of customer on-boarding and in order to complete transactions we request the following identifiers during account set up: full name, business legal name, business address, email address, and business phone number.

Service provider authentication data

Aravolta DCIM's services allow you to establish technical integrations with certain service providers, thereby allowing Aravolta DCIM to access data on your behalf from such service providers. To enable such access, you may be required to provide the authentication data for your accounts such as Github and AWS as required by the applicable service provider.

Device data

When you use a device, like your smartphone, tablet, or computer, to view our website or interact with our services (including through a service provider's app), we may collect the following data about that device:

  • internet protocol (IP) address;
  • timezone setting and location, device location;
  • hardware model and operating system;
  • features within Aravolta DCIM's services you access;
  • browser data;
  • network data;
  • other technical data about the device (such as settings and preferences).

User activity

We collect your user activity on the Aravolta DCIM platform, for example, we may collect data on time spent on particular pages and buttons clicked on each respective page.

Data we receive about you from service providers

When needed for Aravolta DCIM to provide its services, the service providers you use may provide us with identifiers and commercial information about you as part of providing us with information about your use of the service providers and configurations in providers and configurations in place. Such information may include your name, email address, phone number, or information about your accounts and transactions.

Information we derive from the data we collect

We may derive additional information about you from the other categories of data we collect. For example, we may infer your geolocation or your annual income.

Cookies

We may collect and share cookie data from and with third parties when you visit our website, or we may allow third parties to collect this cookie data from our sites. Please see "Cookies and Similar Technologies" under "How We Share Your Data" below for more details.

Social networks

We may collect data when you interact with Aravolta DCIM through other means such as our marketing activities, social media accounts, and joint marketing activities in partnership with other services. Additionally, we may collect information through other individuals at your organization, individuals that have referred Aravolta DCIM to you, or third party services and datasets. For example, we may collect your name, social media handle, or email address.

How We Use Your Data

We do not sell or rent personal information that we collect. We use your information for the following business purposes:

  • Provide Aravolta DCIM's services;
  • Communicate with you for matters related to our services;
  • Provide support;
  • Help prevent fraud, verify identity, or protect privacy;
  • Provide assistance when serving as a liaison between you and lawyers, accountants, auditors, and other professional advisors;
  • Develop understanding and insights into your user experience;
  • Improve existing services, for example, by adding features and functionality;
  • Develop new services;
  • Respond to your support ticket requests and questionnaire or survey submissions;
  • Maintain business records;
  • Carry out referral requests;
  • Assist in compliance audits;
  • Market Aravolta DCIM's services;
  • Notify you of new services or products that we believe will be of interest to you;
  • Investigate potential misuse and misconduct of our services;
  • For legal purposes such as establishing and defending claims, to manage or transfer assets or liabilities such as an event of acquisition or merger; and
  • As directed by you or with your advance consent for other notified purposes.

How We Share Your Data

We do not share your data with non-affiliated third parties except as permitted by law (as authorized by 12 C.F.R. § 1016.14 and 1016.15, for example, to administer and enforce a transaction). Aravolta DCIM shares your personal data with third parties for the following reasons:

  • Service Provider Authentication Data. Aravolta DCIM will use your service provider authentication data to establish technical integrations with your service providers. Aravolta DCIM will refresh any service provider authentication data in its discretion to maintain access during the period in which Aravolta DCIM is providing the Aravolta DCIM service to you.
  • As Necessary to Provide the Services. Like most companies, Aravolta DCIM uses third-party services (e.g. cloud services) to process and host your data.
  • To Facilitate Audits, Penetration Tests, and other Services in Relation with Auditors, Consultants, Lawyers, or Other Related Third Parties. Aravolta DCIM, like many businesses, may hire other businesses to perform functions for customers in relation to the services provided.
  • To Prevent Fraud, Abuse, and Security Threats. Aravolta DCIM reserves the right in all cases to share your data with law enforcement, regulatory authorities, and other third parties as necessary to prevent fraud, abuse, or security threats.
  • Cookies and Similar Technologies. We may collect and share cookie data from and with third parties when you visit our website, or we may allow third parties to collect this cookie data from our sites. Cookies and similar technologies to measure web activity to provide you with a better user experience on our website and during the course of providing our services. A "cookie" is a unique numeric code that we transfer to your device so that we can keep track of your interests and preferences and recognize you as a returning visitor to the website and Service. If you choose not to accept cookies from us, you will still be able to access many of the features on our website and Service, but with certain limitations to access and functionality.
  • To Improve and Create. We share your data with third parties to help us to gain insights from your data to improve our services and develop new services, for example, we utilize large language models and APIs like ChatGPT.
  • Aggregated or Anonymized Data. We collect, use, and share data that has been aggregated or anonymized in a manner that does not identify you personally for any purpose permitted under applicable law. For example, creating or using aggregated or anonymized data helps Aravolta DCIM to develop new services, to facilitate research, and for analytics purposes to help assess the speed, accuracy, and/or security of our services.

Data Protection

Aravolta DCIM's security policies and practices are designed to protect the security, confidentiality, and integrity of your data. Aravolta DCIM implements security controls designed to limit access to this data to personnel who have a business reason to know it and prohibits its personnel from unlawfully accessing, using, or disclosing this data. Such practices include encryption of your data in transit and at rest, logging and monitoring access to your data, database backups, and segregated development and production environments. We also take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of personal information protection is implemented by the third parties who assist us in providing products and services to you.

Notes for EEA and UK End Users

For individuals in the European Economic Area ("EEA") or the United Kingdom ("UK"), Aravolta DCIM only processes your personal data when we have a valid legal basis to do so. Our legal basis for processing the data we collect will depend on what data we collected and the purpose for processing it. Generally, we will only collect and process your data where:

  • we are bound by any contract or agreement with you (for example, to comply with our end user services agreements).
  • we require your data to comply with our legal obligations under applicable law, to safeguard Aravolta DCIM's legal rights, and prevent and identify criminal activities such as fraud. For these purposes, Aravolta DCIM may find it necessary to share your personal data with entities such as courts and law enforcement agencies;
  • processing is necessary for our legitimate interests to effectively maintain the integrity of our services. This includes engaging in communication with you, and ensuring that Aravolta DCIM upholds the expected standards; or you have given your consent to do so.

To the extent we rely on consent to collect and process your data, you have the right to withdraw your consent at any time per the instructions provided in this policy.

Information Retention and Deletion

We retain your data only as long as it is needed. To determine whether the data is needed, we consider the reason your data was collected and used and any legal requirements to hold onto your data. We review your data periodically to ensure it is still needed to fulfill the purpose for which it was collected or any other legal requirements.

The exceptions to this may be if: (a) Aravolta DCIM needs your data to continue providing you with a Aravolta DCIM service you requested; (b) Aravolta DCIM is required by law to keep your data; (c) Aravolta DCIM needs your data to help prevent fraud or protect privacy, provide support, or investigate misuse and misconduct; (d) where Aravolta DCIM has anonymized your data such that it cannot be reidentified or (e) we request - and you specifically agree - to allow us to retain your data longer.

Your data will only be processed as required by law or in accordance with this policy.

Please refer to the "How to Exercise Rights in Your Data" section of this policy for options that may be available to you, including how to request deletion of your data. You can also contact us about our data retention practices using the contact information in the "Contacting Aravolta DCIM" section below.

Aravolta DCIM does not transfer data we collect about you across international borders.

How to Exercise Rights in Your Data

You may exercise the following rights related to your personal data, subject to some limitations and exceptions provided by law, and you will not be discriminated against for exercising them:

  • Access data collected about you;
  • Request access to more details about the categories and specific pieces of personal information we may have collected about you in the last 12 months (including personal information disclosed for business purposes);
  • Request, under certain circumstances, that we rectify or update your data that is inaccurate or incomplete;
  • Request, under certain circumstances, that we erase or restrict the processing of your data;
  • Object to our processing of your data under certain conditions provided by law;
  • Where processing of your data is based on consent, withdraw that consent;
  • Request that we provide data collected about you in a structured, commonly used and machine-readable format so that you can transfer it to another company, where technically feasible.

Please note that for an official record of your activities and history conducted through a service provider that may or may not be technically integrated with Aravolta DCIM, you should make that request directly to your service provider.

You can contact us as described in the "Contacting Aravolta DCIM" section below to exercise any of your data protection rights. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. We will consider requests and provide our response within a reasonable period of time (and within any time period required by applicable law). Please note, however, that certain data may be exempt from such requests, for example if we need to keep the data to comply with our own legal obligations or to establish, exercise, or defend legal claims.

Additionally, depending on where you live, you may have the right to make a complaint at any time to your (data protection) supervisory authority. For example, if you are in Canada, you may contact the Office of the Privacy Commissioner of Canada which you can find here. For end users in the EEA, you can find contact information for the European Data Protection Board (EDPB) on the EDPB's website here. For end users in the UK, you can find contact information for the Information Commissioner's Office (ICO) on the ICO's website here. For end users in Switzerland this is the Federal Data Protection and Information Commissioner which you can find here.

Children

Our services are not targeted or directed at children under the age of 16, and we do not intend to or knowingly collect or solicit personal information from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided personal information to us, we encourage the child's parent or guardian to contact us in accordance with the section Contacting Aravolta DCIM to request that we remove the information from our systems. If we learn that any personal information we collected has been provided by a child under the age of 16, we will promptly delete that personal information.

Contacting Aravolta DCIM

You may contact Aravolta DCIM to exercise rights in your data, to ask questions about our privacy policies and practices, and to file a complaint.

Contact Aravolta DCIM:

Aravolta DCIM

margarita@aravolta.com

If you believe the privacy laws relating to the protection of your personal information or this policy have not been respected, you may file a complaint with us. We will acknowledge your complaint, investigate it and provide you with a response within a reasonable period of time (and within any time period required by applicable law). If, after an investigation, your complaint is deemed justified, we will take appropriate steps to correct the situation, including, if necessary, amending our policies and practices. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. Please note, however, that certain data may be exempt from such requests, for example if we need to keep the data to comply with our own legal obligations or to establish, exercise, or defend legal claims.

Policy Changes

We may update or change this policy from time to time. If we make any updates or changes, we will post the new policy on this URL and update the effective date at the top of this policy.

© 2025 Aravolta DCIM. All rights reserved.