Privacy Policy

Datto, Inc. and its subsidiaries worldwide (“Datto”) respect your privacy. This Privacy Policy covers Datto’s practices for the Datto websites or mobile applications (“Sites”) that link to this Policy as well as to the products, services and web-based applications provided by Datto (our “Products”). This Policy, including the following individual Privacy Notices that may be presented at the time and/or in the context in which Datto collects certain Personal Data, describe our privacy practices. These individual Privacy Notices supplement and are incorporated into this Privacy Policy to describe in more detail the Personal Data collected, its purposes and our practices with respect to certain business functions:

We describe in more detail our practices related to our marketing, sales and website practices in our Marketing Privacy Practices Notice.

We describe in more detail our practices related to the purchase, registration, use and management of our Products in our Portal Privacy Practices Notice which appears in our product management portals that are restricted to registered users.

We describe in more detail our practices related to our employment recruiting efforts in our Recruiting Privacy Practices Notice.

Privacy Requests and Marketing Preferences

If you would like to submit an individual privacy request as or on behalf of an individual, please follow this link.

If you would like to opt out of receiving general marketing communications from us in the future, or to update your communication preferences, please visit our Preference Center at http://pages.datto.com/DattoSubscriptionCenter.html.

Please note that you may not opt out of receiving communications from us related to your use, support or payment for our Products.

What is Personal Data

Personal Data is information relating to identified or identifiable individuals (including individual representatives of companies, such as employees or administrators). Datto collects Personal Data to market, sell, provision, manage and support our Products and to run our business. Datto, Inc. is the controller of such Personal Data, and unless otherwise noted, the remainder of this Privacy Policy applies to Datto’s collection and use of Personal Data for which we are a controller.

Datto also processes Personal Data we receive in our role as a service provider for our customers who use our Products. We are a processor of such Personal Data that is submitted to us by our customers who are authorized to do so by the controllers of such data or who are the controllers of such data. If you would like to inquire about or exercise any rights you may have with respect to data that is provided to us in our capacity as a processor, you should reach out to that Datto customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Privacy Policy.

Information that does not and cannot be used to directly or indirectly identify an individual is not Personal Data. This can be aggregated information about a group or category of data or data that has been de-identified so that it cannot be attributed to any individual. We may use and share such information to improve our Sites and our Products, develop new products, understand and/or analyze usage, demand, and general industry trends, develop and publish white papers, reports, and generally for any purpose related to our business. Our practices described in this Privacy Policy do not apply to nor restrict our collection and use of such data.

When and for what purposes do we collect Personal Data

Datto collects Personal Data when someone visits our Sites, fills out a form or provides information on our Sites or on websites hosted on our behalf, submits an email or other inquiry to us, communicates with us in person, by phone or by email, enters a contest, visits our offices, applies for employment, posts on one of our community forums, provides feedback, registers for or attends a Datto event or webinar, purchases or uses a Product, registers for or logs on to one of the product management portals that are restricted to registered users, or requests support for a Product.

We use Personal Data to fulfill the purpose for which the data is collected, such as to provide a requested product demonstration, to manage event or product registrations, or to process billing for our Products. We also use Personal Data we collect to maintain the security of Sites and Products and to run and manage our business.

Please consult our individual Privacy Notices for more details about the types of Personal Data we collect for certain business functions, when it is collected and the purposes for which it is collected.

How does Datto Collect Personal Data

We collect Personal Data from several categories of sources.

We collect Personal Data that you give us directly such as when you fill out a form, sign in as a visitor to our office, apply for employment, purchase a Product, register for an event or otherwise communicate with us.

We collect Personal Data from other sources such as public databases, third party providers of business contact information, third party websites that we make available to you, recruitment services, social media sites, and public websites.

We also use information-gathering tools such as cookies and similar technologies that automatically collect information that may contain Personal Data from your computer or mobile device when you use our Products, visit our Sites or interact with emails from us.

How we may Share Personal Data

Datto may share Personal Data in the following circumstances:

to and among corporate subsidiaries and affiliates for the purposes described and consistent with the practices in this Policy;

to vendors, consultants or other service provider companies that provide services that help us with our business activities such as processing Customer payments, customer relationship management services, marketing, data analytics, security and enterprise resource planning. These companies are authorized to use Personal Data only as necessary to provide these services to us;

with other companies whose products or services we think may be of interest to you in joint marketing and support efforts. We will obtain your consent where required for such joint marketing efforts.

Datto may also disclose such Personal Data to a third party in the following limited circumstances:

as needed to enforce Datto’s Terms of Use, policies and any other contractual relationships with our customers;

when we have a good faith belief that the disclosure is necessary to prevent or respond to fraud, defend our Sites or Products against possible attacks, or protect the property and safety of Datto, our Customers or the public;

as required by law, such as to comply with a subpoena, warrant, regulatory oversight or similar legal process;

in connection with any potential sale, transfer, merger, consolidation or other transaction involving all or part of our company or its subsidiaries and affiliates.

Please consult our individual Privacy Notices for more details about the types of Personal Data we may share, the purposes for sharing it, and the categories of recipients.

International Transfers of Personal Information

We may transfer Personal Data to countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which the information was initially provided. When we transfer Personal Data to other countries, we will protect that Personal Data as described in this Privacy Policy.

Datto validates transfers of Personal Data, for which Datto is a controller, from the European Economic Area, Switzerland and the United Kingdom to the U.S. and to areas other than the U.S. through use of the European Commission Standard Contractual Clauses.

Datto’s Commitment to Securing Personal Data

Datto is committed to protecting all Personal Data we collect and use. To that end, we have implemented physical, administrative and technical safeguards to help us protect Personal Data under Datto’s control from unauthorized access, use and disclosure.

However, no system of electronic data collection, storage and retrieval can be made entirely impenetrable and by continuing to use our Sites and Products you acknowledge and accept that despite the security measures we employ, we do not guarantee that our Sites, Products and procedures are invulnerable to all security breaches or immune from viruses, security threats or other risks.

External Links/Third Party Websites

Datto’s Sites may provide links to and be accessed via links from third-party websites, including social media websites, whose privacy policies differ from those of Datto. Even if the third-party is affiliated with Datto through a business partnership or otherwise, Datto is not responsible for the content, privacy policies, or practices of such third parties. We encourage you to review carefully the privacy policy of any website you visit.

Children

Our Sites and Products are not for minors and we do not knowingly attempt to solicit or receive any information from children. However, if a child under 18 provides Datto with Personal Data, the parent or guardian should contact Datto immediately by submitting a privacy request to datto.com/privacy-request so we can delete such information.

GDPR / European Privacy

This European Privacy Notice supplements the information contained in the Datto Privacy Policy, including its Privacy Notices, and applies to all visitors, users, and others from Europe. Specifically, if you are in the European Economic Area, Switzerland or the United Kingdom, you have the right to obtain information concerning your Personal Data. This includes the right to know whether or not we process personal data concerning you and, if this is the case, to access your personal data. In certain cases, you may request rectification, erasure or restriction of the processing of your personal data. Further, in certain cases you also have a right to object the processing of personal data and the right to data portability.

Legal Basis for processing your information.

We collect and use the personal data described above in order to provide you with the Sites and Products in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we ask for your consent in advance or require that others acting on our behalf obtain such consent.

If the processing of your personal data is based on legitimate interests, you have the right to object to the processing on grounds relating to your particular situation or to the fact that the data are processed for direct marketing purposes. In the latter case, you have a general right to object.

If the processing of your personal data is based on your consent, you are entitled to withdraw your consent at any time. Please bear in mind that such withdrawal of consent only has future effect. It does not render invalid nor illegal the processing based on consent before it is withdrawal.

Please consult our individual Privacy Notices for more details about the types of Personal Data we may collect, the legal bases for our processing, and our privacy practices for individual business functions.

Profiling and Automated Decision-making:

Datto combines Personal Data we collect to help us determine what products and services might be of interest to an individual and when that individual might be ready to make a purchase based on repeated interaction with Datto or its Sites. Datto personnel are involved in this process and no automated decisions are made that would result in legal effects or significantly affect an individual.

If you would like to make a request with respect to your rights please contact us at https://www.datto.com/privacy-request.

You also have the right to lodge a complaint with the competent supervisory authority. A list of the competent supervisory authority can be accessed at Data Protection Authorities - European Commission.

If you would like to inquire about or exercise any rights you may have with respect to your Personal Data for which we are a processor that has been submitted to us through a Datto customer, you should reach out to that customer directly.

Controller and Controller's Representative in the EU

With respect to data processing activities of Personal Data which are subject to the GDPR, Datto, Inc., 101 Merritt 7, Norwalk, CT 06851, Phone 888-995-1431, is responsible for the processing of personal data and, therefore, the controller within the meaning of Art. 4 no. 7 of the GDPR, unless otherwise agreed. Datto’s representative in the EU is Datto GmbH.

Privacy Notice for California Residents

This Privacy Notice for California Residents supplements the information contained in the Datto Privacy Policy, including its Privacy Notices, and applies solely to all visitors, users, and others who are California consumers. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.

Please note that enactment of certain parts of the CCPA, especially in the business to business environment in which Datto operates, have been postponed until at least January 1, 2021. This may affect your rights that are otherwise described below.

The categories of Personal Information we collect, the categories of sources from which we collect it, the business or commercial purpose for collecting it and the categories of third parties with whom we may share it are the same for all individuals and are described above in our Privacy Policy and in our individual Privacy Notices.

Datto does not sell your Personal Information. If you register for or attend a Datto event and we disclose your contact information to our sponsors for the event, we will only do so if you expressly consent. Although we do not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA. This may include sharing identifiers and traffic information with advertising networks or website analytics companies. You have the right to customize your cookie preference settings at any time.

CCPA Rights

The CCPA provides California consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that Datto disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request we will disclose to you, as applicable:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (data portability)
  • If we disclosed your personal information for a business purpose: the personal information categories that each category of recipient obtained.

You have the right to request that Datto delete your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request we will delete (and direct our service providers to delete) your personal information from our records, unless an exception in the CCPA applies.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information.

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by visiting this link or by calling 1-833-457-0280.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us.

We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

Any disclosures we provide will cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If you would like to inquire about or exercise any rights you may have with respect to your personal information for which we are a service provider that has been submitted to us through a Datto customer, you should reach out to that customer directly.

Datto reserves the right to amend this Privacy Notice for California Residents at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice and update the notice's effective date.

Updates to our Privacy Policy

We may update this Privacy Policy from time to time. Please consult the “Effective Date” below to see when the Policy has been most recently updated. We encourage you to check this Policy frequently to see updates that may affect how your information may be used.

Effective Date: September 1, 2020