Wandera’s aim is to help its customers and end users effectively manage the risks they face in an increasingly mobile world, from threats such as phishing and mobile malware to unpredictable mobile data costs and regulatory compliance obligations.
As a security company, Wandera cares about safeguarding your data. Data privacy and security are at the core of our services.
Wandera collects data from you to provide, improve and promote our Services and to administer our business.
2.1. For the provision of our Services
Data is collected by Wandera in the registration process and usage of our Services (“Service Data”). This includes the data provided to us by you or your employer, such as the email address and name that you register devices with. Other information is collected by the Wandera service while it is on your device. This includes information such as IP and MAC addresses, country level location information, and the OS version of your device. Customers are able to control what data is visible to their service administrators using a number of different privacy control options. The exact information collected is kept to a minimum and depends on the use case and platforms used.
Service Data may also be used to provide you with notifications and information about our Services.
2.2. To improve our Services
Wandera also uses Service Data for research and development purposes, such as the detection of new security threats, and to provide statistics and analytics based on data usage. All research and statistics are based on anonymous data, and do not contain any personally identifiable information.
2.3. To understand your use of our Website and Services
Wandera may process data about the use of our website and services (“Usage Data”). The Usage Data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing frequency and pattern of your service use.
2.4. To understand your use of our Website and Services
Wandera may process information contained in an enquiry you submit to us regarding our Services (“Enquiry Data”). The Enquiry Data, along with our Service Data may be processed for the purposes of offering, marketing and selling relevant services to you as either a prospective or existing customer.
2.5. To administer our customer relationships
Wandera may process information with respect to our customer relationships, (“Customer Data”) which may include your name, job title, employer and email address and may be provided by you or your employer. This Customer Data may be processed for the purpose of administering our business relationships and for communicating with you regarding your or your employer’s contracts with us.
2.6. Appropriate legal basis
Wandera uses the appropriate legal basis when processing data which is dependent on the type of data collected and appropriate scenario. In most cases this will be our legitimate interest, for example the performance of our Services and management of customer relationships. Alternatively, we will seek appropriate consent to process your data when necessary.
Wandera may disclose your personal data to any member of our group of companies (affiliates, subsidiaries and ultimate holding company) to perform our Services and to process data referred to in section 2 above using the same legal basis.
Wandera uses a number of additional services and tools to perform functions on its behalf. These services have access to limited amounts of personal data based on the requirements of the service. They include customer relationship management (e.g. Salesforce), email providers (e.g. Google), marketing tools (e.g. Marketo), internal communication tools (e.g. Slack), notification systems (e.g. Mandrill) and software development tracking systems (e.g. Atlassian Suite).
These third-party companies are leading providers in their area and store their information in their globally distributed infrastructures. These organizations are certified to transfer this information internationally according to their Binding Corporate Rules and comply with data privacy regulations such as GDPR as well as the EU-US Privacy Shield.
Wandera’s Service Data is stored within the European Economic Area (EEA). Service Data collected is retained for a period of 12 months and is accessible to only the relevant entities during this period of time.
Customer Data, including customer support cases and customer bugs are currently kept for a longer period of time to provide the best customer service possible.
Other personal data is only retained for as long as is necessary to fulfil the purposes for which it is collected.
Wandera’s products are intended to be used by organizations. As an end user with Wandera installed, this means that the Wandera service on your device was most likely made available to your by your employer. The organization that has provided you with Wandera is the administrator of all the services, and they are responsible for managing their devices.
Wandera recommends first getting in touch with your administrator regarding any data privacy questions, as your use of the services will be subject to your organization’s policies as well. Your organization is able to get in touch with Wandera if they need to escalate your query.
Wandera has defined a number of policies regarding general information security, password management, availability, confidentiality, integrity, data classification, physical access, vulnerability management, incident response and disaster recovery.
All policies in the Information and Security Management System (ISMS) are updated and reviewed by senior management at regular intervals. Wandera utilizes a Privacy by Design approach to handling personal data. Pseudonymization and anonymization are applied wherever possible to keep data as safe as possible at all times.
Wandera is a ISO/IEC 27001:2013 certified company, applying to the development, operations and administration of our services. Wandera adheres to ITIL best practice procedures for internal operational and support processes. Where appropriate, Wandera follows standards and procedures as defined by accredited organizations.
The Wandera network is constantly monitored for incidents and outages as well as risks and undergoes regular threat assessments and penetration tests to ensure data protection.
Wandera also conducts annual reviews of partners to ensure that they continue to maintain or improve upon the standards that they have been certified against. Wandera follows best practices defined by various bodies in relation to standards and procedures. These include but are not limited to: SSAE 16 or SAS 70 Type II, PCI DSS, HIPAA, ISO9001, ISO 27001 and ITIL.
Service administration of Wandera is provided via the secure web portal RADAR, where administrators control the account settings of all Wandera users and can easily and securely configure policy settings. Granular access to the portal can be configured by Super Administrators, the highest level of administrators. Log ins as well as changes are recorded in the Audit Logs section. RADAR uses HTTP Strict Transport Security (HSTS) and certificate pinning technologies to ensure all end users are communicating via a secure, encrypted channel.
Wandera have offices in the European Union and the United States. While data is stored within the European Economic Area, we may transfer certain personal data that we collect about you outside of the EEA to the United States or elsewhere in order to perform certain services, including providing customer support. Customers can request that their customer support is limited to EEA only.
Where data is transferred outside of the EEA, it is done on the basis of appropriate safeguards, for example binding corporate rules, EU model clauses or a declaration of adequacy.
Wandera may report any personal information and activity if it receives a lawful request from law enforcement officials, regulators, or public authorities. This may be necessary to cooperate with governmental requests (including meeting national security or law enforcement requirements), to protect Wandera’s systems and users, to ensure the integrity and operation of Wandera’s business and systems, or in response to subpoenas, court orders, or legal requirements, Wandera may access and disclose any information it considers necessary or appropriate, including user contact details, IP address and traffic information, posted content, and Web usage paths. By using the Wandera website and/or services you expressly consent to the foregoing use and disclosure.
Wandera has developed a solution for the global market and has optimized its product to meet the strongest of regulations. Many countries have data privacy regulations in place that may affect the installation of a solution such as Wandera. Wandera recommends seeking legal advice and following internal procedures before deploying Wandera’s Service.
General Data Protection Regulation (GDPR)
The installation of the Wandera service falls under the GDPR’s “Legitimate Interests”. This regulation (article 6(1)(f)) gives the controller (customer) a lawful basis for processing under most circumstances when using Wandera. The use of the service does not require explicit consent from the individual end user to install the solution. Companies acting as controllers operating within the European Union are advised to undertake a Legitimate Interest Assessment to ensure that they can install Wandera without requiring consent.
End users have the right to transparency regarding the data collected by Wandera on behalf of their employer and have the right to object and ask for the reasoning behind the collection.
Wandera suggests giving end users access to a privacy notice tailored to the company’s specific environment and recommends consulting internal compliance and legal teams on these matters before proceeding with employee communications.
The EU-US Privacy Shield
Wandera Inc. falls under the jurisdiction of the Federal Trade Commision and its investigatory and enforcement powers. It adheres to the EU-US Privacy Shield Framework and its principles. Wandera’s other entities (listed in section 14) all adhere to the same principles.
This adherence includes the formal complaint procedures. If Wandera receives a written and complaint, it will contact the person who made the complaint to follow up within the timelines set by the framework. If an issue cannot be resolved internally, Wandera will cooperate with the European Data Protection Authorities (DPAs) as a recourse mechanism in the investigation and resolution of complaints brought under the Privacy Shield. You can contact them to resolve any disputes free of charge if needed.
Under the EU-U.S. Privacy Shield Frameworks, Wandera is responsible for the processing of information we receive from the EU and the United Kingdom, as well as onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if any third party agents that we engage with process such information on our behalf. This is the case if they do so in a manner that is not consistent with the Privacy Shield Principles, unless it is proven that Wandera are not responsible for the event giving rise to the damage.
Wandera will comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the Privacy Shield Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.
To find out more about the Privacy Shield, and to find Wandera’s certification, please visit www.privacyshield.gov.
Wandera’s team has built the necessary technical capabilities and processes to deal with your rights when it comes to your personal data.
Such rights include your right to access, right to rectification, right to erasure, right to restrict or object to processing, right to withdraw consent and the right to data portability.
If you or an employee of your business wish to exercise any of the above rights, please contact Wandera at firstname.lastname@example.org.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In general, you can use the Wandera website without telling us who you are or giving any personal information about yourself.
Wandera reserves the right to amend or vary this policy at any time and the revised policy will apply from the date posted on the Wandera website. You accept that by doing this, Wandera has provided you with sufficient notice of the amendment or variation.
This occurs at least once a year and such verifications are signed off by the Data Protection Officer.
14.1. The Data Protection Officer
Wandera has assigned a Data Protection Officer responsible for Wandera’s compliance with GDPR and other data protection laws. Any enquiries for the Data Protection Officer can be sent to their attention at the contact addresses shown below, or by writing directly to email@example.com.
14.2. Get in touch
For any other enquiries related to this document, please get in touch using the following contact details.
“Beyond a unified endpoint management (UEM) security add-on, MTD is also used to address use cases such as mobile phishing, bring your own device, app vetting and compliance.”