Anti-Slavery Policy

Darktrace Limited — Privacy & Data Protection Policy

Darktrace Limited (Darktrace) is committed to protecting and respecting your privacy. Darktrace collects, uses and keeps information in compliance with the UK Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003, from 25 May 2018 the General Data Protection Regulation (Regulation (EU) 2016/679) (the Act) and all relevant regulations. For the purpose of the Act, the data controller is Darktrace Limited.

This policy and any other documents referred to set out the basis on which any personal data Darktrace collects from you, or that you provide to us, will be processed by us. Please read the following privacy policy to understand how we collect and use your personal data, for example when you contact us, visit our website (Site), apply for a job, or use our products and services.

Whenever you give us personal data, you are consenting to its processing, collection and use in accordance with this privacy policy. You may withdraw your consent at any time by emailing [email protected] with your full name.

Information Darktrace may collect from you

Darktrace may collect and process the following data about you:

Information that you provide by filling in forms on our Site, providing details by registration or other means (eg, giving business cards) at a marketing event, or when setting up administrator accounts in our product or services.
Information that you provide us to use the Darktrace Customer Portal to include email address and phone number. Phone numbers are used for two factor authentication and support services.
Information you provide us including inquiries and/or feedback.
Your Internet Protocol (IP) address, operating system and web browser used.
Darktrace may also ask you for information when you report a problem with our site.
If you contact us, Darktrace may keep a record of that correspondence.
Details of your visits to our site including, but not limited to, traffic data, location data and other communication data, and the resources that you access.

IP addresses

Darktrace may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our business partners. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.

Cookies

Cookies are small text files that websites save to your computer. These pieces of information are used to improve services for you through, for example: (i) remembering settings, so you don’t have to keep re-entering them whenever you visit a new page; (ii) remembering information you’ve given (e.g. your postcode) so you don’t need to keep entering it.

Session cookies allow us to track your actions during a single browser session, for example to remember the items returned from a search. They do not remain on your device beyond your session.

Persistent cookies remain on your device between sessions and allow us to authenticate you and to remember your preferences.

Session and persistent cookies can be either first or third-party cookies — a first-party cookie is set by the website being visited. A third-party cookie is issued by a different website to that being visited.

Our website uses a third-party cookie provided by Google Analytics to gather anonymized information for the benefit of all web users. Darktrace do not use behavioral targeting cookies. All our cookies fall within the ICC classifications Strictly Necessary, Functionality and Performance and none within the classification Behavioral Targeting.

If at any time you wish to disable our cookies you may do so through the settings on your browser, but if you do so you will not be able to use certain important features of our service.

To learn more about cookies and how to manage them, visit AboutCookies.org.

Job applicants

If you are making a job application or inquiry, you may provide us with a copy of your CV or other relevant information. We may use this information for the purpose of considering your application or inquiry. Except when you explicitly request otherwise, we may keep this information on file for future reference.

Providing products and services

If you purchase or use our products or services, we may use your personal data for purposes which include but are not limited to:

verifying your credentials,
carrying out end user compliance checks for export control purposes,
issuing virus information alerts and other alert messages,
providing training sessions for which you have registered,
providing maintenance and technical support,
providing information about product upgrades, updates and renewals,
generating logs, statistics and reports on service usage, service performance and malware infection,
developing and enhancing products, services, and our infrastructure,
processing orders and generating billing information.

Certain products and services may include features that collect additional personal data for other purposes, as described in the applicable customer agreement. For detailed information, please also refer to the applicable product or service description.

Where your personal data is stored

Your personal data is securely stored by Darktrace on the Darktrace servers located in Cambridge, United Kingdom. Darktrace has set up systems and processes to prevent unauthorized access or disclosure of your data.

Transferring personal data

As a global company, we have international sites and users all over the world. When you give us personal data, that data may be used, processed or stored anywhere in the world, including countries outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA, who work for us or for one of our suppliers. Darktrace places substantial importance on protecting the confidentiality of personal information and seeks the cooperation of all its suppliers in furthering this goal. Darktrace will only transfer personal information to a supplier where the supplier has provided assurances that they will provide at least the same level of privacy protection as is required by this Policy. Where Darktrace has knowledge that a supplier is using or sharing personal information in a way that is contrary to this policy, Darktrace will take reasonable steps to prevent or stop such processing.

Security

Darktrace endeavors to hold all personal data securely in accordance with our internal security procedures and applicable law. We update and test our security on an ongoing basis. Darktrace will do its best to protect your personal data, but Darktrace cannot guarantee the security of your data transmitted to our site through the internet; any such transmission is at your own risk. Once Darktrace have received your information, Darktrace will maintain appropriate administrative, physical, technical and organizational measures to protect your personal data accessed or processed by Darktrace against unauthorized or unlawful processing or accidental loss, destruction, damage or disclosure.

Uses of the information

In addition to the above, Darktrace use information held about you in the following ways:

To provide you with information, products or services that you request from us, or which Darktrace feel may interest you, where you have consented to be contacted for such purposes.
To carry out our obligations arising from any contracts entered into between you and us.
To allow you to participate in interactive features of our products or service, when you choose to do so.
To notify you about changes to our products and services.

If you are an existing customer, Darktrace will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those that were the subject of a previous sale to you.

If you receive an email which claims to come from us but does not use our domain, or if you are suspicious that an email may not be approved by us, then please send a copy of the email to [email protected] so we can investigate. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box on the form on which Darktrace collects your data. We will not sell or rent your data to third parties or share your data with third parties for marketing purposes. We may use third party software to send you information for marketing purposes but such third parties will not have access to or be able to read your personal information.

We will share your data if we are required to do so by law.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that Darktrace do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Disclosure of your information

Darktrace may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.

In the event that Darktrace sell or buy any business or assets, in which case Darktrace may disclose your personal data to the prospective seller or buyer of such business or assets.

If Darktrace Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its subscribers will be one of the transferred assets.

If Darktrace is under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Darktrace Limited, or others.

Your rights

You have the right to request by contacting [email protected]:

information about how your personal data is processed;
a copy of your personal data;
an immediate correction to your personal data.

You can also:

raise an objection about how your personal data is processed;
request that your personal data is erased if there is no longer a justification for it;
ask that the processing of your personal data is restricted in certain circumstances;
opt out of the use of your personal data for any purposes or a specific purpose such as the Darktrace Customer Portal.

Access to information

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act.

Changes to our Privacy & Data Protection Policy

Darktrace reserves the right to amend this Privacy and Data Protection Policy at any time, for any reason, without notice to you, other than the posting of the amended Privacy and Data Protection Policy at this Site. You should check our Site to see the current Privacy and Data Protection Policy that is in effect and any changes that may have been made to it.

This policy was last amended on 17 May 2018.

Data Privacy Officer

Darktrace is headquartered in Cambridge, United Kingdom. Darktrace has appointed an internal data protection officer for you to contact if you have any questions or concerns about Darktrace’s Privacy Policy. The contact information for the Darktrace data protection officer is as follows:

Jon Coy
Darktrace Limited
Maurice Wilkes Building
St John's Innovation Park
Cowley Road
Cambridge
United Kingdom
CB4 0DS
[email protected]

Darktrace Limited — Anti-Slavery Policy Statement

1	Statement
1.1	This statement is made pursuant to s.54 of the Modern Slavery Act 2015 and sets out the steps that Darktrace Limited has taken and will continue to take to ensure that modern slavery or human trafficking is prevented.
1.2	Darktrace Limited applies a zero-tolerance approach to any form of modern slavery. We are committed to acting with transparency in all business dealings, preventing modern slavery taking place within our business or supply chains.
2	Our Business & Risks
	Darktrace Limited is a Private Limited Company, under the laws of England and Wales. We are a global cyber security company, with offices spanning over five continents. In light of where we do business, where our suppliers are based, and the industry in which we operate, there is a very low risk that modern slavery and human trafficking would affect our business.
3	Our Policies
	A number of internal policies and procedures are adopted throughout the business, showing we are committed to acting with integrity and transparency. Anti-Slavery Policy. This policy sets out our stance on modern slavery and ensures all relevant staff are alert to the risk of slavery and human trafficking occurring in our business or supply chains. Whistleblowing Policy. We enforce a whistleblowing policy to provide protection to all employees who wish to fairly raise concerns either about how colleagues are being treated, or practices within our business or supply chains. Code of Business Conduct. This code permeates throughout our business and supply chains, and helps maintain a low risk of slavery and human trafficking. It is also written into our contracts with suppliers/partners where appropriate. Employee Handbook. We make it clear to all employees the actions and behaviour expected of them when representing the organisation. We strive to maintain the highest standards of employee conduct and ethical behaviour when operating our business. Recruitment Policy. Our HR team operates a robust recruitment policy, ensuring that we comply with all applicable laws in the territories we are based. In order to safeguard against modern slavery, only reputable employment agencies are sourced to recruit our employees.
4	Our Suppliers
4.1	Our process for contracting with suppliers includes checks to remain vigilant to any risk of modern slavery and human trafficking. These may include (but are not limited to): Due Diligence. It is a requirement that staff engaged in the process of selecting suppliers conduct reasonable checks to ensure that suppliers/partners are held to account over modern slavery. We may also require the suppliers/partners to provide a copy of relevant policies and their employee handbook. Where necessary, verification of the working conditions of staff and contractors may be required. Contractual Commitments. There are appropriate protections in our agreements with suppliers. Where necessary, there is a written requirement for suppliers to implement effective systems and controls to prevent slavery from affecting any part of the business/supply chain. We can also require them to provide us with a summary of the steps they take to prevent modern slavery, including details of any relevant staff and supplier policies conducted on their suppliers. Termination. We may also terminate a contract at any time should any instances of modern slavery come to light.
5	Training
	Our staff are advised and regularly trained to take particular care with organisations that provide services from higher risk territories. Staff are also advised to notify the Darktrace Legal and HR teams immediately if they have any concerns that modern slavery is taking place within the business or supply chain, so that appropriate action can be taken.
6	Compliance with s.54 of the Modern Slavery Act 2015
	No reports from employees, the public, or law enforcement agencies have been identified to indicate that modern slavery practices are taking place within our business/supply chains. We are continually committed to keeping this policy current and relevant - it will be monitored and reviewed annually.
7	Approval
	This statement was approved by a designated Director on 8^th March 2018.

Signed

Andrew Kanter
Director
8 March 2018