Search
Appgate SDP

Appgate SDP Overview

Learn how the industry’s most comprehensive universal ZTNA solution strengthens security and transforms your network with the flexibility, extensibility and integration advantages of direct-routed architecture.

How Appgate SDP Works

Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.

Zero Trust Platform
Integrations and Tech Partners
Appgate SDP for Developers
Use Cases for Securing:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.

Appgate Website Privacy Notice

Last Updated: August 7, 2023

Introduction

This Privacy Notice applies to all Appgate websites, applications, promotions, products and services (collectively, the “Appgate Services” or the “Services”), including those that link to this Privacy Notice, and describes how Appgate collects, uses, shares, transfers, stores, retains, or otherwise processes your personal information. This Privacy Notice also applies to any promotions, referrals, or other marketing activities conducted by Appgate or in connection with the Appgate Services (collectively, “Appgate Marketing”). This Privacy Notice does not apply to any third party website or service that Appgate does not own or control. For purposes of this Privacy Notice, Appgate means “Appgate, Inc., including its subsidiaries and Affiliates”.

Appgate will disclose your information only as described in this Privacy Notice, or as permitted by law. Appgate will not sell, lease, rent, or trade your personal information to any third party for that party’s marketing or promotional purposes.

By continuing to use the Services or participating in Appgate Marketing after being provided with this Privacy Notice, you consent to Appgate’s policies and practices as described herein.

Scope

Appgate is an industry leader in security and fraud protection products and services and cybersecurity professional services, acting as a service provider for other entities to assist them in meeting their business needs.

This Privacy Notice applies to individuals who:

  • visit or use our websites;
  • interact with us on behalf of a customer in connection with the provision of our Services;
  • interact with us on behalf of a service provider in connection with the products and services our service provider provides to us;
  • interact with us on behalf of a business partner in connection with our relationship with the business partner;
  • receive marketing communications from us; and/or
  • interact with us by registering for, attending and/or otherwise taking part in our trade events, webinars, or conferences or who communicate with us via email, phone, or in-person.

This Privacy Notice explains:

Information we collect and the sources from which we collect it

Information that We Collect from You

Appgate collects and processes the following categories of personal information from customer, service provider, and business partner representatives (“Representatives”); website visitors; individuals that receive marketing communications from Appgate; and individuals that interact with Appgate by registering for, attending and/or otherwise taking part in Appgate’s trade events, webinars or conferences or who communicate with Appgate via email, phone or in person:

  • Personal Details include data such as names, titles, company names, departments, email addresses, physical street addresses, telephone numbers, and social media usernames of individuals.
  • Login Credentials include data such as usernames and passwords of individuals needed to access various customer portals or applications used to place Service orders and receive customer support or otherwise access Appgate systems.
  • Payment Information includes data such as bank name, account numbers, routing numbers, check numbers, and wire transfer IDs. Typically, this information relates to the organization purchasing our products and services, but there may be instances where personal payment information is provided on behalf of an organization.
  • Customer Support Records include data such as call details and other similar data regarding customer support communications and chat sessions with Representatives.
  • Marketing and Event Records include the personal details of the Representative signing up to receive marketing materials as well as information collected from Representatives who complete a survey or form. Marketing records also include the business contact details of Representatives who register for, attend and/or otherwise take part in our trade events, webinars, or conferences as well as information about these events.

Information We Collect from Your Use of Appgate Services or Visits to our Websites

Appgate collects and processes the following categories of personal information from individuals that use an Appgate Service, including customer Representatives, and those who visit our websites:

  • Device Information and website Records, which include data related to your interactions with our websites and other online content such as log data (i.e., preferences and settings, IP addresses, technical information about the device used to visit the websites, and geolocation information) and traffic data (i.e., pages viewed, date stamps, time spent on a page, click through and clickstream data, queries made, search history, search results selected, comments made, type of service requested, and purchases made).
  • Unique IDs include data such as IP addresses and geolocation data that we obtain from (a) Representatives, (b) website visitors who access our customer portals or website or (c) other individuals that interact with us.
  • Geolocation information about the location of the device you are using to access our website or Services.

Information We Collect about You from Third Parties

Appgate collects and processes the following categories of personal information about customer and business partner Representatives:

  • Marketing Data including business contact information about current and prospective users of our Services from third party services, including, but not limited to, lead generation services and providers of customer and lead data.

How we use the information we collect

We use the personal information we collect for the following legitimate interests and to manage our relationship with you:

  • To administer and process transactions related to the Services we provide;
  • To provide, assess, and improve our customer support and customer service;
  • To personalize your experience using our Services or website;
  • To communicate with you during contract negotiations or post-contract support;
  • To advise you of additional or new Services that may be of interest to your company;
  • To administer and manage service providers;
  • To work with business partners;
  • To improve and protect the integrity and security of our Services and our websites;
  • To administer a contest, promotion, survey, event, conference, webinar, or other website feature;
  • To send periodic communications (the contact information that you provide may be used to send you information, including marketing, respond to inquiries, and/or other requests or questions);
  • In the event of a corporate reorganization, including, but not limited to, merger, acquisition, or sale.

We also use personal information to comply with legal requirements or in the following circumstances:

  • To fulfill a legal obligation or to protect our rights;
  • To comply with applicable laws and regulations;
  • To enforce any applicable contracts;
  • In an emergency, where the health or security of an individual may be endangered;
  • For any other purpose for which you have been notified, and if legally required where appropriate consent has been obtained.

How we disclose the information we collect

We disclose personal information to the following:

Service Providers. We disclose personal information to service providers that we have retained to perform certain services and functions on our behalf, such as auditing, information technology and infrastructure, hosting, data analytics, contract management, order management and fulfillment, billing, email delivery, advertising, events, and other related activities. We have written contracts in place with our service providers that limit them from using personal information except as necessary to perform the services and functions on our behalf and prohibit them from disclosing such personal information to any third parties without our authorization.

Business Partners. We may also disclose your personal information to trusted business partners pursuant to our contractual arrangements, which will include appropriate safeguards to protect any personal information that we disclose to these partners. These may include, but are not limited to, entities that organize tradeshows; resellers, referral partners and distributors; and consultants, experts, and auditors.

Affiliated Entities. We disclose personal information to entities that are under our common ownership or control (our “Affiliates”). Subject to local requirements, this personal information may be used to provide Services offered by our Affiliates, for Affiliates to provide support to the Affiliated entity that is disclosing the personal information, or for any other purposes described herein. For example, our Affiliates may disclose personal information to one another about our customers, service providers, business partners, Representatives, prospective employees, and website visitors for direct marketing purposes.

Payment Processing. We work with a payment processing partner to process credit card payments. If you make any credit card payment to us on behalf of your organization, our payment processing provider will store your full name and credit card details.

Fraud Prevention and Protection of Legal Rights. We may use and disclose personal information to the appropriate legal, judicial or law enforcement authorities and our advisors and investigators: (i) when we believe, in our sole discretion, that such disclosure is necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or to protect the safety, rights, or property of Appgate and of our customers, service providers, business partners, Representatives, website visitors, or others; (ii) when we suspect abuse of the website or Services or unauthorized access to any system, spamming, denial of service attacks, or similar attacks; (iii) to exercise or protect legal rights or defend against legal claims; or (iv) to allow us to pursue available remedies or limit the damages that we may sustain.

Law Enforcement. We may have to disclose the personal information of our customers, service providers, business partners, Representatives, website visitors or others if a court, law enforcement or other public or government authority with appropriate competency requests that we provide that personal information and we believe, in our reasonable discretion, that such request was made in compliance with applicable law.

Corporate Reorganization. We may disclose your personal information to a third party in the case of the reorganization, sale, merger, joint venture, assignment, transfer or other disposition of all or any portion of our business, asset or stocks, including in the event of bankruptcy or corporate restructuring. Any personal information that an individual submits or that is collected after the reorganization may be subject to a new privacy notice adopted by the successor entity, of which we will inform, where required.

How we secure your information

We implement a variety of security measures designed to maintain the safety of your personal information when you enter, submit, or access your personal information, or when it is otherwise collected or processed by us. We take reasonable and appropriate measures to secure your personal information.

How long we retain your information

We will retain your information in accordance with our internal records retention and management policies and procedures, including as necessary for purposes of managing the applicable relationship (e.g., customer, vendor, business partner), or as long as necessary to comply with our legal obligations.

Cookies and other technologies

When you visit our websites, open an email that we send you, or interact with the communication features on our websites, we may collect information about your usage or device by automated means or by using technologies such as cookies, web server logs, and web beacons. Please view Appgate’s Cookie Policy for information on our practices in relation to the use of these technologies.

At this time, we are not in a position to honor “do not track” signals from website browsers. However, you may refuse or delete cookies. If you do so, some of the functionality of our website may be impaired. Additionally, you may still be identifiable and your usage may still be trackable by other means. Please refer to your browser’s “Help” instructions to learn more about how to manage cookies and the use of similar technologies.

Your privacy rights

If you receive marketing communications from us by email, we seek your opt-in consent to send you such communications by email in jurisdictions where that is required. If we track whether or not you open any such email, we seek your opt-in consent to do so in jurisdictions where that is required. You may, in any event, unsubscribe from the receipt of future electronic communications from us by clicking on the “unsubscribe” link provided in such communications or by emailing unsubscribe@Appgate.com. Please note you may still receive some communications such as those related to the Services you are receiving or in response to inquiries you have made to us.

Certain jurisdictions may provide you with privacy rights under applicable data protection or privacy law regarding your personal information. In particular, you may have the right to:

  • be informed about your personal information;
  • access your personal information;
  • correct any personal information that is inaccurate;
  • have your personal information erased;
  • restrict or suppress the processing of your personal information;
  • obtain and reuse your personal information;
  • object to the processing of your personal information;
  • object to how your personal information is used in automated decision making, if applicable; and
  • lodge a complaint with a supervisory authority.

These rights may be limited, for example, if fulfilling your request would reveal personal information about another individual, or if you ask us to delete personal information which we are required by law to keep or which we need to defend claims against us.

If you are a California resident, please see our California Supplement for additional information. If you are a resident of the EEA/UK, please see our European Economic Area/United Kingdom Supplement for additional information.

To exercise any of these rights, please contact us by using the contact details under the “How to contact us” section below.

We will respond to such requests in accordance with the requirements of applicable data protection laws. Please note that in order to fulfil your request, we may need you to provide certain personal information to verify your identity. Depending upon applicable data protection and privacy law, individuals may also designate an authorized agent to exercise these rights on their behalf.

International transfers

Appgate or its appointed service providers may collect, use, process, store, and disclose your personal information outside of your home jurisdiction, including in the U.S., and in some cases, other countries, for the purposes described in this Privacy Notice. These countries may have data protection and privacy laws that are different than the laws of your home country. Appgate only transfers personal information to another country in accordance with applicable data protection and privacy laws, provided there are legally adequate protections in place for the personal information.

If your personal information is processed within the EEA, UK or Switzerland, and for onward transfers of personal information to Appgate’s appointed service providers, Appgate and its appointed service providers will protect your personal information by processing it in a territory which the European Commission (or other relevant governmental authority) has determined provides an adequate level of protection for personal information or otherwise implementing appropriate safeguards to protect your personal information, including through the use of Standard Contractual Clauses or another lawful transfer mechanism approved by the European Commission (or other relevant governmental authority).

Please see EU-U.S. Data Privacy Framework Policy below, which has more information about personal information transferred to the United States from the EEA, UK or Switzerland.

If you require further information about our international transfers of personal information, please contact us by using the contact details under the “How to contact us” section below.

Information for children under the age of 18

Our Services and this website are not directed to or intended for use by children under the age of 18. If we learn that an under-18 user has volunteered personal information on the site, we will delete such information from our active databases.

California Supplement

If you are a resident of California, you have the following rights:

Right to Know. You have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business and commercial purpose for collecting or selling that personal information.
  • The categories of third parties to whom we disclosed that personal information.
  • The specific pieces of personal information we collected about you.
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: (i) sales, identifying the personal information categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Right to Delete. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If so, we will notify you in our response that an exception applies and identify that exception.

Right to Correct. You have the right to request that we correct inaccurate personal information. Once we receive and confirm your verifiable request, we will correct (and direct our service providers to correct) your personal information from our records, unless an exception applies. If so, we will notify you in our response that an exception applies and identify that exception.

To exercise your rights, please submit a verifiable consumer request to us by emailing privacy@appgate.com. To verify your identity we may ask you for additional information, which may include asking you to confirm other personal information you have provided to us. We reserve the right to deny any requests for which identity cannot be verified. If you have authorized another person to make a request on your behalf, that person must provide to us your written authorization allowing them to make such a request on your behalf. We reserve the right to deny any request by an authorized agent if we are not reasonably able to confirm proper authorization.

We will not discriminate against you for exercising any of your rights under California law. Unless permitted by California law, we will not:

  • Deny you goods or services;
  • Charge you a different price or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services;
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

The CCPA provides a right to opt-out of the sale of personal information as that sale is defined in the statute. However, we do not sell California consumer personal information for monetary or other valuable consideration.

The CCPA also provides a right to opt-out of “sharing” of personal information as that term is defined in the statute (relating to online targeted advertising). To opt-out of sharing for online targeted advertising, you can toggle cookies off through our cookie banner or enable Global Privacy Control (GPC). To learn more about GPC, please visit http://globalprivacycontrol.org.

Certain data elements we collect and use to provide our services may be deemed "sensitive" under CCPA. These include account login credentials and payment information. We do not use or disclose sensitive personal information for any purpose other than that which is necessary to provide our services as specified in the CCPA and its implementing regulations. We also do not use sensitive personal information for the purposes of drawing inferences. Accordingly, the CCPA right to limit the use and disclosure of sensitive personal information does not apply.

EEA/UK Supplement

To comply with the requirements of the European General Data Protection Regulation (GDPR) for our European users and the UK GDPR, as tailored by the UK Data Protection Act 2018 for our UK users, this EEA/UK Supplement outlines the legal basis on which we process your personal information and provides other information required by the GDPR and UK GDPR. Terms used in this section such as “Controller,” “Processor,” “Process,” and “Processing” have the same meaning as in the GDPR and UK GDPR.

Appgate’s entities located in the EEA/UK that act as Controllers include the following:

  • Cryptzone Group AB
  • Cryptzone UK Ltd.
  • Appgate Germany GmbH

For our customers, service providers, business partners, and Representatives associated with us, the relevant Controller is the EEA/UK entity with which you have contracted; or, if you did not contract with an EEA/UK entity, the EEA/UK entity as determined by us.

Legal Basis for Processing Your Information

Appgate will only Process your information where we have a legal basis to do so. The lawful basis will vary with the type of Processing involved and will typically include Processing (i) necessary for Appgate to pursue its legitimate business interests, (ii) based on your consent, where this is required by data protection laws, and (iii) necessary for Appgate to comply with its legal obligations.

This Privacy Notice does not apply to any personal information processed, stored, or hosted by customers using any of our Services or to the extent that we Process personal information in the role of a Processor on behalf of our customers. Where we act as a Processor on behalf of our customers, that Processing is subject to the protections contained in our data processing agreements with customers. We have no control over, and are not responsible for, any personal information that our customers may store or host on their equipment or otherwise Process while using our Services. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Privacy Notice. For information related to how our customers Process personal information, please contact the respective customer directly.

Your rights

You have the right under certain circumstances:

  • To be provided with a copy of your personal information held by us;
  • To request the rectification or erasure of your personal information held by us;
  • To request that we restrict the processing of your personal information (while we verify or investigate your concerns with this information, for example);
  • To object to the further processing of your personal information, including the right to object to marketing;
  • To request that your provided personal information be moved to a third party.

Where the Processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us as set forth in the “How to contact us” section below. Such withdrawal will not affect the Processing of your personal information prior to the withdrawal.

You can exercise the rights listed above at any time by contacting us at privacy@appgate.com. The exercise of the above rights might be subject to certain conditions and we might require further information from you before we can respond to your request.

If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority.

Updates to this Privacy Notice

This Privacy Notice may be updated periodically and will be posted on the website, indicating when it was last updated. If there are material changes to our Privacy Notice, we will post a notice on our website and/or provide other notice as required by law.

How to Contact Us

If you have any questions or concerns about this Privacy Notice or about how Appgate collects, uses, or otherwise processes your information, you can reach us at privacy@appgate.com or by mail at:

Attn: Privacy Team
Appgate Legal Department
2 Alhambra Plaza, Suite PH-1-B
Coral Gables, Florida 33134

Governing Law

Unless applicable data protection / privacy laws provide otherwise, (a) the Privacy Notice is governed by the laws of the State of Florida, U.S.A, (b) you hereby agree that any dispute or claim raised or made by you against us relating to the Privacy Notice shall be subject to arbitration before a single arbitrator in Miami-Dade County, Florida in accordance with the Commercial Arbitration Rules of the American Arbitration Association and (c) you hereby waive all rights to bring or maintain any court action, jury trial or any class claim, class action, class arbitration, or other representative action, claim or proceeding against us in a court of law.

EU-U.S. DATA PRIVACY FRAMEWORK POLICY

Last Updated: August 7, 2023

Appgate complies with the EU-U.S. Data Privacy Framework (“DPF”). In connection with doing so, Appgate has certified to the United States Department of Commerce that it adheres to the DPF Principles (as defined below) with regard to the processing of Personal Data received from the European Economic Area (“EEA”) in reliance on the framework. Appgate has made similar commitments with respect to Personal Data previously received from Switzerland and the United Kingdom under the precursor to the DPF.

Unless otherwise defined in this policy or the Appgate Website Privacy Notice, capitalized terms have the meaning given to them in the EU, UK or Swiss data protection law.

I. Scope & Application

This EU-U.S. Data Privacy Framework Policy (this “Privacy Framework Policy”) covers certain Personal Data transferred from the EEA, UK and Switzerland to the United States. Specifically, this policy only applies to such data transferred pursuant to the DPF, EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield (collectively, “Adequacy Framework”).

The DPF applies to current (and future) transfers from the EEA, unless the parties agree otherwise, and data transferred from the EEA previously under the Privacy Shield. Historically, Appgate used the applicable Privacy Shield to transfer data from the UK and Switzerland, but we now rely on different legal mechanisms to transfer data from those countries. Despite this change, we continue to apply the Principles to that data transferred from the UK and Switzerland under the Privacy Shield.

If there is any conflict between the terms of this Privacy Framework Policy and the Adequacy Framework Principles, the Adequacy Framework Principles shall govern. This Privacy Framework Policy shall govern in the event of a conflict between it and the Appgate Website Privacy Notice.

For more information about the Adequacy Framework programs, or to view our DPF certification, please visit https://www.dataprivacyframework.gov.

II. Compliance with EU-U.S. and Swiss-U.S. Privacy Shield

Appgate’s agreements with its Customers determine whether Personal Data that is or was transferred outside the EEA, the UK or Switzerland is covered by the Adequacy Framework Principles or by another approved transfer mechanism, including the Standard Contractual Clauses. In the event that the relevant agreement is silent on this point, the Standard Contractual Clauses shall apply to Personal Data covered by such agreement.

With regard to Personal Data received pursuant to the Adequacy Framework, Appgate has certified its compliance with the Adequacy Framework Principles and their Supplemental Principles (collectively, the “Principles”), insofar as they apply to Appgate in its role as Controller or Processor. These Principles are discussed further below.

A. Notice

Appgate adheres to the Notice Principle.

1. Appgate’s Collection, Use, and Disclosure of Personal Data

Appgate collects, uses, and discloses Personal Data relating to Website Visitors, Representatives, and other individuals with whom it interacts when performing, advertising, and demonstrating its Services or in connection with other interactions. Appgate may also Process Personal Data of applicants to work at Appgate. Appgate also may Process Personal Data as a Processor pursuant to the Customer’s or other person’s or entity’s instruction.

2. Means for Individuals to Limit Use and Disclosure of Personal Data

In our role as Controller, we adhere to the Choice Principle and the Sensitive Data and Choice – Timing of Opt Out Supplemental Principles. We offer individuals whose Personal Data is subject to this Privacy Framework Policy choice regarding the processing of their Personal Data, including where relevant Sensitive Data, as described in Section II.B of this Privacy Framework Policy.

3. Inquiries and Complaints, and Right of Recourse

Individuals whose Personal Data is covered by this Privacy Framework Policy may contact us to submit inquiries or complaints regarding adherence to the Principles and to request access to their Personal Data by contacting us via email at  privacy@Appgate.com or writing to us at 2 Alhambra Plaza, Suite PH-1-B, Coral Gables, Florida 33134, Attention: Appgate Legal Department. Please see Section II.F of this Privacy Framework Policy for more information regarding the right to request access to Personal Data.

For information about how to pursue unresolved complaints relating to this Privacy Framework Policy, please see Section II.G below.

4. Appgate Is Subject to the Investigatory and Enforcement Powers of the Federal Trade Commission and Complies With Lawful Data Requests

Appgate is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) in regard to Personal Data received and Processed pursuant to the Adequacy Framework. Appgate may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

5. Liability in the Case of Onward Transfers

In the context of an onward transfer, we are responsible for the Processing of Personal Data received pursuant to the Adequacy Framework and subsequently transferred to a Service Provider acting on our behalf. We remain liable under the Principles if our Service Provider Processes such Personal Data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

B. Choice

We may obtain consent directly from individuals to Process their Personal Data in connection with the use of our Websites or through other interactions between Appgate and Representatives associated with Customers or other persons or entities and applicants for employment.

We offer individuals who are covered by this Privacy Framework Policy the opportunity to choose whether his or her Personal Data is to be disclosed to a third party (“opt out”) other than Service Providers acting on our behalf, which are contractually obligated to adhere to the onward transfer provisions (see Section II.C below).

When acting as a Controller, we also offer individuals who are covered by this Privacy Framework Policy the opportunity to opt out if we provide notice that we intend to use his or her Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or authorized by the individual in question. Individuals may opt out by sending an email to:  unsubscribe@Appgate.com. If opting out, please provide, at a minimum, your name and identify your employer in order to assist us in verifying your identity, and please identify the uses or disclosures of Personal Data for which you are choosing to opt out. Note that opting out may affect our ability to provide our Services and impact our interactions with individuals.

With regard to Sensitive Data, when we act as a Controller, we will obtain affirmative express consent (opt-in) if Sensitive Data is to be disclosed to a third party or is to be used for a purpose other than that for which it was originally collected or subsequently authorized by the individuals through the exercise of opt in choice, unless the Personal Data in question is subject to an exception contained in the Sensitive Data Supplemental Principle.

In cases where we are acting as a Processor, we will assist the other party in complying with the Choice Principle.

Please see Section II.A.2 of this Privacy Framework Policy for more information regarding our adherence to the Choice Principle and the Sensitive Data and Choice – Timing of Opt Out Supplemental Principles.

C. Accountability for Onward Transfer

For Personal Data covered by this Privacy Framework Policy, we adhere to the Accountability for Onward Transfer Principle and the Obligatory Contracts for Onward Transfer Supplemental Principle.

D. Security

For Personal Data covered by this Privacy Framework Policy, we adhere to the Security Principle. We take reasonable and appropriate measures designed to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the Processing and the nature of the Personal Data. In cases where we are acting as a Processor, we secure Personal Data in accordance with our contractual obligations to the other party.

E. Data Integrity and Purpose Limitation

In our role as Controller, Appgate adheres to the Data Integrity and Purpose Limitation Principle for Personal Data covered by this Privacy Framework Policy. Our collection and use of Personal Data is limited to the Personal Data that is relevant for the purposes of Processing, including, for example, those that, depending on the circumstances, reasonably serve Customer relations, the application process, compliance and legal considerations, auditing and due diligence, security and fraud prevention, preserving or defending Appgate’s legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection. This may include Processing in the manner described in the Performing Due Diligence and Conducting Audits Supplemental Principle.

We will keep the Personal Data covered by this Privacy Framework Policy in accordance with the terms and conditions of the relevant agreement in cases where Appgate is acting as a Processor or agent. In cases where we are acting as a Controller, we may retain the Personal Data for the longer of any of the following: (i) the period during which an individual is actively using the Websites, serving as a Customer Representative, acting as a Representative of a Service Provider of Appgate or otherwise interacting with Appgate; (ii) the period specified in the unambiguous consent to the Processing of its data by us for specified purposes; or (iii) as long as necessary for us to meet any applicable legal requirements or to protect our legitimate interests, including with respect to actual or potential legal claims.

F. Access

In our role as a Controller, we adhere to the Access Principle and Access Supplemental Principle for Personal Data covered by this Privacy Framework Policy. Individuals may obtain access to Personal Data about them that we hold. For this purpose, “access” means that individuals have the right to: (i) obtain from Appgate confirmation of whether or not we are Processing Personal Data relating to them; (ii) have communicated to them Personal Data relating to them so that they can verify its accuracy and the lawfulness of the Processing; and (iii) have the Personal Data corrected, amended, or deleted where it is inaccurate or Processed in violation of the Principles. Individuals may request to access their Personal Data using the contact information listed in Section II.A.3 above.

We may limit or deny access as provided in the Principles, including where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. If we determine that access should be restricted in any particular instance, we will provide as appropriate to the individual requesting access an explanation of why Appgate has made a determination to restrict access and a contact point for any further inquiries. We are not required to provide access unless it is supplied with sufficient information to allow it to confirm the identity of the person making the request. We will respond to all access requests within a reasonable time period, in a reasonable manner, and in a form that is readily intelligible to the individual.

In cases where Appgate is acting as a Processor, we will assist the other party in meeting its obligation to provide access, or we will obtain authorization from the other party prior to providing access or refer the requesting individual to the appropriate contact at the other party.

We may charge a fee for providing access where necessary or appropriate.

Please see Section II.A.3 of this Privacy Framework Policy for more information regarding our adherence to the Access Principle and Access Supplemental Principle.

G. Recourse, Enforcement, and Liability

For Personal Data covered by this Privacy Framework Policy, Appgate adheres to the Recourse, Enforcement, and Liability Principle and the Verification and Dispute Resolution and Enforcement Supplemental Principles. We have established in-house procedures for receiving and addressing complaints. Individuals may contact us to submit inquiries or complaints regarding our adherence to the Principles using the contact information listed in Section II.A.3 above. We will respond to individuals within 45 days of receiving a complaint.

Appgate utilizes the American Arbitration Association, an alternative dispute resolution provider based in the United States, to investigate and expeditiously resolve complaints and disputes that cannot be resolved internally, at no cost to the individual, by reference to the Principles. Unresolved complaints may be directed to the American Arbitration Association using the complaint submission form found here. Individuals are encouraged to raise any complaints they have with us before proceeding to the American Arbitration Association. The American Arbitration Association complaint recourse mechanism described here is available to individuals whose Personal Data has been collected or Processed by Appgate under the Principles. The American Arbitration Association complaint recourse mechanism is not available to individuals whose Personal Data has been collected or Processed by Appgate under any other data transfer adequacy mechanism. Under certain conditions, specified on the Adequacy Framework website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Appgate has implemented a self-assessment procedure to verify that the attestations and assertions that we have made about our Adequacy Framework privacy practices are true and that they have been implemented as presented and in accordance with the Principles. We are obligated to remedy problems arising out of any failure to comply with the Principles.

Please see Section II.A.3 of this Privacy Framework Policy for more information regarding our adherence to the Recourse, Enforcement, and Liability Principle and the Verification and Dispute Resolution and Enforcement Supplemental Principles.

H. Adherence to the Principles

Where applicable, Appgate adheres to, or its data practices with respect to Personal Data received pursuant to this Privacy Framework Policy are consistent with, the Principles, including those not specifically listed above, such as the Supplemental Principles of: Self-Certification; Public Record and Publicly Available Information; and Access Requests by Public Authorities.