1. Introduction

Volterra, Inc., a Delaware corporation (collectively, “Volterra”, “we”, “us” or “our”), provides a Software-as-a-Service platform (the “Platform”) made available by Volterra as part of a subscription service that enables users to deploy, connect, secure and operate a user’s applications across the edge and multi-cloud, that includes, downloadable software applications (the “Software”), hardware devices (the “Hardware”), and related services, including, without limitation, the support and technical services, provided in connection with the foregoing (all of the foregoing, collectively, the “Volterra Service”).

This Privacy Notice is intended to help you better understand how we process your personal information, and governs how Volterra may use, transfer, store and disclose personal information that we collect when:

• You visit our websites located at volterra.io, volterra.us, and ves.io and subdomains of the foregoing (collectively, the “Sites”)
• Request to receive, and/or attend, a demo of our products and/or services
• You purchase a subscription to access and use the Volterra Service
• You access and/or use the Platform
• You download and/or use the Software
• You register for and/or attend webinars hosted by Volterra
• You register for and/or attend events and/or conferences hosted by Volterra
• Your directly communicate with us

When we refer to the “Services” throughout this Privacy Notice, we mean the Sites, the Volterra Service, webinars, events, and/or conferences provided by and/or hosted by Volterra, and any other services provided by us to you.

BY ACCESSING OR USING OUR SERVICES, OR SUBMITTING INFORMATION IN CONNECTION WITH YOUR USE OF THE SERVICES, YOU ACKNOWLEDGE AND AGREE THAT YOU HAVE READ THIS PRIVACY NOTICE.

2. Changes to this Privacy Notice

Volterra may need to update this Privacy Notice from time to time. If so, we will post an updated Privacy Notice on the Sites along with a change notice on the Sites. If we make material changes, we may also send registered users a notice that this Privacy Notice has been changed to the email account we have on file for such users, and/or a notification through the user interface of the Platform that the Privacy Notice has been updated. Where express consent is required by applicable law for the lawful collection, use, or disclosure of information about you, we will obtain that consent. We encourage you to review this Privacy Notice regularly for any changes. Your continued use of the Services and/or your continued provision of personal data to us after the posting of such notice will be subject to the terms of the then-current Privacy Notice.

3. Information we Collect

Personal data, or personal information, means any information about an individual from which that person may be identified. For example, it may include your name, telephone number, email address, or payment information, and in some jurisdictions your IP address. It does not include data from which the identity of an individual has been definitively removed along with any identifiers connected to such individual (also known as anonymous or anonymized data).

a. Information Collected Directly

How we collect personal information directly from you depends on how and why you use the Services. For instance, the information that you provide when you visit our Sites is more limited than the information that you provide if you access and use the Volterra Service.

With respect to the data that Volterra collects directly from you, we have divided this section into two parts in order to better explain the circumstances where personal information may be collected, as well as the types of data collected:

i. Information from Site Visitors and other Offline Interactions

ii. Information from Registered Users

Please be advised that we may ask you to update your information from time to time in order to keep it accurate.

i. Information from Site Visitors and other Offline Interactions

When you visit the Sites, and depending on the purpose of your visit, or when you interact with Volterra offline (for example, at a conference or event) you may provide us with personal information if you:

• Request marketing materials
• Communicate with us directly
• Register for and/or attend a webinar hosted by Volterra
• Register for and/or attend an event or conference where Volterra is present
• Attend a Volterra hosted event or conference
• Interact with Volterra at an event and/or conference

In connection with the above-mentioned activities, Volterra may collect the following information:

• Your identity, including your first name, last name
• Your contact details, including your email address, phone number and/or postal address
• Name of your employer, your occupation and/or profession
• Other information you may provide by filling out forms or by contacting us (such as your feedback or other communications with us)

ii. Information from Registered Users

You may provide us with personal information when you:

• Purchase a subscription to access and use the Volterra Service
• Download and/or use the Software
• Access and/or use the Platform
• Use the Hardware
• Interact with and/or use support and other services provided by us as part of or in connection with the Volterra Service
• Connect Third Party Integrations with the Volterra Service
• Request support or other services from Volterra
• Communicate with us directly

In connection with the above-mentioned activities, Volterra may collect the following information:

• Your identity, including your first name, last name
• Your company name
• Your contact details, including your email address, phone number and/or postal address
• Your username, password and/or other login credentials
• Your preferences
• Other information you may provide by filling out forms or by contacting us (such as your feedback or other communications with us)

b. Information Collected Indirectly

Usage Information

When you use or interact with the Services we, or our authorized third-party service providers, automatically collect information about how you use them (collectively, “Usage Information”).

Usage Information that we collect consists of information about your interactions with the Services, including information about the device used by you to interact with and/or access the Services, including, without limitation, IP address, access dates and times, information about your approximate location (as determined through your IP address), hardware and software information, mobile, computer or hardware device information (e.g., operating system version, Hardware model, IMEI number and other unique device identifiers, MAC address, and device settings), device event information, crash data, and log data when you access and use the Services (even if you have not created an account or logged in).

This information allows Volterra to understand how you’ve used the Services (which may include administrative and support communications with us or whether you have clicked on third-party links), and other actions you have taken in connection with your use of the Services. We use this information for our internal purposes, specifically to operate, maintain, secure and improve the Services. We may also use this information to provide you with notifications, recommendations, and information about specific features of the Services and/or additional products, services, or features we believe is of interest to you.

Cookies and Similar Technologies

We or authorized third parties collect certain information by automated means using cookies, web beacons, and server logs for analytic purposes. The information we collect in this manner enables us to better understand the pages or content you view, your searches, website traffic patterns, and to optimize user experience. For more information on our use of these technologies and your choices regarding these technologies, see our Cookie Policy.

Aggregated Data

With the Usage Information collected by us and/or our third-party analytics services, we process “Aggregated Data”, such as statistical or demographic data. Aggregated Data may be derived from personal data, but is not considered personal data under the law if it does not directly or indirectly reveal your identity. For example, we may aggregate usage data to calculate the percentage of users accessing a specific feature of the Sites and/or Volterra Service. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be processed in accordance with this Privacy Notice.

c. Information Collected from Third Parties

In some instances, we process personal information from third parties, which consists of:

• Data from our partners, such as transactional data from providers of payment services.
• Data from third-parties if you access and/or use any third-party integrations in connection with the use of the Services (collectively, “Third Party Integrations”).
• Data from the hosts or providers of events, functions and/or conferences where Volterra participated and/or sponsored.

4. Using Your Personal Information

Our mission is to provide safe, efficient and high-quality products and services, and we, or our authorized third-party service providers who assist us in providing the Services, process your personal information for this purpose. We process your personal data for the following reasons:

• To perform the Services under the contract we are about to enter into or have entered into with you. For example, when you purchase a subscription to access and use the Volterra Service, that’s a contract. This may also include disclosure to the third parties who help us perform our end of the bargain, such as payment processors or shipping partners.
• Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests. For example, when we carry out fraud screening or suggest additional features and products.
• Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
• If we have obtained your prior consent (for example, when you subscribe for direct marketing). Please note that for this specific legal basis, you have the right to withdraw your consent at any time.

Depending on the Services requested by you and how you use those Services, we use your personal data in the following instances and for the noted reasons:

• To deliver, set up and enable the Volterra Service to work for you (performance of a contract);
• Deliver direct marketing communications to you regarding our products and services that we may think are of interest to you (legitimate interests or with your prior consent where you are not an existing customer);
• Respond to your queries and requests, or otherwise communicate directly with you (performance of a contract or sometimes necessary for our legitimate interests);
• Detect any fraudulent or illegal activity against you and/or Volterra (necessary for our legitimate interests);
• Perform system maintenance and upgrades, and enable new features (performance of a contract or sometimes necessary for our legitimate interests);
• Provide information to regulatory bodies when legally required, and only as outlined below in Legal Obligations and Security (necessary for compliance with a legal obligation).

5. Sharing Your Personal Information

Aside from disclosing your information to those of our personnel who are authorized to process the information in order to provide the Services and who are committed to confidentiality, we disclose your personal information only to the third parties and for the reasons indicated below:

• Third-party companies that do things to help us provide the Services and help us operate our business (as described below under Third Party Service Providers)
• Professional service providers, such as auditors, lawyers, consultants, accountants and insurers
• Governments, regulators, law enforcement and fraud prevention agencies, so we can help tackle and comply with law enforcement, but only as authorized in this Privacy Notice (see Legal Obligations and Security)
• In the event of a business transfer (as described below under Business Transfers)
• To our Affiliates (as defined below in Affiliates and Subsidiaries)
• Companies approved by you, such as Third Party Integrations or financial institutions or payment service providers.

a. Third-Party Service Providers

We share personal information with third parties that provide services to help us provide the Services, and to otherwise operate our business. Depending on how you use the Services, the following categories of third parties collect data on our behalf or receive personal information:

• Hosting services providers
• Analytics providers
• Advertising and marketing partners
• Payment service providers
• Shipping service providers (for shipments of the Hardware)
• Customer support providers
• Providers of business operations and communication tools
• Other third-party service providers that help us provide features and functions for the Services

For a list of all third-party service providers we use, please contact us. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, unless the data is rendered fully anonymous.

b. Business Transfers

We may also share data with third parties to whom we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.

c. Affiliates and Subsidiaries

Volterra is a global company with headquarters in the United States and operations in both the United States, India, and France. Personal information that we collect about you through the Services may be shared with the relevant global employees, contractors, and agents of Volterra and our affiliated and subsidiary entities (“Affiliates”) who are involved in providing or improving the Services that we offer to you. We obligate the employees, contractors and agents of Volterra and our Affiliates to ensure the security and confidentiality of your personal information and to act on that personal information only in a manner consistent with this Privacy Policy.

d. Legal Obligations and Security

Subject to the limitations in this Section, we will disclose your personal data if we believe that it is necessary to comply with a law, regulation, legal process, or legitimate governmental request; to protect the safety of any person; to protect the safety or security of the Services or to prevent spam, abuse, fraud, or other malicious activity of actors using or accessing the Services, or to protect our rights or property or the rights or property of those who use the Services.

Non-public information about our users will not be released to law enforcement except in response to an appropriate legal process such as a subpoena, court order, or other valid legal process that has been reviewed by Volterra. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.

e. Third-Party Integrations

When you choose to connect Third Party Integrations with the Volterra Service certain information may be share through the Volterra Service to enable the functionality and operability of such Third Party Integration with the Volterra Service.

6. Marketing Communications

If you have not otherwise opted out, or if you have opted in to receive direct marketing emails from us, we may use your personal information to send you marketing information about the Services, other Volterra products and services, new product releases, and new feature releases of the Services that we think may interest you. For instance, when you request additional information regarding the Services or sign up for our newsletter, we may ask if you wish to opt in to receive marketing communications from us regarding our products and services. This is what we call direct marketing. We carry out direct marketing by email. We obtain consent to send you such communications where required under applicable local laws.

If you no longer wish to receive marketing communications, you have the right at any time to opt out as further explained in Managing Your Preferences.

7. Managing Your Preferences

Direct Marketing

If you change your mind on how Volterra discloses or uses your personal information for our direct marketing purposes, or wish to access, correct or update personal information (such as your address), we will endeavor to correct, update or remove the personal data you give us. You may correct or update personal information by sending an email to contact@volterra.io.

In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any of our marketing e-mails. We will use commercially reasonable efforts to process such requests in a timely manner. You cannot opt out of receiving transactional e-mails related to the Services (e.g. requests for support).

Cookies

You can manage your cookie and tracking preferences as described in our Cookie Policy.

8. Sensitive Data

Volterra does not require you to provide any sensitive data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic, and biometric data to use the Services.

9. Children’s Privacy

Use of the Services are not intended for minors. Volterra does not target the its Services to persons under the age of 16 and does not knowingly collect personal data from minors. Therefore, we ask you not to provide us with personal information of persons under the age of 16. If we learn that personal information of persons under 16 years of age has been collected on or through the Services, then we may deactivate the account or otherwise terminate access to the Services and/or make the user content inaccessible.

10. Payment Processing

We do not directly collect your payment information and we do not store your payment information. We use third-party, PCI-compliant, payment processors, which collect payment information on our behalf in order to complete transactions.

11. Third Party Links

On or through the Services, we may provide or make available, for informational purposes only, links to other websites or resources with which we do not have a contractual relationship and over which we do not have control (“External Websites”). Such links are not paid advertisements, nor do they constitute an endorsement by Volterra of those External Websites, and are provided to you only as a convenience. By clicking on links to External Websites, the operators of the External Websites may collect your personal information. We are not responsible for the content or data collection practices of those External Websites, and your use of External Websites is subject to their respective terms of use and privacy policies.

12. Data Retention

Your personal information is processed for the period necessary to fulfill the purposes for which it is collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.

In order to determine the most appropriate retention periods for your personal information, we consider the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, and applicable legal requirements.

In some circumstances, you can ask us to delete your data. See Additional Legal Rights for Users in the European Economic Area below for further information.

In some instances, we may choose to anonymize your personal data instead of deleting it, for statistical use, for instance. When we choose to anonymize, we make sure that there is no way that the personal data can be linked back to you or any specific user.

13. Data Security and Protection

We have put in place reasonable and appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, we use encryption, secure socket layer, firewalls, and password protection. In addition, we require two-factor authentication for all employees and contractors who may access your data to provide our Services, and we limit access to those employees, agents, contractors and the third parties who have a business need-to-know.

We also have procedures in place to deal with any suspected data security breach. We also require those parties to whom we transfer your personal information to comply with the same.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and while we take reasonable steps to provide secure Services, by using the Services, you understand and assume the risks associated with your activities on the internet.

14. International Transfers

Volterra is based in the United States. The personal information that we collect are sent to and stored on servers located in the United States and in Europe. Such storage is necessary in order to process the information. Volterra operates globally and may transfer the personal data that we collect from you to our other offices and/or to the third parties mentioned in the circumstances described above, which may be situated outside of your country or regional area, and may be processed by staff operating outside of your country or regional area. In particular, information provided to us or collected by us likely will be transferred to and processed in the United States and Europe by us or our agents and contractors. The data protection laws of the United States or other countries may not be as comprehensive or equivalent to those in your country of residence.

The European Union’s General Data Protection Regulation (“GDPR”) allows for transfer of personal data from the European Union to a third country in certain situations. We rely on legally-provided mechanisms to lawfully transfer personal information across borders. For example, we may enter into the EU Standard Contractual Clauses adopted by the EU Commission. More information about the Standard Contractual Clauses is available here.

15. Additional Legal Rights for Users in the European Economic Area

If the GDPR applies to you because you are in the European Economic Area, you have certain rights in relation to your personal data:

• The right to be informed – that’s an obligation on us to inform you how we use your personal data (and that’s what we’re doing in this Privacy Notice);
• The right of access – that’s a right to make what’s known as a ‘data subject access request’ for a copy of the personal data we hold about you;
• The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate (though we generally recommend first making any changes in your account);
• The right to erasure (also known as the ‘right to be forgotten’) – that’s where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
• The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
• The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
• The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
• Rights in relation to automated decision-making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision-making.
• Withdraw Consent—that’s a right to revoke any consent you may have previously given us at any time, if we have collected and processed your personal information with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• File a complaint—that’s the right to file a complaint with a supervisory authority about our collection and processing of your personal information.

These rights are subject to certain rules around when you can exercise them. If are located in the European Economic Area and wish to exercise any of the rights set out above, please contact us.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.

In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing the Services as requested and/or ordered by you or necessary updates regarding and the Services used by you.

Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us first.

If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the details in Contact Us below.

16. Contact Us

If you have any questions about this Privacy Notice, have additional questions, or if you are located in the European Economic Area and would like to exercise any of your rights, please contact us by email at: privacy@volterra.io; or by mail at:

Volterra, Inc.
[2550 Great America Way, Suite 350]
[Santa Clara, CA 95054]
Attn: [Privacy Officer]