APP PRIVACY NOTICE

Last Updated: July 2024

This privacy notice describes the data that Riverbed Technology LLC and its affiliates (“Riverbed”, “we”, “us”, or “our”) collect through software applications for smartphones and tablets published by Riverbed on the Apple App and Google Play Store (“App(s)”). As used in the privacy notice:

• “Customer” means the organization that purchases the Offerings and through whom you, an authorized user of the Offerings, are provided access to the App and Offerings.
• “Offerings” refer to the products and services that are ordered by our Customers.
• “Personal Data” means data that identifies or relates to an identifiable individual.

All Personal Data processed through the Apps is collected solely on behalf of our Customers. Riverbed’s role is that of “processor” of this date; our Customers are “controllers” of this data (each as defined by the General Data Protection Regulation). The term “processor” shall also include a “service provider” and the term “controller” shall also include a “business” as defined in the California Consumer Protection Act of 2018 as amended by The California Privacy Rights Act of 2020 (together with its implementing regulations, the “CPRA”) or analogous terms in the applicable data protection laws. Accordingly, please contact the relevant Customer (e.g., your employer, if you are an employee of a Riverbed Customer) for more information about their privacy practices as to the data collected through or in connection with the Apps.

Data Collection and Use

Riverbed collects a variety of data, including Personal Data, on behalf of its Customers through use of the Riverbed Apps. The specific data, including Personal Data, collected through the Apps is dependent on which App(s) our Customers choose to utilize and how they configure the Offerings. Any data collected is processed and displayed via a web-based management console associated with the Offering; only authorized users granted administrative privileges by the Customer have access to the console.

iOS App

• Apps installed so that the Customer may apply security-related company policies
• Device usage (e.g., battery, available storage, CPU, RAM, network and restart time) so that the Customer can apply experience-related company policies
• Device configuration so that the Customer can apply security and experience-related company policies
• Device hardware to permit the Customer to correctly manage and secure its devices
• Telephony and network information so that the Customer can apply security and usage-related company policies
• Data usage information so that the Customer can apply security and usage-related company policies
• Network activity (e.g., IPs, domain names, timestamp) so that the Customer can apply network-related company policies
• Device location in order to report real time (precise and/or course) location within the Aternity Mobile console accessed by the Customer’s IT administrators

Android App

• Email to facilitate account login
• Device Firebase Registration ID to send push notifications to the device
• Data connectivity type is collected and displayed in the console so that the Customer can apply security and experience-related company policies
• Phone number is collected and displayed in the console so that the Customer can apply experience-related company policies
• Wifi information (including SSID, BSSID, and MAC address) is collected and displayed in the console so that the Customer can apply security and experience-related company policies
• Telephony information (including network ID, carrier MCC and MNC) is collected and displayed in the console so that the Customer can apply experience-related company policies
• Device SSAID to unique identify devices in case aliases have not been properly set
• Installed applications are collected and displayed in the console so that the Customer can apply security-related company policies
• Application interactions are collected and displayed in the console so that the Customer can apply security and experience-related company policies
• Application and data usage information are collected and displayed in the console so that the Customer can apply security and usage-related company policies
• Device usage (e.g., battery, available storage, CPU, RAM, network and restart time) is collected and displayed in the console so that the Customer can apply experience-related company policies
• Device configuration so that the Customer can apply security and experience-related company policies
• Device hardware is collected and displayed in the console to permit the Customer to correctly manage and secure its devices
• Websites visited (full URL) is collected and displayed in the console so that the Customer can apply network-related company policies
• Network activity (e.g., IPs, domain names, timestamp) is collected and displayed in the console so that the Customer can apply network-related company policies
• Background device location is collected and displayed in the console to inform the Customer of real time (precise and/or course) location (including when the App is closed or not in use) and to obtain information about Wifi networks

Personal Data May Be Shared

We may share your Personal Data:

• With relevant third parties if we are involved in a corporate transaction, such as merger, acquisition, divestiture, reorganization, dissolution or other sale or transfer of some or all of our assets;
• With our subsidiaries, affiliates, agents, and contractors as well as the service providers we use to support our business (e.g., our subprocessors);
• to comply with a court order, law or legal process, including responding to a government or regulatory request;
• to enforce our terms and conditions, to protect our operations, to protect the rights, privacy, safety or property of Riverbed, you, or others.

Please note that Riverbed does not sell or share the Personal Data collected through the Apps, as defined by the CPRA.

Personal Data Transfers

To facilitate our global operations, and in accordance with applicable laws and our Customers’ instructions, we may transfer the Personal Data collected through our Apps to, and access this data from, our offices, subsidiaries, affiliates and services providers in the various countries in which we or they operate (including the United States of America). Details about our subprocessors can be found here.

Retention

Riverbed retains data collected through the Apps only for so long as necessary to follow our Customers’ instructions or to comply with legal, regulatory or internal policy requirements.

Security

Riverbed maintains appropriate technical and organizational measures, including administrative, physical, and technical safeguards to protect the data collected through the Apps from unauthorized access, use, modification, or disclosure.

Exercising Data Protection Rights

You have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws and, in particular, if you are located in the EEA, these rights may include:

• Right to access Personal Data
• Right to rectify inaccurate or incomplete Personal Data
• Right to erase/delete Personal Data
• Right to restrict processing of Personal Data
• Right to data portability of Personal Data
• Right to object to processing of Personal Data
• Not to be subject to a decision based solely on automated processing (please note Riverbed does not currently engage in any
• automated processing)
• Right to withdraw consent (when processing of Personal Data is based on consent)

Please contact the relevant Customer (e.g., your employer, if you are an employee of a Riverbed Customer) to exercise these rights. Alternatively, you may also reach out to rvbd-privacy@riverbed.com. To the extent you do email rvbd-privacy@riverbed.com, please specify exactly the relevant Customer such that we can forward the request on to them to handle accordingly.

Updates To This Privacy Notice

Riverbed may make changes to this privacy notice periodically to reflect changes in our practices, technologies, regulatory requirements and other factors. If we make changes, we will revise the “Last Update” date at the top of this privacy notice.

Contact Us

If you have any questions regarding this privacy notice or Riverbed’s privacy practices, you may email us at rvbd-privacy@riverbed.com.
You may also contact us by writing to Riverbed at the following address:

Riverbed Technology LLC
Attention: Legal Department
275 Shoreline Drive, Suite 350
Redwood City, CA 94065