Privacy Policy


Introduction

Acquia Inc., including its wholly owned affiliates, (“Acquia”, "us," "we," or "our,") is committed to protecting the privacy of your information. This Privacy Policy (“Policy”) governs Acquia’s use of personally identifiable information, also "personal data," about users of our products, services and/or software that are available for purchase and use through our sales teams, accessible by download on our websites (our "Services"), and also users of our website http://acquia.com as well as the other websites that Acquia operates and that link to this Policy (collectively referred to as “Site(s)”). It also describes the choices available to you regarding our use of your personally identifiable information and how you can access and update this information.

Acquia complies with the relevant regulation applying to personal data, including but not limited the General Data Protection Regulation issued by the European Union.

Our Sites may contain links to other websites, applications, and services maintained by third parties.  The information practices of other services are governed by their privacy statements, which you should review to better understand their privacy practices.
 

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Acquia complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the United States Department of Commerce regarding the collection, use, and retention of personally identifiable information transferred from the European Union, and the United Kingdom and/or Switzerland to the United States. Consistent with our commitment to protect personally identifiable information about individuals in the European Union, Acquia has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, and Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (the “Privacy Shield Principles” or the “Principles”). Acquia’s EU-U.S. and Swiss-U.S. Privacy Shield Certification also extends to personally identifiable information that we receive directly through the Sites. More information on the EU-U.S. and Swiss-U.S. Privacy Shield and Acquia’s scope of participation in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks are available at http://www.privacyshield.gov/welcome.

If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

California Residents

If you are a California consumer, for more information about your privacy rights, please see our California Consumer Privacy Statement.

Brazil Residents

If you are a Brazil consumer, for more information about your privacy rights under Lei Geral de Proteção de Dados Pessoais (“LGPD”), please contact us at [email protected]

Privacy Policy Updates

Due to the Internet’s rapidly evolving nature, Acquia may need to update this Privacy Policy from time to time. If so, Acquia will post our updated Privacy Policy on our Site located at http://acquia.com/about-us/legal/privacy-policy and post notice of the change so it is visible when users log-on for the first time after the change is posted so that you are always aware of what personally identifiable information we may collect and how we may use this information. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page. Acquia encourages you to review this Privacy Policy regularly for any changes. Your continued use of this Site and/or continued provision of personally identifiable information to us will be subject to the terms of the then-current Privacy Policy.

Data Integrity and Purpose Limitation

Acquia is a provider of cloud platform related services, including Platform as a Service (“PaaS”) and Software as a Service (“SaaS”) products, technical support services and professional consulting services for Drupal websites which processes personally identifiable information upon the instruction of its customers in accordance with the terms of the applicable agreement between Acquia and customer.

Information Collection and Use

You can generally visit our Site without revealing any personally identifiable information about yourself. However, in certain sections of thes Site or interactions with us, we may invite you to  participate in one or some of the following. We collect such information in the following situations:

  • Surveys  (If you voluntarily submit certain information to our services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request)
  • Contact Us features with questions or comments or request information, participate in chat or message boards (If you express an interest in obtaining additional information about our services, request customer support, use our “Contact Us” or similar features, register to use our services, sign up for an event, questionnaires, webinar, contests, or download certain content, we may require that you provide to us your contact information)
  • If you interact with our websites or emails, we may automatically collect information about your device and your usage of our websites or emails, (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data) (see “Device and Usage Data Processing section, below) using cookies, Web Beacons, or similar technologies.
  • If you make purchases via our Sites or register for an event or webinar, we may require that you provide your financial and billing information, such as billing name and address, credit card number or bank account information.
  • If you communicate with us via a phone call from us, we may record that call.
  • We require you to complete a registration form and/or create a profile to access certain restricted areas of the Site, to use certain services and when you download any software.
  • If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name, and time and date of arrival.  Additionally, due to the COVID-19 pandemic, you may be required to provide information regarding your health status, including your temperature, COVID-19 related symptoms, exposure to COVID-19, positive individuals, and recent travel history.

Due to the nature of some of these activities, we may collect personally identifiable information such as your name, e-mail address, address, phone number, password, screen name, credit card information and other contact information that you voluntarily transmit with your on-line and in-person communications to us and personally identifiable information that you elect to include in your chart and message board postings.

If you use a forum on this Site, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these forums. We receive permission to post testimonials that include personally identifiable information prior to posting.

If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Policy. If you believe that your Personal Data has been provided to us improperly, or want to exercise your rights relating to your Personal Data, please contact us by emailing [email protected].

Orders

If you purchase a product or service from us, we request certain personally identifiable information from you on our order form. You must provide contact information (such as name, email, and shipping address) and financial information (such as credit card number, expiration date).

We use this information for billing purposes and to fill your orders. If we have trouble processing an order, we will use this information to contact you.

In addition, we may collect information about the performance, security, software configuration and availability of customer web sites in an automated fashion as part of the Acquia subscription services.

We use your personally identifiable information to register you to use our services or download or access software or other content, contact you to deliver certain goods, services or information that you have requested, provide you with notices regarding goods or services you have purchased, provide you with notices regarding goods or services that you may want to purchase in the future (including communications from third party service providers and/or Acquia technology partners concerning additional products/applications which compliment Acquia's services, or else are customizable with Acquia's services in order to maximize your digital experience while leveraging Acquia services), verify your authority to enter our Site and improve the content and general administration of the Site and our services.

Certain modules within the Drupal software connect your installation of Drupal to our subscription services, these modules will report to us, and we will collect, your IP address, operating system type and version, web server type and version, php version, database type and version, version of the services, modifications to your Drupal code, information regarding the availability of your website (e.g. if your website is live or down), website user statistics such as the number of nodes, number of users and number of comments. The foregoing information will be linked to your personally identifiable information and user accounts and we may use the foregoing information to better provide technical support to you and our customers and to improve our services.

If you install and use the Acquia Search module and connect your Drupal site to the subscription services, in addition to the information we may collect, analyze and store when you use our services as stated above, the Acquia Search module may collect, analyze and store the content of your site in an index. This index will be stored and updated on our servers to enable Acquia Search to work with your site. A copy of this index may be retained for up to 14 days as a backup in the event there is a problem with the index. Additionally, information about the size of your index, the search queries performed on your index, performance of Acquia Search for your queries, and other operational information is stored indefinitely in order to enable Acquia to monitor performance over time, manage the Search Service, and to provide you with information about the Search activity on your site.

If you choose to contact us by e-mail, we will not disclose your contact information contained in the e-mail, but we may use your contact information to send you a response to your message. Notwithstanding the foregoing, we may publicly disclose the content and/or subject matter of your message, therefore, you should not send us any ideas, suggestions or content that you consider proprietary or confidential. All e-mail content (except your contact information) will be treated on a non-proprietary and non-confidential basis and may be used by us for any purpose.

Details of data processing

Acquia processes your personal data as a customer and other customer’s personal data (in the following just “customer”) in order to provide the contractually agreed Services.

Subject matter: The subject matter of the data processing is the performance of the Services agreed between Acquia and customer by Acquia involving personal data provided by customer.

Duration: As between customer and Acquia, the duration of the data processing is determined by customer and its contractual commitments with regard to the use of Acquia’s Services.

Purpose: The purpose of the data processing by Acquia is the provision of the Services initiated by the customer from time to time. 


Nature of the processing: Cloud computing as platform and software as a service and such other Services as described in the Documentation and initiated by the customer from time to time. 


Type of personal data:

The type and extent of personal data that is subjected to Acquia’s data processing is determined and controlled by our customer as data controller in its sole discretion - this may include, but is not limited to the following:

  • First and last name
  • Title, work department, and manager/supervisor name
  • Position and employment history
  • Employer
  • Contact information (company, personal and work email, phone, home address, physical business address, emergency contact details)
  • Photographs
  • Biographical and directory information, including linked social media profile or posts
  • Company user names or IDs and login credentials
  • Identifiers related to work or personal devices used to access data exporter’s IT systems
  • Log information generated through the use of data exporter’s IT systems
  • Actions performed by the employee while accessing or using the Services
  • Full time or part time status
  • Business travel arrangements
  • Training undertaken and training needs
  • Localization data

Categories of data subjects: Customer’s representatives and end-users including employees, contractors, collaborators and advisors of our customer (who are natural persons).

Communications from the Site

Special Offers and Updates

We will occasionally send you information on products, services, special deals, promotions. Out of respect for your privacy, we present the option not to receive these types of communications. Please see “Choice and Opt-out.”

Newsletters

If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, we provide you a way to unsubscribe. Please see the “Choice and Opt-out” section.

Service-related Announcements

We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.

Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.

Customer Service

Based upon the personally identifiable information you provide us, we will send you a welcoming email to verify your username and password. We will also communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We will communicate with you by email or telephone, in accordance with your wishes.

Choice/Opt-out

We or one of our authorized partners may place or read cookies on your device when you visit our websites for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here. We provide you the opportunity to ‘opt-out’ of having your personally identifiable information used for certain purposes, when we ask for your information.

To request updates or changes to your information or your preferences regarding receiving future promotional messages from us, you may contact our Privacy Officer using the information in the Contact Us section of this Privacy Policy or follow the opt-out instructions that are contained in the bottom of the email communication you received.

You will be notified prior to when your personally identifiable information is collected by any third party that is not our agent/service provider, so you can make an informed choice as to whether or not to share your information with that party.

Please note that if you opt out of receiving our promotional or marketing emails, you may still receive certain service-related communications from us, such as administrative and services announcements and messages about your account. Occasionally these materials are sent from a different email domain: [email protected] 

Employment Opportunities

We provide you with a means for submitting your resume or other personally identifiable information through the Site for consideration for employment opportunities at Acquia. Personally identifiable information received through resume submissions will be kept confidential. We may contact you for additional information to supplement your resume, and we may use your personally identifiable information within Acquia, or keep it on file for future use, as we make our hiring decisions.

Children's Privacy

Acquia recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. This Site is not intended for children under the age of 13. Acquia does not target its services or this Site to children under 13. Acquia does not knowingly collect personally identifiable information from children under the age of 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us by emailing [email protected].

Cookies and GIFs

We use small text files called cookies to improve overall Site experience. A cookie allows us  to gather information about the use of our sites and how people interact with our emails. Cookies generally do not permit us to personally identify you (except as provided below). We may also use clear GIFs (a.k.a. “Web beacons”) in HTML-based emails sent to our users to track which emails are opened by recipients.

Additionally, when using the Site, we and any of our third party service providers may use cookies and other tracking mechanisms to track your user activity on the Site and identify the organization or entity from which you are using the Site. If you register with the Site, we, and our third party service providers, will be able to associate all of your user activity with your personally identifiable registration information. We will use such user activity information to improve the Site, to provide context for our sales and support staff when interacting with you and customers, to initiate automated email marketing campaigns triggered by your activity on the Site and for other internal business analysis.

Aggregate Information

The Site may track information that will be maintained, used and disclosed in aggregate form only and which will not contain your personally identifiable information, for example, without limitation, the total number of visitors to our Site, the number of visitors to each page of our Site, browser type, External Web Sites (defined below) linked to and IP addresses. We may analyze this data for trends and statistics in the aggregate, and we may use such aggregate information to administer the Site, track users’ movement, and gather broad demographic information for aggregate use.

Disclosure

We will not sell your personally identifiable information to any company or organization, except we may transfer your personally identifiable information to a successor entity upon a merger, consolidation or other corporate reorganization in which Acquia participates or to a purchaser or acquirer of all or substantially all of Acquia’s assets to which this Site relates. We may provide your personally identifiable information and the data generated by cookies and the aggregate information to parent, subsidiary or affiliate entities within Acquia’s corporate family, partner entities that are not within Acquia’s corporate family and vendors and service agencies that we may engage to assist us in providing our services to you. For example, we may provide your personally identifiable information to a credit card processing company to process your payment. Such third party service providers may be obligated to protect your personally identifiable information consistent with the terms of this Privacy Policy and not for their promotional purposes and/or required to enter into written confidentiality and data processing agreements including the commitment to be compliant with the Standard Contractual Clauses issued by the European Commission. We will also disclose your personally identifiable information (a) if we are required to do so by law, regulation or other government authority, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or otherwise in cooperation with an ongoing investigation of a governmental authority (b) to enforce the Acquia Terms of Use agreement or to protect our rights or (c) to protect the safety of users of our Site and our services.

The Site may provide links to other Web sites or resources over which Acquia does not have control (“External Web Sites”). Such links do not constitute an endorsement by Acquia of those External Web Sites. You acknowledge that Acquia is providing these links to you only as a convenience, and further agree that Acquia is not responsible for the content of such External Web Sites. Your use of External Web Sites is subject to the terms of use and privacy policies located on the linked External Web Sites.

Security

We employ procedural and technological measures that are reasonably designed to help protect your personally identifiable information including sensitive data from loss, unauthorized access, disclosure, alteration or destruction. Acquia may use encryption, secure socket layer, firewall, password protection and other physical security measures to help prevent unauthorized access to your personally identifiable information including sensitive data. Acquia may also place internal restrictions on who in the company may access data to help prevent unauthorized access to your personally identifiable information. These precautions take into account the risks involved in the processing, the nature of personally identifiable information, and best practices in the industry for security and data protection.

Please find additional information about Acquia’s security measures on our website https://www.acquia.com/solutions/security and for our Services specifically in our Acquia Security Annex available at https://www.acquia.com/sites/default/files/legal/acquia-security-annex.pdf

Accountability for Onward Transfer

Acquia is accountable for personally identifiable information that we receive and subsequently transfer to third parties. If third parties that process personally identifiable information on our behalf do so in a manner that does not comply with the Privacy Shield Principles, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage.

Contact information and Customer personally identifiable information is accessible only by those Acquia employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into confidentiality agreements, and/or have been subjected to thorough criminal background checks requiring that they maintain the confidentiality of Customer personally identifiable information.

In the event Acquia discloses personally identifiable information covered by this Policy to a non-agent third party, it will do so consistent with any notice provided to Data Subjects and any choice they have exercised regarding such disclosure. Acquia will only disclose personally identifiable information to third-party agents that have given us contractual assurances that they will provide at least the same level of privacy protection as is required by this Privacy Policy and the Principles and that they will process personally identifiable information for limited and specific purposes consistent with any consent provided by the individual. If Acquia has knowledge that a third party to which it has disclosed personally identifiable information covered by this Privacy Policy is processing such personally identifiable information in a way that is contrary to this Privacy Policy and/or the Principles, Acquia will take reasonable steps to prevent or stop such processing. In such case, the third-party is liable for damages unless it is proven that Acquia is responsible for the event giving rise to the violation.

Acquia may use from time to time a limited number of third-party service providers, contractors, and other businesses to assist us in providing our solutions to our customers or in meeting internal business operation needs. These third-parties may access process or store personally identifiable information in the course of performing their duties to Acquia. Acquia maintains contracts with these providers restricting their access, use and disclosure of personally identifiable information in compliance with our obligations under the Principles.

YOUr rights relating to your personal data

Depending on the applicable local data protection laws, you have certain rights relating to your Personal Data including, but not limited to:

  • Access to your data
  • Rectification
  • Erasure ("right to be forgotten")
  • Restriction of Processing
  • Object, opt-out, withdrawing your consent
  • Transfer of your data

Acquia provides you with the ability to exert any such right by contacting us through this web form (https://acquia-privacy.my.onetrust.com/webform/29a25674-36fd-4a6f-8e09-7e5a4f94cf4a/8511aea7-dd1f-4353-9429-a0dbe52f01cc).

Enforcement and Liability

Acquia is subject to the jurisdiction and enforcement and investigatory authority of the United States Federal Trade Commission.

Acquia also commits to periodically reviewing and verifying the accuracy of this Policy and the company’s compliance with the Principles, and remedying issues identified. All employees of Acquia that have access to personally identifiable information covered by this Policy in the U.S. are responsible for conducting themselves in accordance with this Policy. Failure of an Acquia employee to comply with this Policy may result in disciplinary action up to and including termination.

Acquia assures compliance with this EU-U.S. and Swiss-U.S. Privacy Shield Policy and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks by utilizing the self-assessment approach as specified by the U.S. Department of Commerce. The assessment is conducted on an annual basis to ensure that all of Acquia’s relevant privacy practices are being followed in conformance with this EU-U.S. and Swiss-U.S. Privacy Shield Policy and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Any employee that Acquia determines is in violation of these policies will be subject to discipline, up to and including termination of employment and/or criminal prosecution.

Dispute Resolution

Acquia assures compliance with this EU-U.S. and Swiss-U.S. Privacy Shield Policy by fully investigating and attempting to resolve any complaint or dispute regarding the use and disclosure of personally identifiable information in violation of this Privacy Policy.

Any questions or concerns regarding the use or disclosure of personally identifiable information should first be directed to the owner of the website in question (our customer); or if the question or concern is from our customer, then to Acquia at the address given below.

Acquia will respond to any inquiries or complaints within forty-five (45) days. In the event that Acquia fails to respond or its response is insufficient or does not address the concern, Acquia has registered with JAMS to provide independent third party dispute resolution at no cost to the complaining party. To contact JAMS and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please visit: https://www.jamsadr.com/eu-us-privacy-shield.

If your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Acquia will cooperate with the United States Federal Trade Commissions and any data protection authorities of the EU Member States and/or United Kingdom (“DPAs”) in the investigation and resolution of complaints that cannot be resolved between Acquia and the complainant that are brought to a relevant DPA.

Contact Us

If you have any questions or complaints regarding this Privacy Policy please contact us by mail: Acquia Inc. 53 State Street Boston, MA 02109 USA Attention: General Counsel

Or e-mail to [email protected]

 

Updated February 11, 2022