Acquia Inc., including its wholly owned affiliates, (“Acquia”, "us," "we," or "our,") is committed to protecting the privacy of your information. Acquia’s affiliates are listed here (“Affiliates”).
Acquia complies with the relevant legislation applying to personal data, including but not limited the General Data Protection Regulation issued by the European Union which may include an adequacy decision or appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission.
1. Policy Application
This Policy applies to website visitors, event participants, office and event attendees, customers and customers’ users of our Services, and end users of our Services and Products including trials.
This Policy does not apply to websites, applications, and services maintained by third parties, including, but not limited to, those of Acquia’s customers. The privacy practices of these websites, applications, and services are governed by their respective privacy statements, which you should review to better understand their privacy practices.
Where Acquia obtains personal data in its role as a Processor for its customers, end-users and consumers should submit complaints concerning the processing of their Personal Data to the relevant customer. Acquia will support in this process at the request of the customer.
2. California Residents
If you are a California consumer, for more information about your privacy rights, please see our California Consumer Privacy Statement.
3. Data Integrity and Purpose Limitation
Acquia is a provider of cloud platform related services, including Platform as a Service (“PaaS”) and Software as a Service (“SaaS”) products, technical support services and professional consulting services for Drupal websites which processes personally identifiable information upon the instruction of its customers in accordance with the terms of the applicable agreement between Acquia and customer.
4. Information Collection and Use (by Categories of Data Subjects)
However, in certain sections of the Site or interactions with us, we may invite you to participate in one or some of the following. We collect such information in the following situations:
- Surveys (If you voluntarily submit certain information to our services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request);
- “Contact Us” features with questions or comments or request information, participate in chat or message boards (If you express an interest in obtaining additional information about our services, request customer support, use our “Contact Us” or similar features, register to use our services, sign up for an event, questionnaires, webinar, contests, or download certain content, we may require that you provide to us your contact information);
- If you interact with our websites or emails, we may automatically collect information about your device and your usage of our websites or emails, (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data) (see “Device and Usage Data Processing section, below) using cookies, Web Beacons, or similar technologies;
- If you make purchases via our Sites or register for an event or webinar, we may require that you provide your financial and billing information, such as billing name and address, credit card number or bank account information;
- If you communicate with us via a phone call from us, we may record that call;
- We require you to complete a registration form and/or create a profile to access certain restricted areas of the Site, to use certain services, including trial services, and when you download any software;
- If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name, and time and date of arrival.
Due to the nature of some of these activities, we may collect personally identifiable information such as your name, e-mail address, address, phone number, password, screen name, credit card information and other contact information that you voluntarily transmit with your on-line and in-person communications to us and personally identifiable information that you elect to include in your chart and message board postings.
If you use a forum on this Site, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these forums. We receive permission to post testimonials that include personally identifiable information prior to posting.
4.1. Orders by Customers
If you purchase a product or service from us, we request certain personally identifiable information from you on our order form. You must provide contact information (such as name, email, and shipping address) and financial information (such as credit card number, expiration date).
We use this information for billing purposes and to fill your orders. If we have trouble processing an order, we will use this information to contact you.
In addition, we may collect information about the performance, security, software configuration and availability of customer web sites in an automated fashion as part of the Acquia subscription services.
We use your personally identifiable information to register you to use our services or download or access software or other content, contact you to deliver certain goods, services or information that you have requested, provide you with notices regarding goods or services you have purchased, provide you with notices regarding goods or services that you may want to purchase in the future (including communications from third party service providers and/or Acquia technology partners concerning additional products/applications which compliment Acquia's services, or else are customizable with Acquia's services in order to maximize your digital experience while leveraging Acquia services), verify your authority to enter our Site and improve the content and general administration of the Site and our services.
Certain modules within the Drupal software connect your installation of Drupal to our subscription services, these modules will report to us, and we will collect, your IP address, operating system type and version, web server type and version, php version, database type and version, version of the services, modifications to your Drupal code, information regarding the availability of your website (e.g. if your website is live or down), website user statistics such as the number of nodes, number of users and number of comments. The foregoing information will be linked to your personally identifiable information and user accounts, and we may use the foregoing information to better provide technical support to you and our customers and to improve our services.
If you install and use the Acquia Search module and connect your Drupal site to the subscription services, in addition to the information we may collect, analyze and store when you use our services as stated above, the Acquia Search module may collect, analyze and store the content of your site in an index. This index will be stored and updated on our servers to enable Acquia Search to work with your site. A copy of this index may be retained for up to 14 days as a backup in the event there is a problem with the index. Additionally, information about the size of your index, the search queries performed on your index, performance of Acquia Search for your queries, and other operational information is stored indefinitely in order to enable Acquia to monitor performance over time, manage the Search Service, and to provide you with information about the Search activity on your site.
If you choose to contact us by e-mail, we will not disclose your contact information contained in the e-mail, but we may use your contact information to send you a response to your message. Notwithstanding the foregoing, we may publicly disclose the content and/or subject matter of your message, therefore, you should not send us any ideas, suggestions or content that you consider proprietary or confidential. All e-mail content (except your contact information) will be treated on a non-proprietary and non-confidential basis and may be used by us for any purpose.
4.1.1. Details of data processing
Acquia processes your personal data as a customer and other customer’s personal data (in the following just “customer”) in order to provide the contractually agreed Services.
Subject matter: The subject matter of the data processing is the performance of the Services agreed between Acquia and customer by Acquia involving personal data provided by customer.
Duration: As between customer and Acquia, the duration of the data processing is determined by customer and its contractual commitments with regard to the use of Acquia’s Services.
Purpose: The purpose of the data processing by Acquia is the provision of the Services initiated by the customer from time to time.
Nature of the processing: Cloud computing as platform and software as a service and such other Services as described in the Documentation and initiated by the customer from time to time.
Type of personal data:
The type and extent of personal data that is subjected to Acquia’s data processing is determined and controlled by our customer as data controller in its sole discretion - this may include, but is not limited to the following:
- First and last name,
- Title, work department, and manager/supervisor name,
- Position and employment history,
- Contact information (company, personal and work email, phone, home address, physical business address, emergency contact details),
- Biographical and directory information, including linked social media profile or posts,
- Company user names or IDs and login credentials,
- Identifiers related to work or personal devices used to access data exporter’s IT systems,
- Log information generated through the use of data exporter’s IT systems,
- Actions performed by the employee while accessing or using the Services,
- Full time or part time status,
- Business travel arrangements,
- Training undertaken and training needs,
- Localization data.
Categories of data subjects: Customer’s representatives and end-users including employees, contractors, collaborators and advisors of our customer (who are natural persons).
4.2. Communications from the Site
4.2.1. Special Offers and Updates
We will occasionally send you information on products, services, special deals, promotions. Out of respect for your privacy, we present the option not to receive these types of communications. Please see “Choice and Opt-out.”
If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, we provide you a way to unsubscribe. Please see the “Choice and Opt-out” section.
4.2.3. Service-related Announcements
We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.
Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.
4.3. Customer Service
Based upon the personally identifiable information you provide us, we will send you a welcoming email to verify your username and password. We will also communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We will communicate with you by email or telephone, in accordance with your wishes.
We or one of our authorized partners may place or read cookies on your device when you visit our websites for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here. We provide you the opportunity to not choose or ‘opt-out’ of having your personally identifiable information used for certain purposes, when we ask for yourinformation.
You will be notified prior to when your personally identifiable information is collected by any third party that is not our agent/service provider, so you can make an informed choice as to whether or not to share your information with that party.
Please note that if you opt out of receiving our promotional or marketing emails, you may still receive certain service-related communications from us, such as administrative and services announcements and messages about your account. Occasionally these materials are sent from a different email domain: [email protected].
4.5. Employment Opportunities
We provide you with a means for submitting your resume or other personally identifiable information through the Site for consideration for employment opportunities at Acquia. Personally identifiable information received through resume submissions will be kept confidential. We may contact you for additional information to supplement your resume, and we may use your personally identifiable information within Acquia, or keep it on file for future use, as we make our hiring decisions.
4.6. Children's Privacy
Acquia recognizes the privacy interests of children, and we encourage parents and guardians to take an active role in their children’s online activities and interests. This Site is not intended for children under the age of 13. Acquia does not target its services or this Site to children under 13. Acquia does not knowingly collect personally identifiable information from children under the age of 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us by emailing [email protected].
4.7. Cookies and GIFs
We use small text files called cookies to improve overall Site experience. A cookie allows us to gather information about the use of our sites and how people interact with our emails.. Cookies generally do not permit us to personally identify you (except as provided below). We may also use clear GIFs (a.k.a. “Web beacons”) in HTML-based emails sent to our users to track which emails are opened by recipients.
The Site may track information that will be maintained, used and disclosed in aggregate form only and which will not contain your personally identifiable information, for example, without limitation, the total number of visitors to our Site, the number of visitors to each page of our Site, browser type, External Web Sites (defined below) linked to and IP addresses. We may analyze this data for trends and statistics in the aggregate, and we may use such aggregate information to administer the Site, track users’ movement, and gather broad demographic information for aggregate use.
We employ procedural and technological measures that are reasonably designed to help protect your personally identifiable information including sensitive data from loss, unauthorized access, disclosure, alteration or destruction. Acquia may use encryption, secure socket layer, firewall, password protection and other physical security measures to help prevent unauthorized access to your personally identifiable information including sensitive data. Acquia may also place internal restrictions on who in the company may access data to help prevent unauthorized access to your personally identifiable information. These precautions take into account the risks involved in the processing, the nature of personally identifiable information, and best practices in the industry for security and data protection.
4.9. Onward Transfers and the Data Privacy Framework
Acquia, as a global company with its roots in the United States, may transfer and access your information globally, including countries and regions of Acquia’s Affiliates and third parties processing information on our behalf, all for the purposes outlined in this Policy.
4.9.1. Data Privacy Framework
Acquia employs appropriate safeguards (as set out in the Policy and here) for cross-border data transfers between Acquia Affiliates, to a third-party service provider or an Acquia business partner and conducts these transfers in accordance with the relevant applicable laws of the territory from which the data is exported.
For the transfer of personal data from the European Economic Area (EEA), Switzerland, or the United Kingdom (UK) to the United States and other countries, we rely on our certifications under the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework (jointly referred to as the “DPF”; more information on the DPF may be found here). If these certifications should expire, become invalidated or where they do not apply, Acquia relies on the standard contractual clauses including supplementary additional measures as necessary.
Acquia complies with the DPF and the DPF Principles. If there is any conflict between the terms in this Policy and the DPF Principles, the DPF Principles shall govern and prevail.
Any DPF Principles-related complaints regarding Acquia’s handling of personal data received should be raised to Acquia by
- contacting us via this webform in our Privacy Request Center,
- emailing the Acquia Privacy Team at [email protected] or
- sending a letter to Acquia Inc., 53 State Street, Boston, MA 02109, USA to the attention of the Global Privacy Officer.
If a complaint cannot be resolved through Acquia’s internal processes, you may commence arbitration. Acquia cooperates with JAMS pursuant to JAMS’ DPF program which is available here and where you can also initiate the dispute resolution process: https://www.jamsadr.com/eu-us-data-privacy-framework. Following the dispute resolution process, the mediator or you may also refer the matter to the United States Federal Trade Commission. You may also invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other mechanisms set out in this DPF Notice or our Privacy Notice. For more information, please see Annex 1 of the DPF Principles, available here.
Acquia is accountable for personally identifiable information that we receive and subsequently transfer to third parties. If third parties that process personally identifiable information on our behalf do so in a manner that does not comply with the privacy principles laid out herein, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage.
Contact information and Customer personally identifiable information is accessible only by those Acquia employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into confidentiality agreements, and/or have been subjected to thorough criminal background checks requiring that they maintain the confidentiality of Customer personally identifiable information.
Acquia may use from time to time a limited number of third-party service providers, contractors, and other businesses to assist us in providing our solutions to our customers or in meeting internal business operation needs. These third-parties may access process or store personally identifiable information in the course of performing their duties to Acquia. Acquia maintains contracts with these providers restricting their access, use and disclosure of personally identifiable information in compliance with our obligations under the Principles.
4.11. Your rights relating to your Personal Data
Depending on the applicable local data protection laws, you have certain rights relating to your Personal Data including, but not limited to:
- Access to your data
- Erasure (“right to be forgotten”)
- Restriction of Processing
- Object, opt-out, withdrawing of your consent
- Transfer of your data
Acquia provides you with the ability to exert any such right by contact us through this web form.
4.12. Enforcement and Liability
Acquia is subject to the jurisdiction and enforcement and investigatory authority of the United States Federal Trade Commission.
Acquia also commits to periodically reviewing and verifying the accuracy of this Policy and the company’s compliance with the Principles, and remedying issues identified. All employees of Acquia that have access to personally identifiable information covered by this Policy in the U.S. are responsible for conducting themselves in accordance with this Policy. Failure of an Acquia employee to comply with this Policy may result in disciplinary action up to and including termination.
Regarding the enforcement of the DPF, please see above section “Data Privacy Framework”.
4.13. Dispute Resolution
Any questions or concerns regarding the use or disclosure of personally identifiable information should first be directed to the owner of the website in question (our customer); or if the question or concern is from our customer, then to Acquia at the address given below.
Acquia will cooperate with the United States Federal Trade Commissions and any data protection authorities of the EU Member States and/or United Kingdom (“DPAs”) in the investigation and resolution of complaints that cannot be resolved between Acquia and the complainant that are brought to a relevant DPA.
Regarding dispute resolution of the DPF, please see above section “Data Privacy Framework”.
4.14. Contact Us
Updated October 10, 2023