Acquia complies with the relevant regulation applying to personal data, including but not limited the General Data Protection Regulation issued by the European Union.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Acquia complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the United States Department of Commerce regarding the collection, use, and retention of personally identifiable information transferred from the European Union, the United Kingdom and Switzerland to the United States. Consistent with our commitment to protect personally identifiable information about individuals in the European Union, Acquia has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, and Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (the “Privacy Shield Principles” or the “Principles”). Acquia’s EU-U.S. and Swiss-U.S. Privacy Shield Certification also extends to personally identifiable information that we receive directly through the Sites. More information on the EU-U.S. and Swiss-U.S. Privacy Shield and Acquia’s scope of participation in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks are available at http://www.privacyshield.gov/welcome.
Data Integrity and Purpose Limitation
Acquia is a provider of cloud platform related services, including Platform as a Service (“PaaS”) and Software as a Service (“SaaS”) products, technical support services and professional consulting services for Drupal websites which processes personally identifiable information upon the instruction of its customers in accordance with the terms of the applicable agreement between Acquia and customer.
Information Collection and Use
You can generally visit our Site without revealing any personally identifiable information about yourself. However, in certain sections of this Site, we may invite you to participate in surveys, questionnaires or contests, contact us with questions or comments or request information, participate in chat or message boards, or complete a profile or registration form. Furthermore, we require you to complete a registration form to access certain restricted areas of the Site, to use certain services and when you download any software. Due to the nature of some of these activities, we may collect personally identifiable information such as your name, e-mail address, address, phone number, password, screen name, credit card information and other contact information that you voluntarily transmit with your on-line and in-person communications to us and personally identifiable information that you elect to include in your chart and message board postings.
If you use a forum on this Site, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these forums. We receive permission to post testimonials that include personally identifiable information prior to posting.
If you purchase a product or service from us, we request certain personally identifiable information from you on our order form. You must provide contact information (such as name, email, and shipping address) and financial information (such as credit card number, expiration date).
We use this information for billing purposes and to fill your orders. If we have trouble processing an order, we will use this information to contact you.
In addition, we may collect information about the performance, security, software configuration and availability of customer web sites in an automated fashion as part of the Acquia subscription services.
We use your personally identifiable information to register you to use our services or download or access software or other content, contact you to deliver certain goods, services or information that you have requested, provide you with notices regarding goods or services you have purchased, provide you with notices regarding goods or services that you may want to purchase in the future, verify your authority to enter our Site and improve the content and general administration of the Site and our services.
Certain modules within the Drupal software connect your installation of Drupal to our subscription services, these modules will report to us, and we will collect, your IP address, operating system type and version, web server type and version, php version, database type and version, version of the services, modifications to your Drupal code, information regarding the availability of your website (e.g. if your website is live or down), website user statistics such as the number of nodes, number of users and number of comments. The foregoing information will be linked to your personally identifiable information and user accounts and we may use the foregoing information to better provide technical support to you and our customers and to improve our services.
If you install and use the Acquia Search module and connect your Drupal site to the subscription services, in addition to the information we may collect, analyze and store when you use our services as stated above, the Acquia Search module may collect, analyze and store the content of your site in an index. This index will be stored and updated on our servers to enable Acquia Search to work with your site. A copy of this index may be retained for up to 14 days as a backup in the event there is a problem with the index. Additionally, information about the size of your index, the search queries performed on your index, performance of Acquia Search for your queries, and other operational information is stored indefinitely in order to enable Acquia to monitor performance over time, manage the Search Service, and to provide you with information about the Search activity on your site.
If you choose to contact us by e-mail, we will not disclose your contact information contained in the e-mail, but we may use your contact information to send you a response to your message. Notwithstanding the foregoing, we may publicly disclose the content and/or subject matter of your message, therefore, you should not send us any ideas, suggestions or content that you consider proprietary or confidential. All e-mail content (except your contact information) will be treated on a non-proprietary and non-confidential basis and may be used by us for any purpose.
Details of data processing
Acquia processes your personal data as a customer and other customer’s personal data (in the following just “customer”) in order to provide the contractually agreed Services.
Subject matter: The subject matter of the data processing is the performance of the Services agreed between Acquia and customer by Acquia involving personal data provided by customer.
Duration: As between customer and Acquia, the duration of the data processing is determined by customer and its contractual commitments with regard to the use of Acquia’s Services.
Purpose: The purpose of the data processing by Acquia is the provision of the Services initiated by the customer from time to time.
Nature of the processing: Cloud computing as platform and software as a service and such other Services as described in the Documentation and initiated by the customer from time to time.
Type of personal data:
The type and extent of personal data that is subjected to Acquia’s data processing is determined and controlled by our customer as data controller in its sole discretion - this may include, but is not limited to the following:
- First and last name
- Title, work department, and manager/supervisor name
- Position and employment history
- Contact information (company, personal and work email, phone, home address, physical business address, emergency contact details)
- Biographical and directory information, including linked social media profile or posts
- Company user names or IDs and login credentials
- Identifiers related to work or personal devices used to access data exporter’s IT systems
- Log information generated through the use of data exporter’s IT systems
- Actions performed by the employee while accessing or using the Services
- Full time or part time status
- Business travel arrangements
- Training undertaken and training needs
- Localization data
Categories of data subjects: Customer’s representatives and end-users including employees, contractors, collaborators and advisors of our customer (who are natural persons).
Communications from the Site
Special Offers and Updates
We will occasionally send you information on products, services, special deals, promotions. Out of respect for your privacy, we present the option not to receive these types of communications. Please see “Choice and Opt-out.”
If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, we provide you a way to unsubscribe. Please see the “Choice and Opt-out” section.
We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.
Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.
Based upon the personally identifiable information you provide us, we will send you a welcoming email to verify your username and password. We will also communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We will communicate with you by email or telephone, in accordance with your wishes.
We provide you the opportunity to ‘opt-out’ of having your personally identifiable information used for certain purposes, when we ask for this information.
You will be notified prior to when your personally identifiable information is collected by any third party that is not our agent/service provider, so you can make an informed choice as to whether or not to share your information with that party.
Please note that if you opt out of receiving our promotional or marketing emails, you may still receive certain service-related communications from us, such as administrative and services announcements and messages about your account. Occasionally these materials are sent from a different email domain: [email protected]
We provide you with a means for submitting your resume or other personally identifiable information through the Site for consideration for employment opportunities at Acquia. Personally identifiable information received through resume submissions will be kept confidential. We may contact you for additional information to supplement your resume, and we may use your personally identifiable information within Acquia, or keep it on file for future use, as we make our hiring decisions.
Acquia recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. This Site is not intended for children under the age of 13. Acquia does not target its services or this Site to children under 13. Acquia does not knowingly collect personally identifiable information from children under the age of 13.
Cookies and GIFs
We use small text files called cookies to improve overall Site experience. A cookie is a piece of data stored on the user’s hard drive containing information about the user. Cookies generally do not permit us to personally identify you (except as provided below). We may also use clear GIFs (a.k.a. “Web beacons”) in HTML-based emails sent to our users to track which emails are opened by recipients.
The Site may track information that will be maintained, used and disclosed in aggregate form only and which will not contain your personally identifiable information, for example, without limitation, the total number of visitors to our Site, the number of visitors to each page of our Site, browser type, External Web Sites (defined below) linked to and IP addresses. We may analyze this data for trends and statistics in the aggregate, and we may use such aggregate information to administer the Site, track users’ movement, and gather broad demographic information for aggregate use.
We employ procedural and technological measures that are reasonably designed to help protect your personally identifiable information including sensitive data from loss, unauthorized access, disclosure, alteration or destruction. Acquia may use encryption, secure socket layer, firewall, password protection and other physical security measures to help prevent unauthorized access to your personally identifiable information including sensitive data. Acquia may also place internal restrictions on who in the company may access data to help prevent unauthorized access to your personally identifiable information. These precautions take into account the risks involved in the processing, the nature of personally identifiable information, and best practices in the industry for security and data protection.
Please find additional information about Acquia’s security measures on our website https://www.acquia.com/solutions/security and for our Services specifically in our Acquia Security Annex available at https://www.acquia.com/sites/acquia.com/files/documents/2018-04/Acquia-Security-Annex.pdf
Accountability for Onward Transfer
Acquia is accountable for personally identifiable information that we receive and subsequently transfer to third parties. If third parties that process personally identifiable information on our behalf do so in a manner that does not comply with the Privacy Shield Principles, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage.
Contact information and Customer personally identifiable information is accessible only by those Acquia employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into confidentiality agreements, and/or have been subjected to thorough criminal background checks requiring that they maintain the confidentiality of Customer personally identifiable information.
Acquia may use from time to time a limited number of third-party service providers, contractors, and other businesses to assist us in providing our solutions to our customers or in meeting internal business operation needs. These third-parties may access process or store personally identifiable information in the course of performing their duties to Acquia. Acquia maintains contracts with these providers restricting their access, use and disclosure of personally identifiable information in compliance with our obligations under the Principles.
Updating and Deleting Personally Identifiable Information
Acquia provides you with the ability to review and update the contact information that you provide to us and account information retained by Acquia related to your previous purchase, download or payment activities. If you wish to review and/or update any of the foregoing information, you may access your account and review and update your personally identifiable information or you may contact us at the e-mail, phone or mailing address listed below.
Acquia will also delete the personally identifiable information that you have provided to us: (a) upon your request, or (b) upon termination of your Acquia account; provided, however, Acquia will retain a copy in its files of all personally identifiable information, if required for legal reasons.
If you wish to review, correct or request the deletion of any information you have provided to us, contact us: By mail: 53 State Street, Boston, MA 02109, USA.
We will respond to your request for access within 30 days.
If you are an EU or Swiss Person about whom we hold personally identifiable information on a customer’s behalf, you may request access to, and the opportunity to update, correct or delete, such personally identifiable information. To submit such requests or raise any other questions, please contact the business that provided your personally identifiable information. You can also contact our Privacy Shield Contact who will then contact that business. We reserve the right to take appropriate steps to authenticate an applicant’s identity, to charge an adequate fee before providing access and to deny requests, except as required by the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
Enforcement and Liability
Acquia is subject to the jurisdiction and enforcement and investigatory authority of the United States Federal Trade Commission.
Acquia also commits to periodically reviewing and verifying the accuracy of this Policy and the company’s compliance with the Principles, and remedying issues identified. All employees of Acquia that have access to personally identifiable information covered by this Policy in the U.S. are responsible for conducting themselves in accordance with this Policy. Failure of an Acquia employee to comply with this Policy may result in disciplinary action up to and including termination.
Acquia assures compliance with this EU-U.S. and Swiss-U.S. Privacy Shield Policy and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks by utilizing the self-assessment approach as specified by the U.S. Department of Commerce. The assessment is conducted on an annual basis to ensure that all of Acquia’s relevant privacy practices are being followed in conformance with this EU-U.S. and Swiss-U.S. Privacy Shield Policy and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Any employee that Acquia determines is in violation of these policies will be subject to discipline, up to and including termination of employment and/or criminal prosecution.
Any questions or concerns regarding the use or disclosure of personally identifiable information should first be directed to the owner of the website in question (our customer); or if the question or concern is from our customer, then to Acquia at the address given below.
Acquia will respond to any inquiries or complaints within forty-five (45) days. In the event that Acquia fails to respond or its response is insufficient or does not address the concern, Acquia has registered with JAMS to provide independent third party dispute resolution at no cost to the complaining party. To contact JAMS and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please visit: https://www.jamsadr.com/eu-us-privacy-shield.
If your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Acquia will cooperate with the United States Federal Trade Commissions and any data protection authorities of the EU Member States (“DPAs”) in the investigation and resolution of complaints that cannot be resolved between Acquia and the complainant that are brought to a relevant DPA.
Or e-mail to [email protected]
Updated May 24th, 2018