1. Personal Information we collect
In this Policy, “Personal Information” means any information relating to an identified or identifiable natural person. We collect Personal Information about you, either directly from you (e.g., when you register an account) or indirectly through automated methods (e.g., via cookies) as listed below.
Where applicable, we indicate in this Policy if and why we need you to provide us with your Personal Information and the consequences if you choose not to provide your Personal Information. For example, you may not be able to benefit from our Services if that Personal Information is necessary to provide you with such Services or if we are legally required to collect it.
1.1 Personal Information provided by you
- Business contact information.We may receive professional contact details of employees and other individuals associated with our customers, partners and vendors, such as first and last name, email address, phone number, title and department, and other Personal Information relevant to the particular business relationship (e.g., via the “invite colleagues” feature on Collibra Community).
- Account information.When you register for our Services, we collect your first and last name, user name, profile picture, password and email address.
- Communication with Collibra.When you contact us via a contact form, via email, via our helpdesk or by any other means (e.g., to request a demo, to request technical support, to download content from our Platforms, to ask a question via our online contact form, to propose a course on Collibra University), you may provide us with your name, email address, phone number, mailing address, company, title or role and the contents and nature of your correspondence with us.
- In-Platform communication. If you have a registered account, you can also send messages through, and post comments on, our Platforms. When you do so, we collect the Personal Information you choose to provide us, such as your contact details, any images you choose to upload and the contents and nature of your message.
- Notifications and marketing messages. When you sign up to receive notifications or marketing from us, you may provide us with your name, email address, company and title/role, depending on the sign-up form that you use (e.g., for product updates, community announcements, newsletters).
1.2 Personal Information we collect from other sources
Additionally, we may receive Information about you from other third parties whom you have authorized to share your Information or who collect your Information in connection with co-branded offerings. For example, when you register for Services through Collibra business partners, we receive your Information as necessary to provide you with those Services (e.g., through a Collibra product reseller, or when you register to attend a Collibra event through a Collibra partner, the partner will provide us with your contact Information in order to communicate practical details about the event).
2. How we use your Personal Information
The main purpose for which we use your Information is to provide you with our Services and to improve your customer experience.
We use your information for the following purposes:
- Services. We use Personal Information to provide, maintain and improve our Services and to provide and deliver our Services to you, including processing transactions.
- Communicating with you. We use your contact details to contact you for administrative purposes (e.g., to send you confirmations, invoices, technical notices, updates and security alerts, to provide customer services and information that you request or to respond to comments and questions).
- Marketing. We will send you updates about our Services, offers, promotions and events offered by Collibra, and provide you information about topics or content that we think will be of interest to you with your prior consent.
- Analytics, benchmarking and product development. We and our service providers use Personal Information, such as your interactions with our Services (including Personal Information collected via automated means), to perform benchmarking, to monitor and analyze usage of our Services, and to improve and enhance them.
- Legal. We may use your Personal Information to enforce this Policy and our Terms of Service, to defend our legal rights and to comply with our legal obligations and internal policies.
2.1. Legal basis for processing
For users located in the European Economic Area, the United Kingdom or Switzerland (“Europe”), the following legal grounds apply:
- Consent. In certain cases, you will have consented to us using your Personal Information, for example to send marketing communications, to collect information via cookies and similar technologies etc.
- Contract In other situations, we need your Personal Information to provide you with our Services, including for account registration and to respond to your inquiries.
- Legal obligation. In certain situations, we have a legal obligation to use your Personal Information, for example certain laws or regulations in certain territories may require such disclosure for compliance.
- Legitimate interest In other situations, we or a third party have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information for product development and improvement and internal analytics purposes, and otherwise to improve the safety, security and performance of our Services. We only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.
A “cookie” is a small text file that is placed onto a browser or device to record information related to the use of a device or a website. A “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity. We and third parties automatically collect the following Personal Information via cookies, web beacons and/or similar technologies (collectively “cookies”) in your browser and in emails sent to you:
- Information about your use of the Platforms.Including when and how many times you access our Platforms, pages viewed, and the page you visited before navigating to our Platforms.
- Device Information. Including the hardware model, operating system and version of the device that you use to access the Platforms, unique device identifiers and IP address.
Below is an overview of the types of cookies we use:
- Essential cookies.These cookies are necessary in order for the Platforms to operate. For example, to enable the single sign-on feature and to allow you to download from our Platforms. Without these cookies, we may not be able to provide you with certain website functionalities.
- Functional cookies. These cookies count visits to our Platforms, help us understand the usage of our Services and effectiveness of our campaigns, and determine whether an email has been opened.
4. How we share your Personal Information
We may disclose Personal Information to third parties if you consent to us doing so, as well as in the following circumstances:
- Service providers. We work with third party service providers to operate our Services, IT-hosting and maintenance, marketing, accounting and other services for us. These third parties may have access to or process your Personal Information as part of providing those services for us.
- Legal. We may disclose your Personal Information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or otherwise in cooperation with law enforcement or other governmental agencies.
We also reserve the right to disclose your Personal Information that we believe, in good faith, is appropriate or necessary to (i) guard against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Services and any facilities or equipment used to make our Services available, or (v) protect our property or other legal rights, including to enforce our agreements, or the rights, property, or safety of others.
- Merger or other corporate transactions. Information about our users, including Personal Information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- Aggregated and de-identified Information. We aggregate and de-identify your Personal Information so that the information no longer relates to you individually. We may use and disclose aggregated and de-identified data to third parties for a lawful purpose (such as to conduct research collaborations on data usage patterns with universities or to share Platform usage patterns or statistics with customers or business partners).
5. How long we retain your Personal Information
We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period.
When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
6. How we transfer your Personal Information
We transfer your Personal Information to countries other than the country where you are located, including to the United States or any other country in which we or our service providers maintain facilities. This includes transfers to:
- countries for which adequacy decisions have been issued (which means any country recognized by the European Commission as providing an adequate level of protection);
- third parties covered by contractual protections (the ‘standard contractual clauses’ of the European Commission); and
- third parties based on our or their certification to the EU-U.S. Privacy Shield.
6.1 EU-U.S. Privacy Shield Framework
- Commitment. Collibra complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission (the “Principles”) regarding the collection, use, and retention of Personal Information (as defined under the Privacy Shield Principles) transferred from Europe, including the United Kingdom to the United States in reliance on Privacy Shield.
- Collibra has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such Information. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
- Recourse, enforcement and liability. If you have any inquiries or complaints regarding our compliance with the Principles, we encourage you to contact us as listed in the “Contact us” section below. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal Information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: email@example.com.
- We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS Privacy Shield complaints for more information or to file a complaint. The services of JAMS are provided at no cost to you.
- Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Collibra is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
- Accountability for onward transfers of Personal Information. If Collibra shares EU Personal Information with a third-party service provider that processes the Personal Information solely on Collibra’s behalf, then Collibra may be held liable for that third party’s processing of EU Personal Information in violation of the Principles, unless Collibra can prove that it is not responsible for the event giving rise to the damage.
7. How we secure your Information
We take appropriate security measures on both a technical and an organisational level, designed to keep your Personal Information secure. Our technical, administrative and physical procedures are designed to protect Personal Information from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction.
At the same time, you also share responsibility for maintaining the privacy and security of your Personal Information, for example: by not allowing any third party to use your personal account on the Services and avoiding all other non-authorised access to your login and access code.
We encourage you to immediately notify us of any unauthorized use of your personal account by sending an e-mail to firstname.lastname@example.org.
8. Your rights
- Marketing opt out. You can unsubscribe from our marketing communications at any time by following the instructions contained within such communications, but you may still receive administrative messages from us regarding our Services.
- European Privacy Rights. If you are located in Europe, you have the right to ask for an overview of the Personal Information we process about you, and for a copy of your Personal Information. In addition, you may request us to update and correct inaccuracies, delete your Personal Information, restrict processing of your Personal Information or exercise your right to data portability to easily transfer your Personal Information to another company. In some cases, you may object to the processing of your Personal Information and where we have asked you for your consent to process your Personal Information, you can withdraw it at any time. The withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal. The above rights may be limited under applicable law. You have the right to lodge a complaint with the supervisory authority of your residence, place of work or where the incident took place.
9. Third-Party Sites
Our Services may contain features or links to websites and services provided by third parties. Any information you provide on third-party websites or services is provided directly to the operators of such websites or services and is subject to those operators’ policies governing privacy and security, even if accessed via our Services. We are not responsible for the content or privacy and security practices and policies of third parties to which are linked through our Services. We encourage you to consult the third parties’ privacy and security policies to learn more about how they collect and use your Personal Information.
10. Changes to this Policy
We may update this Policy to reflect changes in our privacy practices. If we update this Policy, we will make it available through the Services, and indicate the date of the latest revision at the top of this Policy. If we materially change how we use or share Personal Information previously collected from you through the Services, we will notify you through the Services, by email, or other communication, as appropriate.
11. Contact Us
If you have any questions about this Policy, please contact us by email at email@example.com or by post to:
Attn: Chief Privacy Officer
1120 Brussels – BELGIUM