This Privacy Policy (“Policy”) describes how Collibra Belgium BV and its affiliates (“Collibra”, “we”, “us” or “our”) collect, use, protect and share your Personal Information on our website and online platforms (e.g., collibra.com, Collibra Data Citizens Community, Collibra University and Collibra Marketplace) (the “Platforms”) or when you otherwise interact with us (collectively, the “Services”).

Our Services are designed for businesses and are not intended for personal or household use. Accordingly, we treat all personal information covered by this Policy, including information about any visitors to our website, as pertaining to individuals acting as business representatives, rather than in their personal capacity.

This Policy does not apply to the Personal Information processed, maintained, or otherwise managed by Collibra solely for the benefit of, on behalf of, or under the exclusive direction or control of its customers in Collibra’s capacity as a service provider. To learn more about the processing of your Personal Information in that context, please consult the relevant customer’s privacy policy as well as
Collibra’s Data Processing Addendum.

In addition, this Policy does not apply to the Personal Information processed, maintained, or otherwise managed by Colibra in the context of applicants for employment with Collibra. To review our
Applicant Privacy Statement, click here.

  • Personal Information we collect.

    In this Policy, “Personal Information” means any information relating to an identified or identifiable natural person. We collect Personal Information about you, either directly from you (e.g. when you register an account) or indirectly through automated methods (e.g. via cookies) as listed below.

    Where applicable, we indicate in this Policy if and why we need you to provide us with your Personal Information and the consequences if you choose not to provide your Personal Information. For example, you may not be able to benefit from our Services if that Personal Information is necessary to provide you with such Services or if we are legally required to collect it.

    • Personal Information provided by you.

      • Business contact information.

        We may receive professional contact details of employees and other individuals associated with our customers, partners and vendors, such as first and last name, email address, phone number, title and department, and other Personal Information relevant to the particular business relationship.

      • Account information.

        When you register for our Services, we collect your first and last name, user name, profile picture, password and email address.

      • Communication with Collibra.

        When you contact us via a contact form, via email, via our helpdesk or by any other means (e.g. to request a demo, to request technical support, to download content from our Platforms, to ask a question via our online contact form, to propose a course on Collibra University), you may provide us with your name, email address, phone number, mailing address, company, title or role and the contents and nature of your correspondence with us.

      • In-Platform communication.

        If you have a registered account, you can also send messages through, and post comments on, our Platforms. When you do so, we collect the Personal Information you choose to provide us, such as your contact details, any images you choose to upload and the contents and nature of your message.

      • Notifications and marketing messages.

        When you sign up to receive notifications or marketing from us, you may provide us with your name, email address, company and title/role, depending on the sign-up form that you use (e.g., for product updates, community announcements, newsletters).

    • Personal Information we automatically collect.

      We, and third parties we authorize, collect information using cookies, web beacons, and similar technologies. We may combine this automatically collected log information with other information we collect about you. Learn more about our cookie use below. This information, whether gathered through these technologies or otherwise, may include IP addresses, device information, date/time of visits, new or returning visits, products viewed, page response times, URL clickstreams, how long you stay on our pages, what you do on those pages, browser type, Internet service provider (ISP), referring/exit pages, operating system, and information about your interactions with the communications we send to you.

    • Personal Information we collect from other sources.

      Additionally, we may receive Personal Information about you from other third parties whom you have authorized to share such information, who have obtained and may share your Personal Information for legitimate, lawful business purposes, or who collect such Information in connection with co-branded offerings. For example, when you request information or register for information or Services through Collibra business partners, we receive your Personal Information as necessary to provide you with that information or those Services (e.g. through a Collibra product reseller, or through a Collibra partner when you register to attend a Collibra event).

    • Investors.

      We may collect, use, and share Personal Information from and about investors as described throughout this Privacy Policy, as well as in connection with an investment-related transaction with investors or others, which may include the disclosure of Personal Information about investors to third parties to facilitate the implementation, administration and management of such transaction.

  • How we use your Personal Information.

    The main purpose for which we use your Personal Information is to provide you with our Services and to improve your customer experience. Subject to our compliance with applicable privacy laws, we may use your information for the following purposes:

    • Providing our Services.

      We use Personal Information to provide, maintain, and improve our Services.

    • Communicating with you.

      We may use your contact details to contact you for administrative purposes (e.g. to send you confirmations, invoices, technical notices, updates and security alerts, to provide customer services and information that you request, or to respond to comments and questions), if we determine you, in a professional capacity, would benefit from our products or service. We may also use your contact details to follow up with you if you have demonstrated an interest in our products, services or business (e.g. by accessing Collibra Test Drive or downloading content).

    • Personalization.

      We may use your Personal Information to personalize your experience of our Services, such as presenting tailored content.

    • Marketing and tailored advertising.

      We may send you updates about our Services as well as offers, promotions and events offered by Collibra. We may also provide you with information about topics or content that we think will be of interest to you. In each of the aforementioned cases, we will do so with your prior consent. Additionally, we and our advertising partners may use cookies and similar technologies to serve tailored online ads. Please view a description of how we use cookies below for more information. We also audit the effectiveness of our marketing and advertising efforts by counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

    • Analytics, benchmarking and product development.

      We and our service providers use Personal Information, such as your interactions with our Services (including Personal Information collected via automated means), to perform benchmarking, to monitor and analyze usage of our Services, and to improve and enhance them.

    • Connecting Third Party Services.

      We may use your Personal Information to facilitate the connection of third party services or applications, such as social networks.

    • De-identification and Aggregation.

      We may de-identify and aggregate information collected through our Services and use it for any lawful purpose(s).

    • Fraud and Incident Detection and Prevention.

      We may use your Personal Information to detect security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

    • Legal.

      We may use your Personal Information to enforce this Policy, our Terms of Service, and other internal policies; to defend our legal rights; or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

    • With your consent.

      We may use your Personal Information for other purposes for which we provide specific notice at the time the information is collected and obtain your consent.

  • How we share your Personal Information.

    We may disclose Personal Information to third parties if you consent to us doing so, as well as in the following circumstances:

    • With our vendors and service providers.

      We work with third party vendors to operate our Services, including IT-hosting and maintenance, marketing, accounting, analytics providers, and other services for us (e.g. Marketo). These third parties may have access to or process your Personal Information as part of providing those services for us.

    • With our affiliates.

    • With third parties integrated into our Services.

      We may share information with third parties integrated into our Services including social networks.

    • With advertising partners.

      Third-party advertising companies may process your Personal Information for the tailored advertising purposes described in this Privacy Policy.

    • For legal purposes.

      We may disclose your Personal Information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or otherwise in cooperation with law enforcement or other governmental agencies. We also reserve the right to disclose your Personal Information that we believe, in good faith, is appropriate or necessary to: (i) guard against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Services and any facilities or equipment used to make our Services available, or (v) protect our property or other legal rights, including to enforce our agreements, or the rights, property, or safety of others.

    • As part of a merger or other corporate transaction.

      Information about our users, including Personal Information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.

    • With your consent.

      In certain cases, you will have consented to us using your Personal Information, for example to send marketing communications (where applicable law requires such consent), to collect information via certain cookies and similar technologies.

    • Aggregated and de-identified Information.

      We aggregate and de-identify your Personal Information so that the information no longer relates to you individually. We may disclose aggregated and de-identified data for any purpose.

  • Your privacy choices.

    Subject to exception arising from conflicting confidentiality obligations or compliance obligations, you have the right to elect among the following choices with respect to Collibra’s use of your personal information:

    • Access the personal information we maintain about you.
    • Delete the personal information we maintain about you.
    • Correct inaccurate personal information we maintain about you.
    • Opt out of certain uses of your personal information.
      • Email marketing: You can unsubscribe from our marketing communications at any time by following the instructions contained within such communications, or contacting us at the email address below. However, please note that if you are a registered user of our Services, you may still receive administrative messages from us regarding our Services.
      • Tailored advertising: You can limit the use of cookies and other tracking technologies using the cookie preference tool within our cookie banner found at the bottom left-hand side of our website or via the instructions found in the ‘Online tracking and how to opt out’ section below.

      You can exercise these rights by contacting us at privacy@collibra.com.

  • Online tracking technologies and how to opt out.

    Like many companies online, we may use cookies, web beacons, and other similar technology to collect directly from your device information about your browsing activities, your interactions with websites and the device you are using to connect to the internet and to serve you personalized ads.

    Below is an overview of the types of cookies we use:

    • Strictly necessary cookies.

      These cookies allow core website functionality such as user login and account management. Our relevant Services cannot function properly without these cookies.

    • Performance cookies.

      These cookies, also known as “analytics cookies,” track how visitors interact with our Services and allow us to improve our Services. We may use our own analytics cookies or use cookies offered by our third-party service providers, such as Google Analytics, that collect and process Personal Information on our behalf. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/.

    • Functional cookies.

      We use these cookies to remember user preferences, e.g., language, timezone, and enhanced content, which allows us to personalize your experience with our Services.

    • Tailored advertising cookies.

      We and certain third parties, such as content providers and banner networks, use these cookies to track activity of users of our Services over time and across the web. The cookies allow companies to engage in tailored advertising, as described above.

    For a current, complete list of all cookies on our website, please visit the cookie preferences section of our cookie banner, where you can manage your cookie preferences in accordance with the categories listed above.

    There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:

    • Opting out of cookie use in our Cookie Preferences.

      You can opt out of cookies via our cookie preferences center available to you on the bottom left-hand corner of our website.

    • Blocking cookies in your browser:

      Most browsers let you remove or reject cookies, including cookies used for tailored advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.

    • Blocking advertising ID use in your mobile settings:

      Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for tailored advertising purposes.

    • Using privacy plug-ins or browsers:

      You can block our websites from setting cookies used for tailored ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt-out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.

    • Advertising industry opt-out tools:

      You can also use these opt-out options to limit use of your information for tailored advertising by participating companies:

    • With each platform individually:

      The advertising cookies partners below offer opt-out features that let you opt-out of use of your information for tailored advertising:

      Functional Cookies
      Cloudflare Cloudflare Privacy Policy
      Analytics Cookies
      Google Analytics Google Analytics Opt Out
      Advertising Cookies
      Google Google Advertising Opt Out
      Microsoft/Bing Microsoft Personalized Ads Opt Out
      LinkedIn LinkedIn Advertising Preferences
      Demandbase Demandbase Opt Out
      Liveramp LiveRamp Opt Out Preferences
      ShareThis ShareThis Opt Out
      Bizible/Marketo ShareThis Opt Out
      Beeswax Beeswax Privacy Policy

      Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.

  • How we secure your Personal Information.

    We take appropriate security measures on both a technical and an organizational level designed to keep your Personal Information secure. Our technical, administrative and physical procedures are designed to protect Personal Information from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. The transmission of data via the internet is not completely secure, and we cannot guarantee the security of your information. You also share responsibility for maintaining the privacy and security of your Personal Information, for example, by not permitting any third party to access your personal Collibra account and by avoiding all other non-authorised access to your login and access code. We encourage you to immediately notify us of any unauthorized use of your personal account by sending an email to privacy@collibra.com.

  • How long we retain your Personal Information.

    We take measures to delete your Personal Information or keep it in a form that does not permit us from personally identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of information or engagement requested by you, the Services we are providing you, the nature and length of our relationship with you, the impact on the Services we provide to you or the if we delete some information from or about you, and mandatory retention periods provided by law and the statute of limitations.

  • U.S. State-Specific Privacy Notice

    Some U.S. states have enacted comprehensive privacy laws. The California Consumer Privacy Act, as amended by the California Privacy Rights Act or “CPRA” (collectively, the “CCPA”) and the Virginia Consumer Data Protection Act (“VCDPA”) create additional privacy obligations for businesses and provide Californians and Virginians with additional privacy rights.

    Additional Privacy Rights:

    In addition to the rights granted above, if you are a California or Virginia resident, you have the right to:

    • Opt out of the “sale” or “share” of your Personal Information.

      We do not ‘sell’ or ‘share’ your personal information for monetary benefit. However, the use of some third party cookies placed on our website may be considered “selling” or “sharing” of personal data under California or Virginia law. You may opt out of such cookies as detailed in ‘Online tracking and how to opt out’ section (above).

    • Opt out of targeted advertising

      Some third party cookies on our website are used for targeted advertising purposes. You may opt out of such cookies as detailed in ‘Online tracking and how to opt out’ section (above).

    • Sensitive Personal Information

      While the Services are not designed to collective sensitive Personal Information, you should note that:

      • Californians have the right to limit the use of their sensitive personal information.
      • Virginians have the right to opt in to the use of their sensitive personal information.

    If you would like to exercise your rights related to the data Collibra hosts on behalf of its Customers, then please contact that Customer directly. Collibra can not provide you with any information related to the personal information we process on behalf of our Customers.
    Service Provider/Processor Designation:
    Under the CCPA, Collibra operates as a Service Provider on behalf of its business customers; Under the VCDPA, Collibra operates as a Processor on behalf of its customers.

  • Notice to EEA and UK Residents

    Legal Basis:
    Under EU and UK law, we process personal data (as defined by the Global Data Protection Regulation (GDPR)) under the following legal basis.

    Collibra Processing Activity Legal Basis
    Placement of cookies on our website Consent
    Collection and Processing of Personal Information to maintain and fulfill the Services Contract Fulfillment
    Improving our Services Legitimate Interest
    Product Marketing or Service-Related Communications Legitimate Interest

    Controller/Processor Designation:
    Under EU and UK law, we are designated as a “Controller” for the collection and use of our Customers’ administrative representatives personal data to communicate, maintain their account and fulfill the Services. For all other uses of our Customers personal data, we are designated as a ‘Processor’.

    How we transfer your personal data
    We may transfer your personal data to countries other than the country where you are located, including to the United States or any other country in which we or our service providers maintain facilities. Where your personal data is transferred from the EEA or UK to a country that has not received an adequacy decision under applicable law, such transfers will be subject to the Standard Contractual Clauses as set out at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en#ntc12-L_2021199EN.01003701-E0012. Transfers from the UK will also be subject to the UK’ International Data Transfer Addendum (IDTA).

    Additional Rights for UK or European Economic Area Residents
    In addition to the rights granted above, if you are a UK or EEA resident, the GDPR and the UK GDPR grant you the additional rights, including the ability to lodge a complaint against us with your local data protection authority. You can find your data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

  • Privacy Shield Framework.

    • Commitment

      Collibra complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission (the “Principles”) regarding the collection, use, and retention of Personal Information (as defined under the Privacy Shield Principles) transferred from the European Union and Switzerland, including the United Kingdom to the United States in reliance on Privacy Shield.

      Collibra has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such Information. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

    • Recourse, enforcement and liability.

      If you have any inquiries or complaints regarding our compliance with the Principles, we encourage you to contact us as listed in the “Contact us” section below. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal Information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: legal@collibra.com.

      We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS Privacy Shield complaints for more information or to file a complaint. Information on how to contact JAMS is available at https://www.jamsadr.com/eu-us-privacy-shield. Under certain conditions, as further explained in the Privacy Shield Principles, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. The services of JAMS are provided at no cost to you.

      Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Collibra is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

    • Accountability for onward transfers of Personal Information.

      If Collibra shares EU Personal Information with a third-party service provider that processes the Personal Information solely on Collibra’s behalf, then Collibra may be held liable for that third party’s processing of EU Personal Information in violation of the Principles, unless Collibra can prove that it is not responsible for the event giving rise to the damage.

  • Third-party sites

    Our Services may contain features or links to websites and services provided by third parties. Any information you provide on third-party websites or services is provided directly to the operators of such websites or services and is subject to those operators’ policies governing privacy and security, even if accessed via our Services. We are not responsible for the content or privacy and security practices and policies of third parties to which are linked through our Services. We encourage you to consult the third parties’ privacy and security policies to learn more about how they collect and use your Personal Information.

  • Children’s Privacy

    We do not allow use of our Services and Sites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us at privacy@collibra.com and we will take steps to delete such information, close any such accounts, and prevent the user from continuing to use our Services.

  • Changes to this Policy.

    We may update this Policy to reflect changes in our privacy practices. If we update this Policy, we will make it available through the Services, and indicate the date of the latest revision at the top of this Policy. If we materially change how we use or share Personal Information previously collected from you through the Services, we will notify you through the Services, by email, or other communication, as appropriate.

  • Contact Us.

    If you have any questions about this Policy, please contact us by email at privacy@collibra.com or by post to:

    Collibra Belgium BV
    Attn: Data Protection Officer
    Picardstraat 11 B 205
    1000 Brussels
    Belgium