Personal Information we collect.
In this Policy, “Personal Information” means any information relating to an identified or identifiable natural person. We collect Personal Information about you, either directly from you (e.g. when you register an account) or indirectly through automated methods (e.g. via cookies) as listed below.
Where applicable, we indicate in this Policy if and why we need you to provide us with your Personal Information and the consequences if you choose not to provide your Personal Information. For example, you may not be able to benefit from our Services if that Personal Information is necessary to provide you with such Services or if we are legally required to collect it.
Personal Information provided by you.
Business contact information.
We may receive professional contact details of employees and other individuals associated with our customers, partners and vendors, such as first and last name, email address, phone number, title and department, and other Personal Information relevant to the particular business relationship.
When you register for our Services, we collect your first and last name, user name, profile picture, password and email address.
Communication with Collibra.
When you contact us via a contact form, via email, via our helpdesk or by any other means (e.g. to request a demo, to request technical support, to download content from our Platforms, to ask a question via our online contact form, to propose a course on Collibra University), you may provide us with your name, email address, phone number, mailing address, company, title or role and the contents and nature of your correspondence with us.
If you have a registered account, you can also send messages through, and post comments on, our Platforms. When you do so, we collect the Personal Information you choose to provide us, such as your contact details, any images you choose to upload and the contents and nature of your message.
Notifications and marketing messages.
When you sign up to receive notifications or marketing from us, you may provide us with your name, email address, company and title/role, depending on the sign-up form that you use (e.g., for product updates, community announcements, newsletters).
Personal Information we automatically collect.
We, and third parties we authorize, collect information using cookies, web beacons, and similar technologies. We may combine this automatically collected log information with other information we collect about you. Learn more about our cookie use below. This information, whether gathered through these technologies or otherwise, may include IP addresses, device information, date/time of visits, new or returning visits, products viewed, page response times, URL clickstreams, how long you stay on our pages, what you do on those pages, browser type, Internet service provider (ISP), referring/exit pages, operating system, and information about your interactions with the communications we send to you.
Personal Information we collect from other sources.
Additionally, we may receive Personal Information about you from other third parties whom you have authorized to share such information, who have obtained and may share your Personal Information for legitimate, lawful business purposes, or who collect such Information in connection with co-branded offerings. For example, when you request information or register for information or Services through Collibra business partners, we receive your Personal Information as necessary to provide you with that information or those Services (e.g. through a Collibra product reseller, or through a Collibra partner when you register to attend a Collibra event).
How we use your Personal Information.
The main purpose for which we use your Personal Information is to provide you with our Services and to improve your customer experience. Subject to our compliance with applicable privacy laws, we may use your information for the following purposes:
Providing our Services.
We use Personal Information to provide, maintain, and improve our Services.
Communicating with you.
We may use your contact details to contact you for administrative purposes (e.g. to send you confirmations, invoices, technical notices, updates and security alerts, to provide customer services and information that you request, or to respond to comments and questions), if we determine you, in a professional capacity, would benefit from our products or service. We may also use your contact details to follow up with you if you have demonstrated an interest in our products, services or business (e.g. by accessing Collibra Test Drive or downloading content).
We may use your Personal Information to personalize your experience of our Services, such as presenting tailored content.
Marketing and tailored advertising.
Analytics, benchmarking and product development.
We and our service providers use Personal Information, such as your interactions with our Services (including Personal Information collected via automated means), to perform benchmarking, to monitor and analyze usage of our Services, and to improve and enhance them.
Connecting Third Party Services.
We may use your Personal Information to facilitate the connection of third party services or applications, such as social networks.
De-identification and Aggregation.
We may de-identify and aggregate information collected through our Services and use it for any lawful purpose(s).
Fraud and Incident Detection and Prevention.
We may use your Personal Information to detect security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
We may use your Personal Information to enforce this Policy, our Terms of Service, and other internal policies; to defend our legal rights; or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
With your consent.
We may use your Personal Information for other purposes for which we provide specific notice at the time the information is collected and obtain your consent.
How we share your Personal Information.
We may disclose Personal Information to third parties if you consent to us doing so, as well as in the following circumstances:
With our vendors and service providers.
We work with third party vendors to operate our Services, including IT-hosting and maintenance, marketing, accounting, analytics providers, and other services for us (e.g. Marketo). These third parties may have access to or process your Personal Information as part of providing those services for us.
With our affiliates.
With third parties integrated into our Services.
We may share information with third parties integrated into our Services including social networks.
With advertising partners.
For legal purposes.
We may disclose your Personal Information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or otherwise in cooperation with law enforcement or other governmental agencies. We also reserve the right to disclose your Personal Information that we believe, in good faith, is appropriate or necessary to: (i) guard against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Services and any facilities or equipment used to make our Services available, or (v) protect our property or other legal rights, including to enforce our agreements, or the rights, property, or safety of others.
As part of a merger or other corporate transaction.
Information about our users, including Personal Information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
With your consent.
In certain cases, you will have consented to us using your Personal Information, for example to send marketing communications (where applicable law requires such consent), to collect information via certain cookies and similar technologies.
Aggregated and de-identified Information.
We aggregate and de-identify your Personal Information so that the information no longer relates to you individually. We may disclose aggregated and de-identified data for any purpose.
Your privacy choices.
Subject to exception arising from conflicting confidentiality obligations or compliance obligations, you have the right to elect among the following choices with respect to Collibra’s use of your personal information:
Online tracking technologies and how to opt out.
Below is an overview of the types of cookies we use:
Strictly necessary cookies.
These cookies allow core website functionality such as user login and account management. Our relevant Services cannot function properly without these cookies.
We use these cookies to remember user preferences, e.g., language, timezone, and enhanced content, which allows us to personalize your experience with our Services.
Tailored advertising cookies.
We and certain third parties, such as content providers and banner networks, use these cookies to track activity of users of our Services over time and across the web. The cookies allow companies to engage in tailored advertising, as described above.
For a current, complete list of all cookies on our website, please visit the cookie preferences section of our cookie banner, where you can manage your cookie preferences in accordance with the categories listed above.
There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:
Opting out of cookie use in our Cookie Preferences.
You can opt out of cookies via our cookie preferences center available to you on the bottom left-hand corner of our website.
Blocking cookies in your browser:
Most browsers let you remove or reject cookies, including cookies used for tailored advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
Blocking advertising ID use in your mobile settings:
Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for tailored advertising purposes.
Using privacy plug-ins or browsers:
You can block our websites from setting cookies used for tailored ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt-out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
Advertising industry opt-out tools:
You can also use these opt-out options to limit use of your information for tailored advertising by participating companies:
With each platform individually:
The advertising cookies partners below offer opt-out features that let you opt-out of use of your information for tailored advertising:
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.
How we secure your Personal Information.
We take appropriate security measures on both a technical and an organizational level designed to keep your Personal Information secure. Our technical, administrative and physical procedures are designed to protect Personal Information from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. The transmission of data via the internet is not completely secure, and we cannot guarantee the security of your information. You also share responsibility for maintaining the privacy and security of your Personal Information, for example, by not permitting any third party to access your personal Collibra account and by avoiding all other non-authorised access to your login and access code. We encourage you to immediately notify us of any unauthorized use of your personal account by sending an email to email@example.com.
How long we retain your Personal Information.
We take measures to delete your Personal Information or keep it in a form that does not permit us from personally identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of information or engagement requested by you, the Services we are providing you, the nature and length of our relationship with you, the impact on the Services we provide to you or the if we delete some information from or about you, and mandatory retention periods provided by law and the statute of limitations.
U.S. State-Specific Privacy Notice
Some U.S. states have enacted comprehensive privacy laws. The California Consumer Privacy Act, as amended by the California Privacy Rights Act or “CPRA” (collectively, the “CCPA”) and the Virginia Consumer Data Protection Act (“VCDPA”) create additional privacy obligations for businesses and provide Californians and Virginians with additional privacy rights.
Additional Privacy Rights:
In addition to the rights granted above, if you are a California or Virginia resident, you have the right to:
Opt out of the “sale” or “share” of your Personal Information.
We do not ‘sell’ or ‘share’ your personal information for monetary benefit. However, the use of some third party cookies placed on our website may be considered “selling” or “sharing” of personal data under California or Virginia law. You may opt out of such cookies as detailed in ‘Online tracking and how to opt out’ section (above).
Opt out of targeted advertising
Some third party cookies on our website are used for targeted advertising purposes. You may opt out of such cookies as detailed in ‘Online tracking and how to opt out’ section (above).
Sensitive Personal Information
While the Services are not designed to collective sensitive Personal Information, you should note that:
- Californians have the right to limit the use of their sensitive personal information.
- Virginians have the right to opt in to the use of their sensitive personal information.
If you would like to exercise your rights related to the data Collibra hosts on behalf of its Customers, then please contact that Customer directly. Collibra can not provide you with any information related to the personal information we process on behalf of our Customers.
Service Provider/Processor Designation:
Under the CCPA, Collibra operates as a Service Provider on behalf of its business customers; Under the VCDPA, Collibra operates as a Processor on behalf of its customers.
Notice to EEA and UK Residents
Under EU and UK law, we process personal data (as defined by the Global Data Protection Regulation (GDPR)) under the following legal basis.
|Collibra Processing Activity
|Placement of cookies on our website
|Collection and Processing of Personal Information to maintain and fulfill the Services
|Improving our Services
|Product Marketing or Service-Related Communications
Under EU and UK law, we are designated as a “Controller” for the collection and use of our Customers’ administrative representatives personal data to communicate, maintain their account and fulfill the Services. For all other uses of our Customers personal data, we are designated as a ‘Processor’.
How we transfer your personal data
We may transfer your personal data to countries other than the country where you are located, including to the United States or any other country in which we or our service providers maintain facilities. Where your personal data is transferred from the EEA or UK to a country that has not received an adequacy decision under applicable law, such transfers will be subject to the Standard Contractual Clauses as set out at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en#ntc12-L_2021199EN.01003701-E0012. Transfers from the UK will also be subject to the UK’ International Data Transfer Addendum (IDTA).
Additional Rights for UK or European Economic Area Residents
In addition to the rights granted above, if you are a UK or EEA resident, the GDPR and the UK GDPR grant you the additional rights, including the ability to lodge a complaint against us with your local data protection authority. You can find your data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Privacy Shield Framework.
Collibra complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission (the “Principles”) regarding the collection, use, and retention of Personal Information (as defined under the Privacy Shield Principles) transferred from the European Union and Switzerland, including the United Kingdom to the United States in reliance on Privacy Shield.
Collibra has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such Information. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
Recourse, enforcement and liability.
If you have any inquiries or complaints regarding our compliance with the Principles, we encourage you to contact us as listed in the “Contact us” section below. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal Information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: firstname.lastname@example.org.
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS Privacy Shield complaints for more information or to file a complaint. Information on how to contact JAMS is available at https://www.jamsadr.com/eu-us-privacy-shield. Under certain conditions, as further explained in the Privacy Shield Principles, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. The services of JAMS are provided at no cost to you.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Collibra is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Accountability for onward transfers of Personal Information.
If Collibra shares EU Personal Information with a third-party service provider that processes the Personal Information solely on Collibra’s behalf, then Collibra may be held liable for that third party’s processing of EU Personal Information in violation of the Principles, unless Collibra can prove that it is not responsible for the event giving rise to the damage.
Our Services may contain features or links to websites and services provided by third parties. Any information you provide on third-party websites or services is provided directly to the operators of such websites or services and is subject to those operators’ policies governing privacy and security, even if accessed via our Services. We are not responsible for the content or privacy and security practices and policies of third parties to which are linked through our Services. We encourage you to consult the third parties’ privacy and security policies to learn more about how they collect and use your Personal Information.
We do not allow use of our Services and Sites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us at email@example.com and we will take steps to delete such information, close any such accounts, and prevent the user from continuing to use our Services.
Changes to this Policy.
We may update this Policy to reflect changes in our privacy practices. If we update this Policy, we will make it available through the Services, and indicate the date of the latest revision at the top of this Policy. If we materially change how we use or share Personal Information previously collected from you through the Services, we will notify you through the Services, by email, or other communication, as appropriate.
If you have any questions about this Policy, please contact us by email at firstname.lastname@example.org or by post to:
Collibra Belgium BV
Attn: Data Protection Officer
Picardstraat 11 B 205