Personal Information we collect.
In this Policy, “Personal Information” means any information relating to an identified or identifiable natural person. We collect Personal Information about you, either directly from you (e.g., when you register an account) or indirectly through automated methods (e.g., via cookies) as listed below.
Where applicable, we indicate in this Policy if and why we need you to provide us with your Personal Information and the consequences if you choose not to provide your Personal Information. For example, you may not be able to benefit from our Services if that Personal Information is necessary to provide you with such Services or if we are legally required to collect it.
Personal Information provided by you.
Business contact information.
We may receive professional contact details of employees and other individuals associated with our customers, partners and vendors, such as first and last name, email address, phone number, title and department, and other Personal Information relevant to the particular business relationship (e.g., via the “invite colleagues” feature on Collibra Community).
When you register for our Services, we collect your first and last name, user name, profile picture, password and email address.
Communication with Collibra.
When you contact us via a contact form, via email, via our helpdesk or by any other means (e.g., to request a demo, to request technical support, to download content from our Platforms, to ask a question via our online contact form, to propose a course on Collibra University), you may provide us with your name, email address, phone number, mailing address, company, title or role and the contents and nature of your correspondence with us.
If you have a registered account, you can also send messages through, and post comments on, our Platforms. When you do so, we collect the Personal Information you choose to provide us, such as your contact details, any images you choose to upload and the contents and nature of your message.
Notifications and marketing messages.
When you sign up to receive notifications or marketing from us, you may provide us with your name, email address, company and title/role, depending on the sign-up form that you use (e.g., for product updates, community announcements, newsletters).
Personal Information we collect from other sources.
Additionally, we may receive Information about you from other third parties whom you have authorized to share your Information or who collect your Information in connection with co-branded offerings. For example, when you register for Services through Collibra business partners, we receive your Information as necessary to provide you with those Services (e.g., through a Collibra product reseller, or when you register to attend a Collibra event through a Collibra partner, the partner will provide us with your contact Information in order to communicate practical details about the event).
How we use your Personal Information.
The main purpose for which we use your Information is to provide you with our Services and to improve your customer experience.
We use your information for the following purposes:
We use Personal Information to provide, maintain and improve our Services and to provide and deliver our Services to you, including processing transactions.
Communicating with you.
We use your contact details to contact you for administrative purposes (e.g., to send you confirmations, invoices, technical notices, updates and security alerts, to provide customer services and information that you request or to respond to comments and questions) or to follow up with you if you have indicated an interest in our products, services or business (e.g. by accessing Collibra Test Drive or downloading content).
Marketing and interest-based advertising.
Analytics, benchmarking and product development.
We and our service providers use Personal Information, such as your interactions with our Services (including Personal Information collected via automated means), to perform benchmarking, to monitor and analyze usage of our Services, and to improve and enhance them.
We may use your Personal Information to enforce this Policy and our Terms of Service, to defend our legal rights and to comply with our legal obligations and internal policies.
For users located in the European Economic Area, the United Kingdom or Switzerland (“Europe”), the following legal grounds apply:
In certain cases, you will have consented to us using your Personal Information, for example to send marketing communications (where applicable law requires such consent), to collect information via certain cookies and similar technologies.
In other situations, we need your Personal Information to provide you with our Services, including for account registration and to respond to your inquiries.
In certain situations, we have a legal obligation to use your Personal Information, for example certain laws or regulations in certain territories may require us to disclose Personal Information for compliance.
In other situations, we or a third party have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in processing your Personal Information (a) to reach out to you on an individual basis if you have expressed an interest in our products, services or other content we offer via the Services, (b) for product development and improvement and internal analytics purposes, and (c) otherwise to improve the safety, security and performance of our Services. We only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your fundamental rights and freedoms.
A “cookie” is a small text file that is placed onto a browser or device to record information related to the use of a device or a website. A “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity. We and third parties automatically collect the following Personal Information via cookies, web beacons and/or similar technologies (collectively “cookies”) in your browser and in emails sent to you:
Information about your use of the Platforms.
Including when and how many times you access our Platforms, pages viewed, and the page you visited before navigating to our Platforms.
Including the hardware model, operating system and version of the device that you use to access the Platforms, unique device identifiers and IP address.
Below is an overview of the types of cookies we use:
Strictly necessary cookies.
These cookies allow core website functionality such as user login and account management. Our relevant Services cannot function properly without these cookies.
We use these cookies to remember user preferences, e.g., language, timezone, and enhanced content, which allows us to personalize your experience with our Services.
We and certain third parties, such as content providers and banner networks, use these cookies to track activity of users of our Services over time and across the web. The cookies allow companies to engage in interest-based advertising, as described above.
How we share your Personal Information.
We may disclose Personal Information to third parties if you consent to us doing so, as well as in the following circumstances:
We work with third party service providers to operate our Services, IT-hosting and maintenance, marketing, accounting and other services for us (e.g. Marketo). These third parties may have access to or process your Personal Information as part of providing those services for us.
We may disclose your Personal Information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or otherwise in cooperation with law enforcement or other governmental agencies.
We also reserve the right to disclose your Personal Information that we believe, in good faith, is appropriate or necessary to (i) guard against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Services and any facilities or equipment used to make our Services available, or (v) protect our property or other legal rights, including to enforce our agreements, or the rights, property, or safety of others.
Merger or other corporate transactions.
Information about our users, including Personal Information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
Aggregated and de-identified Information.
We aggregate and de-identify your Personal Information so that the information no longer relates to you individually. We may use and disclose aggregated and de-identified data to third parties for a lawful purpose (such as to conduct research collaborations on data usage patterns with universities or to share Platform usage patterns or statistics with customers or business partners).
How long we retain your Personal Information.
We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period.
When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
How we transfer your Personal Information.
We transfer your Personal Information to countries other than the country where you are located, including to the United States or any other country in which we or our service providers maintain facilities. This includes transfers to:
- countries for which adequacy decisions have been issued (which means any country recognized by the European Commission as providing an adequate level of protection);
- third parties covered by contractual protections (the ‘standard contractual clauses’ of the European Commission); and
- as otherwise permitted by applicable legal requirements.
Privacy Shield Framework.
Collibra complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission (the “Principles”) regarding the collection, use, and retention of Personal Information (as defined under the Privacy Shield Principles) transferred from the European Union and Switzerland, including the United Kingdom to the United States in reliance on Privacy Shield.
Collibra has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such Information. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Recourse, enforcement and liability.
If you have any inquiries or complaints regarding our compliance with the Principles, we encourage you to contact us as listed in the “Contact us” section below. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal Information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: email@example.com.
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS Privacy Shield complaints for more information or to file a complaint. Information on how to contact JAMS is available at https://www.jamsadr.com/eu-us-privacy-shield. Under certain conditions, as further explained in the Privacy Shield Principles, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. The services of JAMS are provided at no cost to you.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Collibra is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Accountability for onward transfers of Personal Information.
If Collibra shares EU Personal Information with a third-party service provider that processes the Personal Information solely on Collibra’s behalf, then Collibra may be held liable for that third party’s processing of EU Personal Information in violation of the Principles, unless Collibra can prove that it is not responsible for the event giving rise to the damage.
How we secure your Information.
We take appropriate security measures on both a technical and an organisational level, designed to keep your Personal Information secure. Our technical, administrative and physical procedures are designed to protect Personal Information from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. The transmission of data via the internet is not completely secure, and we cannot guarantee the security of your information.
You also share responsibility for maintaining the privacy and security of your Personal Information, for example, by not allowing any third party to use your personal account to the Services and avoiding all other non-authorised access to your login and access code. We encourage you to immediately notify us of any unauthorized use of your personal account by sending an e-mail to firstname.lastname@example.org.
Marketing opt out.
- You can unsubscribe from our marketing communications at any time by following the instructions contained within such communications, but you may still receive administrative messages from us regarding our Services.
European Privacy Rights.
If you are located in Europe, you have the right to ask for an overview of the Personal Information we process about you, and for a copy of your Personal Information. In addition, you may request us to update and correct inaccuracies, delete your Personal Information, restrict processing of your Personal Information or exercise your right to data portability to easily transfer your Personal Information to another company. In some cases, you may object to the processing of your Personal Information and where we have asked you for your consent to process your Personal Information, you can withdraw it at any time. The withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal. The above rights may be limited under applicable law. You have the right to lodge a complaint with the supervisory authority of your residence, place of work or where the incident took place.
California Privacy Rights.
If you are a California resident, please review our California Resident Privacy Notice.
Our Services may contain features or links to websites and services provided by third parties. Any information you provide on third-party websites or services is provided directly to the operators of such websites or services and is subject to those operators’ policies governing privacy and security, even if accessed via our Services. We are not responsible for the content or privacy and security practices and policies of third parties to which are linked through our Services. We encourage you to consult the third parties’ privacy and security policies to learn more about how they collect and use your Personal Information.
Changes to this Policy.
We may update this Policy to reflect changes in our privacy practices. If we update this Policy, we will make it available through the Services, and indicate the date of the latest revision at the top of this Policy. If we materially change how we use or share Personal Information previously collected from you through the Services, we will notify you through the Services, by email, or other communication, as appropriate.
If you have any questions about this Policy, please contact us by email at email@example.com or by post to:
Attn: Data Protection Officer
Picardstraat 11 B 205,
1000 Brussels – BELGIUM