Privacy Policy


Introduction

Acquia Inc., including its wholly owned affiliates, (“Acquia”, "us," "we," or "our,") is committed to protecting the privacy of your information. Acquia’s affiliates are listed here (“Affiliates”).

This Privacy Policy (“Policy”) governs Acquia’s use of personally identifiable information, also "personal data," about users of our products, services and/or software that are available for purchase and use through our sales teams, accessible by download on our websites (our "Services"), and also users of our website http://acquia.com as well as the other websites that Acquia operates and that link to this Policy (collectively referred to as “Site(s)”). It also describes the choices available to you regarding our use of your personally identifiable information and how you can access and update this information.

Acquia complies with the relevant legislation applying to personal data, including but not limited the General Data Protection Regulation issued by the European Union which may include an adequacy decision or appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission.

1. Policy Application

This Policy applies to website visitors, event participants, office and event attendees, customers and customers’ users of our Services, and end users of our Services and Products including trials.

This Policy does not apply to websites, applications, and services maintained by third parties, including, but not limited to, those of Acquia’s customers. The privacy practices of these websites, applications, and services are governed by their respective privacy statements, which you should review to better understand their privacy practices.

Where Acquia obtains personal data in its role as a Processor for its customers, end-users and consumers should submit complaints concerning the processing of their Personal Data to the relevant customer. Acquia will support in this process at the request of the customer.

Due to the Internet’s rapidly evolving nature, Acquia may need to update this Policy from time to time. If so, Acquia will post our updated Privacy Policy on our Site located at http://acquia.com/about-us/legal/privacy-policy and post notice of the change so it is visible when users log-on for the first time after the change is posted so that you are always aware of what personally identifiable information we may collect and how we may use this information. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page. Acquia encourages you to review this Privacy Policy regularly for any changes. Your continued use of this Site and/or continued provision of personally identifiable information to us will be subject to the terms of the then-current Privacy Policy.

2. California Residents

If you are a California consumer, for more information about your privacy rights, please see our California Consumer Privacy Statement.

3. Data Integrity and Purpose Limitation

Acquia is a provider of cloud platform related services, including Platform as a Service (“PaaS”) and Software as a Service (“SaaS”) products, technical support services and professional consulting services for Drupal websites which processes personally identifiable information upon the instruction of its customers in accordance with the terms of the applicable agreement between Acquia and customer.

4. Information Collection and Use (by Categories of Data Subjects)

However, in certain sections of the Site or interactions with us, we may invite you to participate in one or some of the following. We collect such information in the following situations:

  • Surveys (If you voluntarily submit certain information to our services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request);
  • “Contact Us” features with questions or comments or request information, participate in chat or message boards (If you express an interest in obtaining additional information about our services, request customer support, use our “Contact Us” or similar features, register to use our services, sign up for an event, questionnaires, webinar, contests, or download certain content, we may require that you provide to us your contact information);
  • If you interact with our websites or emails, we may automatically collect information about your device and your usage of our websites or emails, (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data) (see “Device and Usage Data Processing section, below) using cookies, Web Beacons, or similar technologies;
  • If you make purchases via our Sites or register for an event or webinar, we may require that you provide your financial and billing information, such as billing name and address, credit card number or bank account information;
  • If you communicate with us via a phone call from us, we may record that call;
  • We require you to complete a registration form and/or create a profile to access certain restricted areas of the Site, to use certain services, including trial services, and when you download any software;     
  • If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name, and time and date of arrival.

Due to the nature of some of these activities, we may collect personally identifiable information such as your name, e-mail address, address, phone number, password, screen name, credit card information and other contact information that you voluntarily transmit with your on-line and in-person communications to us and personally identifiable information that you elect to include in your chart and message board postings.

If you use a forum on this Site, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these forums. We receive permission to post testimonials that include personally identifiable information prior to posting.

If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Policy. If you believe that your Personal Data has been provided to us improperly or want to exercise your rights relating to your Personal Data, please contact us by emailing [email protected].

4.1. Orders by Customers

If you purchase a product or service from us, we request certain personally identifiable information from you on our order form. You must provide contact information (such as name, email, and shipping address) and financial information (such as credit card number, expiration date).

We use this information for billing purposes and to fill your orders. If we have trouble processing an order, we will use this information to contact you.

In addition, we may collect information about the performance, security, software configuration and availability of customer web sites in an automated fashion as part of the Acquia subscription services.

We use your personally identifiable information to register you to use our services or download or access software or other content, contact you to deliver certain goods, services or information that you have requested, provide you with notices regarding goods or services you have purchased, provide you with notices regarding goods or services that you may want to purchase in the future (including communications from third party service providers and/or Acquia technology partners concerning additional products/applications which compliment Acquia's services, or else are customizable with Acquia's services in order to maximize your digital experience while leveraging Acquia services), verify your authority to enter our Site and improve the content and general administration of the Site and our services.

Certain modules within the Drupal software connect your installation of Drupal to our subscription services, these modules will report to us, and we will collect, your IP address, operating system type and version, web server type and version, php version, database type and version, version of the services, modifications to your Drupal code, information regarding the availability of your website (e.g. if your website is live or down), website user statistics such as the number of nodes, number of users and number of comments. The foregoing information will be linked to your personally identifiable information and user accounts, and we may use the foregoing information to better provide technical support to you and our customers and to improve our services.

If you install and use the Acquia Search module and connect your Drupal site to the subscription services, in addition to the information we may collect, analyze and store when you use our services as stated above, the Acquia Search module may collect, analyze and store the content of your site in an index. This index will be stored and updated on our servers to enable Acquia Search to work with your site. A copy of this index may be retained for up to 14 days as a backup in the event there is a problem with the index. Additionally, information about the size of your index, the search queries performed on your index, performance of Acquia Search for your queries, and other operational information is stored indefinitely in order to enable Acquia to monitor performance over time, manage the Search Service, and to provide you with information about the Search activity on your site.

If you choose to contact us by e-mail, we will not disclose your contact information contained in the e-mail, but we may use your contact information to send you a response to your message. Notwithstanding the foregoing, we may publicly disclose the content and/or subject matter of your message, therefore, you should not send us any ideas, suggestions or content that you consider proprietary or confidential. All e-mail content (except your contact information) will be treated on a non-proprietary and non-confidential basis and may be used by us for any purpose.

4.1.1. Details of data processing

Acquia processes your personal data as a customer and other customer’s personal data (in the following just “customer”) in order to provide the contractually agreed Services.

Subject matter: The subject matter of the data processing is the performance of the Services agreed between Acquia and customer by Acquia involving personal data provided by customer.

Duration: As between customer and Acquia, the duration of the data processing is determined by customer and its contractual commitments with regard to the use of Acquia’s Services.

Purpose: The purpose of the data processing by Acquia is the provision of the Services initiated by the customer from time to time.

Nature of the processing: Cloud computing as platform and software as a service and such other Services as described in the Documentation and initiated by the customer from time to time.
 

Type of personal data:

The type and extent of personal data that is subjected to Acquia’s data processing is determined and controlled by our customer as data controller in its sole discretion - this may include, but is not limited to the following:

  • First and last name,
  • Title, work department, and manager/supervisor name,
  • Position and employment history,
  • Employer,
  • Contact information (company, personal and work email, phone, home address, physical business address, emergency contact details),
  • Photographs,
  • Biographical and directory information, including linked social media profile or posts,
  • Company user names or IDs and login credentials,
  • Identifiers related to work or personal devices used to access data exporter’s IT systems,
  • Log information generated through the use of data exporter’s IT systems,
  • Actions performed by the employee while accessing or using the Services,
  • Full time or part time status,
  • Business travel arrangements,
  • Training undertaken and training needs,
  • Localization data.

Categories of data subjects: Customer’s representatives and end-users including employees, contractors, collaborators and advisors of our customer (who are natural persons).

4.2. Communications from the Site

4.2.1. Special Offers and Updates

We will occasionally send you information on products, services, special deals, promotions. Out of respect for your privacy, we present the option not to receive these types of communications. Please see “Choice and Opt-out.”

4.2.2. Newsletters

If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, we provide you a way to unsubscribe. Please see the “Choice and Opt-out” section.

4.2.3. Service-related Announcements

We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.

Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.

4.3. Customer Service

Based upon the personally identifiable information you provide us, we will send you a welcoming email to verify your username and password. We will also communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We will communicate with you by email or telephone, in accordance with your wishes.

​​​​​​​4.4. Choice/Opt-out

We or one of our authorized partners may place or read cookies on your device when you visit our websites for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here. We provide you the opportunity to not choose or ‘opt-out’ of having your personally identifiable information used for certain purposes, when we ask for yourinformation.

To request updates or changes to your information or your preferences regarding receiving future promotional messages from us, you may contact our Privacy Officer using the information in the Contact Us section of this Privacy Policy or follow the opt-out instructions that are contained in the bottom of the email communication you received.

You will be notified prior to when your personally identifiable information is collected by any third party that is not our agent/service provider, so you can make an informed choice as to whether or not to share your information with that party.

Please note that if you opt out of receiving our promotional or marketing emails, you may still receive certain service-related communications from us, such as administrative and services announcements and messages about your account. Occasionally these materials are sent from a different email domain: [email protected]

​​​​​​​4.5. Employment Opportunities

We provide you with a means for submitting your resume or other personally identifiable information through the Site for consideration for employment opportunities at Acquia. Personally identifiable information received through resume submissions will be kept confidential. We may contact you for additional information to supplement your resume, and we may use your personally identifiable information within Acquia, or keep it on file for future use, as we make our hiring decisions.

​​​​​​​4.6. Children's Privacy

Acquia recognizes the privacy interests of children, and we encourage parents and guardians to take an active role in their children’s online activities and interests. This Site is not intended for children under the age of 13. Acquia does not target its services or this Site to children under 13. Acquia does not knowingly collect personally identifiable information from children under the age of 13.  If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us by emailing [email protected].

​​​​​​​4.7. Cookies and GIFs

We use small text files called cookies to improve overall Site experience. A cookie allows us to gather information about the use of our sites and how people interact with our emails.. Cookies generally do not permit us to personally identify you (except as provided below). We may also use clear GIFs (a.k.a. “Web beacons”) in HTML-based emails sent to our users to track which emails are opened by recipients.

Additionally, when using the Site, we and any of our third party service providers may use cookies and other tracking mechanisms to track your user activity on the Site and identify the organization or entity from which you are using the Site. If you register with the Site, we, and our third party service providers, will be able to associate all of your user activity with your personally identifiable registration information. We will use such user activity information to improve the Site, to provide context for our sales and support staff when interacting with you and customers, to initiate automated email marketing campaigns triggered by your activity on the Site and for other internal business analysis.

Aggregate Information

The Site may track information that will be maintained, used and disclosed in aggregate form only and which will not contain your personally identifiable information, for example, without limitation, the total number of visitors to our Site, the number of visitors to each page of our Site, browser type, External Web Sites (defined below) linked to and IP addresses. We may analyze this data for trends and statistics in the aggregate, and we may use such aggregate information to administer the Site, track users’ movement, and gather broad demographic information for aggregate use.

Disclosure

We will not sell your personally identifiable information to any company or organization, except we may transfer your personally identifiable information to a successor entity upon a merger, consolidation or other corporate reorganization in which Acquia participates or to a purchaser or acquirer of all or substantially all of Acquia’s assets to which this Site relates. We may provide your personally identifiable information and the data generated by cookies and the aggregate information to parent, subsidiary or affiliate entities within Acquia’s corporate family, partner entities that are not within Acquia’s corporate family and vendors and service agencies that we may engage to assist us in providing our services to you. For example, we may provide your personally identifiable information to a credit card processing company to process your payment. Such third party service providers may be obligated to protect your personally identifiable information consistent with the terms of this Privacy Policy and not for their promotional purposes and/or required to enter into written confidentiality and data processing agreements including the commitment to be compliant with the Standard Contractual Clauses issued by the European Commission. We may also disclose your personally identifiable information (a) if we are required to do so by law, regulation or other government authority, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or otherwise in cooperation with an ongoing investigation of a governmental authority (b) to enforce our applicable Acquia agreement with you or to protect our rights or (c) to protect the safety of users of our Site and our services.

The Site may provide links to other Web sites or resources over which Acquia does not have control (“External Web Sites”). Such links do not constitute an endorsement by Acquia of those External Web Sites. You acknowledge that Acquia is providing these links to you only as a convenience, and further agree that Acquia is not responsible for the content of such External Web Sites. Your use of External Web Sites is subject to the terms of use and privacy policies located on the linked External Web Sites.

​​​​​​​4.8. Security

We employ procedural and technological measures that are reasonably designed to help protect your personally identifiable information including sensitive data from loss, unauthorized access, disclosure, alteration or destruction. Acquia may use encryption, secure socket layer, firewall, password protection and other physical security measures to help prevent unauthorized access to your personally identifiable information including sensitive data. Acquia may also place internal restrictions on who in the company may access data to help prevent unauthorized access to your personally identifiable information. These precautions take into account the risks involved in the processing, the nature of personally identifiable information, and best practices in the industry for security and data protection.

Please find additional information about Acquia’s security measures here and for our Services specifically in our Acquia Security Annex.

​​​​​​​4.9. Onward Transfers and the Data Privacy Framework

Acquia, as a global company with its roots in the United States, may transfer and access your information globally, including countries and regions of Acquia’s Affiliates and third parties processing information on our behalf, all for the purposes outlined in this Policy.

​​​​​​​4.9.1. Data Privacy Framework

Acquia employs appropriate safeguards (as set out in the Policy and here) for cross-border data transfers between Acquia Affiliates, to a third-party service provider or an Acquia business partner and conducts these transfers in accordance with the relevant applicable laws of the territory from which the data is exported.

For the transfer of personal data from the European Economic Area (EEA), Switzerland, or the United Kingdom (UK) to the United States and other countries, we rely on our certifications under the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework (jointly referred to as the “DPF”; more information on the DPF may be found here). If these certifications should expire, become invalidated or where they do not apply, Acquia relies on the standard contractual clauses including supplementary additional measures as necessary.

Acquia complies with the DPF and the DPF Principles. If there is any conflict between the terms in this Policy and the DPF Principles, the DPF Principles shall govern and prevail.

Any DPF Principles-related complaints regarding Acquia’s handling of personal data received should be raised to Acquia by

  1. contacting us via this webform in our Privacy Request Center,
  2. emailing the Acquia Privacy Team at [email protected] or
  3. sending a letter to Acquia Inc., 53 State Street, Boston, MA 02109, USA to the attention of the Global Privacy Officer.

If a complaint cannot be resolved through Acquia’s internal processes, you may commence arbitration. Acquia cooperates with JAMS pursuant to JAMS’ DPF program which is available here and where you can also initiate the dispute resolution process: https://www.jamsadr.com/eu-us-data-privacy-framework. Following the dispute resolution process, the mediator or you may also refer the matter to the United States Federal Trade Commission.  You may also invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other mechanisms set out in this DPF Notice or our Privacy Notice. For more information, please see Annex 1 of the DPF Principles, available here.

​​​​​​​4.10. Accountability

Acquia is accountable for personally identifiable information that we receive and subsequently transfer to third parties. If third parties that process personally identifiable information on our behalf do so in a manner that does not comply with the privacy principles laid out herein, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage.

Contact information and Customer personally identifiable information is accessible only by those Acquia employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into confidentiality agreements, and/or have been subjected to thorough criminal background checks requiring that they maintain the confidentiality of Customer personally identifiable information.

In the event Acquia discloses personally identifiable information covered by this Policy to a non-agent third party, it will do so consistent with any notice provided to Data Subjects and any choice they have exercised regarding such disclosure. Acquia will only disclose personally identifiable information to third-party agents that have given us contractual assurances that they will provide at least the same level of privacy protection as is required by this Privacy Policy and the Principles and that they will process personally identifiable information for limited and specific purposes consistent with any consent provided by the individual. If Acquia has knowledge that a third party to which it has disclosed personally identifiable information covered by this Privacy Policy is processing such personally identifiable information in a way that is contrary to this Privacy Policy and/or the Principles, Acquia will take reasonable steps to prevent or stop such processing. In such case, the third-party is liable for damages unless it is proven that Acquia is responsible for the event giving rise to the violation.

Acquia may use from time to time a limited number of third-party service providers, contractors, and other businesses to assist us in providing our solutions to our customers or in meeting internal business operation needs. These third-parties may access process or store personally identifiable information in the course of performing their duties to Acquia. Acquia maintains contracts with these providers restricting their access, use and disclosure of personally identifiable information in compliance with our obligations under the Principles.

​​​​​​​4.11. Your rights relating to your Personal Data

Depending on the applicable local data protection laws, you have certain rights relating to your Personal Data including, but not limited to:

  • Access to your data
  • Rectification
  • Erasure (“right to be forgotten”)
  • Restriction of Processing
  • Object, opt-out, withdrawing of your consent
  • Transfer of your data

Acquia provides you with the ability to exert any such right by contact us through this web form.

​​​​​​​4.12. Enforcement and Liability

Acquia is subject to the jurisdiction and enforcement and investigatory authority of the United States Federal Trade Commission.

Acquia also commits to periodically reviewing and verifying the accuracy of this Policy and the company’s compliance with the Principles, and remedying issues identified. All employees of Acquia that have access to personally identifiable information covered by this Policy in the U.S. are responsible for conducting themselves in accordance with this Policy. Failure of an Acquia employee to comply with this Policy may result in disciplinary action up to and including termination.

Regarding the enforcement of the DPF, please see above section “Data Privacy Framework”.

​​​​​​​4.13. Dispute Resolution

Acquia assures compliance with local data privacy laws by fully investigating and attempting to resolve any complaint or dispute regarding the use and disclosure of personally identifiable information in violation of this Privacy Policy.

Any questions or concerns regarding the use or disclosure of personally identifiable information should first be directed to the owner of the website in question (our customer); or if the question or concern is from our customer, then to Acquia at the address given below.

Acquia will cooperate with the United States Federal Trade Commissions and any data protection authorities of the EU Member States and/or United Kingdom (“DPAs”) in the investigation and resolution of complaints that cannot be resolved between Acquia and the complainant that are brought to a relevant DPA.

Regarding dispute resolution of the DPF, please see above section “Data Privacy Framework”.

​​​​​​​4.14. Contact Us

If you have any questions or complaints regarding this Privacy Policy please contact us by mail: Acquia Inc. 53 State Street Boston, MA 02109, USA Attention: Global Privacy Officer or e-mail to [email protected].

 

Updated October 10, 2023