This Privacy Notice explains how DataStax, Inc. and its subsidiaries (together “DataStax,” “our,” “us”, or “we“) use and share the information (which may include personal information) that we receive or collect from you in the usual course of business including through the services we provide directly to you, our website and other interactions with you in the course of our publicity, marketing, and related activities.
We respect your right to privacy. If we collect, share, or use personal information about you, then this Privacy Notice explains how we will do it, and how you can exercise your privacy rights. If you have any question about our use of your personal information that this notice does not fully answer, please ask us using the contact details provided at the "How to Contact us" section at the bottom of this Privacy Notice.
This Privacy Notice does not apply to information that we receive or handle on behalf of our corporate customers in our role as a software or services provider, and any such information is governed by the terms of the applicable agreement.
What do we do?
We are an experienced partner in on-premises, hybrid, and multi-cloud deployments and offer a suite of distributed data management products and cloud services. Our global Headquarters are in Santa Clara, California and we have a presence across the globe. For more information, visit the about us section on our website here.
What legal grounds do we have to process your personal information?
Our legal basis for processing your personal information will depend on the personal information concerned and the specific context in which we collect it.
We will normally process personal information from you only: (i) where we have your consent to do so; (ii) where we need the personal information to perform a contract with you; or (iii) where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. We have set out our specific legal grounds for processing your data below (see "What personal information do we collect and why?" ).
In certain circumstances, we have a legal obligation to process personal information about you, or need to process personal information to protect your vital interests or those of another person. If we ask you to provide personal information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the consequences if you do not provide your personal information).
What personal information do we collect and why?
The personal information that we collect about you falls into the following categories:
Information that you provide voluntarily
We ask you to provide certain information voluntarily:
|Types of personal information||Why we collect it||Legal Ground for Processing|
|Business Contact Information: Details such as your name, job title, phone number, email address, and country.||To provide materials you request from us, such as newsletters, brochures, product literature and the like.||On the basis of your consent, or on the basis of our legitimate interest, as applicable.|
|To deliver products and services. For example, if you want to use our software products and download them through our website, we need your name and contact.||To perform our contract with you and to deliver a service, or on the basis of our legitimate interest, as applicable.|
|To plan and host events for which you have registered or that you attend, including sending related communications||To perform our contract with you and to deliver a service, or on the basis of our legitimate interest, as applicable.|
|To provide necessary functionality in relation to the website and services.||To perform our contract with you and to deliver a service, or on the basis of our legitimate interest, as applicable.|
|For marketing purposes if you are not a customer.||Only on the basis of your consent.|
|To send you promotional communications about our products and services, if you are already a customer, subject to your legal rights to control whether we do so.||To pursue our legitimate interests of promoting our business, if permitted by law.|
|Account Credentials: Details that you provide in order to have an account with us for the purposes of receiving our services. These details include your name, email address and password.||To maintain your account with us and to deliver our service.|
|To send you service, technical and other administrative or technical email, messages and other types of notifications (such as distribution and product updates and product patches and fixes)|
|Support Data: Data you provide or we otherwise access in connection with support queries we receive from you. This may include, for example, first name, last name and email address. For some of our services, you may also have an option to provide location or time zone, phone number.||To resolve any support requests and to deliver, develop and improve our services.|
|Payment Data: Data that you provide or we otherwise access in connection with your payment to us for services we provide. This may include, for example, bank account and payment card details order identification, billing address, date/time/amount of transaction, merchant name/identification, location.||To effect payment that is necessary for the provision of our services; to ensure compliance with laws that apply to us (e.g. compliance with Anti - Money Laundering and fraud prevention obligations).||To perform our contract with you and to deliver a service , or on the basis of our legitimate interest as applicable. We will also process your personal information to comply with our legal obligations.|
If we ask you to provide any other personal information not described above, then the personal information we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect your personal information.
Information that we collect automatically
When you use our services, we will also collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information will be considered personal information under applicable data protection laws.
|Types of personal information||Why we collect it||Legal Ground for Processing|
|Log and usage data: Service-related, diagnostic, usage, and performance information our servers collect when you access or use our services and which we record in log files. This log data may include the Internet Protocol (IP) address, device information, browser type and settings and information about your activity in the services (such as the date/ time stamps associated with your usage, pages and files viewed, searches and other actions you take (for example, which features you use), device event information (such as system activity, error reports and hardware settings.||To maintain the security of the service, provide necessary functionality, improve the application and its performance, assess and improve your experience, check compliance with applicable terms; identify future opportunities for development of the services, assess capacity requirements, analyse overall trends, and to help us provide and improve our services.|
Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology” below.
Information that we obtain from third party sources
From time to time, we may receive personal information about you from third party sources, but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
Who do we share your personal information with?
We may disclose your personal information to the following categories of recipients in the circumstances described below:
Do we use a third party to process payments?
We currently use Stripe, a payment provider, in order to provide certain products and services. To the extent that Stripe operates and manages the electronic commerce platform and facilitates payment transactions on our website, Stripe operates as a Data Processor on behalf of and for DataStax.
Stripe, for the same Payment Data, is also an independent controller to the extent that Stripe processes Personal Data involved in payment transactions for their own purposes, and this Privacy Notice will not control or govern the processing of such data. Where Stripe processes Personal data as an independent Controller Stripe will do so in accordance with their own privacy policies which can be found at: https://stripe.com/privacy.
What are cookies?
Cookies set by the website or service operator are called "first party cookies". Cookies set by parties other than the website or service operator are called "third party cookies". Third party cookies typically enable certain third party features or functionality to be provided on or through websites or services (such as, advertising, interactive content and analytics). The parties that set these third party cookies can recognize an individual's computer both when they visit the website or use the service in question and also when they visit certain other websites.
What cookies do we use and why?
We use first party and third party cookies for several reasons. Some cookies are required for technical reasons that are strictly necessary for our website to operate, and we refer to these as "Strictly Necessary" cookies. Other cookies also enable us to provide website functionality, or to enhance visitors' experience on our website by providing them with personalised content and advertising.
The specific types of first and third party cookies served through our website and the purposes they perform are described in our Cookie Settings here: here.
What about other tracking technologies, like web beacons?
Cookies are not the only way to recognise or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enable us to recognise when someone has visited our website or opened an e-mail that we have sent them. This allows us, for example, to collect and store your information and preferences, to track your activity on the website, and to enhance the functionality of the website. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will often impair their functioning.
Information about third parties we work with
|Google Tag Manager:||This service allows website tags to be managed via an interface (tags are small elements of code that are used, for example, to measure traffic and visitor behaviour, to understand the effect of online advertising and social channels, to set up re-marketing and orientation towards target groups, and to test and optimise websites). Google Tag Manager only implements tags. No cookies are used and consequently no personal information is recorded.|
We use social media platforms to advertise to you online and to monitor the success of our advertising (for example, by receiving information when you click on our ads on Facebook, LinkedIn and others):
|Twitter Advertising:||We advertise on Twitter and our advertising content will be tailored to your interests on the basis of your browsing behavior and the pages you have consulted on this and other websites. In order to improve the relevance of our marketing content, the cookie may therefore transmit such data to Twitter, which will use it to better understand your interests. If you decide that you do not wish your browsing data to be collected, you can find comprehensive information on Twitter’s advertising policy and the steps you can take to protect your privacy here.|
|Facebook Custom Audience:||This service from Facebook enables us to display personalised ads to people on our email lists when they visit Facebook. We provide information such as your email address and phone number in encrypted form to Facebook (so they cannot be seen by anyone at Facebook) to enable Facebook to determine if you are a registered Facebook account holder.|
|Vidiyard:||A third party, Vidyard, provides a video platform that allows us to host recorded videos and to utilize data collected in connection with the viewing of those videos to tailor our content and market to our video viewers. Vidyard/Buildscale shall use and/or process personal information as set forth here (last updated in February, 2020) and here (last updated May 22, 2018). Any personal information processed by Buildscale shall be used as set out here and here and in accordance with applicable law. Applicable Law in respect of our customers in Europe shall be Regulation EU 2016/279 and in respect of our customers resident in California shall be the California Consumer Privacy Act.|
How can you control cookies?
You can exercise your cookie preferences through our Cookie Settings, which you can access here: here.
You can learn more about cookies here (which includes additional useful information on cookies and how to block cookies using different types of browsers).
You can prevent the storage of data relating to your use of our website and created via the cookie (including your IP address) by Google Analytics by downloading and installing the browser plug-in available here.
If you choose to reject cookies from our website, the content we provide may be of less relevance to you, and you may be unable to use certain of our website's services, features, and functionality that require registration, customisation, or data tracking.
How do we keep your personal information secure?
We use appropriate technical and organisational measures to protect the personal information about you that we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
We maintain physical, electronic, and procedural safeguards designed to protect your information. We use secure server software (SSL) and firewalls, designed to protect your information from unauthorised access, disclosure, loss, misuse, alteration, or destruction. Only authorised personnel amongst our employees and third party service providers have access to your information and only on a ‘need to know’ basis. We internally audit our security and privacy practices and procedures examining confidentiality standards and information access in order to protect your information. Despite the actions and precautions we take, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of your information and you transmit it to us at your own risk.
Links to other websites or services
Our services may contain links to and from the services of our partner networks, advertisers, and corporate clients. If you follow a link to any of these services, please note that the relevant third party will have its own Privacy Notice and we do not accept any responsibility or liability for them. Please check their Privacy Notices before you submit any personal data to them.
We also require third parties with whom your personal information is shared in accordance with this Privacy Notice to have in place appropriate security measures and to not process your personal information for unauthorised purposes.
Is your data transferred to other countries?
Where permitted by the country in which you are resident, your personal information will be transferred to, and processed in any location in which DataStax operates (for more information on where our offices are located, visit the contact section on our website here). This means that when we collect your personal information we may process it in any of these countries and these countries may have data protection laws that are different to the laws of your country.
Regardless of where your data is located, we:(a) treat all personal information in accordance with applicable law; and (b) take reasonable steps to ensure the security of personal information.
If you are resident in or a visitor to our website from the EEA, UK or Switzerland, we will protect your personal information when it is transferred outside of the EEA, UK or Switzerland by implementing appropriate safeguards to protect your personal information, either through the use of Standard Contractual Clauses or another lawful transfer mechanism approved by the European Commission. Our Standard Contractual Clauses can be provided on request.
How long do we retain your data for?
We retain your personal information where we have an ongoing legitimate business need to do so and for a period of time consistent with the original purpose as described in this Privacy Notice. We determine the appropriate retention period for personal information on the basis of the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation). We may also retain aggregated information beyond this time for research purposes and to help us develop and improve our services (you cannot be identified from aggregate information retained or used for these purposes).
After expiration of the applicable retention periods, we will either delete or anonymize your personal information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information.
We may need to retain certain information even once an account has been closed or deleted for differing periods, depending on the category of information concerned (for example, to enforce our terms, for fraud prevention, to identify, issue or resolve any legal claims, for proper record keeping purposes and/or as required for our business operations or by applicable laws).
We may also retain a record of any instance where you have exercised your data rights (as set out below), including any objection to receiving DataStax marketing, for the purpose of ensuring we can continue to respect your wishes.
What are your data protection rights?
Where we are acting as a controller, and depending on your location and subject to applicable law, you may have the following rights with regard to the personal information we control about you.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Under California Civil Code Section 1789.3, California website users are entitled to the following specific consumer rights notice: The Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 400 R Street, Suite 1080, Sacramento, California 95814, or by telephone at (916) 445-1254 or (800) 952-5210.
Under the California Consumer Privacy Act, or CCPA (“Assembly Bill No.375” enacted by the legislature in California) as a California resident you have certain rights regarding your Personal Information as defined under the CCPA.
Categories Of Personal Information Collected About You.
We may have collected the following categories of Personal Information about California residents in the preceding 12 months.
|Type of Information||Examples||Sources of Personal Information||Purpose for Collection||Who Information is Shared With|
|Identifiers such as real name, postal address, Internet Protocol (“IP”) address, etc.||Real name, postal address, IP address, etc. (for more information, please refer to the section "What personal information do we collect and why?"||You the customer/consumer, information from tracking or analytics tools such as cookies||Please see the "Why we collect it" heading under the section "What personal information do we collect and why?"||Please see the section "Who do we share your personal information with?"|
|Categories of Information described in subdivision (e) of Section 1798.80 of the California Civil Code||Credit card or debit card numbers, name, signature, etc. (for more information, please refer to the section "What personal information do we collect and why?")||You the customer/consumer, information from tracking or analytics tools such as cookies||Please see the "Why we collect it" heading under the section "What personal information do we collect and why?"||Please see the section "Who do we share your personal information with?"|
|Commercial Information||Products or services purchased, obtained, or considered (for more information, please refer to the section "What personal information do we collect and why?")||You the customer/consumer, information from tracking or analytics tools such as cookies||Please see the "Why we collect it" heading under the section "What personal information do we collect and why?"||Please see the section "Who do we share your personal information with?"|
|Internet or other electronic network activity||Browsing history and search history (for more information, please refer to the section "What personal information do we collect and why?")||You the customer/consumer, information from tracking or analytics tools such as cookies||Please see the section "Who do we share your personal information with?"|
|Geolocation Data||Physical location of device, etc. (for more information, please refer to the section "What personal information do we collect and why?")||You the customer/consumer, information from tracking or analytics tools such as cookies||Please see the section "Who do we share your personal information with?"|
|Professional or Employment-related information||Company name, title, etc. (for more information, please refer to the section "What personal information do we collect and why?")||You the customer/consumer, information from tracking or analytics tools such as cookies||Please see the section "Who do we share your personal information with?"|
Subject to certain limitations, the CCPA grants California residents the following:
Do Not Sell My Information/Selling Personal Information
We do not sell your Personal Information for monetary consideration.
However, some of the targeting cookies that we use may be considered a “sale” as defined under the CCPA. If that is the case, we only “sell” Personal Information as it is related to these targeting cookies used to provide you with relevant ads and information when you are browsing other sites. For more information on cookies, please see the section on cookies in this Privacy Notice. You have the right to opt-out of any sale of information and other cookies at any time by changing your settings for cookie placement on the site. To opt-out of the targeting cookies, follow the instructions provided in this Privacy Notice.
Changes to this Privacy Notice
Each time you use our website or our services the current version of the Privacy Notice will apply. When you use our website and our services, you should check the date of this Privacy Notice (which appears at the top of this Privacy Notice) and review any changes since the last version.
If we make material changes to this Privacy Notice, we will notify you either by prominently posting a notice of such changes prior to implementing the changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information. You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
How to contact us
If you have any questions or concerns about our use of your personal information, please contact us using the following details.
|Your country of residence||Postal address|
|UKfirstname.lastname@example.org||DataStax c/o Taylor Wessing 5 New Street Square London EC4A 3TW UK|
|EEAemail@example.com||DataStax c/o: Fieldfisher Ireland The Capel Building Mary’s Abbey Dublin D07 N4C6 Ireland|
|Rest of Worldfirstname.lastname@example.org||DataStax, Inc. 3975 Freedom Circle, 4th Floor Santa Clara, CA 95054|
Our UK representative is DataStax UK Limited. Our EEA representative is DataStax Ireland Limited.
Our Data Protection Officer is Matthew Arthur, email@example.com.