DataStax Privacy Notice

This Privacy Notice explains our policy for how DataStax, Inc. and its subsidiaries (together “DataStax,” “our,” “us”, or “we“) collect, use and disclose personal information processed by us in the usual course of business including through the services we provide directly to you, our website and other interactions with you in the course of our publicity, marketing, support, and related activities (collectively the “sites and services”). 

This  Privacy Notice applies to our sites and services that display or reference this statement, but it does not apply to any sites or services that are subject to our Personal Data Processing Addendum or that display or reference a different privacy statement. If you have any question about our use and processing of your personal information, please contact us using the details provided at the "How to Contact us" section at the bottom of this Privacy Notice. California consumers can find specific disclosures including “Notice at Collection” details regarding how we collect, use, disclose, sell or share, and retain personal information. 

Our sites and services are intended for and provided to businesses and other organizations, and not individual consumers or end-users.  In some cases, in providing those sites and services, we process personal information of consumers or end-users at the direction of our corporate customers. When we do, we do so as a service provider or a “data processor” to those organizations, but we do not control and are not responsible for the privacy practices of those organizations. This Privacy Notice does not apply to information that we receive or process on behalf of our corporate customers in our role as a data processor or services provider, and any such personal information processing is governed by the terms of the applicable agreement with our corporate customer. If you are an end-user with one of those organizations, you should read that organization’s privacy notice and direct any privacy inquiries to that organization.

What do we do?

We are an experienced partner in on-premises, hybrid, and multi-cloud deployments and offer a suite of distributed data management products and cloud services. Our global Headquarters are in Santa Clara, California and we have a presence across the globe. For more information, visit the about us section on our website here.

What legal grounds do we have to process your personal information?

Our legal basis for processing your personal information will depend on the personal information we process and the specific context in which we process it. 

We will typically process personal information from you only: (i) where we have your consent to do so; (ii) where we require the personal information to perform our contract with you; or (iii) where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. We have set out our specific legal grounds for processing your data below (see "What personal information do we collect and why?" ).

In certain circumstances, we have a legal obligation to process personal information about you, or need to process personal information to protect your vital interests or those of another person. If we ask you to provide personal information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the consequences if you do not provide your personal information). 

What personal information do we collect and why?

The personal information we collect depends on how you interact with us, the sites and services you use, and the choices you make.

We collect information about you from different sources and in various ways when you use our sites and services, including information you provide directly, information collected automatically, information from third-party data sources, and data we infer or generate from other data.

The personal information that we collect about you falls into the following categories:

• Information that you provide directly.

We ask that you to provide certain personal information to us:

 

We also collect sensitive personal information as described below:

 

• Information that we collect automatically

When you use our sites and services, we will also collect certain personal information automatically from your browser or device.

Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “What are cookies and similar tracking technology” below.

• Information we create or generate. 

We infer new information from other information we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address.

• Information that we obtain from other sources

From time to time, we may receive personal information about you from other sources. These sources include, for example:

• Data Brokers and Aggregators. Data brokers and aggregators from which we obtain data to supplement the personal information we collect.

• Co-branding/marketing partners.  Partners with which we offer co-branded services or engage in joint marketing activities.

• Service providers.  Our service providers  that collect or provide data in connection with work they do or services they provide on our behalf, for example companies that determine your device’s location based on its IP address.

• Publicly available sources.  Public sources of information.

We combine data we collect from different sources for the purposes described in this Privacy Notice and to give you a more seamless, consistent, and personalized experience.

When you are asked to provide personal information, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional. 

With whom do we disclose your personal information?

We may disclose your personal information to the following categories of recipients in the circumstances described below:

• Affiliates and our group companies, which may access personal information, for example, where we share common data systems or where such access helps us to provide our sites and services and operate our business.

• Services providers,  including those who process personal information on our behalf or who otherwise process personal information for purposes that are described in this Privacy Notice or as notified to you when we collect your personal information.

• Financial services & payment processing, such as when you provide payment data to make a purchase, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud detection and prevention, credit risk reduction, analytics, or other related financial services.

• Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.

• Corporate transactions, including without limitation an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business.

• Security, safety, and protecting rights. We will disclose personal information if we believe it is necessary to:

• protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone; 

• operate and maintain the security of our sites and services, including to prevent or stop an attack on our computer systems or networks; or 

• protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.

• any other person where you have requested, authorized or consented to the disclosure.

Analytics and advertising companies also collect personal information through our sites and services including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data, as described in the “Cookies” section of this Privacy Notice. These providers may combine this data across multiple sites to improve analytics for their own purpose and others . For example , we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners. Please see the section titled “How can you  manage your cookies preferences” below for more information on available browser and platform controls. Some of  our disclosures to these third parties may be considered a “sale” or “sharing” of personal information as defined under the laws of California and other U.S. states.  Please see the “California Privacy Rights” section below for more details. 

Finally, we may disclose de-identified information in accordance with applicable law.   

 

Do we use a payment provider to process payments?

We currently use Stripe, a payment provider, in order to provide certain products and services. To the extent that Stripe operates and manages the electronic commerce platform and facilitates payment transactions on our website, Stripe operates as a data processor or service provider on our behalf. 

Stripe, for the same Payment Data, is also an independent controller or business to the extent that Stripe processes personal information involved in payment transactions for their own purposes, and this Privacy Notice will not control or govern the processing of such data. Where Stripe processes personal information as an independent Controller Stripe will do so in accordance with their own privacy policies which can be found at: https://stripe.com/privacy.

What cookies and similar technologies do we use?

We use cookies and similar tracking technology (collectively, “cookies”) to collect, use, and disclose personal information about you for a number of purposes  including to operate our websites and online services and to help collect data, including usage data, identifiers, and device information, and to serve interest-based advertising. 

What are cookies and similar technologies? 

Cookies are small data files that are placed by a website and stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server. 

We use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels", “single-pixel”, or "clear gifs"). These are electronic images that are  contained within a website or e-mail that we have sent. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. We also include web beacons in our email messages or newsletters to tell us if you open and act on them.

This allows us, for example, to collect and store your information and preferences, to track your activity on our sites and services, and to enhance the functionality of the sites and services. In many instances, these technologies are reliant on cookies and similar technologies to function properly, and so declining cookies can impair how our sites and services function.

How do we and our providers use cookies and similar technologies?

We, and our analytics and advertising providers use these technologies within our sites and services  to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our sites and services, including personal information related to your online activities over time and across different websites or online services.This information is used to store your preferences and settings, enable you to sign-in, analyze how our sites and services perform, track your interaction with the site and services, develop inferences, deliver and tailor interest-based advertising, detect, prevent, and combat fraud, and fulfill other legitimate purposes. We and/or our providers also share the data we collect or infer with third parties for these purposes. For more information about the third-party analytics and advertising partners that collect personal information on our services, please see the section titled “With Whom We Disclose Personal Information” above. 

How can you manage your Cookie preferences?

You can manage your cookie preferences through our Privacy Preference Center, which you can access on our website at www.datastax.com and selecting the “Cookie Settings” link at the bottom of the page.

Most web browsers are set to accept cookies by default. You can also update your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our sites and services though the content we provide may be of less relevance to you, and you may be unable to use certain of our sites and services  features and functionality, including those that require registration, customisation, or data tracking. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information.

You can use the following browser, email client, or platform controls to manage your cookie and similar technology preferences:

Do Not Track.  Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. There is not a common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use including cookie controls and advertising controls described in this Privacy Notice.

Targeted advertising. To opt-out from or otherwise control targeted advertising, you have several options. You can use the controls available through our website cookie banner (where available) to decline advertising-related cookies. Or, you can use the opt-out controls offered by the organizations our advertising partners may participate in, which you can access at:

• United States: NAI (http://optout.networkadvertising.org) and DAA (http://optout.aboutads.info/) 

• Canada: Digital Advertising Alliance of Canada (https://youradchoices.ca/) 

• Europe: European Digital Advertising Alliance (http://www.youronlinechoices.com/)

Finally, you can use the other cookie controls described above. For more information about behavioral advertising cookies and about how to turn these features off please refer to the information available here or here.

Email web beacons. Most email clients have settings that allow you to prevent the automatic downloading of images, including web beacons, which prevents the automatic connection to the web servers that host those images.

These choices are specific to the device, email client, or browser you are using. If you access our sites and services from other devices, email clients, or browsers, take these actions from those systems to ensure your choices apply to the data collected when you use those systems.

How do we keep your personal information secure?

We use appropriate technical and organizational measures to protect the personal information about you that we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. 

We maintain physical, electronic, and procedural safeguards designed to protect your information. Despite the actions and precautions we take, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of your information and you transmit it to us at your own risk.

Links to other websites or services

Our sites and services may contain links to and from the websites or services of our partner networks, advertisers, and corporate clients. If you follow a link to any of these services, please note that the relevant provider will have its own privacy statement and we do not accept any responsibility or liability for them. Please check their privacy statement before you disclose any personal information to them.

Is your data transferred to other countries?

Where permitted by applicable law in the country in which you are a resident, your personal information will be transferred to, and processed in any location in which DataStax operates (for more information on where our offices are located, visit the contact section on our website here). This means that when we collect your personal information we may process it in any of these countries and these countries may have data protection laws that are different to the laws of your country. 

Regardless of where your data is located, we have implemented policies and processes designed to :(a) process personal information in accordance with applicable law; and (b) take reasonable steps designed to maintain the security of personal information. 

If you are resident in or a visitor to our website from the EEA, UK or Switzerland, we will protect your personal information when it is transferred outside of the EEA, UK or Switzerland by implementing appropriate safeguards designed to protect your personal information, including through the use of Standard Contractual Clauses or another lawful transfer mechanism approved by a regulatory authority such as the European Commission, UK Information Commissioner’s Office or the Federal Data Protection and Information Commissioner of Switzerland. 

How long do we retain your data for?

We retain your personal information where we have an ongoing legitimate business need to do so and for a period of time consistent with the purposes described in this Privacy Notice. We determine the appropriate retention period for personal information on the basis of the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of our applicable legal requirements (such as our business record keeping obligations and applicable statutes of limitation). We may also retain aggregated or de-identified information beyond this time for research purposes and to help us develop and improve our sites and services. 

After expiration of the applicable retention periods, to the extent required under applicable law, we will either delete or de-identify your personal information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information. 

In some cases, we may need to retain certain information after an account has been closed or deleted for differing periods, depending on the category of information concerned (for example, to enforce our terms, for fraud prevention, to identify, issue or resolve any legal claims, for proper record keeping purposes and/or as required for our business operations or by applicable laws). 

We may also retain a record of any instance where you have exercised your data rights (as set out below), including any objection to receiving DataStax marketing, for the purpose of ensuring we can continue to respect your choices.

What are your data protection rights?

Depending on your location and subject to applicable law, you may have the following rights with regard to the personal information we process about you:

• If you wish to access your personal information you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below. DataStax will consider each request individually and may refuse your request for access to your personal information if the request is determined to be not substantiated, manifestly unfounded or manifestly excessive. In the event the request is denied DataStax will inform you of the reasons why and the further actions you may take.

• If you wish to correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below. 

• In addition, under certain circumstances, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.

• You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to contact us” heading below. If you have registered an account on the website or in relation to us providing our sites and services to you, opting out of receiving marketing messages will not apply to information provided to us as a result of signing up to use the website or our services and we reserve the right to send you necessary account notices or other administrative and transactional notices.

• Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

• You have the right to complain to a data protection authority about our collection and use of your personal information, but we encourage you to first contact us with any questions or concerns. For more information, please contact your local data protection authority.

• For residents of France, you can send us specific instructions regarding the use of your data after your death.

• Contact details for data protection authorities in the European Economic Area and the UK are available here.

• If you are resident in Switzerland, the contact details for the data protection authorities are available here.

• If you are resident in Australia, you can visit the ‘Complaints’ section of the Information Commissioner’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.

• If you are resident in New Zealand, further information is available here.

• If you are resident in Canada and unable to resolve your privacy issue directly with us, you may find information about reporting your privacy concern to the appropriate privacy authority here.

• If you are a California resident, please refer to the California Privacy Rights section below.

Where we are the business or data controller, we respond directly to requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. W 

California Privacy Rights

Under the California Consumer Privacy Act of 2018 (as amended), or “CCPA,” California consumers have certain rights regarding their personal information as defined under the CCPA. Subject to certain limitations, the CCPA grants California residents the following:

• Notice at Collection. At or before the time of collection, you have a right to receive notice of our privacy practices,  including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this Privacy Notice by clicking on the above links.

• Right to Request Deletion. You have the right to request deletion of personal information that we have or otherwise process subject to a number of lawful exceptions.

• Right to Request Correction. You have the right to request that we correct inaccurate personal information we process about you. 

• Right to Know. You have the right to request disclosure of the personal information we have collected about you (including details about collection, use, disclosure, and retention of such information).

• Right to Opt-Out / “Do Not Sell or Share My Personal Information.” You have the right to request disclosure regarding any “sale” and “sharing” (as those terms are defined by CCPA) of your personal information, and the right to opt-out of any such sale or sharing. 

• Right to Non-Discrimination. You have the right to be discriminated against for exercising the rights granted to you under the CCPA.

• Right to Limit. Where we use or disclose sensitive personal information to infer individual characteristics or for purposes other than those permitted by CCPA, you have a right to request that we limit our use and disclosure of such sensitive personal information. We do not use or disclose sensitive personal information for the purposes of inferring individual characteristics or any such additional purposes.

• Deidentified Information. When we retain aggregated or de-identified information for research purposes and to help us develop and improve our sites and services, we take reasonable steps to prevent reidentification of such personal information except where such reidentification is permitted under applicable law (such as where reidentification can help us determine whether our deidentification practices comply with applicable law).

• Exercising Your Rights. You may exercise your right to know, right to request correction, or right to request deletion  using one of the options below. Before we can respond to your request to know, correct, or delete your personal information, you will be required to verify your identity. Additionally, you may designate an authorized agent to make a request for the right to disclosure or right to request deletion, but such authorized agent must submit proof they are authorized to act on your behalf or have power of attorney. To exercise your right to know or request that we correct, or delete your personal information, please click here to complete our request form or send us an email from the email address associated with your account to privacy@datastax.com.

Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law.

Do Not Sell or Share My Personal Information

We do not sell or share your personal information for monetary consideration. And, we do not knowingly sell or share the personal information of minors under 16 years of age.

Note that the CCPA defines “sell,” “share,” and “personal information” very broadly, and some of our data sharing described in this Privacy Notice  may be considered a “sale” or “sharing” under those definitions. In particular, we let advertising and analytics providers collect identifiers (IP addresses, cookie IDs), activity data (browsing, clicks, usage) and device data when you use our sites and services, but we  do not “sell” or “share” other types of personal information. If you do not wish for us or our providers to “sell” or “share” personal information relating to your visits to our sites for advertising purposes, you can make your request by updating your preferences on our website via the Cookie Settings link, or using other controls described in the “How you can manage your cookie preferences” section of this Privacy Notice. If you opt-out using these choices, we will not disclose or make available such personal information in ways that are considered a “sale” or “sharing” under the CCPA.  However, we will continue to make available to our partners (acting as our service providers) some personal information to help us perform advertising-related functions. Further, using these choices will not opt you out of the use of previously “sold” or “shared” personal information or stop all interest-based advertising.

Changes to this Privacy Notice

Each time you access or use our sites or services the current version of the Privacy Notice will apply. When you access and use our sites and our services, please check the date of this Privacy Notice (which appears at the top of this Privacy Notice) and review any changes since the last version. 

If we make material changes to this Privacy Notice, we will notify you either by prominently posting a notice of such changes prior to implementing the changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information. You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice. 

How to contact us

If you have any questions or concerns about our use of your personal information, please contact us using the following details.

 

Our UK representative is DataStax UK Limited. Our EEA representative is DataStax Ireland Limited.

Our Data Protection Officer is Stuart Methven, privacy@datastax.com.