Nov 1, 2022

Aiven Privacy Policy

Personal Data File and Controller

This Privacy Policy (referred to as "Privacy Policy") informs why and how we process personal data about representatives of business customers and potential business customers and visitors using the website at (referred to as "User" and jointly "Users").

Aiven Ltd as Data Controller

Aiven Ltd, Business ID: 2795743-5, as the data controller (referred to as "Aiven", "we" or "us") is responsible for ensuring that personal data is processed in compliance with this Privacy Policy and applicable data protection laws.

We have also designated a Data Protection Officer (“DPO”) to oversee our data protection related matters. If you have any questions or concerns about the way we use your data, you may contact our DPO by email at

What personal data we process?

We collect personal data through different means, which are explained below in more detail. Personal data is mainly collected directly from the User in connection with the customer relationship or website activity.

Customer data

The following personal data is processed in connection with the customer relationship:

Prospect data

We may contact potential customers and provide them relevant information about our services. For this purpose, the following information will be processed:

Technical data

We collect some technical data automatically through the use of our website or services, which may be associated with Users. For this purpose, the following information will be processed:

Special categories of personal data

We do not process special categories of personal data about our Users.

For what Purpose and with what legal basis we process personal data?

We process personal data for the following purposes:

Service provision based on contractual relationship with us

We process personal data when this is necessary under our contract with our customer, to provide our services, and specific features selected by the customer, and to manage and maintain the customer relationship between us. In this case, the processing is based on the performance of the customer contract.


We process personal data for marketing purposes as follows:

Personal data is not processed for automated decision-making.

Our legitimate interest

We process personal data to the extent this is necessary to fulfil our legitimate interests, which include our interests to:

Legal obligations

We process personal data to comply with legal requirements under applicable laws (e.g. tax and accounting obligations) and with court orders and requests by competent regulatory and governmental authorities.

What personal data we disclose?

We disclose personal data to third parties as follows:

For a list of our subsidiaries and service providers as well as countries in which they operate, please see:

Do we Transfer personal data outside the EU/EEA?

We store personal data on servers located in the European Union ("EU") provided by Google and Amazon Web Services.

We transfer personal data to our subsidiaries and third party service providers overseas, which may involve the transfer of personal data to countries outside the European Economic Area ("EEA") which have different data protection standards to those which apply in the EEA.  For a list of the countries in which our subsidiaries and service providers operate, please see:

To the extent personal data is transferred to a country outside of the EU/EEA, we will use the required established mechanisms that allow the transfer to our subsidiaries and service providers in those countries, such as the Standard Contractual Clauses approved by the European Commission.

Please email us at if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or to obtain a copy of any contractual clauses in place. Please note, however, that some details may be redacted for confidentiality reasons.

How long will we retain personal data?

We will only retain personal data for as long as necessary to fulfill the purposes defined in this Privacy Policy. The main retention periods are as follows:

What rights does the user have?

Users have the following rights:

Should the User wish to exercise his/her above mentioned rights, please send a requests to us at

If you consider the way we are processing your personal data is conducted in an unlawful way or violates this Privacy Policy, you have a right to file in a complaint to your national data protection authority in the EU/EEA. You may also file in a complaint to the data protection authority in any other EU country where you live, work, or where you consider the alleged violation has occurred.

What Security measures have we taken?

We have carried out reasonable technical and organizational measures to secure the personal data processed against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. For instance, any physical data is stored in locked facilities and access to automatically processed data is limited by user rights and passwords within our organization.

Please be aware that, although we endeavour to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.

Changes to this Privacy Policy

We may change this Privacy Policy from time to time. If we make any changes to this Privacy Policy, we will actively bring it to the attention of the Users by using communication channels available to us. The most recent version of this Privacy Policy can be found at