Jul 24, 2023

Aiven Privacy Policy

Personal Data File and Controller

This Privacy Policy (referred to as "Privacy Policy") informs why and how we process personal data about representatives of business customers and potential business customers and visitors using the website at aiven.io (referred to as "User" and jointly "Users").

Aiven Ltd as Data Controller

Aiven Ltd, Business ID: 2795743-5, as the data controller (referred to as "Aiven", "we" or "us") is responsible for ensuring that personal data is processed in compliance with this Privacy Policy and applicable data protection laws.

We have also designated a Data Protection Officer (“DPO”) to oversee our data protection related matters. If you have any questions or concerns about the way we use your data, you may contact our DPO by email at dpo@aiven.io.

What personal data do we process?

We collect personal data through different means, which are explained below in more detail. Personal data is mainly collected directly from the User in connection with the customer relationship or website activity.

Customer data

The following personal data is processed in connection with the customer relationship:

Prospect data

We may contact potential customers and provide them relevant information about our services. For this purpose, the following information will be processed:

Technical data

We collect some technical data automatically through the use of our website or services, which may be associated with Users. For this purpose, the following information will be processed:

Special categories of personal data

We do not process special categories of personal data about our Users.

For what purpose and with what legal basis do we process personal data?

We process personal data for the following purposes:

Service provision based on contractual relationship with us

We process personal data when this is necessary under our contract with our customers and Aiven Community forum members, to provide our services , and specific features selected by the customer, and to manage and maintain the customer relationship between us. In this case, the processing is based on the performance of the customer contract.

Marketing

We process personal data for marketing purposes as follows:

Personal data is not processed for automated decision-making.

Our legitimate interest

We process personal data to the extent this is necessary to fulfil our legitimate interests, which include our interests to:

Legal obligations

We process personal data to comply with legal requirements under applicable laws (e.g. tax and accounting obligations) and with court orders and requests by competent regulatory and governmental authorities.

What personal data do we disclose?

We disclose personal data to third parties as follows:

Do we transfer personal data outside the EU/EEA?

We store personal data on servers located in the European Union ("EU") provided by Google and Amazon Web Services.

We transfer personal data to our subsidiaries and third party service providers overseas, which may involve the transfer of personal data to countries outside the European Economic Area ("EEA") which have different data protection standards to those which apply in the EEA.  For a list of the countries in which our subsidiaries and service providers operate, please see: aiven.io/subprocessors.

To the extent personal data is transferred to a country outside of the EU/EEA, we will use the required established mechanisms that allow the transfer to our subsidiaries and service providers in those countries, such as the Standard Contractual Clauses approved by the European Commission.

Please email us at privacy@aiven.io if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or to obtain a copy of any contractual clauses in place. Please note, however, that some details may be redacted for confidentiality reasons.

How long will we retain personal data?

We will only retain personal data for as long as necessary to fulfil the purposes defined in this Privacy Policy. The main retention periods are as follows:

What rights does the user have?

Users have the following rights:

Should the User wish to exercise his/her above mentioned rights, please send a request to us at privacy@aiven.io.

If you consider the way we are processing your personal data is conducted in an unlawful way or violates this Privacy Policy, you have a right to file a complaint to your national data protection authority in the EU/EEA. You may also file a complaint to the data protection authority in any other EU country where you live, work, or where you consider the alleged violation has occurred.

Clauses for Users in California

Users that are California Residents have specific rights to control their personal information. To read more about these rights based on the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (CPRA) please see our Privacy Notice for California Residents.

What Security measures have we taken?

We have carried out reasonable technical and organizational measures to secure the personal data processed against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. For instance, any physical data is stored in locked facilities and access to automatically processed data is limited by user rights and passwords within our organization.

Please be aware that, although we endeavor to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.

Changes to this Privacy Policy

We may change this Privacy Policy from time to time. If we make any changes to this Privacy Policy, we will actively bring it to the attention of the Users by using communication channels available to us. The most recent version of this Privacy Policy can be found at aiven.io/privacy