Personal Data File and Controller
Name of the Personal Data File: User Register of Aiven Cloud Services
Controller: Aiven Ltd, Business ID: 2795743-5 (the “Company”)
According to law, personal data means any information on a private individual and any information on his/her personal characteristics or personal circumstances, where these are identifiable as concerning him/her or the members of his/her family or household.
The Company stores and processes the following data provided by the User:
Credit card number (last 4 digits only)
Credit card expiration date
Additionally, the Company automatically collects and processes the following data about the User:
User’s IP addresses
Geographical location based on the IP address
Service access times
Statistics on page views
Any other automatically collectible information
Furthermore, the Company may also collect anonymized statistics about the way the User uses the Services provided by the Company.
Purpose of data collection
The primary purpose of collecting personal data is to provide Services to the User and to issue accurate charges for the use of Services.
The Company stores personal data on servers located in the European Union on servers provided by Google and Amazon Web Services. Personal data may be stored and processed in other regions only if the User has requested Services in such regions.
The personal data stored in the User Register may also be used by the Company to provide, develop and customize the Service and to communicate with the User. Such communication may include direct marketing, market research or research polls. The Company may use subcontractors when providing any services.
When necessary and to the extent required for the provision of the Service, personal data may be transferred outside of the European Union or European Economic Area. In such occasion the Company shall comply with the requirements set by the applicable law for such transfer of personal data.
Legal basis for processing personal data (European Territory Users only)
The Company provides the representations and information in this section in compliance with European privacy laws, in particular the European General Data Protection Regulation (GDPR). They are specific to Users located in EEA countries or Switzerland, so please don’t rely on the below, if you’re not a User in one of those countries.
If you are a User from the European Territories, the Company’s legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which it is collected. “European Territories” mean the European Economic Area and Switzerland.
However, the Company will normally collect personal data from Users where the processing is in the Company’s legitimate business interests to, for example, administer Services and fulfill contractual obligations as a service provider. In some cases the Company may collect and process personal data based on consent.
Personal data communicated to third parties
The Company may communicate the Users’ personal data to its affiliates, cooperation partners or other third parties only to the extent as may be required and permitted by applicable laws, required for the purpose of providing the Service or defending the Company’s legitimate interests in accordance with the applicable law or required due to an acquisition or other corporate transaction.
The Company provides the following data to the Company’s CRM provider/s (currently Hubspot and Intercom):
Urchin Tracking Module (UTM) campaign tags
The Company provides the following data, provided by the User, to the Company’s payment processor (currently Stripe):
The items listed above
Credit card number (full)
Credit card security code
Website analytics providers
The Company uses Google Analytics, a service which transmits anonymous website traffic data to Google servers. The Company uses reports provided by Google Analytics to help the Company understand website traffic and usage.
The Company also uses Google Analytics to send and receive data to/from Google Ads to improve the performance of the Company’s Google Ads campaigns and develop remarketing lists.
User-level and event-level is automatically deleted from Google Analytics servers after 38 months. However, the 38 month period will reset if Google Analytics detects new activity, such as a site visit.
The Company uses Hotjar, a service that helps the Company better understand user website behavior, e.g. how much time is spent on which pages, which links are clicked, what a user likes and doesn’t, etc.
Hotjar collects the following user behavior and device data:
Device IP address (captured and stored only in anonymized form)
Device screen size
Device type (unique device identifiers)
Browser information, geographic location (country only)
Preferred language used to display our website
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of the Company’s web properties and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
Urchin Tracking Module (UTM) tags
UTM tags are appended as part of the visible URL for marketing campaigns and reports can be viewed in platforms like Google Analytics. The Company sends UTM tag information to Google Google Analytics/Intercom to evaluate campaign performance.
For example, if a user visits the website via a link with UTM parameters attached. These details, such as campaign source, medium, and name, are collected at an aggregated level and sent to Google Analytics.
Moreover, if a user who clicks a campaign link with a UTM tag becomes a registered user, the UTM information will associated with the registration and sent to Intercom. This information helps the Company assess the utility of its marketing channels.
Quality of data
To the extent required by the applicable law, the Company corrects, erases or supplements at the request of a User, possibly erroneous, unnecessary, incomplete or obsolete data processed in the User Register. However, Users are responsible for the validity and quality of the personal data they provide to the Company.
The Company has carried out reasonable technical and organizational measures to secure the personal data processed in the User Register against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. For instance, any physical data is stored in locked facilities and access to automatically processed data is limited by user rights and passwords within the Company’s organization.
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Subcontractors and Sub-processors
Aiven uses certain subcontractors (including Aiven subsidiaries) to assist in providing the Aiven Services for its customers. For more information click here.