Jul 24, 2023

Privacy Notice for California Residents

This Privacy Notice for California Residents (referred to as "Privacy Notice") informs why and how Aiven collects, uses, shares and protects personal information of California residents in compliance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

What rights do you have as a California resident?

Under the CCPA and CPRA, you have the following rights regarding your personal information:

How to exercise your rights?

To exercise your rights or to ask any questions about this Privacy Notice, please contact us using the information provided below.

California residents have the right to opt out of selling their personal information. This right can be exercised by sending an opt out request through the “Do not sell or share my information”.

The definition of ‘selling’ in California Consumer Privacy Act (CCPA) is broad and includes sharing of information in exchange for anything of value - even when no actual money is related to the matter.

In other words, Aiven never sells your personal data but Aiven may share it as described in section “What personal data do we disclose?”. Some of these disclosures occurred in the last 12 months might be considered ‘selling’ under the CCPA.

In addition to the “Do not sell or share my information”-form, Californian Users can exercise their rights by sending a request to privacy@aiven.io.

We may need to verify your identity before processing your request, which may require you to provide additional information.

What information we collect?

We may collect the following categories of personal information:

Aiven collects this information directly from you when you use Aiven services or interact in the Aiven Community forum, Aiven staff at events, or automatically through our website.

For what purpose we process personal information?

We use personal information for the following purposes:

To whom we share your information with?

We may share personal information with the following categories of third parties for business purposes:

What security measures have we taken?

We have carried out reasonable technical and organizational measures to secure the personal information processed against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. For instance, any physical data is stored in locked facilities and access to automatically processed data is limited by user rights and passwords within our organization.

Please be aware that, although we endeavor to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.

How long will we retain personal data?

We will only retain personal data for as long as necessary to fulfill the purposes defined in this Privacy Notice. The main retention periods are as follows: