The Cloudera Privacy Statement explains how Personal Data about you is collected, stored, used, disclosed and otherwise processed by Cloudera, Inc.
The Cloudera Product & Service Data Policy describes Cloudera’s policy for handling, storing, and otherwise treating various types of data regarding Cloudera’s Customers in connection with Cloudera's Products and Services.
Privacy Statement
This Privacy Statement explains the data privacy practices of Cloudera, Inc. (“Cloudera,” “we,” “us” or “our”), including how and why Cloudera collects, stores, consults, organizes, uses, discloses, and otherwise processes personal data with respect to our online accounts, websites, and web domains (collectively, “Site”), and our events, our general business activities, and, unless otherwise stipulated in a separate agreement, the provision of our products and services (collectively, “Services”). Cloudera is the data controller of the personal data processed pursuant to this Privacy Statement and processes the data in compliance with applicable privacy and data protection laws, rules, and regulations.
- Job candidates/applicants must refer to our Candidate Privacy Notice for detailed information that is applicable to you as a candidate or applicant.
- Cloudera’s Personnel must refer to our internal Employee Privacy Notice for detailed information that is applicable to you as Cloudera Personnel.
- Cloudera is not responsible for our customers’, partners’, and other third parties’ privacy policies or practices, which may differ from ours. We encourage you to review their privacy policies before submitting your personal data to them. If you have questions, complaints, or privacy requests, please contact these parties directly.
Collection and Processing of Personal Data
Cloudera collects and handles information you provide directly or indirectly to us. In general, we only process your Name, Professional information, Business contact information, business interests and opinions, and information with respect to your use of our Site and Services.
General Categories of Data Subjects
Cloudera may process the personal data of different categories of data subjects. You may fall under the scope of one or more of the following categories of data subjects:
Online visitors and users
Onsite (Office) visitors ⎹ In-person meetings/events visitors
Event or Webinar registrants/attendees
Account holders
Employees/staff/agents/contractors (collectively, “Personnel”) of:
Business-to-business (“B2B”) commercial prospects/leads
B2B customers
Vendors, subcontractors, consultants, advisors, sponsors (collectively, “Service Provider(s)”)
Partners and resellers
Job applicants (refer to Candidate Privacy Notice) and Cloudera Personnel (refer to internal Employee Privacy Notice)
Individuals (who otherwise directly or indirectly communicate or interact with us)
Sources of Personal Data
Direct sources
Cloudera may obtain personal data directly from you. For example, we collect data directly from you when you create an account, interact with our Site or use or request information about our Services, or otherwise communicate or interact with us.
Indirect sources
Cloudera may obtain personal data about you from our B2B customers, Service Providers, partners/resellers, and/or third parties. For example, we may obtain information about you from a third party for purposes of data analytics or our legitimate business purposes.
General Categories of Personal Data
Cloudera may process one or more of the following categories of your personal data:
Name
Username / User ID (e.g., the username and/or user ID associated with your account or registration and utilized when you log in to a Cloudera system/network)
Business contact information (e.g., work email address and phone number)
Commercial information (e.g., records of Services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
Account Data (e.g., Name, Username / User ID, Business contact information, Professional information, Unique digital identifier, Network Activity Information)
Unique digital identifier (e.g., an online identifier; a device identifier; an Internet protocol (“IP”) address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology)
Note that we use online tracking technologies for legitimate commercial business purposes, such as cookies or similar technologies to collect information, analyze trends, administer our website, track users’ movements around the website, and gather demographic information about our user base as a whole. We also may collect anonymized conversion events and anonymized IDs, such as to enable cookies on, and analytics about the use of, the Site. For example, we collect information about the computer or mobile device you use to access our Site and/or Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
Internet or other electronic network activity information (including usage and log information relating to the use of our Site and Services, e.g., browsing history, search history, and information regarding your interaction with an internet website application, or advertisement) (“Network activity information”)
For example, we may log information about your use of our Site and Services, including the type of browser you use (i.e., browser type), internet service provider, clickstream data, date/time stamp, pages and files viewed on our Site (e.g., HTML pages, graphics, etc.), and the page you visited before navigating to our Site or Services.
Professional / Employment-related information (e.g., job title/role/position, employer, and employment history)
Email content (i.e., the subject line and body of the email, including analysis thereof)
Chat recordings (e.g., your conversations with a chatbot)
Audio/Video recordings (e.g., meetings with partners, vendors, or customers)
Pseudonymous data (e.g., a randomly-generated ID, such that the data can no longer be attributed to a specific individual without the use of additional information)
Geolocation data (i.e., approximate geographic location based on the unique digital identifier)
Inferences (e.g., data derived from any of personal data to create a profile about you reflecting your commercial preferences, and/or commercial and professional characteristics)
Closed-circuit television (CCTV) (e.g., if you are visiting our offices)
Feedback (e.g., your optional feedback regarding our Services)
Testimonials (e.g., testimonials or endorsements of satisfied customers).
Social media
Our Site includes social media features, such as the Facebook button or interactive mini-programs that run on our Site. These features may collect your IP address and information on which page you are visiting on our Site, and they may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our Site.
Sensitive Personal Data
Do not send or disclose to Cloudera any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or trade union membership, health, biometrics or genetic characteristics, and criminal background) on or through the Site, the Services, or otherwise, unless we specifically request such data.
Publicly Available Information
Note that personal data does not include lawfully obtained, truthful information that is a matter of public concern or publicly available information (i.e., information that is lawfully made available from federal, state, or local government records, or information for which we have a reasonable basis to believe is lawfully made available to the general public by you or from widely distributed media; or information made available by a person to whom you have disclosed the information if you have not restricted the information to a specific audience).
Anonymous / De-identified / Aggregate Data
Note that personal data does not include anonymized, de-identified, or aggregated data. Cloudera may anonymize, de-identify, and/or aggregate personal data so that such data will no longer constitute personal data. We do so to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual.
Public Profiles
If you create a profile on our Site (e.g., to participate in Cloudera Community discussions), your profile and/or comments will be publicly accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.
Usage Data
Cloudera collects and processes data about or generated by your usage of our Site and Services (i.e., “Usage Data”). This Usage Data may include the following personal data: Name, Business contact information, Professional information, Username / User ID, Unique digital identifiers, and/or Network activity information. The Usage Data may be redacted, obfuscated, anonymized, de-identified, aggregated, or pseudonymized.
Lawfulness and Business Purposes of Processing
Cloudera may collect, use, and otherwise process personal data pursuant to several legal bases and for multiple business and commercial purposes in accordance with applicable law.
Lawful Bases
To the extent required by applicable law, Cloudera relies on one or more of the following legal bases to process personal data:
Consent
Contract Performance or Pre-contractual Steps (“Contract Performance”)
Compliance with a Legal or Regulatory Obligation (“Legal Compliance”)
Protection of the Vital Interests of an Individual
Cloudera’s Legitimate Interests (or a third party’s legitimate interest(s), except where such interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data)
Legitimate Interests may include, among others, the processing of personal data to the extent strictly necessary and proportionate for the purposes of (a) ensuring network and information security, (b) managing possible criminal acts or threats to public security, (c) preventing fraud, (d) conducting direct marketing, and (e) processing that is relevant and appropriate to our relationship and that you could reasonably expect at the time and in the context of the collection of your data.
Processing Purposes
Cloudera processes personal data for specified, explicit, and legitimate purposes, and only processes data that is adequate, relevant, and reasonably necessary and proportionate to what is necessary in relation to those purposes. To that end, we may process personal data for one or more of the following purposes:
Advertising and Marketing
To induce you to buy or subscribe to, or enable or effect, directly or indirectly, a commercial transaction.
To market and promote Services that may be of interest to you, including through tailored communications, such as telemarketing, emails, newsletters, or other content.
To solicit and process your opinions through surveys.
Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us.
Business Operations and Commercial Purposes
To engage in our day-to-day business operations.
To advance our commercial or economic interests.
To perform customer relationship management and contract management (for which the provision of personal data is a contractual requirement or a requirement necessary to enter into a contract).
To retain and/or engage Service Providers to receive products and services, and to manage the relationships (for which the provision of personal data is a contractual requirement or a requirement necessary to enter into a contract).
To conduct audits (i.e., to verify that our internal processes function as intended and to address legal, regulatory, or contractual requirements)
To perform internal uses that are reasonably aligned with the individuals’ expectations or reasonably anticipated based on their relationships with us or are otherwise compatible with processing data in furtherance of the provision of the Services or performing the contract.
To determine the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users (e.g., auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards).
To consider and manage your job application, including conducting interviews and requesting background checks, and to manage the employer-employee.
To process and deliver contest entries and rewards (e.g., we may offer you the opportunity to participate in a sweepstakes, contest, or other promotion. Some of these promotions have additional rules containing information about how we will use and disclose your personal data. Please read those additional rules before choosing to participate. The provision of personal data is a contractual requirement or a requirement necessary to enter into the contract)
To facilitate social sharing functionalities.
To understand and analyze or predict our users’ preferences to prepare aggregated trend reports on how our digital content, Site, and Services are used, so that we can improve our Site and Services, personalize our interactions, and provide relevant information.
Delivery of Products and Performance of Services (Contract Performance)
To provide the Services requested or ordered and thereby complete the transaction for which the personal data was collected, to fulfill the terms of an agreement and/or to take steps at your request prior to entering into a contract or otherwise to engage in activities reasonably anticipated by you within the context of our ongoing business relationship (for which the provision of personal data is a contractual requirement or a requirement necessary to enter into a contract).
To process information according to your instructions pursuant to an agreement; process transactions, and send you related information, including confirmations and invoices; send you technical notices, updates, security alerts, and support and administrative messages; process payments on your account or bill you for the purchased Services; respond to your comments, questions, and requests; and provide customer service (for which the provision of personal data is a contractual requirement or a requirement necessary to enter into a contract).
Product/Service Development & Improvement and Quality Assurance
To undertake internal research for technological development and demonstration.
To verify or maintain the quality or safety of the Site, our Services, or devices we own, manufacture, or control.
To build, improve, upgrade, or enhance the Site, our Services, or devices we own, manufacture, or control.
To develop new Services.
To identify usage trends (e.g., to understand which parts of our Site and/or Services are of most interest to users).
To identify and repair technical errors that impair existing or intended functionality.
To operate and expand our business activities (e.g., to understand which parts of our Services are of most interest to our users so we can focus our resources on meeting our users’ interests).
Security, Integrity, Fraud & Unlawful Activities
To prevent, detect, resist, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity, including any activity that compromises or potentially compromises the availability, authenticity, integrity, and confidentiality of stored or transmitted personal data.
To preserve the integrity or security of our networks or information systems.
To investigate, report, or prosecute those responsible for any such action(s) listed above.
To ensure the life or physical safety of natural persons.
Legal Rights and Compliance
To comply with a law, rule, or regulation.
To comply with a court order or subpoena to provide information.
To comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities.
To cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, or local laws, rules, or regulations.
To cooperate with a government agency.
To investigate, establish, exercise, prepare for, or defend legal claims.
B2B Customers
Cloudera processes limited personal data of B2B customers’ Personnel (e.g., Name, Professional information, and Business contact information) for Contract Performance, Business Operations and Commercial Purposes, Product/Service Development & Improvement and Quality Assurance, Security, Integrity, Fraud & Unlawful Activities, and Legal Rights and Compliance. With respect to cloud-based customers (e.g., on cloud customers), we will process the limited personal data associated with access to the cloud platform (i.e., login data for authorization and authentication purposes) in accordance with this Privacy Statement, unless we and the customer agree otherwise in a separately executed privacy agreement.
Disclosures of Personal Data
Cloudera may disclose personal data for the purposes outlined above, as follows:
Affiliates and Subsidiaries
Cloudera may transfer or disclose personal data to its affiliates and/or subsidiaries for the purposes described above, in connection with our business activities, such as, legal, security, finance, human resources, and information technology administration.
Service Providers
Cloudera may transfer or disclose personal data to Service Providers (e.g., a data processor), or direct them to collect such data, so that they can help us provide our Site and/or Services and insofar as they need to process such data to carry out work on our behalf, such as providing product and service functionality, customer service, billing, and invoicing, advertising and marketing, ad measurement services, and conducting research and analysis. We only disclose personal data in accordance with applicable law and ensure that these Service Providers have implemented appropriate technical and organizational measures in such a manner as to comply with applicable law and are subject to a legally-binding contract to protect the personal data and process it only in accordance with our instructions.
Tracking Technologies and Chatbots
Cloudera may use a Chatbot, including one operating with or using artificial intelligence (“AI”), or deploy cookies, pixels, or similar tracking technologies (i.e., “Tracking technology”) to collect and use personal data and record your conversations with us or your online activities on our Site or Services, respectively. The Chatbot and/or Tracking Technologies may collect a Unique digital identifier and/or Network activity information. By interacting with our Site or Services, including the Chatbot provided by Cloudera’s third-party Service Provider, you agree to the recording, reading, and learning of the contents or meaning of any message, report, or communication (or any attempts thereof) while the same is in transit or passing over any means or form of communication, or is being sent from, or received at any place within any jurisdiction, and the use or communication, or attempts to do so, of the information obtained by Cloudera and the third party providing the Tracking technology or Chatbot on Cloudera’s behalf. By using the Site or Services, including the Chatbot, you acknowledge that a third-party Service Provider may provide the Tracking technology or operate the Chatbot on Cloudera’s behalf and that the Tracking technology and/or Chatbot records, accesses, and uses the data collected by said technology or submitted via the chat function and related electronically-generated data for what is necessary to provide the service to Cloudera, and does not share any chat communications data with any unauthorized third parties.
Requested Disclosures
Cloudera may disclose your personal data if you request us to do so or provide your explicit consent for us to do so.
Necessary and Legally-Required Disclosures
Cloudera may disclose personal data if we believe a disclosure is reasonably necessary to (a) comply with any applicable law, regulation, legal process, or governmental request; (b) establish, exercise, or defend legal claims or to enforce applicable contracts, user agreements, or policies, including our Terms and Condition of Site Use (the “Terms of Use”); or (c) prevent, detect, and/or protect Cloudera, others, or the public from harm, fraud, or illegal activities, or a violation of rights. For more information on government or law enforcement requests for access to personal data, refer to our Transparency Report.
Third-Party Sponsors
Cloudera may disclose personal data with our third-party sponsors of sweepstakes, contests, and similar promotions.
Business Partners and Resellers
Cloudera may disclose personal data to business partners and resellers, which offer our services, Cloudera-related services, and/or solutions and services complementary to our offerings, for several purposes, including, not limited to, Advertising and Marketing, Business Operations and Commercial Purposes, and Contract Performance. See our current list of partners here.
Mergers and Acquisitions
Cloudera may disclose personal data in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company. In this event, we will use best efforts, in accordance with applicable law, to notify you via email and/or with a prominent notice on our Site, of any change in ownership, uses of personal data, and choices you may have regarding personal data.
Your Public Disclosures
Note that, by using the Services and/or Site, you may elect to disclose personal data on message boards, chat, profile pages, blogs, community forums, and other offerings. Any information you post or disclose through these methods will become publicly accessible and may be available to other users and the general public.
Third-party Analytics and Advertisements
Cloudera uses third parties to conduct data analytics on the functioning of our Site and Services and to serve advertisements with cookies and similar online tracking technologies.
Cloudera may engage third parties to perform cross-context online behavioral advertising or online targeted advertising on our behalf across the Internet and to provide analytics services. These third parties may use Unique digital identifiers and Network activity information to collect information about your use of our Site and other non-Cloudera websites, such as your IP address, web browser, pages viewed, time spent on pages, links clicked, and conversion information. This information may be used by Cloudera, our Service Providers, and/or third parties to, among other things, analyze and track data, deliver advertising based upon your browsing activities and interests, and to better understand your use of our Services and Site.
Opt-out Options
If you wish to opt out of interest-based advertising by these third parties, click here or here. Note that you will continue to receive generic ads.
If you wish to opt-out of the sharing of your personal data for purposes of cross-context behavioral advertising, update your preferences in the cookie banner manager or turn on your browser’s opt-out preference signals.
In addition, Cloudera may use an integrated version of Google Analytics. You may opt out from Google Analytics by using the Google’s Ads Preferences Manager. You may also use the Google Analytics Opt-out Add-on.
Data Security
Cloudera uses commercially reasonable organizational, technical, physical, and administrative measures designed to (a) protect personal data from accidental or unlawful loss, alteration, destruction, theft, misuse, and unauthorized access and disclosure, and (ii) ensure the confidentiality, integrity, and availability of personal data. We follow generally accepted industry standards and best practices to safeguard the personal data. Please keep in mind that no security measures are completely effective, and we encourage you to regularly review your accounts for suspicious activity and carefully guard your credentials.
For information on our security practices, refer to our Information Security and Compliance. Customers may refer to our Trust Portal to access detailed information.
Data Retention
Cloudera retains personal data for as long as necessary for our legal business purposes and/or as lawfully permitted given the purpose(s) for which we obtained it and consistent with applicable law. We use the following criteria to determine our retention periods for personal data:
The type(s) of personal data;
Whether the personal data is necessary to continue to provide our Services to you (e.g., contract performance);
Whether we have a legal or regulatory obligation retain the data for a certain period of time;
Whether we have Legitimate Interests to retain the data; and/or
Whether retention is advisable considering our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
International Personal Data Transfers
As a global company, Cloudera may process personal data in multiple countries, including the United States of America (USA). Cloudera may store and process your personal data in any country where we have facilities, affiliates or subsidiaries, or in which we engage Service Providers. By using our Site and/or Services, or otherwise interacting with us, you understand and acknowledge that we may transfer your personal data from your country of residence to other countries, including the USA, which may have data protection laws or rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may have legal authorization to access or request disclosure of your personal data.
Cloudera may transfer personal data subject to this Privacy Statement from the European Union (EU), the European Economic Area (EEA), Switzerland, the United Kingdom (UK), and/or Brazil to a third country, for the purposes described in this Privacy Statement. The European Commission, Switzerland, the UK, and/or Brazil may recognize several third countries as providing adequate levels of data protection (i.e., adequacy decisions) and allow the lawful transfer of personal data to such countries. To conduct lawful transfers of personal data to third countries without such adequacy decisions, Cloudera relies on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (EU SCCs), the UK’s International Data Transfer Addendum to the EU SCCs, and/or Brazil’s Standard contractual clauses. You may obtain a copy of these standard contractual clauses by contacting us in accordance with the “How to Contact Us” section below.
Your Privacy Rights Concerning Your personal data
Privacy Rights - Global
Depending on the data protection or privacy law applicable to you and your personal data, you may be entitled to exercise one or more of the following rights:
Right to Know about any processing of your personal data
Right to Access your personal data
Right to Delete or Erase your personal data
Right to Correct or Rectify Inaccurate, Incomplete, or Outdated personal data
Right to Data Portability
Right to Restrict Processing of your personal data
Right to Object to Processing of your personal data (e.g., direct marketing)
Right to Withdraw Consent (if the lawful basis of processing is consent)
Right to Not to Be Subject to a Decision Based Solely on Automated Processing, including Profiling, which Produces Legal Effects Concerning You or Similarly Significantly Affects*
*Note that Cloudera does not engage in such solely automated decision making.
Right to lodge a complaint with a supervisory (data protection) authority
Privacy Rights - USA
Privacy laws in the USA (i.e., “US State Privacy Laws”) may provide residents of certain US States with one or more of the following rights in relation to personal data:
Right to Confirm and/or Know about any processing of your personal data
Right Access your personal data
Right to Delete your personal data
Right to Correction of Inaccurate or Incomplete personal data
Right to Data Portability
Right to Withdraw Consent (if the lawful basis of processing is consent)
Right to Opt Out of Profiling in furtherance of Decisions that Produce Legal or other Similarly Significant Effects Concerning You*
*Note that Cloudera does not engage in this type of profiling.
Right to Opt-out of Selling or Sharing your personal data
Right to Limit use and disclosure of sensitive personal data
Right to Non-discrimination if you exercise a privacy right
Unsubscribe from Marketing and Promotional Communications
Cloudera may periodically send you free newsletters, updates, and emails that directly promote and market the use of our Site or our Services. When you receive newsletters or marketing and promotional communications from us, you may indicate a preference to stop receiving further communications from us. You will have the opportunity to unsubscribe by following the unsubscribe instructions provided in the email you receive or by submitting a request to unsubscribe here.
Despite your indicated marketing and promotional preferences, Cloudera may send you transactional emails and notices of any updates to our Site, Services, Terms of Use, or Privacy Statement.
Cross-context Behavioral Advertising / Targeted Advertising
Cloudera may engage in online cross-context behavioral and/or targeted advertising based on your personal data obtained or inferred from your activity across businesses and non-affiliated, distinctly-branded websites, applications, online services, or services, other than our own with which you intentionally interact. In doing so, we may exchange or disclose your personal data by electronic means to a third party or our Service Providers for online cross-context behavioral/targeted advertising.
Right to Opt-out of Sharing (“Do Not Share My Personal Information”)
You may opt-out of online cross-context online behavioral and/or targeted advertising by one of the following methods:
Utilize the opt-out preference signals on your browser (or device, platform, technology, or other mechanism) to implement the opt-out automatically, if the signals comply with applicable law;
Update your preferences in the cookie banner manager on this Site; or
Click on the opt-out link to implement the opt-out automatically.
If you have opted out of the sharing of your personal data for online cross-context behavioral and/or targeted advertising, you may provide consent to opt in to such advertising by changing your preferences in the cookie banner manager.
Do Not Track
Cloudera does not monitor or respond to Do Not Track browser requests.
Exercising Your Privacy Rights
If you would like to exercise one or more of your privacy rights, or you are an authorized agent making a request on a data subject’s/consumer’s behalf, please submit a request to Cloudera at [email protected] or 1-888-789-1488. You may also submit your request via one of our contact methods listed in the section titled “How to Contact Us.”
To help us respond appropriately, please make clear the nature of your request (i.e., the privacy right(s) you would like to exercise) and the personal data to which it pertains. For your protection, we may only fulfill requests with respect to the personal data associated with the particular email address that you use to send us your request. Additionally, we must verify or authenticate your identity and may need you to provide additional information for purposes of verification or authentication before completing your request. We will try to comply with your request as soon as reasonably practicable, but always within the time period required by applicable law.
Note that we may need to rely on a legal exception in order not to, or to partially, fulfill a privacy rights request, such as to retain certain personal data for legitimate business purposes, to comply with legal or regulatory obligations, to establish, exercise, or defend legal claims, and/or to perform a contract. Also, note that regulatory authorities in your country may implement laws, rules, or regulations that restrict your data protection rights.
If you become aware that a profile has been created about you without your consent or knowledge, you may contact us to request deletion of such account.
We Do Not Sell Your personal data
Cloudera does not “sell” your personal data (as the term “sale” or “sell” is defined under the US State Privacy Laws), and we will not do so without offering you the right to opt out of any such sale. You may exercise this right by updating your preferences in the cookie banner manager.
Data Privacy Complaints
Appeal a Denial of a Privacy Rights Request
You may request more information about a denial, in whole or in part, of your privacy rights request or appeal that denial by contacting us at [email protected].
How to Lodge a Complaint
To make a complaint about data privacy, please contact us at [email protected].
To help Cloudera address the issue effectively, please clearly state the following in your complaint:
The specific data privacy complaint, along with as much detail as possible, including your country of residence, your understanding of the data privacy infringement and issue(s), and the redress requested;
Your full name and how we can contact you; and
Any previous correspondence with us on this specific data privacy issue.
Cloudera aims to resolve all issues in a timely manner and in accordance with applicable law. If there is any delay (such as where a more detailed investigation is required), we will try to keep in regular contact with you to ensure that we keep you informed of the progress on your matter.
Data Protection Authorities
If you are not satisfied with Cloudera’s resolution of your complaint, you may have the right to lodge a complaint with the competent data protection authority of your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law allegedly occurs.
Personal Data Processed on a B2B Customer’s Behalf
If Cloudera processes personal data on behalf of an B2B on cloud customer pursuant to an executed privacy agreement, Cloudera has no direct relationship with the individuals whose personal data it processes. If you have a concern or would like to exercise a privacy right related to your personal data under these circumstances, please contact the relevant B2B customer (i.e., your employer) directly.
Use of this Site by Children
Cloudera’s Site and Services are not intended for or directed to anyone under the age of 16 years. We do not knowingly collect personal data of individuals under the age of 16. If you are younger than 16, you should not register with us or use our Site or Services.
Changes to this Privacy Statement
Cloudera periodically verifies that this Privacy Notice is accurate, up-to-date, and comprehensive. We may update and revise this Privacy Notice from time to time to reflect changes in our business activities, our data processing practices, and/or changes in applicable law. If we make material changes to this Privacy Notice, we will revise this Notice’s “Last updated” date, and in some cases, we may provide you with a more prominent notice. We encourage you to review this Privacy Notice periodically to stay informed about our data processing practices.
How to Contact Us
If you have any questions about this Privacy Statement or need to contact us with any questions, complaints, or concerns about how Cloudera handles personal data, you may reach us as follows:
Postal Address
Cloudera, Inc.
Attn: Privacy
6220 America Center Drive, 5th Floor
San Jose, CA 95002
USA
Telephone
1-888-789-1488
Product & Service Data Policy
This Cloudera Product and Service Data Policy (“Data Policy”) describes Cloudera’s practices with respect to its collection, use, storage, and processing of data related to the Customer and the Customer’s use of Cloudera Products and Services in connection with the Enterprise Subscription Master Agreement, Order Form, and/or other agreements (“Agreement”) in place between the parties. “Cloudera” means Cloudera, Inc., and its subsidiaries and any Cloudera Affiliate. Cloudera may update this Data Policy from time to time to comply with Applicable Law, official guidelines or recommendations, and/or industry standards and best practices.
1. Definitions
1.1. Account Data
“Account Data” means the relevant business/corporate information about the Customer provided or generated by the Customer to create and administer the Customer’s account, which is necessary to receive Cloudera Products and Services and is required for Cloudera to (a) comply with Applicable Law; (b) conduct Cloudera’s business operations and activities; and (c) manage the business relationship with the Customer, including delivering Cloudera Products and Services, communicating updates and issues, and otherwise administering the Customer’s account for Cloudera Products and Services.
1.2. Applicable Law
“Applicable Law” means any law, rule, regulation, court order, government authority/agency or law enforcement order, legislation, or other legal decree or ordinance to which either party is subject and/or applies to Cloudera Products and Services.
1.3. Control Plane
“Control Plane” means the public cloud environment operated and managed by Cloudera for purposes of providing Cloudera on cloud to the Customer (i.e., the “On Cloud Customer”), and through which the On Cloud Customer can execute commands to the Workload Environment and which comprises the administrative service used by the On Cloud Customer’s administrator to manage environments, users, and Cloudera on cloud. The Control Plane processes Control Plane Data; it does not process Workload Data.
1.4. Control Plane Data
“Control Plane Data” means the authentication, logging, and audit information necessary to authenticate, authorize, log, and audit events of the On Cloud Customer’s end users, whom the Customer has authorized to use the Control Plane (namely, information associated with Security Assertion Markup Language Data, including the end user’s name (optional), work email, user ID, and/or username, and the Customer’s group member ID (optional) and/or tenant ID).
1.5. Diagnostic and Telemetry Data
“Diagnostic and Telemetry Data” means statistical data, system usage data, telemetry data, configuration files, cluster types, web server configuration, software versions, application logs, service and system logs, security log files, troubleshooting data, metrics, and other metadata regarding the Customer’s use of Cloudera Products and Services.
1.6. Feedback Data
“Feedback Data” means any recommendations, ideas, proposals, suggestions, reported defects, usability enhancements, feature requests, or other comments regarding Cloudera Products and Services provided to Cloudera by the Customer or its end users.
1.7. On–Premises/Private Cloud Environment
“On Premises/Private Cloud Environment” (i.e., “On Premises Environment”) means the on premise computing environment of the Cloudera on premises customer (i.e., the “On Premises Customer”), (a) which the Customer alone procures and sets up, manages, hosts, operates, and otherwise controls, and (b) in which the Customer deploys certain elements of Cloudera Products and Services and stores, manages, and otherwise processes the Customer’s data (i.e., “On Premises Data”).
1.8. Restricted or Prohibited Data
“Restricted or Prohibited Data” means data that (a) is inaccurate, illegal, harmful, obscene, pornographic, defamatory, racist, violent, offensive, harassing, or otherwise objectionable; (b) consists of an unauthorized disclosure of data or information; (c) violates or infringes any third party’s rights; (d) contains software viruses or any other computer code, files, or programs designed to interrupt, destroy, or limit the functionality of any computer software or hardware or telecommunications equipment; (e) includes any (electronic) protected health information (“PHI”) regulated by the Health Insurance Portability and Accountability Act; (f) includes any Cardholder Data, as stipulated in the Payment Card Industry Data Security Standard; and/or (g) contains information regulated by the International Traffic in Arms Regulations (“ITAR”) of the United States.
1.9. Technical Support Data
“Technical Support Data” means the information submitted by the Customer or that is otherwise necessary for Cloudera to provide Support Services to the Customer (e.g., Account Data, Diagnostic and Telemetry Data, and files, logs, images, and/or other information necessary to fulfill the support request, troubleshoot, and resolve any issue).
1.10. Usage Data
“Usage Data” means consumption data, general use or feature-specific use data, analytics information, and/or other metadata relating to, or generated by, the Customer’s interactions with and/or use of Cloudera Products and Services and collected by Cloudera’s first-party cookies, internal tools, and third-party service providers’ cookies, tracking technologies, and data analytics tools.
1.11. Workload Environment
“Workload Environment” means the On Cloud Customer’s public cloud environment necessary for Cloudera Online Services, namely, the environment (a) which the Customer alone procures from a separate third-party cloud service provider (“CSP”) and sets up, manages, operates, and otherwise controls, and (b) in which the Customer deploys certain elements of Cloudera Products and Services and processes Workload Data.
1.12. Workload Environment Data
“Workload Environment Data” (i.e., “Workload Data”) means any data submitted, uploaded, stored, hosted, managed, used, analyzed, or otherwise processed solely by the On Cloud Customer in or on the Customer’s Workload Environment.
For purposes of clarification, Account Data, Control Plane Data, Diagnostic and Telemetry Data, Technical Support Data, Usage Data, and Feedback Data do not include On Premises Data and/or Workload Environment Data. Undefined capitalized terms shall have the meaning ascribed to them in the Agreement.
2. Customer Account
2.1. In connection with Cloudera’s delivery of Cloudera Products and Services under the Agreement, the Customer must create an account by providing Account Data. To the extent required by Applicable Law, the Customer warrants and guarantees that it has obtained, and grants to Cloudera, all rights, consents, permissions, and/or authorizations necessary to Cloudera for Cloudera to use Account Data.
2.2. The Customer shall (a) ensure that it creates only one account per end-user email address; (b) ensure that all Account Data is current, accurate, complete, and lawful at all times for the duration of the Agreement; (c) implement and maintain appropriate administrative, organizational, physical, and technical safeguards to ensure that Account Data is only used by the Customer and its authorized end user(s) and that the credentials associated with Account Data and Account Data itself remain confidential and secure; (d) notify Cloudera promptly upon becoming aware of any loss, alteration, unauthorized disclosure of, or unauthorized access to, Account Data or any unauthorized use of, or access to, its account; (e) monitor and control its end users (whom it designates and authorizes to create and use its account and who access its account); and (f) remain fully responsible for all activities that occur under its account.
2.3. Cloudera shall not be liable for any losses, damages, liability, expenses, or attorneys’ fees that the Customer may incur as a result of an unauthorized user accessing or using the Customer’s account with the end user’s credentials, either with or without the Customer’s knowledge and/or authorization, and regardless of whether the Customer has advised Cloudera of such unauthorized use. The Customer shall be liable for losses, damages, liability, expenses, and attorneys’ fees incurred by Cloudera or a third party due to someone else using the Customer’s account. Notwithstanding the foregoing, Cloudera shall be liable if it is responsible for the unauthorized access or use of Customer’s account by its failure to implement appropriate security measures. If the Customer or its end user loses access to the Customer’s account or otherwise requests information about the account, Cloudera, in its sole discretion, reserves the right to request from the Customer or its end user any verification Cloudera deems necessary before restoring access to or providing information about such account.
3. Customer Responsibility
3.1. The Customer shall: (a) be responsible for the technical operation of Cloudera Products and Services, including ensuring that API calls the Customer makes to any Cloudera Online Service are compatible with then-current APIs for Cloudera Online Services; (b) comply with Applicable Law in its use of Cloudera Products and Services; (c) lawfully possess any data it provides or makes available to Cloudera; and (d) not disclose, provide, or make available to Cloudera (i) any Workload Data and/or On Premises Data, and/or (ii) any Restricted and Prohibited Data, and if the Customer violates subsection 3.1(d), Cloudera shall have no liability or obligations whatsoever under the Agreement relating to such data, notwithstanding anything to the contrary in Applicable Law.
3.2. In addition, the Customer shall be responsible for (a) anonymizing, deidentifying, or redacting data to the extent the Customer deems it reasonable to do so, and (b) properly handling notices sent to the Customer by a third party claiming that the Customer is violating such third party’s rights.
4. Acceptable Use
The Customer shall not: (a) use, or encourage, promote, facilitate, or instruct others to use, Cloudera Products and Services for any illegal, harmful, or offensive activities; (b) transmit, store, display, distribute, or otherwise make available content that is illegal, harmful, or offensive, or that constitutes Restricted or Prohibited Data, with Cloudera Products and Services; (c) use Cloudera Products and Services to violate the security or integrity of any network, computer or computing device, communications system or equipment, or software application; (d) make network connections to any users, hosts, or networks, unless the Customer has permission to communicate with them; (e) use Cloudera Products and Services to transmit spam, bulk, or unsolicited communications; (f) use Cloudera Products and Services to violate a third party’s rights; (g) use Cloudera Products and Services to process data, except as permitted or required by Applicable Law and in accordance with such law; (h) attempt to reverse engineer, decompile, hack, disable, interfere with, disassemble, modify, copy, translate, or disrupt the features, functionality, integrity, or performance of Cloudera Products and Services; and/or (i) mine cryptocurrency with Cloudera Product and Services.
5. On Premises Customer
5.1. The On Premises Customer shall be solely responsible for (a) implementing and maintaining all physical, technical, administrative, and organizational measures to ensure the confidentiality, integrity, availability, and resiliency of the On Premises Environment and any data therein (i.e., the On Premises Data), and (b) the retention and back up of On Premises Data. The On Premises Customer expressly assumes the risks associated with the foregoing responsibilities.
5.2. To deliver Cloudera Products and Services, Cloudera does not and cannot (a) host, manage, or access the On Premises Environment; or (b) access or process any On Premises Data. Cloudera shall not be responsible for and has no obligations or liability whatsoever with respect to the On Premises Environment and On Premises Data, including, but not limited to, any access to or loss, destruction or damage, alteration or modification, disclosure, or corruption of said environment and data.
6. On Cloud Customer
6.1. Workload Environment. The On Cloud Customer shall be solely responsible for (a) implementing and maintaining all physical, technical, administrative, and organizational measures to ensure the confidentiality, integrity, availability, and resiliency of the Workload Environment and Workload Data, (b) the retention and back up of Workload Data, and (c) the relationship with its third-party CSP. The On Cloud Customer expressly assumes the risks associated with the foregoing responsibilities
6.2. To deliver Cloudera Products and Services, Cloudera does not (a) host or manage the Workload Environment; or (b) access or process any Workload Data. Cloudera shall not be responsible for and has no obligations or liability whatsoever with respect to the Workload Environment and Workload Data, including, but not limited to, any unauthorized access to or loss, destruction or damage, alteration or modification, disclosure, or corruption of said environment and data.
6.3. Control Plane. The Customer acknowledges and understands that, to access and use the Control Plane, it must transmit to Cloudera the Control Plane Data.
6.3.1. To the extent required by Applicable Law, the Customer represents and guarantees it shall: (a) have all the rights, consents, permissions, and/or authorizations necessary and has provided any necessary notices, to provide, disclose, or make available to Cloudera the Control Plane Data; (b) ensure the accuracy, quality, completeness, currentness, and legality of Control Plane Data; and (c) be responsible for correcting, deleting, or providing access to Control Plane Data.
6.3.2. By accessing or using the Control Plane, the Customer authorizes and permits, or otherwise grants its authorization and all necessary rights and licenses to, Cloudera to use, copy, store, transmit, modify, display, and otherwise process Control Plane Data in connection with Cloudera Products and Services. The Customer shall own all rights, title, and interest in and to the Control Plane Data, subject to this Data Policy. Cloudera shall handle Control Plane Data in accordance with Applicable Law and the Agreement and process the end-user data associated with Control Plane Data as a controller, unless the Parties agree otherwise.
6.4. Shared Responsibility. Security and Compliance is a shared responsibility between Cloudera and the On Cloud Customer.
7. Diagnostics, Support, and Usage Information
7.1. General. In relation to Cloudera Products and Services, Cloudera utilizes Diagnostic and Telemetry Data, Technical Support Data, and Usage Data to (a) find, diagnose, and fix problems or errors or debug to identify and repair errors; (b) anticipate, identify, and mitigate issues or threats; (c) provide guidance on the optimization of Cloudera Products and Services; (d) understand the operation, use, or consumption of Cloudera Products and Services; (e) verify, maintain and/or ensure the health, quality, safety, security, integrity, and performance of Cloudera Products and Services; (f) improve, upgrade, or enhance Cloudera Products and Services; and (g) conduct any other lawful business purpose (collectively, “Business Purposes”).
7.1.1. Cloudera shall have a royalty-free right and license to use, copy, store, transmit, modify, create derivative works of, and display the Diagnostic and Telemetry Data and Technical Support Data to provide Cloudera Products and Services in accordance with the Agreement and, upon taking commercially reasonable steps to prevent the use of identifying information, to pursue its lawful Business Purposes, which exclude the selling or sharing of such data to a third party.
7.12. Cloudera is and shall remain the sole owner of any Usage Data and shall own all rights, title, and interest, including all Intellectual Property Rights, therein. Usage Data may include redacted, obfuscated, pseudonymized, anonymized, de-identified, or aggregated data.
7.2. Diagnostics and Telemetry. Cloudera Products and Services contain a diagnostic and telemetry functionality as their default configuration to generate and transmit Diagnostic and Telemetry Data to Cloudera. If the Customer’s policies prohibit the automatic sending of such reports, the Customer may change the diagnostic and telemetry function in Cloudera Products and Services to disable regular automatic reporting or to report data only on the submission of a support ticket; provided, however, that the Customer agrees that, no less than once per quarter, it will run said function and report the results to Cloudera no later than thirty (30) days prior to the end of the applicable quarter (where, for the avoidance of doubt, such quarter-end dates are January 31, April 30, July 31, and October 31).
7.2.1. For the On Premises Customer, the Diagnostic and Telemetry Data is contained within a diagnostic bundle. Cloudera utilizes the information from cluster registration and reports generated by the diagnostic bundle to confirm that the Customer’s use of Cloudera Products and Services is consistent with the Order Form. For more information on the diagnostic function and how to send reports manually, please refer to the Documentation here.
8. Feedback Data
Cloudera shall own all rights, title, and interest, including all Intellectual Property Rights, in Feedback Data and in and to any improvements to Cloudera Products and Services or any new programs, upgrades, modifications, or enhancements developed by Cloudera in connection with Feedback Data. The Customer hereby grants Cloudera a worldwide, an unlimited, an irrevocable, a perpetual, a transferable, and a royalty-free right and license to use, sell, or otherwise commercialize or exploit Feedback Data for Cloudera’s business purposes without restriction, including, inter alia, to enhance, upgrade, optimize, and improve Cloudera Products and Services and to develop new functionalities and features, without restriction. Any Feedback Data from the Customer is provided “as is”, and the Customer disclaims any and all warranties whatsoever therein.
9. Safeguards
Taking into account the nature, scope, context, and purposes of Cloudera Products and Services, Cloudera shall implement and maintain commercially reasonable and industry standard organizational, physical, and technical safeguards designed to protect and ensure the confidentiality, integrity, and availability of Cloudera Products and Services. For more information on Cloudera’s security measures, visit the Cloudera Trust Center.