* (n/a = not applicable)
** (optional; depends on the Customer’s configuration of the system, the connection to other systems, and the categories chosen by the Customer to be collected from Third Party Users)
*** (optional and disabled by default; depends on the Customer’s configuration of the system, the connection to external analytics tools such as Google Analytics, and the categories chosen by the Customer to be collected from Third Party Users)
| Categories of Personal Data | Categories of Data Subjects | Purpose of Processing | Categories of Data Recipients | Needed for Core Features | Processing Location | Acquia Inc. acts as Processor |
|---|---|---|---|---|---|---|
| Regarding the use of the Service by the Customer: Through the configuration, design, and administration of an Acquia DAM instance, Customer may limit the categories of data subjects collected by their Acquia DAM instance to generic contact information of its administration staff. The categories of Personal Data are solely contact information of the user of Acquia DAM, including name, email, IP address, title, phone. | Through the configuration, design, and administration of their own Acquia DAM instance, Customer in its sole discretion determines and controls the categories of data subjects collected by their Acquia DAM instance. Primarily, the categories of Data Subjects are the Customer’s internal administrative personnel, e.g. personnel in its marketing department. | Provision of the Services by Acquia to Customer and use of the Service by Customer’s personnel | Customer’s personnel including admins and users | Yes | Depends on the data center location chosen by Customer; data collected in a given region will exist only within that region. Subprocessors, Support: see Acquia Affiliates If Customer uses the Service to connect to third parties (e.g. CRM), processing of the respective data may occur at the place of such third party. Such third parties are (sub)processors of Customer, not Acquia. | Yes |
Regarding the administration of the Service by Customer: Individual identifiers and contact details of Custtomer’s admins, including name, email, IP address, title, phone. | Customer admins | Provision and administration of the Service | Customer’s admin personnel | Yes | Yes | |
| Regarding Assets uploaded by the Customer into the Service: In general, Assets do not contain personal data. However, some Assets may contain Personal Data (e.g. picture of a person). | Anyone’s personal data captured in the Asset | Use of the Service by Customer’s personnel | Customer’s personnel and any such person designated to use by Customer | No | Yes |
| Objective | Technology / Measure | Data at Rest | Data in Transit |
|---|---|---|---|
| Anonymyzation and Pseudonymization | Data anonymization at Customer level optional for Customer | No | No |
| Data confidentiality | Access control measures Encryption at customer level | Yes N/A* N/A* Yes | Yes Yes Yes Yes |
| Data integrity | Anti-tampering technology (see Security Annex) | Yes | Yes |
| Data availability including restoring availability, restoring access to personal data, and data resilience | Business continuity and disaster recovery measures (see Security Annex) | Yes | Yes |
| Regular testing, assessing and evaluating of TOMs | Regular security and process reviews (see also Security Annex) | Yes | Yes |
* uses sub-processor level encryption
Through the Product’s administration console, the Customer may manage, update, retrieve, and erase individual Personal Data.
If this content did not answer your questions, try searching or contacting our support team for further assistance.
| Regarding Assets uploaded by the Customer into the Service: In general, Assets do not contain personal data. However, some Assets may contain Personal Data (e.g. picture of a person). |
| Anyone’s personal data captured in the Asset |
| Use of the Service by Customer’s personnel |
| Customer’s personnel and any such person designated to use by Customer |
| No |
| Yes |
If this content did not answer your questions, try searching or contacting our support team for further assistance.