Acquia Campaign Factory
Last revision of this Product Notice: [v1.1 – 17 May 2021 – hyperlinks updated]
Prior version(s) of this Product Notice: [v1.0 – 04 March 2021 – initial version]
This Product Notices describes the privacy relevant aspects of the above-mentioned Acquia product/services.
About the Product
Acquia Campaign enables Customers to centrally manage multiple, distributed Acquia Campaign Studio instances in one place. Acquia Campaign Factory is used internally by Customer’s administration personnel. For details about this Product and Acquia Campaign Studio, please refer to the respective Product Descriptions available online at https://docs.acquia.com/guide.
1. Processing Operation(s)
The objective of Processing of Personal Data by data importer is the performance of the Services pursuant to the Agreement.
- Processing of Personal Data to deliver its core functionalities required: ☒ yes ☐ no
- Optional features processing Personal Data: ☐ yes ☒ no
- The optional features are deactivated by default: ☐ yes ☐ no ☒ n/a*
- Processing of sensitive Personal Data: ☐ yes** ☒ no ☐ n/a*
- Profiling of individuals based on personal characteristics: ☐ yes ☒ no ☐ n/a*
- Automated decision making that produces legal or other significant impacts on individuals: ☐ yes ☒ no ☐ n/a**
* (n/a = not applicable)
** (optional; depends on the Customer’s configuration of the system, the connection to other systems, and the categories chosen by the Customer to be collected from Third Party Users)
2. Details of Personal Data being processed
| Categories of Personal Data | Categories of Data Subjects | Purpose of Processing | Categories of Data Recipients | Needed for Core Features | Processing Location | Acquia Inc. acts as Processor |
|---|
| Through the configuration, design, and administration of Acquia Campaign Factory instance, Customer may limit the categories of data subjects collected by their Acquia Campaign Factory instance to generic contact information of its administration staff. The categories of Personal Data are solely contact information of the user of Acquia Campaign Factory, including name, email, IP address. | Through the configuration, design, and administration of their own Acquia Campaign Factory instance, Customer in its sole discretion determines and controls the categories of data subjects collected by their Acquia Campaign Studio instance. Primarily, the categories of Data Subjects are the Customer’s internal administrative personnel, e.g. personnel in its marketing department. | Provision of the Services by Acquia to Customer. | Customer’s personnel | Yes | Depends on the data center location chosen by customer; data collected in a given region will exist only within that region. Subprocessors, Support: see Acquia Affiliates If Customer uses the Service to connect to third parties (e.g. CRM), processing of the respective data may occur at the place of such third party. Such third parties are (sub-) processors of Customer, not Acquia. | Yes |
3. Privacy Enhancements
Objective | Technology / Measure | Data at Rest | Data in Transit |
|---|
Anonymization and Pseudonymization | Data anonymization at Customer level optional for Customer | No | No |
Data confidentiality | Encryption at customer level Encryption at Acquia level Encryption at Acquia Sub-processor level (see Security Annex and Product Description) | Yes N/A* N/A* Yes | Yes Yes Yes Yes |
Data integrity | Ant-tampering technology (see Security Annex) | Yes | Yes |
Data availability including restoring availability, restoring access to personal data, and data resilience | Business continuity and disaster recovery measures (see Security Annex) | Yes | Yes |
Regular testing, assessing and evaluating of TOMs | Regular security and process reviews (see also Security Annex) | Yes | Yes |
* uses sub-processor level encryption
4. Data Subject Rights
N/A
5. (Personal) Data Retention Cycles
Profile data can be deleted and updated at any time during the Term of the Service by the Customer. Profile data and application/configuration is retained latest until the end of the subscription term.
6. Sub-Processing
The specific list of sub-processors is available from: www.acquia.com/about-us/legal/subprocessors
Any current Acquia customer with a data processing agreement in place with Acquia may subscribe to receive notifications of new or changed sub-processors through above website.
7. Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)
Data importer has implemented and will maintain appropriate administrative, physical, and technical safeguards for the protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Acquia Security Annex (available from https://www.acquia.com/about-us/legal/gdpr) applicable to the specific Services purchased by data exporter, as updated from time to time, and made available by data importer upon request. The data exporter is wholly responsible for implementing and maintaining security and data administration within any data exporter applications, configuration settings, or log settings used by data exporter in conjunction with the Services.
Campaign Factory Product Privacy Notice
Acquia Campaign Factory
Last revision of this Product Notice: [v1.1 – 17 May 2021 – hyperlinks updated]
Prior version(s) of this Product Notice: [v1.0 – 04 March 2021 – initial version]
This Product Notices describes the privacy relevant aspects of the above-mentioned Acquia product/services.
About the Product
Acquia Campaign enables Customers to centrally manage multiple, distributed Acquia Campaign Studio instances in one place. Acquia Campaign Factory is used internally by Customer’s administration personnel. For details about this Product and Acquia Campaign Studio, please refer to the respective Product Descriptions available online at https://docs.acquia.com/guide.
1. Processing Operation(s)
The objective of Processing of Personal Data by data importer is the performance of the Services pursuant to the Agreement.
- Processing of Personal Data to deliver its core functionalities required: ☒ yes ☐ no
- Optional features processing Personal Data: ☐ yes ☒ no
- The optional features are deactivated by default: ☐ yes ☐ no ☒ n/a*
- Processing of sensitive Personal Data: ☐ yes** ☒ no ☐ n/a*
- Profiling of individuals based on personal characteristics: ☐ yes ☒ no ☐ n/a*
- Automated decision making that produces legal or other significant impacts on individuals: ☐ yes ☒ no ☐ n/a**
* (n/a = not applicable)
** (optional; depends on the Customer’s configuration of the system, the connection to other systems, and the categories chosen by the Customer to be collected from Third Party Users)
2. Details of Personal Data being processed
| Categories of Personal Data | Categories of Data Subjects | Purpose of Processing | Categories of Data Recipients | Needed for Core Features | Processing Location | Acquia Inc. acts as Processor |
|---|
| Through the configuration, design, and administration of Acquia Campaign Factory instance, Customer may limit the categories of data subjects collected by their Acquia Campaign Factory instance to generic contact information of its administration staff. The categories of Personal Data are solely contact information of the user of Acquia Campaign Factory, including name, email, IP address. | Through the configuration, design, and administration of their own Acquia Campaign Factory instance, Customer in its sole discretion determines and controls the categories of data subjects collected by their Acquia Campaign Studio instance. Primarily, the categories of Data Subjects are the Customer’s internal administrative personnel, e.g. personnel in its marketing department. | Provision of the Services by Acquia to Customer. | Customer’s personnel | Yes | Depends on the data center location chosen by customer; data collected in a given region will exist only within that region. Subprocessors, Support: see Acquia Affiliates If Customer uses the Service to connect to third parties (e.g. CRM), processing of the respective data may occur at the place of such third party. Such third parties are (sub-) processors of Customer, not Acquia. | Yes |
3. Privacy Enhancements
Objective | Technology / Measure | Data at Rest | Data in Transit |
|---|
Anonymization and Pseudonymization | Data anonymization at Customer level optional for Customer | No | No |
Data confidentiality | Encryption at customer level Encryption at Acquia level Encryption at Acquia Sub-processor level (see Security Annex and Product Description) | Yes N/A* N/A* Yes | Yes Yes Yes Yes |
Data integrity | Ant-tampering technology (see Security Annex) | Yes | Yes |
Data availability including restoring availability, restoring access to personal data, and data resilience | Business continuity and disaster recovery measures (see Security Annex) | Yes | Yes |
Regular testing, assessing and evaluating of TOMs | Regular security and process reviews (see also Security Annex) | Yes | Yes |
* uses sub-processor level encryption
4. Data Subject Rights
N/A
5. (Personal) Data Retention Cycles
Profile data can be deleted and updated at any time during the Term of the Service by the Customer. Profile data and application/configuration is retained latest until the end of the subscription term.
6. Sub-Processing
The specific list of sub-processors is available from: www.acquia.com/about-us/legal/subprocessors
Any current Acquia customer with a data processing agreement in place with Acquia may subscribe to receive notifications of new or changed sub-processors through above website.
7. Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)
Data importer has implemented and will maintain appropriate administrative, physical, and technical safeguards for the protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Acquia Security Annex (available from https://www.acquia.com/about-us/legal/gdpr) applicable to the specific Services purchased by data exporter, as updated from time to time, and made available by data importer upon request. The data exporter is wholly responsible for implementing and maintaining security and data administration within any data exporter applications, configuration settings, or log settings used by data exporter in conjunction with the Services.
Campaign Studio