Acquia Campaign Factory
Last revision of this Product Notice: [v1.1 – 17 May 2021 – hyperlinks updated]
Prior version(s) of this Product Notice: [v1.0 – 04 March 2021 – initial version]
This Product Notices describes the privacy relevant aspects of the above-mentioned Acquia product/services.
About the Product
Acquia Campaign enables Customers to centrally manage multiple, distributed Acquia Campaign Studio instances in one place. Acquia
Campaign Factory is used internally by Customer’s administration personnel.
For details about this Product and Acquia Campaign Studio, please refer to the respective Product Descriptions available online at
https://docs.acquia.com/guide.
1. Processing Operation(s)
The objective of Processing of Personal Data by data importer is the performance of the Services pursuant to the Agreement.
- Processing of Personal Data to deliver its core functionalities required: ☒ yes ☐ no
- Optional features processing Personal Data: ☐ yes ☒ no
- The optional features are deactivated by default: ☐ yes ☐ no ☒ n/a*
- Processing of sensitive Personal Data: ☐ yes** ☒ no ☐ n/a*
- Profiling of individuals based on personal characteristics: ☐ yes ☒ no ☐ n/a*
- Automated decision making that produces legal or other significant impacts on individuals: ☐ yes ☒ no ☐ n/a**
* (n/a = not applicable)
** (optional; depends on the Customer’s configuration of the system, the connection to other systems, and the categories chosen by the
Customer to be collected from Third Party Users)
2. Details of Personal Data being processed
| Categories of Personal Data | Categories of Data Subjects | Purpose of
Processing | Categories
of Data
Recipients
| Neede
d for
Core
Featur
es | Processing
Location | Acquia Inc.
acts as
Processor |
|---|
Through the configuration,
design, and administration of
Acquia Campaign Factory
instance, Customer may limit the
categories of data subjects
collected by their Acquia
Campaign Factory instance to
generic contact information of
its administration staff.
The categories of Personal Data
are solely contact information of
the user of Acquia Campaign
Factory, including name, email,
IP address. | Through the configuration,
design, and administration of
their own Acquia Campaign
Factory instance, Customer in its
sole discretion determines and
controls the categories of data
subjects collected by their
Acquia Campaign Studio
instance.
Primarily, the categories of Data
Subjects are the Customer’s
internal administrative
personnel, e.g. personnel in its
marketing department. | Provision of
the Services
by Acquia to
Customer. | Customer’s
personnel | Yes | Depends on the
data center
location chosen
by customer;
data collected
in a given
region will exist
only within that
region. |
3. Privacy Enhancements
Objective | Technology / Measure | Data at Rest | Data in Transit |
|---|
Anonymization and Pseudonymization | Data anonymization at Customer level optional for Customer | No | No |
Data confidentiality | Encryption at customer level
Encryption at Acquia level
Encryption at Acquia Sub-processor level
(see Security Annex and Product Description) | Yes N/A* N/A*
Yes
| Yes Yes Yes
Yes
|
Data integrity | Ant-tampering technology (see Security Annex) | Yes | Yes |
Data availability including restoring availability, restoring access to personal data, and data resilience | Business continuity and disaster recovery measures (see Security Annex) | Yes | Yes |
Regular testing, assessing and evaluating of TOMs | Regular security and process reviews (see also Security Annex) | Yes | Yes |
* uses sub-processor level encryption
4. Data Subject Rights
N/A
5. (Personal) Data Retention Cycles
Profile data can be deleted and updated at any time during the Term of the Service by the Customer. Profile data and
application/configuration is retained latest until the end of the subscription term.
6. Sub-Processing
The specific list of sub-processors is available from: www.acquia.com/about-us/legal/subprocessors
Any current Acquia customer with a data processing agreement in place with Acquia may subscribe to receive notifications of new or
changed sub-processors through above website.
7. Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses
4(d) and 5(c) (or document/legislation attached)
Data importer has implemented and will maintain appropriate administrative, physical, and technical safeguards for the protection of
the security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Acquia Security Annex (available
from https://www.acquia.com/about-us/legal/gdpr) applicable to the specific Services purchased by data exporter, as updated from
time to time, and made available by data importer upon request. The data exporter is wholly responsible for implementing and
maintaining security and data administration within any data exporter applications, configuration settings, or log settings used by data
exporter in conjunction with the Services.
Campaign Factory Product Privacy Notice
Acquia Campaign Factory
Last revision of this Product Notice: [v1.1 – 17 May 2021 – hyperlinks updated]
Prior version(s) of this Product Notice: [v1.0 – 04 March 2021 – initial version]
This Product Notices describes the privacy relevant aspects of the above-mentioned Acquia product/services.
About the Product
Acquia Campaign enables Customers to centrally manage multiple, distributed Acquia Campaign Studio instances in one place. Acquia
Campaign Factory is used internally by Customer’s administration personnel.
For details about this Product and Acquia Campaign Studio, please refer to the respective Product Descriptions available online at
https://docs.acquia.com/guide.
1. Processing Operation(s)
The objective of Processing of Personal Data by data importer is the performance of the Services pursuant to the Agreement.
- Processing of Personal Data to deliver its core functionalities required: ☒ yes ☐ no
- Optional features processing Personal Data: ☐ yes ☒ no
- The optional features are deactivated by default: ☐ yes ☐ no ☒ n/a*
- Processing of sensitive Personal Data: ☐ yes** ☒ no ☐ n/a*
- Profiling of individuals based on personal characteristics: ☐ yes ☒ no ☐ n/a*
- Automated decision making that produces legal or other significant impacts on individuals: ☐ yes ☒ no ☐ n/a**
* (n/a = not applicable)
** (optional; depends on the Customer’s configuration of the system, the connection to other systems, and the categories chosen by the
Customer to be collected from Third Party Users)
2. Details of Personal Data being processed
| Categories of Personal Data | Categories of Data Subjects | Purpose of
Processing | Categories
of Data
Recipients
| Neede
d for
Core
Featur
es | Processing
Location | Acquia Inc.
acts as
Processor |
|---|
Through the configuration,
design, and administration of
Acquia Campaign Factory
instance, Customer may limit the
categories of data subjects
collected by their Acquia
Campaign Factory instance to
generic contact information of
its administration staff.
The categories of Personal Data
are solely contact information of
the user of Acquia Campaign
Factory, including name, email,
IP address. | Through the configuration,
design, and administration of
their own Acquia Campaign
Factory instance, Customer in its
sole discretion determines and
controls the categories of data
subjects collected by their
Acquia Campaign Studio
instance.
Primarily, the categories of Data
Subjects are the Customer’s
internal administrative
personnel, e.g. personnel in its
marketing department. | Provision of
the Services
by Acquia to
Customer. | Customer’s
personnel | Yes | Depends on the
data center
location chosen
by customer;
data collected
in a given
region will exist
only within that
region. |
3. Privacy Enhancements
Objective | Technology / Measure | Data at Rest | Data in Transit |
|---|
Anonymization and Pseudonymization | Data anonymization at Customer level optional for Customer | No | No |
Data confidentiality | Encryption at customer level
Encryption at Acquia level
Encryption at Acquia Sub-processor level
(see Security Annex and Product Description) | Yes N/A* N/A*
Yes
| Yes Yes Yes
Yes
|
Data integrity | Ant-tampering technology (see Security Annex) | Yes | Yes |
Data availability including restoring availability, restoring access to personal data, and data resilience | Business continuity and disaster recovery measures (see Security Annex) | Yes | Yes |
Regular testing, assessing and evaluating of TOMs | Regular security and process reviews (see also Security Annex) | Yes | Yes |
* uses sub-processor level encryption
4. Data Subject Rights
N/A
5. (Personal) Data Retention Cycles
Profile data can be deleted and updated at any time during the Term of the Service by the Customer. Profile data and
application/configuration is retained latest until the end of the subscription term.
6. Sub-Processing
The specific list of sub-processors is available from: www.acquia.com/about-us/legal/subprocessors
Any current Acquia customer with a data processing agreement in place with Acquia may subscribe to receive notifications of new or
changed sub-processors through above website.
7. Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses
4(d) and 5(c) (or document/legislation attached)
Data importer has implemented and will maintain appropriate administrative, physical, and technical safeguards for the protection of
the security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Acquia Security Annex (available
from https://www.acquia.com/about-us/legal/gdpr) applicable to the specific Services purchased by data exporter, as updated from
time to time, and made available by data importer upon request. The data exporter is wholly responsible for implementing and
maintaining security and data administration within any data exporter applications, configuration settings, or log settings used by data
exporter in conjunction with the Services.
Subprocessors,
Support: see
Acquia
Affiliates
If Customer
uses the
Service to
connect to
third parties
(e.g. CRM),
processing of
the respective
data may occur
at the place of
such third
party. Such
third parties
are (sub-
)processors of
Customer, not
Acquia.
Subprocessors,
Support: see
Acquia
Affiliates
If Customer
uses the
Service to
connect to
third parties
(e.g. CRM),
processing of
the respective
data may occur
at the place of
such third
party. Such
third parties
are (sub-
)processors of
Customer, not
Acquia.
Campaign Studio