* (n/a = not applicable)
** (optional; depends on the Customer’s configuration of the system, the connection to other systems, and the categories chosen by the Customer to be collected from Third Party Users)
Categories of Personal Data | Categories of Data Subjects | Purpose of Processing | Categories of Data Recipients | Needed for Core Features | Processing Location | Acquia Inc. acts as Processor |
|---|---|---|---|---|---|---|
Individual identifiers (e.g. | End users | To enable | Designated | Yes | United States (US-East, unless otherwise agreed) | Yes |
Objective | Technology / Measure | Data at Rest | Data in Transit |
|---|---|---|---|
Anonymization and Pseudonymization | Optional anonymization at customer level; | Partial | Partial |
Data confidentiality | Strict access controls; encryption at customer and Acquia | Yes
| Yes
|
| Encryption at Acquia Level | AES-256 (or equivalent) encryption of data and backups | Yes | Yes |
Data integrity | Ant-tampering technology (see Security Annex) | Yes | Yes |
Data Availability, Business Continuity, and Disaster | Proven business continuity and disaster recovery plans | Yes | n/a |
Regular Testing & Evaluation | Ongoing security reviews, penetration testing, and process | Yes | n/a |
Through the Product’s administration console and through the Customer’s own user profile, the Customer may manage, update, retrieve, and erase individual Personal Data.
Acquia ID retains your personal data only for as long as necessary to support secure access, account management, and critical platform functions, or as required by law. When data is no longer needed, it is securely deleted or anonymized according to our retention policies. Audit logs and anonymized records may be kept longer to maintain platform integrity and compliance, but these cannot be used to identify you personally. For details or specific requests regarding your data retention, please contact Acquia Support.
The specific list of Acquia’s sub-processors is available from: http://www.acquia.com/about-us/legal/subprocessors.
Any current Acquia customer with a data processing agreement in place with Acquia may subscribe to receive notifications of new or changed sub-processors through the above website.
Data importer has implemented and will maintain appropriate administrative, physical, and technical safeguards for the protection ofthe security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Acquia Security Annex (available from https://www.acquia.com/about-us/legal/gdpr) applicable to the specific Services purchased by data exporter, as updated from time to time, and made available by data importer upon request. The data exporter is wholly responsible for implementing and maintaining security and data administration within any data exporter applications, configuration settings, or log settings used by data exporter in conjunction with the Services.
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Yes
Proven business continuity and disaster recovery plans
Yes |
n/a |
Regular Testing & Evaluation | Ongoing security reviews, penetration testing, and process | Yes | n/a |
If this content did not answer your questions, try searching or contacting our support team for further assistance.