General Privacy Policy

This General Privacy Policy, hereby referred to as “Policy,” explains how Camunda Services GmbH, and its subsidiaries (“Camunda,” “we,” “us” and “our”) collect, use, share and process Personal Data, defined by the General Data Protection Regulation (GDPR) as “any information related to an identified or identifiable natural person,” and that Camunda uses to manage the business and business relationships with customers, users, visitors, applicants, event attendees, etc.

Interaction Specific Policies

Camunda supplements this General Privacy Policy with the following interaction specific Policies:

Applicant Privacy Policy. This Policy explains how Camunda processes Personal Data from Applicants applying for jobs within Camunda.

California Specific Privacy Policy. This is a Privacy Policy specifically addressed to California residents.

Cookie Policy. This Policy explains how Camunda uses cookies and similar tracking tools.

Product Privacy Policy. This Policy applies to the information Camunda collects and uses in connection with customer deployments of Camunda products and services.


General Privacy Policy


Scope

This General Privacy Policy explains user rights and choices related to the personal data Camunda collects when:

  • users visit or use any of Camunda’s websites, social media pages, forum, online events, online advertisements, or marketing communications, hereby referred to as “Online Properties”
  • users visit, interact with or use any of Camunda’s offices, events, sales, marketing or other non-web related activities, hereby referred to as “Properties.”

This General Privacy Policy does not cover:

Applicant Information: See Camunda’s Applicant Privacy Policy.

Automatic collection from Camunda products and services: See Camunda’s Product Privacy Policy.

Service Data: Certain Camunda products permit the customer organization to consume or upload and submit content to the products, hereby referred to as “Service Data”. This Privacy Policy does not cover Service Data, including any personal data about customers that may be contained in Service Data. Service Data processing questions should be addressed to the customer organization directly.

Organizational Use: When customers use Camunda products or services on behalf of an organization (e.g., an employer), customer use is administered and provisioned by the customer’s organization under its policies regarding the use and protection of personal data. Refer to the appropriate organization’s privacy policy and direct inquiries to the organization directly.

Camunda determines the purposes and means for processing personal data as described in this Privacy Policy unless specified otherwise.


Contact Camunda

Camunda Services GmbH is Controller within the meaning of the GDPR and of other data protection laws or provisions applicable in the Member States of the European Union.

If you have any questions or concerns regarding this Policy please contact Camunda’s email at privacy@camunda.com or by postal mail to:

Camunda Services GmbH
Zossener Strasse 55-58
10961 Berlin
Germany
Or phone: +49 30 664 04 09 – 00

Camunda has appointed an external Data Protection Officer for German data subjects. 

The Data Protection Officer for Camunda is:

Julian Höppner
JBB Data Consult GmbH
Friedrichstraße 95
10117 Berlin
Germany

For questions about how information is gathered, stored, shared, used, or to exercise any data subject rights, please contact our Data Protection Officer as follows: 

phone: +49.30.20962282
E-mail: hoeppner@jbbdataconsult.de
Web pages: www.jbbdataconsult.de 


Information Camunda Collects & How It’s Collected

Camunda collects personal data and other information from users or customers directly, through automated means, and from third parties.

Personal Data Users and Customers provide directly: Camunda collects personal data when users or customers voluntarily provide it, which includes service providers or third parties who collect it on Camunda’s behalf, such as when signing up for our newsletter, downloading whitepapers, filling out contact forms, taking part in webinars, training courses and events, when placing an order, registering a product, completing surveys, writing in our forum, or requesting information about Camunda products, services, and events via sales representatives or customer support agents.

The personal data Camunda collects may include personal contact information, professional information, such as name, employer name, address, or job title telephone number, or email adress, user IDs, contact preferences, and billing/transactional data.

Camunda also collects personal data disclosed by users when completing any “free text” boxes on forms such as survey feedback or event sign-up, on message boards, chat features, and other services or platforms, including third party services and platforms.

In this category, Camunda obtains personal data usually from the following sources:

  • Contacting us by phone, e-mail or otherwise.When users communicate with Camunda via our Contact page, complete surveys, fill out any “free” boxes, users provide content, full name, email address, job title, company name, industry, phone number and company number of employees. 
  • Newsletters and White Papers. Camunda provides users with the opportunity to stay informed about Camunda’s upcoming meetings and developments in the workflow-automation field via our newsletters and white papers. 
  • Training, Events and Webinars.When customers register for our training, events or webinars through our website, Camunda collects Personal Data
  • in order to provide and manage these services.
  • Forum.Users have the opportunity to exchange information with other interested parties about questions relating to Camunda software. When a user registers for the forum, Camunda records their email address and their user name. If a user posts to a forum, the user’s chosen is displayed, and is therefore viewable by the public. The contribution they have submitted can also be downloaded by any interested party, together with the time of posting. However, the user’s email address is not published.
  • Social Media Pages.Through users’ use of social media and/or other websites such as Twitter, GitHub, Stack overflow, Vimeo, Facebook or LinkedIn, depending on users’ settings or the privacy policies of these websites. To change settings on these services, please refer to their respective privacy notices.
  • Careers.When applicants submit a CV or other information via our career site, https://camunda.com/career/. If you contact us via email through the website, we may keep a record of your email address and correspondence and use such information to respond to you. We may also receive resumes from recruiters, Camunda employees or other third parties. Please see Camunda’s Applicant Privacy Policy for more information. 

Data Collected Automatically: Camunda uses integrated technology such as cookies, web beacons, and embedded URLs to provide automated data collection.

  • Online Properties. Camunda automatically collects Personal Data information when users or customers use, access, or interact with Online Properties, including unique identification numbers, Internet Protocol (IP) address, hardware settings, browser language, the date and time of the request and referral of the URL, broad geographic location, etc. See Camunda’s Cookie Policy for more information.
  • Camunda Products. In order to enhance and ensure stability and functionality of our products, we collect technical data that may in come cases also be classified as Personal Information. We also use this Personal Information to analyze trends and usage patterns. Please see Camunda’s Product Privacy Policy

Data Collected from Third-Party Sources: Camunda may acquire data from affiliates in Camunda’s corporate group, via Camunda’s partners, or others third-parties used to make information provided more useful, such as geographic information acquired with the IP address that was collected automatically, as noted above. Information may be linked via a unique identifier, such as a cookie or account number.


Cookies and Website Automatic Data Collection

See Camunda’s Cookie Policy for detailed information on Camunda’s use of cookies and Automatic Data Collection Tools (First-Party cookies, Third-Party cookies, Web Beacons and APIs).


How Camunda Uses Information Collected

Camunda may use customer or user information for the following purposes:

  • Communications and Transaction Processing. Camunda uses customer and user Personal Data for communication purposes, to respond to customer and user requests, process transactions, and provide the information requested, which may include financial, credit card, and payment information.
  • Offering and facilitating certain services and interaction possibilities. Camunda uses customer and user Personal Data for the purpose of offering certain services, such as providing a forum where users can exchange on Camunda’s products or providing the download of whitepapers or offering a newsletter.
  • Conferences and Events. Camunda and its partners may use customer and user Personal Data to conduct and communicate about events and post-events, and may include sharing attendance information with conference sponsors and partners, where legally permitted to do so. If a partner or conference sponsor directly requests customer or user personal data, the information will be handled per their privacy practices.
  • Education and Training. If you sign up for a Camunda certification course or training, Camunda uses customer and user Personal Data to facilitate the delivery of such course or training. 
  • Establish, Administer, and Support Accounts. Camunda uses customer and user Personal Data to provide products and manage customer accounts, such as managing product downloads, providing consulting, support and recommendations, and sending account-related communications.
  • Manage Customer Experience. Camunda uses customer and user Personal Data to maintain accurate contact and cataloging data, deliver support, and offer products, services, and features. 
  • Marketing and Advertising. Camunda may use customer or user Personal Data to provide advertising per customer and user privacy preferences settings and applicable law, and may share some information with marketing service providers in order to present advertisements that might be of interest, which can occur with Automatic Data Collection Tools. See the Camunda’s Cookie Policy for more information.
  • Facilitate and Evaluate Use of Online Properties. Camunda uses customer and user Personal Data to provide Online Properties, facilitate use of the Online Properties, such as navigation, logging in, and enhancing security in order to improve quality, evaluate page response rates and personalize content.
  • Business Operations. Camunda uses customer and user Personal Data to conduct ordinary business operations, such as business research, corporate reporting, staff training, quality assurance, and general outreach.
  • Security. Camunda uses customer and user Personal Data to maintain the integrity and security of Online Properties, products and services to prevent and detect security threats, fraud, or other criminal and malicious activity that might compromise customer or user information.
  • Third Party Social Networks. Camunda may use personal data to interact with customers or users on third party social networks (subject to that network’s terms of use).
  • Research and Innovation. Camunda uses customer and user Personal Data to develop new products, features, and services via research and development tools.
  • Complying with Law. Camunda uses customer and user Personal Data as required to be compliant with applicable laws, regulations, and government and law enforcement requests.
  • Other Legitimate Business Purposes. We may use Personal Data when it is necessary for other legitimate purposes, such as protecting Camunda’s confidential and proprietary information.


How Camunda Shares Information

Camunda shares customer and user personal data with the following, and with appropriate contractual obligations in place:

With Camunda Companies. Camunda may transfer customer and user Personal Data to other Camunda entities in the U.S. and worldwide for the purposes outlined in this Privacy Policy. Camunda protects personal data per this Policy wherever it is processed and takes appropriate measures to protect personal data under applicable laws, including implementing the European Commission’s standard contractual clauses and relying on the European Commission’s adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries.

With Service Providers. Camunda may share customer and user Personal Data with third parties, such as vendors, consultants, agents and other service providers, such as IT and system administration, processing transactions, marketing and research, targeted advertising, training, customer support, and data enrichment as described below. Camunda service providers are contractually required to safeguard personal data received and are prohibited from using personal data for any purpose other than to perform the services as instructed by Camunda. These service providers may be located outside of the EEA, in the U.S. or other locations worldwide. Camunda protects personal data per this Policy wherever it is processed and takes appropriate measures to protect personal data under applicable laws, including implementing the European Commission’s standard contractual clauses and relying on the European Commission’s adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries.

With Competent Authorities. Camunda may share customer and user personal data when believed, in good faith, that Camunda is: (i) responding accordingly to authorized requests by law enforcement agencies, regulators, courts, and other public authorities; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and assist in preventing security threats, fraud or other criminal or malicious activity; (iv) enforce/protect the rights and properties of Camunda and its affiliates; or (v) protect the rights or personal safety of Camunda’s and its affiliates’ employees, and third parties on or using Camunda property in line with the requirements of applicable law.

Camunda only uses customer and user Personal Data in a lawful, apparent, and reasonable manner. Camunda relies on the following legal bases:

  • Consistent with user’s specific revocable consents in accord with Art. 6 I a GDPR;
  • To prepare, enter into and fulfill a contract in accord with Art. 6 I b GDPR, as necessary;
  • To comply with legal obligations, in accord with Art. 6 I c GDPR, as necessary;
  • To protect customer and user vital interests or those of others; and
  • As necessary for Camunda’s legitimate interests in accord with Art. 6 I f GDPR, such as Management of Customer Experience, Facilitating and Evaluating Use of Online Properties, Business Operations, Marketing and Advertising (if applicable), Research, Innovation or Security.


Data Retention

Camunda retains Personal Data collected in connection with the Online and Offline Properties for as long as necessary to fulfill the purposes outlined in this Privacy Policy or where there is an ongoing, legitimate business need to do so.


International Data Transfers

A user’s personal data may be accessed, stored, transferred to and processed in countries other than the country in which the person resides. As an internationally operating company, Camunda processes Personal Data data in countries outside the European Economic Area (“EEA“), including the USA. These countries may have data protection laws that differ from the laws of the country where the person resides. We have taken adequate security precautions to ensure that such personal data remains protected in accordance with this Policy and we have established adequate mechanisms to protect personal data in agreements with Camunda’s service providers such as use the standard contractual clauses of the EU Commission in accordance with Art. 46 Para. 2 lit. c GDPR.


Privacy Rights and Choices

Users have the right to:

  • request information about Personal Data stored by Camunda,
  • request correction, deletion and restriction of personal data,
  • complain to Camunda about the processing of personal data,
  • object to the processing of personal data at any time, in which Camunda will no longer process personal data unless there are compelling reasons worthy of protection that outweigh customer or user interests,
  • complain to any data protection supervisory authority, in particular in the Member State in which the customer or user is resident, if it is suspected that the processing of data is in breach of GDPR or other data protection legislation.

At the customer’s or user’s request, and as required by law, Camunda will:

  • inform of what personal data is on file;
  • amend or correct personal data or any previous privacy preferences the customer or user selected; and/or
  • delete personal data.

To exercise your rights, email Camunda at privacy@camunda.com. Camunda uses reasonable efforts to delete personal data as required and retains records necessary to comply with governmental authority or applicable federal, state, or local laws. Where legally permitted, Camunda may decline to process requests that are excessively repetitive or methodical, require unreasonable technical effort, or risk the privacy of others.

If Camunda is unable to resolve your concerns, users have the right to contact their local data privacy supervisory authority or seek a remedy through the courts if the users believes his or her requests to exercise privacy rights have not been honored.


California Privacy Rights

Please see California Specific Privacy Policy for information about Privacy Rights of California residents, and other required disclosures.


Security

Camunda is committed to protecting the security of personal data. We use appropriate technical and organizational measures to protect personal data from unauthorized access, use, or disclosure. Despite these measures, Camunda cannot eliminate security risks associated with personal data, and mistakes and security breaches may happen. Please contact us with security questions at privacy@Camunda.com.


Changes to this Policy

This Privacy Policy is subject to occasional revision. If substantial changes are made in the way Camunda uses personal data, appropriate measures will be taken to inform customers, consistent with the significance of the changes made, and Camunda will provide notice of any material Policy changes where required by applicable data protection laws.

Effective Date: October 12, 2020

Change log

October 2020: This privacy policy has been updated and restructured. In particular, we have updated the information about the data Camunda collects during users’ and customers’ use of Camunda’s products. In addition, we now present the information relevant to the respective data subjects in user-specific Policies (such as General, Applicant, Cookie, California specific and Product Privacy Policy) so that information is user-friendly presented and easily accessible.

previous versions

July 2020: This privacy statement has been completely revised to conform to the requirements set out in the CCPA and was first published in this form on the 2 of July 2020.

May 2020: This privacy statement has been updated to describe data processing of Camunda Cloud

April 2020: This privacy statement has been updated to describe data processing of Camunda Cloud and to describe updates of data processing during the Job application process.

January 2020: This privacy statement has been updated to describe the data processing of Camunda Modeler.

September 2019: This privacy statement has been updated to describe the usage of our Third-Party providers Go ToMeeting (scheduling and conducting Webinars) and Auth0 (password management).

September 2019: This privacy statement has been updated to describe the usage of our Third-Party providers Go ToMeeting (scheduling and conducting Webinars) and Auth0 (password management).

April 2019: This privacy statement has been updated to describe the usage of our Third-Party providers Stripe (billing of events) and Bizzabo (event management platform).

August 2018: This privacy statement has been updated to describe the usage of Cookies and Web Beacons and to reflect the implementation of our new marketing tools HubSpot and Clearbit.

May 2018: This privacy statement has been completely revised to conform to the requirements set out in the GDPR and was first published in this form on the 25th of May 2018.