Product Privacy Policy

This Product Privacy Policy hereby referred to as “Policy” explains how Camunda Services GmbH and its subsidiaries (“Camunda,” “we,” “us” and “our”) collect, use and share information, including Personal Data, defined by the General Data Protection Regulation (GDPR) as “any information related to an identified or identifiable natural person” from customers or users when using or demoing Camunda’s community, trial or paid products such as Camunda BPM, Camunda Cloud, Camunda Modeler or Cawemo and any other services maintained by Camunda, such as support services, hereby referred to as “the Products”.

Product Privacy Policy


Scope

This Policy applies to the information Camunda collects in connection with customer use of the Products, for which we determine the means and purpose of processing. This information includes Product Usage Data (defined below) and Operations Data (defined below), which are generally technical but may include limited Personal Data.

This Policy does not cover:

Service Data. Certain Camunda Products permit customers to consume, or upload and submit, content, including Personal Data to the Products, referred to as Service Data. This Policy does not cover Service Data or any Personal Data contained in Service Data, because the customer’s organization (not Camunda) controls how Service Data is processed.

Processing of Personal Data on our Websites. Processed according to Camunda’s General Privacy Policy, such as Personal Data collected through Camunda websites, hereby referred to as “Sites,” product feedback or surveys; the sales and provisioning process; and in connection with Camunda events, sales and marketing activities. See Camunda’s General Privacy Policy for details on how this information is processed.

Organizational Users: When users use Camunda Products on behalf of an organization (e.g., an employer), the use is administered and provisioned by the user’s organization per its own policies regarding the use and protection of Personal Data. Refer to the organization’s privacy policy for questions relating to how data is accessed and used by the organization.


Contact Camunda

Camunda Services GmbH is Controller within the meaning of the GDPR and of other data protection laws or provisions applicable in the Member States of the European Union.

If you have any questions or concerns regarding this Policy please contact Camunda’s email at privacy@Camunda.com or by postal mail to:

Camunda Services GmbH
Zossener Strasse 55-58
10961 Berlin
Germany
Or phone: +49 30 664 04 09 – 00

Camunda has appointed an external Data Protection Officer for German data subjects. 

The Data Protection Officer for Camunda is:

Julian Höppner
JBB Data Consult GmbH
Friedrichstraße 95
10117 Berlin
Germany

For questions about how information is gathered, stored, shared, used, or to exercise any data subject rights, please contact our Data Protection Officer as follows: 

Tel.: +49.30.20962282
E-mail: hoeppner@jbbdataconsult.de
Web pages: www.jbbdataconsult.de


Information Camunda Collects from Products

Camunda automatically collects “Operations Data” and “Product Usage Data” from customer use of the Products. Operations Data is information Camunda uses to facilitate the delivery of the Products, manage and monitor the Products, and provide support. Product Usage Data is information Camunda uses for product analytics and improvement, which may contain Personal Data such as IP addresses and identifiers, including cookies, but is generally technical, aggregated and pseudonymized. Depending on the Product, the information may include:

Products and System Data: Information about the Products being used and the systems and related environment from which customers access the Service. Examples include Product type and version, license information, installed plug-ins, UUID, and third-party systems used in connection with the Product.

Operations Data: Statistics related to uptime, indexes, shards, and segments and similar data points.

Performance Data: Information about the performance of the Products, such as response times and metrics on the performance and scale of the Products.

Feature Usage Data: Information about how the Products are used, including user interface metrics and details about which features are used or paths users take.

How Camunda Uses Product Usage Data

Camunda uses Product Usage Data in order to improve Products, support Customers and business to business marketing and sales, comply with legal requirements and other legitimate purposes. Camunda may use Product Usage Data for the following purposes:

Product Improvement: To analyze the use of the Products, prioritize testing and development of new features and functionality, improve support responses and forecasting, make pricing decisions, and identify, understand, and anticipate performance issues that affect the Products.

Customer Support: To provide support to our customers, such as guidance that will help optimize usage, identify product improvement opportunities and prioritize future product features, personalize customer’s experience, and suggest related Camunda Products to increase engagement and adoption of Camunda Products.

Business to Business Marketing and Sales: To market additional Products to customers, where permitted by law, and to advise sales discussions.

Legal Requirements: Camunda may be required to access Personal Data contained in Product Usage Data as required by law, such as to comply with legal processes, when Camunda believes, in good faith, that disclosure is necessary to protect or defend Camunda rights, property, or users of the Products in order to protect the safety of others, to investigate fraud, or respond to government requests, including public and government authorities outside a user’s country of residence, for national security or law enforcement purposes.

Other Legitimate Business Purposes: Camunda may use Product Usage Data when it is necessary for other legitimate purposes.


How Camunda Uses Operations Data

Camunda uses Operations Data to facilitate Product delivery, administer accounts, provide support, maintain security, administer disaster recovery plans, detect fraud, and comply with legal requirements. Camunda may use Operations Data for the following purposes: 

Conduct account administration: To provide account management on Products, including managing product downloads, updates, and resolutions, and distributing administrative or account-related communications, including release notes and billing information.

Provide support: When users or individuals contact Camunda via a Camunda support channel so that Camunda may contact them about support requests, in which users may be asked to provide copies of affected files, logs, or other information that will enable Camunda to assist with the support request. In such cases, Camunda uses the requested information to respond to, troubleshoot, and resolve the support request.

Maintain the security of Camunda infrastructure and Products: Maintains security monitoring and incident management, handles the performance and stability of the Products, and addresses technical issues.

Administer disaster recovery plans and policies: To activate Camunda’s back-up disaster recovery plans and policies.

Detect fraud: To help monitor, prevent and detect fraud, improve security, monitor and confirm identity or access, and prevent malware or security risks.

Comply with legal obligations: To comply with applicable laws and regulations, including complying with legally mandated reporting, disclosure or other legal process requests, for mergers and acquisitions, finance and accounting, insurance purposes, legal and business consulting and dispute resolution.

Other legitimate business purposes: Camunda may use Operations Data when it is necessary for other legitimate purposes.


How Camunda Shares Information Collected from Products

Camunda makes every effort to ensure that Product Usage Data and Operations Data is accessed internally only by individuals that require access to perform applicable tasks and duties, and externally only by service providers with a legitimate purpose for accessing it. External service providers are contractually required to protect any Personal Data accessed and are prohibited from reprocessing the Personal Data for any purpose other than to perform the services as instructed by Camunda. Camunda will not sell Personal Data or allow third-parties to use Personal Data for its own commercial purpose. See How Camunda Shares the Information in Camunda’s General Privacy Policy for more information.


How Camunda Uses Cookies and Automatic Data Collection Tools 

Depending on the Product used, Camunda may use cookies or other tracking tools for the purposes described in this Policy. Some of these tools are essential for the delivery of the Products, such as account access and authentication, performance and functionality of services, and the ability to analyze and customize the Products. For instance, Camunda uses a tool called Mixpanel in our cloud products to provide a better user experience and diagnose user issues. It records and captures user sessions so that we can monitor user actions like mouse clicks, movements, etc. 

Camunda only uses customer and user Personal Data in a lawful, apparent, and reasonable manner. Camunda relies on the following legal bases:

  • Consistent with customer’s or user’s specific revocable consents in accord with Art. 6 I a GDPR;
  • To prepare, enter into and fulfill a contract in accord with Art. 6 I b GDPR, as necessary;
  • As necessary for Camunda’s legitimate interests in accord with Art. 6 I f GDPR, such as perform, improve, maintain, and secure the Products, providing support for users and customers of the Products, and operate the business efficiently and appropriately. 

Please contact Camunda at privacy@Camunda.com with questions about the legal basis on which Camunda collects and uses Personal Data.


Data Retention

Camunda retains information collected in connection with the Automatic Data Collection Tools and Cookies only for as long as necessary to fulfill the purposes outlined in this Policy.


International Data Transfers 

A user’s personal data may be accessed, stored, transferred to and processed in countries other than the country in which the person resides. As an internationally operating company, Camunda processes Personal Data in countries outside the European Economic Area (“EEA“), including the USA. These countries may have data protection laws that differ from the laws of the country where the person resides. We have taken adequate security precautions to ensure that such personal data remains protected in accordance with this Policy and we have established adequate mechanisms to protect personal data in agreements with Camunda’s service providers such as use the standard contractual clauses of the EU Commission in accordance with Art. 46 Para. 2 lit. c GDPR.


User Privacy Rights and Choices

Camunda collects a limited amount of Personal Data to fulfill the purposes outlined in this Policy. Users may exercise their choices with regards to Personal Data, such as the request to accessing, correcting, updating or deleting Personal Data, by contacting us at privacy@Camunda.com.

Users have the right to complain to a data protection authority about Camunda’s collection and use of Personal Data. For more information, please contact a local data protection authority. For more information about rights as a data subject, please see Camunda’s General Privacy Policy. 


California Privacy Rights

Please see California Specific Privacy Policy for information about Privacy Rights of California residents, and other required disclosures.


Security

If you have any questions about security, please contact us at privacy@Camunda.com. Camunda is committed to protect the security of Personal Data, by using appropriate technical and organizational measures to protect Personal Data from unauthorized access, use, or disclosure, but cannot eliminate security risks and breaches associated with Personal Data.


Changes to this Policy

This Policy is subject to occasional revision. If substantial changes are made in the way Camunda uses personal data, appropriate measures will be taken to inform customers, consistent with the significance of the changes made, and Camunda will provide notice of any material Policy changes where required by applicable data protection laws.

Effective Date: October 12, 2020