Effective Date: January 1, 2020
This General Privacy Statement (also referred to as our "Privacy Statement") explains how Elasticsearch, Inc., and our subsidiaries and affiliated companies ("Elastic," "we," "our," or "us") collect, use, share and otherwise process information that identifies or could be identifiable to you ("personal data") and that we use to manage our business and our relationships with customers, visitors and event attendees.
Interaction Specific Statements
We supplement this Statement with the following specific statements based on how we interact with you:
Product Privacy Statement. This statement applies to the information we collect and use in connection with customer deployments of our products and services.
Applicant Privacy Statement. This statement applies to the personal data we collect and use in connection with our employment recruiting process.
California Privacy Rights Statement. This statement explains the privacy rights of California residents.
General Privacy Statement: Contents
Scope & Responsibilities
Information We Collect & How We Collect It
How We Use the Information
How We Share the Information
Cookies and Website Automatic Data Collection
Legal Basis for Processing the Information (European Economic Area)
International Data Transfers
Privacy Rights and Choices
California Privacy Rights
How to Contact Us
This General Privacy Statement explains your rights and choices related to the personal data we collect when:
- You visit, interact with or use any of our websites, social media pages, marketing or sales communications, or register for our products and services ("Online Properties"); and
- You visit, interact with or use any of our offices, events, sales, marketing and other offline activities ("Offline Properties")(collectively, the "Properties");
This General Privacy Statement does not cover:
Automatic collection from our products and services: This Statement does not cover the information we automatically collect in connection with your use of Elastic products and services. Please see our Product Privacy Statement for that information.
Applicant Information: This Statement does not cover information related to our employment recruiting efforts. Please see our Applicant Privacy Statement for that information.
Customer Content: Certain Elastic products permit customers to ingest or upload and submit content to the products ("Customer Content"). This notice does not cover Customer Content, including any personal data about you that may be contained in Customer Content, because the Customer, rather than Elastic, controls how Customer Content is processed. Any questions about the processing of Customer Content should be addressed to the Customer directly.
Elastic determines the purposes and means for the processing (i.e., we are the data controller) of your personal data as described in this Privacy Statement unless expressly specified otherwise.
Elastic collects personal data and other information from you directly, through automated means, and from third parties. More information on each category follows:
We collect personal data when you voluntarily provide it to us (including to our service providers or other parties who collect it on our behalf). For example, we collect personal data when you order, register to use, or request information about Elastic products and services, subscribe to marketing communications, complete surveys, provide such data in product feedback, or sign up for an Elastic event or webinar. We may also collect personal data from you when you attend one of our events, during phone calls with sales representatives, or when you contact customer support.
The personal data we collect may include contact information (such as your name, address, telephone number, or email address), professional information (such as your employer name, address, job title, department or job role), user IDs, and passwords, and contact preferences. We collect information you choose to provide when completing any "free text" boxes in our forms (for example, for event sign-up, product feedback, or survey requests), and we collect personal data disclosed by you on message boards, chat features, blogs, and other services or platforms to which you can post information and materials (including third party services and platforms). We may also collect billing and transactional information.
We use technology that is integrated into our Online Properties such as cookies, web beacons, and embedded URLs to provide us with automated data collection.
We automatically collect certain information when you use, access, or interact with our Online Properties. This information may include unique identification numbers and other information about the specific device you are using, such as the hardware model, operating system version, web-browser software, your Internet Protocol (IP) address/MAC address/device identifier, device event information (such as crashes, system activity, and hardware settings, browser language, the date and time of your request and referral URL), broad geographic location (e.g., country or city-level location) and other technical data that uniquely identifies your browser. We may also collect information about how your device has interacted with our Online Properties, such as the pages accessed and other statistical information. To learn more, please read the Elastic Cookie Statement.
Elastic may automatically collect information in connection with your organization's deployment of certain products. See our Product Privacy Statement for more information.
From Third-Party Sources
We may also acquire data from other sources including affiliates in our corporate group, our partners, or others that we use to make our information better or more useful. For example, we may compare the geographic information acquired from commercial sources with the IP address collected by our Automatic Data Collection Tools (see our Cookie Statement) to derive your general geographic area. Information may also be linked via a unique identifier, such as a cookie or account number.
Depending on the situation, we may use your information for the following purposes:
Communications and Transaction Processing. We use your information to communicate with you, respond to your requests, and provide the information you requested. We also use personal data, including financial, credit card, and payment information, to process transactions.
Provision, Administer, and Support Your Account. We use your information to provide our products and manage your account. Examples include managing product downloads, updates and fixes, providing support and recommendations, and sending other administrative or account-related communications, including release notes.
Manage Your Customer Experience. We use your information to maintain accurate contact and registration data, deliver support, and to offer products, services, and features. We also use your data to deliver personalized communications and create recommendations based on your use of Elastic products, services, features, and your visits on our websites.
Advertising. We use your information to provide personalized advertising to you per your privacy preferences settings and applicable law. We might also share some of your information with marketing service providers and digital marketing networks to present advertisements that might interest you. This may involve the use of Automatic Data Collection Tools. To learn more about how Elastic uses Automated Data Collection Tools please see our Cookie Statement.
Facilitate and Evaluate Use of the Online Properties. We use your information to provide the Online Properties, to facilitate your use of the Online Properties (such as facilitating navigation and the login process, preserving information between sessions and enhancing security), to improve quality, to evaluate page response rates and personalize and determine content.
Business Operations. We use your information to conduct ordinary business operations, e.g., business research and analytics, corporate reporting and management, staff training and quality assurance purposes, and outreach.
Security. We use the information to maintain the integrity and security of our websites, products and services and preventing and detecting security threats, fraud, or other criminal or malicious activity that might compromise your information or the information of other customers or website visitors.
Conferences and Events. Elastic and our partners may use your information to communicate with you about our events or our partner events. After the event, Elastic may contact you about the event and related products and services. We may share information about your attendance with your company, and our conference sponsors and partners, where legally permitted to do so. If a partner or conference sponsor directly requests your personal data at their conference booths or presentations, your information will be handled per their privacy practices. We recommend that you review the privacy practices of such partners and sponsors.
Education and Training: If you sign up for an Elastic certification course or training, Elastic will use your information to facilitate the delivery of such course or training.
Research & Innovation. We use your information to develop new products, features, and services using research and development tools and incorporating data analysis activities.
Comply with Law. We use your information as required to be compliant with applicable laws, regulations, court orders, government, and law enforcement requests.
Other Legitimate Business Purposes: We may use your information when it is necessary for other legitimate purposes, such as protecting Elastic's confidential and proprietary information.
We share your personal data with the following categories of recipients and only with the appropriate contractual obligations in place:
With Elastic Companies
We may transfer your personal data to other Elastic entities in the US and worldwide for the purposes outlined in this Privacy Statement. We protect your personal data per this Statement wherever it is processed and take appropriate contractual or other steps to protect it under applicable laws. These steps include implementing the European Commission's standard contractual clauses and relying on the European Commission's adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries. We have implemented similar appropriate safeguards with our service providers, partners, and affiliates. Furthermore, our privacy guidelines are communicated to our employees on an annual basis as part of our mandatory training.
With Service Providers
We may share your information with third parties, such as vendors, consultants, agents and other service providers who provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, targeted advertising, training and certifications, customer support, and data enrichment for the purposes and according to the legal bases described below. Our service providers are required by contract to safeguard any personal data they receive from us and are prohibited from using the personal data for any purpose other than to perform the services as instructed by Elastic. These service providers may be located in the US or other global locations.
With Business Partners
We may share your information with our partners, such as distributors and resellers, and to other business partners, to fulfil product and information requests, to effectively deliver unified support, to provide customers and prospective customers with information about Elastic, and for event purposes. From time to time, Elastic may engage in joint sales, product promotions, or events with selected business partners. If you purchase or express interest in a jointly-offered product, promotion, service, or event, we may share relevant personal data with those partners. Such partners are responsible for managing their use of the personal data collected in these circumstances, including providing information to you about how they use your personal information. We recommend you review the privacy policies of the relevant partner to find out more about their handling of your personal information.
With Competent Authorities
We may share your personal data when we believe, in good faith, that we must: (i) respond to duly authorized information requests of law enforcement agencies, regulators, courts, and other public authorities, including to meet national security or other law enforcement requirements; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and help prevent security threats, fraud or other criminal or malicious activity; (iv) enforce/protect the rights and properties of Elastic or our affiliates; or (v) protect the rights or personal safety of Elastic's and our affiliates' employees, and third parties on or using Elastic property when allowed and in line with the requirements of applicable law.
For Corporate Transactions
We may share your information where, whether for strategic or other business reasons, Elastic decides to sell, buy, merge, or otherwise reorganize its businesses. In such transactions, we may disclose or transfer your personal data to prospective or actual purchasers or receive your personal data from sellers. Our practice is to seek appropriate protection for your personal data in these types of transactions.
We only use your information in a lawful, transparent, and fair manner. Depending on the specific personal data concerned and the factual context, we rely on the following legal bases:
- As necessary to prepare and enter into a contract;
- Consistent with specific revocable consents;
- As necessary to comply with our legal obligations;
- To protect your vital interests or those of others; and
- As necessary for our (or others') legitimate interests, including our interests in, unless those interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data.
Elastic operates globally, which means personal data collected in the European Economic Area ("EEA") or Switzerland may be stored and processed outside of the country or region where it was initially collected. We protect your personal data in accordance with this Statement wherever it is processed and take appropriate contractual or other steps to protect it under applicable laws. These steps include implementing the European Commission's standard contractual clauses and relying on the European Commission's adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries. We have implemented similar appropriate safeguards with our service providers, partners and affiliates.
At your request, and as required by law, we will:
- inform you of what personal data we have on file for you;
- amend or correct that personal data or any previous privacy preferences you selected; and/or
- delete your personal data.
To exercise your rights, email us at firstname.lastname@example.org. Please identify yourself and specify your request. We use commercially reasonable efforts to delete your personal data as required, but retain records necessary to comply with a governmental authority or applicable federal, state, or local law. Where legally permitted, we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others.
If you are an EEA resident, you also have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.
Subscription Communications and General Communications
You have the option of subscribing to communications from us. Elastic subscription communications include email newsletters, software updates, and maintenance notifications that may be expressly requested by you or which you consented to receive.
After you consent to such communications, you may opt-out of receiving them by following the instructions in the email. To unsubscribe from all Elastic email lists, please click here.
Please see our California Privacy Rights Statement for information about California Privacy Rights, and other required disclosures.
Elastic is committed to protecting the security of personal data. We use appropriate technical and organizational measures to protect personal data from unauthorized access, use, or disclosure. Despite these measures, Elastic cannot eliminate security risks associated with personal data, and mistakes and security breaches may happen. We retain the data only as required or permitted by law, and while the data continues to have a legitimate business purpose. Please contact us with security questions at email@example.com.
Data Retention. We retain information collected in connection with the Properties for so long as necessary to fulfill the purposes outlined in this Statement or where we have an ongoing legitimate business need to do so.
Changes to this Privacy Statement. This General Privacy Statement is subject to occasional revision. If we make any substantial changes in the way we use personal data, we will take appropriate measures to inform our customers, consistent with the significance of the changes we make. We will provide notice of any material changes if and where required by applicable data protection laws.
The date of the most recent update to this General Privacy Statement can be found by checking the "effective" date displayed at the top of this Statement.
If you have any questions or concerns regarding this Statement, you may call us at +1.650.458.2620, or write to us by email at firstname.lastname@example.org or by postal mail to:
Attn: Privacy Team
800 W. El Camino Real, Suite 350
Mountain View, CA 94040 USA
Attn: Privacy Team
1016 ED Amsterdam
Data Protection Officer. Elastic has appointed an external Data Protection Officer for German data subjects. For questions about how information is gathered, stored, shared, used, or to exercise any data subject rights, please contact our Data Protection Officers as follows: email@example.com.
If we are unable to resolve your concerns, you have the right to contact your local data privacy supervisory authority or seek a remedy through the courts if you believe your requests to exercise your rights have not been honored.