Last Updated October 8, 2020
This Privacy Notice also explains Cribl’s commitments under laws and regulations that protect personal data, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws and regulations. Personal data means information relating to a User who can be directly or indirectly identified through the information, as well as information related to, or that could reasonably be linked to, a User or a User’s household (“Personal Data”).
The GDPR applies to companies that operate in the European Union (EU) and collect or use Personal Data, as well as companies operating outside of the EU that have customers in the EU or collect any Personal Data of anyone in the EU. The GDPR can be found at https://gdpr-info.eu/. The CCPA applies to certain businesses that collect Personal Data from California residents. The CCPA can be found at https://oag.ca.gov/privacy/ccpa. Other applicable laws and regulations are described below.
Cribl may collect data, including Personal Data, provided by Users to Cribl or through Cribl Services, as well as information collected regarding Users (collectively, “User Data”). Such collections include without limitation Users inputting or uploading information to Cribl Services, causing information to be provided to Cribl or Cribl Services by or through third-party providers or services, visiting or otherwise accessing Cribl Services, filling out forms on or through Cribl Services, and downloading software, documents, or other resources from or through Cribl Services, as as information collected from third parties, including publicly available information from third-party websites like Facebook, LinkedIn, and Twitter.
Cribl may collect User Data, including Personal Data, as part of its normal business operations, including its business operations with Users. Business operations include the management of business relationships, customer support activities, billing, and marketing activities, as well as contracting and marketing activities and events, and correspondence with Cribl through phone, email, or other methods. Such information includes company name, contact information of company employees and agents, financial information, payment information, purchase orders and licensing agreements, usage information for Cribl Services, and information related to Users’ users and administrators, each of which may include Personal Data. Cribl maintains support tickets and related records for all customer support requests and issues.
Cribl may receive, process, store, or otherwise use Personal Data through Cribl’s website. Cribl is a data processor and data controller for the purposes of the GDPR and other applicable data protection laws and regulations relative to Cribl’s website insofar as it receives, processes, stores, or otherwise uses Personal Data, but is not a data processor or data controller relative to other Cribl services that receive, process, store, or otherwise use only Operational Data. Currently, Cribl’s website receives, processes, stores, or otherwise uses Personal Data and Operational Data.
Cribl’s use of User Data for processing through Cribl’s website includes operating, evaluating, maintaining, improving, developing, and monitoring Cribl Services, and providing Users with requested Cribl Services and customizing Cribl Services to Users’ needs and requests. Cribl may use User Data to monitor performance, access, usage, log, and transactional information related to the operation of Cribl’s website, and may use User Data to improve and develop Cribl Services, including as to the security of Cribl Services and the operation of services provided by Cribl’s business partners as part of Cribl Services.
Cribl does not receive, process, store, or otherwise use Personal Data through Cribl’s products and services. Cribl is not a data processor or data controller for the purposes of the GDPR and other applicable data protection relative to Cribl’s products and services because Cribl’s products and services do not send Personal Data to Cribl. Users are the data processors and data controllers for Personal Data processed through Cribl’s products and services because only Users process and control all such Personal Data.
Cribl may receive, process, store, or otherwise use User Data, including Personal Data, through Cribl’s normal business operations. Cribl is a data processor and data controller for the purposes of the GDPR and other applicable data protection laws and regulations relative to Cribl’s normal business operations insofar as its normal business operations receive, process, store, or otherwise use Personal Data.
Cribl’s use of User Data for its business operations with Users and other persons or entities includes contacting Users, processing payments and other financial transactions with Users, contracting with Users, providing customer support to Users, billing Users, and marketing to Users when it is lawful for Cribl to do so. If a User wishes to unsubscribe from receiving certain email communications, the User may unsubscribe by opting out of email notifications or emailing firstname.lastname@example.org.
Cribl may disclose User Data with affiliated businesses and third-party service providers to assist Cribl in the operation of Cribl Services and conducting Cribl’s normal business operations, each subject to applicable contractual restrictions involving those affiliates and applicable Users. Cribl does not disclose User Data with affiliated businesses or third-party service providers for an affiliate’s own use, but may disclose User Data with third parties in connection with a potential or actual sale of Cribl or the assets of Cribl or affiliate where User Data may be one of the transferred assets.
Cribl may disclose User Data, including Personal Data, to protect Cribl Services, Cribl’s confidential and proprietary information, and Cribl’s employees, equipment, and premises, or other persons or entities and the employees, equipment, and premises of such persons or entities. Cribl may also disclose User Data, including Personal Data, to manage and investigate suspected illegal activities, risk exposure, violations of contracts or legal requirements, fraud, and claims or other liabilities, and to cooperate with public authorities for law enforcement or national security purposes, if Cribl receives a lawful request or is otherwise required by law or regulation.
Cribl takes reasonable steps to secure User Data from unauthorized access, improper use or disclosure, unauthorized modification or destruction, and accidental loss, including through encryption and pseudonymization, maximizing Cribl’s stability and uptime, using reasonable backup and disaster recovery procedures, and regular security testing. Cribl protects User Data with the same level protection no matter where Cribl stores its data.
Cribl contractually requires affiliated businesses and third-party service providers to provide the level of protection for Personal Data that is required by the GDPR and will remain liable under the GDPR if one of its affiliated businesses or third-party service providers processes Personal Data in violation of the GDPR. However, no service can be completely secure, error free, or always available and Cribl Services and Cribl’s infrastructure may be compromised. Cribl is not responsible for unauthorized or unintended access, improper use or disclosure, unauthorized modification or destruction, or accidental loss that is beyond Cribl’s control or that occurs despite Cribl’s reasonable protections.
Cribl will keep User Data, including Personal Data, for only as long as required to fulfill the purposes for which it was collected or processed. In some circumstances Cribl, may retain User Data, including Personal Data, for a longer period than required to fulfill the purposes for which it was collected or processed. Such circumstances include when Cribl is required to do so to comply with a legal, tax, or accounting requirement, or when required to do so by a governmental authority. Cribl may also retain User Data, including Personal Data, for a longer period corresponding to a statute of limitations in order to have an accurate record of Users’ dealings with Cribl in the event of any complaints or other issues.
Subject to applicable law and regulations, a User may have rights involving his or her own Personal Data. A User’s rights may impose obligations on Cribl, but certain obligations may fall to the data controller for the User’s Personal Data instead of Cribl if Cribl is not the data controller.
A User’s rights may include the right to access, including the right to receive (1) a free copy every year of his or her Personal Data that Cribl has received, processed, stored, or otherwise used to the extent identifiable and stored by Cribl, the categories of such Personal Data, the purpose or purposes of Cribl’s use of such data, and whether automated decisions or profiling occurs and, if so, the logic involved, significance, and likely consequences of such Cribl’s receipt, processing, storage, or other use of such data; (2) a list of any third-party recipients of Personal Data and what safeguards are in place to protect the data being transferred; (3) a list of third-party data sources of a User’s Personal Data not collected from the User directly; and (4) a description of how long Cribl will store Personal Data or, if such a period is not determinable, how the length of the period would be determined. Cribl may charge a reasonable fee for subsequent requests for, and copies of, Personal Data.
A User’s rights may include the right to correct, without any undue delay, any inaccurate Personal Data to the extent identifiable and stored by Cribl, including the right to have incomplete Personal Data completed where appropriate given the purposes of Cribl’s receipt, processing, storage, or other use of such data.
A User’s rights may include the right to erase, without any undue delay, Personal Data if (1) the Personal Data is no longer necessary for the purpose or purposes for which it was received, processed, stored, or otherwise used; (2) the User withdraws his or her consent regarding his or her Personal Data and there is no other legal basis for receiving, processing, storing, or otherwise using that Personal Data; (3) the User objects to the receipt, processing, storage, or other use of his or her Personal Data and there are no legitimate grounds for processing that Personal Data; (4) the Personal Data have been unlawfully received, processed, stored, or otherwise used; (5) the Personal Data are required to be erased to comply with a legal obligation, (6) the Personal Data have been collected in relation to the offer of information society services, or (7) the Personal Data must otherwise be erased from Cribl’s Services as required by the GDPR, the CCPA, or other applicable law or regulation.
A User’s rights may include the right to data portability where the User has the right to receive his or her Personal Data in a structured, commonly used, and machine-readable format, and the obligation for the data controller of the Personal Data to transmit those data to another data controller, without undue hindrance, to the extent such transfer is technically feasible.
A User’s rights may include the right to complain to a supervisory authority for data protection, including the User’s local supervisory authority. Cribl will not discriminate against any User who exercises his or her rights under applicable data protection laws and regulations.
Please note that if you contact Cribl regarding Personal Data for which Cribl is a data processor, Cribl will refer your request to the applicable data controller for the User’s Personal Data to the extent that the applicable data controller can be identified.
Cribl requires proof of identity and may charge a fee where permitted by law, especially if a User’s request is manifestly unfounded or excessive. Cribl will not use Personal Data obtained to establish a User’s identity for any purpose other than the verification of the User’s identity.
Cribl will attempt to respond to all questions and requests within applicable timeframes.