Treasure Data Privacy Statement

1. PERSONAL DATA WE MAY COLLECT ABOUT YOU

Personal data about you that we may collect and process includes the following:

• identifiers and contact information, such as name, account name, password, signature, email address, telephone number, postal address, medical information you provide us (for example, your COVID vaccination status);
• commercial and transaction information, such as payment card or other payment information in the name of an individual representative of a customer, information provided through customer support communications, types of services or products of interest, records of services ordered by representatives of our customers and purchasing history;
• internet and other electronic network activity, such as IP address, information about usage of our products or services which may qualify as personal data, information about your device and your usage of our Website which may qualify as personal data, information about your interactions with our Website, including the full Uniform Resource Locators (URLs), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information, methods used to browse away from the page;
• audio, electronic, and similar information, such as images, videos and voice recordings.
• professional and employment-related information, such as company name and details (for example, industry and size), job title, expertise, work address, work phone number, work email address.
  If we combine or connect non-personal, technical, or demographic data with personal data so that it identifies an individual, we treat the combined information as personal data.

If you provide us with any personal data relating to individuals other than you, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Statement.

2. HOW WE COLLECT DATA ABOUT YOU

We use different methods to collect data from and about you including through:

Direct interactions. You may give us information about you when you:

• Visit our Website that displays or links to this Privacy Statement. As you interact with our Website, we may automatically collect technical data about your equipment, browsing actions and patterns as specified above. We collect this information by using cookies, server logs, and other similar technologies (see Cookies and Automatic Data Collection Technologies);
• Fill a form on our Website that displays or links to this Privacy Statement;
• Report to us a problem with our Website;
• Participate in surveys, research or other similar data collection conducted by or for us where a link to this Privacy Statement is provided;
• Register for, attend or take part in our events, webinars or training;
• Receive communications from us or otherwise communicate with us (for example via email or over the phone);
• Are employed by another company (for example, a service provider or partner) where your personal data has been shared with us in our capacity as a controller (for example, during the contracting process);
• Use our products or services where we act as a controller of your personal data;
• Visit our offices;
• Provide information for us to publish or display (“post”) on public Website areas or transmit to other Website users or third parties (collectively, “User Contributions“).

You submit User Contributions for posting and transmission to others at your own risk. Although we limit access to certain pages or you may set certain privacy settings for User Contributions by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of any Website users with whom you choose to share your User Contributions. Therefore, we cannot and do not guarantee that unauthorized persons will not view your User Contributions.

Third parties or publicly available sources. We also collect information about you from other sources including partners from whom we purchase personal data, or who provide us with publicly available information which may contain personal data. We may combine this information with personal data provided by you.

We may receive information about you if you visit other websites employing our cookies or from third parties (including, for example, business partners, advertising networks, analytics providers, search information providers, credit reference agencies, data brokers, or aggregators) in connection with our marketing and prospecting activities. We may collect information about you from other sources for expanding our records of individuals potentially interested in our products and services and for the purposes of tailored advertising. We may combine this information with personal data provided by you. This information includes professional or employment-related information, education information and commercial information. We use this information for marketing our products and services, delivering relevant email content, event promotion and profiling and verifying contact information.

3. COOKIES AND AUTOMATED DATA COLLECTION TECHNOLOGIES

Our Website uses cookies (small files placed on your device) or other automatic data collection technologies to distinguish you from other Website users. This helps us deliver a better and more personalized service when you browse our Website. We store your preferences so we may customize our Website according to your individual interests, speed up your searches, and recognize you when you return to our Website. Cookies also allow us to improve our Website by enabling us to estimate our audience size and usage patterns, collect information about how visitors use our Websites, including which pages visitors go to most often and if they receive error messages from certain pages. The information is used to improve how the Websites function and perform.

We may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Click here for information on how you can opt out of behavioral tracking on this Website and click here for information on how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking. The accepted Cookie Settings will apply to treasuredata.com and all of its subdomains.

You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, certain parts of our Website may become inaccessible and certain features may not work correctly. Unless you adjust your browser settings to refuse cookies, our system will issue them. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy

Our Website pages and emails may contain web beacons that permit us to count website page visitors or email readers, or to compile other similar statistics such as recording Website content popularity or verifying system and server integrity.

4. PURPOSES FOR OUR USE OF YOUR PERSONAL DATA

We collect and process your personal data for the following purposes:

• Operating and administering our Website, including, for example, providing you with the content that you request;
• Improving our Website, for example by analyzing trends;
  Verifying and investigating activity for security purposes;
• Displaying adverts to you on our Website or third-party’s websites;
• Communicating with you, for example sending you marketing information and product recommendations;
• Recording calls and video calls for training, quality assurance, and administration purposes;
• Managing your registrations and attendance for events, webinars, promotional events, training or other programs;
• Conducting surveys among the users of our products and services;
• Aggregating your personal data with other information so as to obtain aggregated data that no longer identifies you;
• Registering and managing admission of visitors at our offices;
• Performing our contract with you or the organization you are affiliated with;
• Handling requests for customer support;
• Analyzing the usage of our products and services for business modeling purposes (such as considering improvements);
• Complying with our legal obligations under applicable law, for example cooperating with courts or regulators or taking action to protect our rights;
• Protecting our rights, for example in connection with a legal claim brought against us or to enforce the terms of our agreements.

Where permitted under applicable law, we may also process your personal data for additional purposes that are compatible with the purposes described in this section.

If we need to collect and process personal data by law, or under a contract we have entered into with you, and you fail to provide the required personal data when requested, we may not be able to perform our contract with you.

5. DISCLOSURE OF YOUR PERSONAL DATA

We may disclose your personal data:

• To any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, and our affiliates. Our personnel will only access the information to the extent necessary to perform their job;
• To a business partners, suppliers, service providers, sub-contractors, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Website improvement and optimization). We contractually require these third parties to keep the personal data confidential and use it only for the contracted purposes;
• To advertisers and advertising networks that require the data to select and serve relevant ads to you and others. We do not disclose data about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users. We may use such aggregate information to help advertisers reach the kind of audience we want to target;
• To relevant third parties (for example a prospective buyer) as part of a contemplated or actual corporate transaction, such as in the event of merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding;
• To comply with any court order, law, or legal process, including responding to any government or regulatory request;
• To enforce or apply our terms of use and other agreements;
• To protect the rights, property, or safety of our business, our employees, our customers, or others.

6. YOUR PERSONAL DATA USE CHOICES

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanism:

Promotional Offers. If you do not want us to use your email address/contact information to promote our own products and services, you can opt out by checking the relevant box located on the form where we collect your data or the Data Subject Request Form. This opt-out does not apply to information provided to Treasure Data a result of a product purchase, warranty registration, product service experience, or other transactions.

Third-Party Advertising. If you do not want us to share your personal data with unaffiliated or non-agent third parties for promotional purposes, you can opt-in/opt-out by checking the relevant box located on the form where we collect your data or the Data Subject Request Form.

Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this Website may become inaccessible or not function properly. For more information about tracking technologies, please see Cookies and Automatic Data Collection Technologies.

Our Website may, from time to time, contain links to and from the websites of our partner networks, or include plug-ins enabling third-party features. If you follow a link to any third-party website or engage a third-party plug-in, please note that these third parties have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third parties.

You may opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations. You may also send requests about your contact preferences and changes to your information by submitting a request using the Data Subject Request Form.

Accessing and Correcting Your Personal Data. You can make a request to access, review, and change your personal data by submitting a request using the Data Subject Request Form. However, we may have a legal right or obligation to preserve personal data as it currently exists.

7. CROSS-BORDER DATA TRANSFERS
We may process, store, and transfer the personal data we collect, in and to a country outside your own, with different privacy laws that may or may not be as comprehensive as your own. We store and process personal data in: (i) any country where we have facilities, and (ii) any country in which we engage service providers. A list of Treasure Data’s offices is available at www.treasuredata.com/contact-us/. We will protect your personal data when it is transferred outside of these jurisdictions by processing it in a territory that provides an adequate level of protection for personal data, or otherwise implementing appropriate safeguards to protect your personal data.

8. DATA SECURITY
The security of your personal data is very important to us. We use reasonable physical, electronic, and administrative safeguards appropriate for the nature of the personal data designed to protect it from loss, misuse, and unauthorized access, use, alteration, or disclosure. We store all personal data you provide to us behind firewalls on servers employing security protections.The transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website. Any transmission of personal data is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Website.

9. DATA RETENTION AND DELETION
We will retain your personal data if we have a business need to do so or for as long as is needed to fulfill the purposes outlined in this Privacy Statement, unless a longer retention period is required by law (for example, to comply with applicable legal, tax or accounting requirements). The criteria we use to determine the data retention period for your personal data are:

• Whether we have an ongoing business relationship or contract with you, your employer, or the entity you are representing;
• Whether you have an account on our Website;
  Whether you remain subscribed to receive our marketing communications;
• Whether retention of your personal data is required by law, demanded by law enforcement or governmental agencies, or is required to enforce our legal rights, for instance the retention of contracts beyond their termination or while an investigation is underway;
• Where we process your personal data with your consent, we process it until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a permanent record of the fact that you have asked us to cease processing your personal data so that we can respect your request in the future.

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. If we deidentify personal data to anonymize it, we will maintain this deidentification, we will not attempt to reidentify it to link it to an individual, and we will require any business partners, suppliers, service providers, sub-contractors, and other third parties we use to support our business to do the same.

10. CHILDREN’S ONLINE PRIVACY
We do not direct our Website to minors and we do not knowingly collect personal data from children under 16 or as defined by local legal requirements. if we learn we have mistakenly or unintentionally collected or received personal data from a child without appropriate consent, we will delete it.

11. JURISDICTION-SPECIFIC PRIVACY RIGHTSEEA, UNITED KINGDOM AND SWITZERLAND USERS ONLY

A. Your rights.
If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following data protection rights: right to access, rectification, deletion, restriction of processing, data portability, right to object, and right not to be subject to automated individual decision making. Please note that these rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. You can exercise any of these data protection rights by completing our Data Subject Request Form.

If we collected and processed your personal data with your consent, you can withdraw your consent at any time by filling out our Data Subject Request Form. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.

Where we process your personal data based on legitimate interests, you can object to this processing in certain circumstances. In such cases, we will cease processing your personal data unless we have compelling legitimate grounds to continue or where it is needed for legal reasons.

To submit a complaint to a data protection authority about our collection and use of your personal data, you can contact the data protection authority in your jurisdiction.

B. Legal basis for processing your personal data.
We rely on the following legal bases for processing your personal data:

Purpose	Legal basis
Operating and administering our Website	Pursuing our legitimate interests
Improving our Website	Pursuing our legitimate interests
Verifying and investigating activity for security purposes	Pursuing our legitimate interests
Displaying adverts to you	Pursuing our legitimate interests or, where necessary, to the extent you have provided your prior consent
Placing or reading Strictly Necessary Cookies on your device when you visit our Website (see our Cookie Policy for more information about this category of cookies)	Pursuing our legitimate interests
Placing or reading cookies on your device cookies that are not strictly necessary when you visit our Website (see our Cookie Policy for more information about these categories of cookies)	Your consent
Sending you marketing communications	Pursuing our legitimate interests or, where necessary, to the extent you have provided your prior consent
Recording calls	Pursuing our legitimate interests
Managing your registrations and attendance for various events and programs	Performance of a contract or your consent
Conducting surveys if you are a user of our products or services	Pursuing our legitimate interests or your consent
Aggregating or anonymizing your personal data	Pursuing our legitimate interests
Registering you as a visitor at our offices	Pursuing our legitimate interests
Collecting covid-related vaccination status	Pursuing our legitimate interest to ensure the health of our employees and visitors or your consent
Performing our contract with you, such as managing payments	Performance of a contract
Performing our contract with the organization you are affiliated with	Pursuing our legitimate interests
Analyzing the usage of our products and services	Pursuing our legitimate interests
Processing your personal data in connection with legal claims	Pursuing our legitimate interests
Responding to requests by government or law enforcement authorities conducting an investigation or otherwise cooperating with them as required under applicable law	Compliance with legal obligations to which we are subject

C. Data transfers.

Where personal data of users in the EEA, Switzerland, or the UK is being transferred to a recipient located in a country outside the EEA, Switzerland or the UK which has not been recognized as having an adequate level of data protection by the competent authority, we ensure that the transfer is governed by the European Commission’s standard contractual clauses or other contractual mechanism approved by the competent authority.

CALIFORNIA USERS ONLY
A. Disclosures.
The California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”) requires businesses subject to it that collect personal data of California residents to make certain disclosures regarding how they collect, use, and disclose such personal data.

The categories of personal data and the sources from which we collect personal data are described in Sections 1, 2 and 3 above. We collect personal data identified in this Privacy Statement for the purposes set forth in Section 4 above and disclose it to third parties as outlined in Section 5 above. In the last 12 months, we may have collected these categories of personal data from you, used and disclosed it as described in this Privacy Statement.

We do not sell your personal data in the conventional sense. However, the CCPA’s statutory definition of the term “sale” is broad and may include in certain circumstances the making available to third parties of personal data (such as data collected through cookies or similar technologies) without any monetary consideration. We “sell” or “share” for cross-context behavioral advertising (as these terms are intended under the CCPA) your personal data consisting of online identifiers, internet or other electronic network activity information to or with third parties advertising-related technology providers. In the last 12 months, we may have “sold” and “shared” it as described in this paragraph.

Some of the personal data about you listed in Section 1 above that we may collect and process are considered “sensitive” under the CCPA, namely: account log-ins (user names and passwords) and medical information concerning a consumer’s health. We do not “sell” or “share” (as these terms are defined under the CCPA) such sensitive personal information. We only use and disclose it for the limited purposes permitted under the CCPA and not for the purposes of inferring characteristics about a consumer. In particular, we use account log-ins to authenticate your identity and for security purposes and we use information health-related information that you provide us for managing access to our offices.

B. Your rights.
The CCPA gives California residents the right to make the following requests with regard to the information we collect about them: the right to request a copy of personal data we collected or disclosed for a business purpose over the past 12 months; the right to request deletion of personal data we collected, subject to certain exemptions; the right to know about the personal data we collect about them and how it is used or shared; the right to opt-out of the “sale” or “sharing” of their personal data; the right to request that we restrict the use and disclosure of sensitive personal information to that which is necessary for certain specified purposes permitted under the CCPA; the right to non-discrimination for exercising their CCPA rights and the right to request correction of inaccurate personal data. Our obligation to afford you these rights or provide notifications to you, however, are subject to any contrary laws, rules, or law enforcement demands.

You can submit a copy, deletion, right-to-know, or correction request online by completing Treasure Data’s Data Subject Request Form.

When we receive one of the requests listed above, Treasure Data will verify your identity by determining if the information you submit matches our records before we fulfill the request. An authorized agent or conservator seeking to exercise rights on behalf of an individual California resident must also provide proof of the agent’s or conservator’s authority to act for the California resident, as well as proof of the agent’s or conservator’s own identity. The information you provide us for identify verification will not be further disclosed, retained longer than needed for verification purposes, or used for unrelated purposes.

You can opt out of the use of cookies on our sites that may entail a “sale” or “sharing” of your personal data under the CCPA by clicking the Do Not Sell or Share My Personal Information link on our homepage and setting your preferences accordingly. You will need to set your preferences from each device and each web browser from which you wish to opt out. This feature uses a cookie to remember your preference, so if you clear all cookies from your browser, you will need to reset your settings.

Treasure Data does not discriminate against you for exercising your rights or offer you financial incentives related to the use of your personal data.

12. CHANGES TO OUR PRIVACY STATEMENT
We will post any changes we may make to our Privacy Statement on this page. If we do, we will update the “last modified” date at the top. If the changes materially alter how we use or treat your personal data, we may provide you with notice prior to the update taking effect, such as by posting a notice on our website or by contacting you directly, or where required under applicable law and feasible, seek your consent to these changes. Please check back frequently to see any updates or changes to our Privacy Statement.

13. CONTACT INFORMATION
Please address questions, comments, and requests regarding this Privacy Statement and our privacy practices to privacy@treasure-data.com. You can also contact us via postal mail at:Treasure Data, Inc.
Attention: Privacy Office
800 W. El Camino Real, Suite 180
Mountain View, CA 94040
United States