EU-US Safe Harbor Update
The European Court of Justice (ECJ) determined on October 6, 2015 that the EU-US Safe Harbor Framework does not provide a valid legal basis for transfers of personal data from Europe to the U.S. Without that safe harbor, transfers of data from the EU to the U.S. of Personal Data may be illegal unless alternative means of compliance are put in place. European authorities have unambiguously stated that the transfer of data under what are referred to as the “Model Contract Clauses” offers a viable alternative to the Safe Harbor framework. Apptio is encouraging its customers who desire to share or input personal data with Apptio that originates from the EU to execute its Data Processing Agreement, which incorporates the Model Contract Clauses. The Data Processing Agreement has been pre-signed by Apptio and is posted here. If you are currently an Apptio customer you may countersign this Agreement and send it to email@example.com. If you have any questions you may reach out to firstname.lastname@example.org or your Apptio account manager.
Last updated July 2015
In this Policy, we provide information about (a) the collection and use of personal information on our publicly available websites, including www.apptio.com and community.apptio.com (collectively, our "Website") or otherwise by Apptio in connection with its customer, partner and vendor relationships; and (b) information processed by our commercial hosted software applications (collectively, the "Software Services") provided to our customers who subscribe to those Services ("Customers"). This Policy does not apply to information collected by the Technology Business Management Council, LLC or from our employees, which are governed by other policies, or any information collected on any third-party site or by any third-party application that may link to or be accessible from the Website or our Software Services or other services.
By accessing and continuing to use the Website or the Software Services you signify your consent to the terms and conditions of our Policy. We may change or update this Policy from time to time (see Changes to our Policy) and your continued use of the Website or Software Services is deemed to be acceptance of such changes. Please periodically check the Policy for updates and changes. If the local law that governs your personal information requires a more affirmative notice and consent to modify these terms, then any modifications of this policy will only apply to you if and to the extent the notice and consent regime requisite under such applicable law is observed.
EU and Swiss Safe Harbor
Apptio complies with the U.S.-EU and U.S.-Swiss Safe Harbor frameworks as set forth by the United States Department of Commerce regarding the collection, use, and retention of data from the European Union or Switzerland. Upon request and within 30 days, Apptio will grant individuals reasonable access to personal information governed by these frameworks that Apptio holds about them via its Website or, in the case of such data hosted and processed by Apptio on behalf of a Customer via the Software Services, direct individuals to the controller of such information (e.g. the Customer). With respect to information gathered through the Website, Apptio will take reasonable steps to permit individuals to correct, amend, or delete information which is inaccurate, out-of-date, irrelevant, incomplete or misleading if you request us to do so. Please contact email@example.com to request the correction of your personal information gathered on the Website.
Any questions, comments or complaints about the data practices (including without limitation compliance with data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement) of an Apptio customer or partner for whom Apptio processes data should be addressed to that customer or partner.
Information We Receive
Website Visitor Information. We receive information from and about visitors to our Website, including:
- When you submit requests or post materials or inquiries on our Website. Examples of activities include registering for content (e.g. whitepapers) and requesting additional information, services, or support from us.
- In connection with these activities, we may collect various information, such as your name, title, company name, address, phone number, and e-mail address and certain company information.
- When you correspond with us via email.
- Information we receive from third party business partners.
- If you use a bulletin board or chat room on our Website, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums. We are not responsible for third party use of the personally identifiable information you choose to submit in these forums.
- Like many websites, we use "cookies" to collect visitor information. Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your Web browser. They make it possible for us to recognize your browser when you visit and to tell us whether customers and visitors have visited the Website previously. If you have provided your name or other contact information to us via a web form, we are able to link that information back to the cookie. This information may be used to provide you with information that we believe to be relevant to you based on your actions on our Website.
Customer, Vendor and Partner Relationship Information. We collect information from our Customers and prospective customers, vendors and prospective vendors, partners and prospective partners including:
- We require Customers who register to use the Software Services, and related services, such as training and customer support, to provide contact information, such as their name, company name, phone number, and e-mail address, and we may also ask for additional information such as title, department name, fax number, and additional company information, such as mailing address, annual revenues, number of employees, or industry (“Account Information”). Registered users can update or remove their account information at any time by logging into the Software Services and editing their account information.
- Prospective customers often volunteer contact information to us so that we may continue to provide them with information about our services.
- Registered users are required to provide an email address when registering for the Software Services, in order to receive a username and password. Users are responsible for maintaining the confidentiality and security of their user registration and password.
- Vendors and Partners may also provide personal information about their employees in the form of contact information or other such information to us for purposes of the vendor’s services to Apptio or in furtherance of the relevant partner relationship.
Customer Hosted Data. In connection with our Software Services, we also host and process information on behalf of our Customers, including as follows:
- Our Customers upload, either directly or via a service provider, various business and IT cost, value and utilization data at their own discretion ("Hosted Data") via the Software Services for hosting and processing purposes. Since Customers are responsible for determining what data is uploaded, they control the types and categories of Hosted Data and have a closer employment or business relationship with any individuals whose personal information may be included as part of such uploaded data. Accordingly, the Customer can provide additional information on the types and categories of data it uploads using our Software Services and any personal data contained therein.
- Information we gather as a registered user uses the Software Services.
- Examples include cookies, IP addresses, and usage patterns.
Testimonials. We post customer testimonials on our Website which may contain personally identifiable information such as the Customer's name. We do obtain the Customer's consent prior to posting the testimonial to post their name along with their testimonial. If you want to remove your personal information that is being displayed on our Website under public pages please send your request to firstname.lastname@example.org.
Uses of the Personal Information We Receive or Collect
- To provide you with information about Apptio and our products, services and partners. If we received your contact information directly, including from a subsidiary or related company, or if given the context of your provision of information you could have had a reasonable expectation that you would receive communications from us, then we may email you information regarding updates to the Software Services and Company affairs, and may send a customer newsletter type of communication via email which you can opt out of receiving such communications by using the "unsubscribe" link at the bottom of such email.
- To diagnose and resolve issues with and otherwise improve our Website or services.
- To carry out our obligations and enforce our rights arising from any agreements between you and us.
- To monitor and track usage patterns on the Website and Software Services.
- To notify you of changes to our Website or Software Services.
- To set up the Software Services for individuals and their organizations.
- In connection with prospective service engagements, partnerships or vendor relationships where the disclosing party is a prospective customer, partner or vendor to Company.
You can choose not to provide us with your personal information, but if you do not provide us with your personal information when we request it, we may not be able to provide you with our full range of products and services, or provide a service appropriately tailored to you.
Uses of Hosted Data
Notwithstanding anything else to the contrary in this Policy, we will not use, disclose, review, share, distribute, or reference any Hosted Data except as permitted in the agreement pursuant to which the Customer subscribed to the Software Services (the "Customer Agreement") or as may be required or permitted by law. Hosted Data is hosted and maintained in one or more data centers, which may be located around the world including the US, the Netherlands, Germany and Australia. We also may provide technical support to Customers from locations around the world including the US, the Netherlands, Germany, Australia, UK and India. Please contact email@example.com for the current list.
Our Disclosure Policy
Apptio will not rent, sell, or share personal information about you with third parties or nonaffiliated companies for their promotional purposes without your permission. We may disclose personal information that you provide in furtherance of the purpose for which they were disclosed, providing the services that you have requested, when we otherwise have your permission, or under the following circumstances:
- To our employees, affiliates, or subsidiaries. Our employees, affiliates and subsidiaries are located in North America, Europe, and parts of Asia, including the US, Canada, UK, Germany, Denmark, the Netherlands, and Australia. Please firstname.lastname@example.org for the current list.
- To our contractors in support of our business. These contractors are located in the US, the Netherlands, Germany, Australia, UK and India; however, please contact email@example.com for the current list, or
- If Apptio is acquired by, reorganized or merged with another company. In such an event, you will have the opportunity to ask not to receive promotional information following any such change of control.
We may also disclose your personal information to third parties if:
- We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.
Choices About How We Use and Disclose Your Information
We seek to provide you with choices regarding the personal information you provide to us. The following describes the choices you have:
- Offers from Apptio. If you do not wish to have your e-mail address used for promotional purposes by the Company, you can opt-out by sending an email to firstname.lastname@example.org. If we have sent you a promotional e-mail, you may send us a return e-mail asking to be omitted from future e-mail distributions. This opt out does not apply to information provided to Apptio as a result of your use of the Software Services.
- Choices when using the Software Services. Since each Customer is in control of what information is collected by such Customer's users, how that information is disclosed and used, and how that information can be changed, users of the Software Services should contact the applicable administrator of the Software Services at the Customer in order to make choices about how the Customer uses and discloses personal information contained in Hosted Data.
- Review this Policy carefully. If you do not agree with our practices, your ultimate choice is not to use the Website or the Software Services. By using any part of the Website or the Software Services, you accept and agree to our Policy and to our practices. If we update this Policy, your continued use of the Website or Software Services (following the posting of the revised policy) means that you accept and agree to the terms of the revised Policy.
Access to Your Account Information and Updating Information
You have the right and ability to edit your account information, at any time. Registered users can update or remove their account information at any time by logging into the Site and editing their account information. You can also opt in or out of receiving future communications of special offers and new product information by sending us an email at email@example.com, or you can unsubscribe by following instructions contained in the messages you receive. We do reserve the right to send you certain communications relating to the Service, such as service announcements and administrative messages, that are considered part of your account membership, and we do not offer you the opportunity to opt-out of receiving those messages.
You may send us an e-mail at firstname.lastname@example.org to request access to, correct or delete any personal information that you have provided to us in connection with the Website. If you have submitted personal information to us in connection with the use of the Software Services, you can also contact us through email@example.com to request access to, correct or delete any personal information. We will respond to any request for access to, correction or update of personal information within 30 days of the date of such request.
Personal information that is contained in Hosted Data can be accessed, updated or changed by logging into the Software Services. Since each Customer is in control of what information is collected by such Customer's users, how that information is disclosed and used, and how that information can be changed, users of the Software Services must contact the applicable Customer administrator in order to access, update or change personal information contained in Hosted Data.
Data Security Overview
Our data security obligation to you regarding Hosted Data is as set forth in the Customer Agreement. The goal of the Apptio Information Security team is to protect the confidentiality, integrity and availability of data. We take reasonable steps given the context of the engagement in which data is provided to protect your Hosted Data from loss, misuse, interference, unauthorized access, disclosure, alteration, and destruction. However, the security of information transmitted through the Internet can never be guaranteed and is not entirely within our control. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Site or services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. In order to protect you and your data, Apptio may suspend your use of a Site or service, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure area of the Site or services is restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.
Changes to our Policy
We reserve the right to modify this Policy at any time, so please review it frequently. If we make material changes to this policy, we will immediately post it to this Website, which will serve as your notification of these changes. If you are concerned about how your information is used, please bookmark this page and check back periodically.
If you have questions about this Policy, the Website or the Software Services, you can contact us at firstname.lastname@example.org.
11100 NE 8th Street, #600
Bellevue, WA 98004