Effective Date: May 25, 2018
Data Collection. There are two primary ways in which Splunk collects Information from you: through Interactions and Splunk Offerings.
When you interact online or offline with Splunk, visit our website, download materials through our website, or register for events, Splunk may receive your Information, including your Personal Data. For example, we receive your Information when you:
- Visit and use Splunk’s websites
- Provide or update account information via our websites
- Register or attend Splunk-hosted or sponsored events (such as promotional events, webcasts, contests or hackathons)
We also collect Information about you from third-party sources such as through public databases, joint marketing partners, social media platforms, conference hosts, event companies, partners, and other like parties when you interact with them.
If you log into a Splunk account using your social media login credentials (e.g., Google+), we may receive from you the categories of Personal Data listed below. We may also receive Personal Data from you when you use your social media account to provide your contact information to Splunk.
We refer collectively to these contacts as “Interactions” and we explain below how we use the Information we collect through them.
We also collect Information, including Personal Data, when we provide our Splunk Offerings to you (or a third party with which you work) to service your account. We may ask you for this data directly, or in some cases we may collect it when certain features are enabled in our Splunk Offerings. For example, we collect your Information when you:
- Order any of our Splunk Offerings
- Interact with Splunk online or offline, including when you request support services for your Splunk Offerings, whether they are installed on your premises or in the cloud
- If you (or a third party for whom you work) uses Splunk Offerings to process information, we may collect metadata about the use of our Splunk Offerings (e.g., usage, performance, deployment environment, and analytic data) which may include elements of Personal Data, such as IP address or User ID as further described below.
What We Collect Via Our Interactions
We (or third parties acting on our behalf) may collect your Information, including your Personal Data, through the Interactions described above. Categories of Personal Data we collect include such things as:
- Email address
- Physical address
- Payment details
- Phone number
- IP address
How We Use Information Collected From Interactions
Splunk uses the Information it collects from your Interactions to satisfy different legitimate business interests, to deliver services to you in accordance with our terms, or to satisfy our legal obligations. We take seriously the need to balance our legitimate business interests with your privacy rights, and summarize for you below how we use your Information, including Personal Data.
We use your Information to:
- Fulfill your orders or respond to your requests for information (e.g., marketing materials from our website such as white papers).
- To satisfy these requests, we need to collect and use your name and email address.
- Improve and develop the website services
- Issue Splunk accounts for access to online communities and forums
- We offer online communities and forums through our website services and other platforms where users can share their experiences. When you choose to participate in these communications, we collect the categories of Personal Data listed above pursuant to our Website Terms and Conditions.
- Send administrative information, such as changes to contract terms or policies
- Where we make updates to our terms or policies, we may be required under certain laws, and sometimes under our contract terms, to notify you of these changes. Likewise, we may need to notify you of changes in how we administer our website services either by the terms of our agreement with you, legal requirements, or simply to let you know of a change affecting how you use the website services. We will use your name and email address to send these notices to you.
- Manage your Splunk account
- In order to perform the website services under the contract between you and Splunk, we need to collect certain Information from you like your contact and payment details. Without this Information, we may not be able to deliver the services or comply with our legal obligations.
- Send marketing communications
- Where we have your consent to do so, we use your email to send you product announcements, educational materials or information about special offers or upcoming online or offline events, such as SplunkLive or .conf. We may also invite you to participate in various promotional activities, contests, webcasts, sweepstakes, hackathons, campaigns, and the like. We do these to generate interest in our Splunk Offerings and grow our business. We carry out our marketing campaigns in accordance with applicable laws and provide you with options to “opt-out” of receiving these materials should you so choose. Those options are detailed below.
- Invite you to participate in surveys and usability studies, and to assess their effectiveness.
- Personalize your experience
- Diagnose and fix technical issues, monitor the security of our environments, and otherwise protect our property.
- We need to be able to anticipate and recognize potential threats to the operation and security of our website services to help keep them online and secure. We may process your Personal Data, in particular your IP address, for this purpose. We do this to satisfy our legitimate business interest in helping ensure the security of our website services and our legal obligations.
- To comply with any applicable law, regulation, legal process, or governmental request, or to protect our legal rights.
- For any other purpose disclosed to you in connection with our website services from time to time.
If we intend to process your Personal Data for a purpose other than that set out above, we will provide you with information prior to such processing.
Exercising Your Rights
You have the right to request access to and correction of your Personal Data. You may also have the right to request your Personal Data be “forgotten” (technically erased) or object to Splunk processing it.
If you would like to request to access, correct, erase, or object to the processing of your Personal Data, contact us at: firstname.lastname@example.org. Please describe the nature of your request and the Personal Data it relates to and we will comply as soon as reasonably practicable, consistent with applicable law.
If we process your Personal Data based on your consent, you may withdraw your consent at any time. We will let you know if we are seeking to rely on your consent at the time we collect your information.
If you no longer want to receive marketing-related emails from Splunk on a go-forward basis, you may also contact us at: email@example.com. Please make clear in your request that your Personal Data be removed from marketing-related emails. Alternatively, you may use the "unsubscribe" feature in our email messages.
What We Collect Via Our Splunk Offerings and How We Use It
Usage Data. We collect and process different types of usage data when you use the Splunk Offerings to serve our legitimate business interest of improving our products and services for the benefit of our customers. We work hard to help ensure a balance between our legitimate business interests and your privacy rights.
- License Usage Data is information pertaining to your particular Splunk Offerings. Each license is assigned a random, numeric identifier (License ID) that allows us to identify your account entitlements, such as native license group and subgroup, total license stack quota, total license stack consumption, license stack type, license pool quota, license pool consumption, etc., in our systems. License IDs also help Splunk analyze how different Splunk products are being deployed across user populations.
- Aggregated Usage Data is information pertaining to your Splunk Offerings’ operating environment, including performance and session information. It may include such things as number of cores by type (virtual/physical), CPU architecture, memory size, storage (partition) capacity, OS/version, hardware identification, Splunk application version, number of active users, number of searches by type, number of page loads, distribution of concurrent searches, app names, page names, and page views.
This information is aggregated and used by Splunk to analyze usage patterns so that Splunk can improve its products and benefit customers. License IDs are collected initially to verify that data is received from a valid Splunk product. After the validation step is complete, License IDs are discarded from and not transferred to the collected data set used to improve the products. Likewise, User IDs are collected in connection with page view activity, but are hashed before being sent back to Splunk. Splunk uses Aggregated Usage Data extensively to help us better understand how our Splunk Offerings are being used, make improvements to them, and develop new features, or Splunk Offerings. For example, we may use this data to:
- Better understand how our users configure and use Splunk Offerings
- Determine which configurations or practices optimize performance (e.g., best practices)
- Benchmark key performance indictors (“KPIs”)
- Perform data analysis and audits
- Identify, understand, and anticipate performance issues and the environmental factors that affect them
- Improve the operation of the Splunk Offerings and develop new features and functionality
We use Aggregated Usage Data for the purposes described above to fulfill our legitimate business interests to develop, expand and improve the Splunk Offerings. See further below on how you can opt-out of participation in the Aggregated Usage Data program.
- Support Usage Data is the same as Aggregated Usage Data, but the License ID persists so that the Information can be linked to your account for Splunk to analyze the performance information you send when you ask for help in troubleshooting your Splunk Offerings or to personalize your experience.
For more information about Usage Data, see our Documentation for the relevant Splunk Offering (e.g., Share Performance Data for Splunk Enterprise).
Location Data is data we collect in certain Splunk Offerings (“apps” and “add-ons”, as discussed below) that associates your end users’ mobile device with an identifier for your app to help us improve the user experience. Depending on your configuration of the Splunk Offerings, it may be that location information on your end users may be shared with Splunk, however, you can disable this function should you choose, or advise your end users on how to disable the location setting on their mobile device.
Usage Sharing Settings
In our paid Splunk Offerings for software you host on your premises, you have the option of configuring the administrator settings to opt-out of providing License Usage, Aggregated Usage and Support Usage Data. For opt-out instructions, see Splunk’s Documentation (Sharing Performance Data).
License Usage, Aggregated Usage and Support Usage Data is collected by Splunk as part of offering the Cloud Service. Likewise, Splunk collects this data as part of the free or trial services we offer, but as set forth in the terms of those agreements, we discourage the uploading of production data to those environments.
In addition, on devices that enable location-based services, we may receive location information, if you consent, which you can withdraw at any time by updating your device location setting permissions. We use this information to provide personalized location-based services and content.
Other Collection Practices
We also collect Personal Data from you to fulfill our contractual commitments to you. For example, we collect contact information such as name, address (email and physical) and phone number to enter you into our customer data base systems and manage your account. This may also include Information about billing and payments, customer or support services, or software updates. We share this Information with our affiliates, vendors and partners who help us service your account and with whom we have written agreements protecting the confidentiality and security of your Information. We do not sell this Information.
Data Collection Practices Associated with Apps and Other Third-party Content
Splunk contractually requires third-party app developers to comply with applicable privacy and data protection laws. If third-party app developers collect receive, access or transmit information about users of their apps, Splunk contractually requires the developers to provide app users with notice of the collection of such data, and to obtain appropriate consent from app users before modifying the information, disclosing the information to other entities, or using the information for purposes other than to provide the services offered by the apps. Splunk cannot guarantee that third-party app developers will comply with those requirements. When choosing to use apps, add-ons or other third-party extensions, you are entering into a license agreement with those third parties. You should familiarize yourself with the privacy policies of the organizations or individuals providing you with software that runs in or with your Splunk Offering.
How Splunk Shares Your Information
Splunk may disclose Information to third parties in the following ways:
- Affiliates. We may disclose Information to our affiliates subject to these obligations in order for them to help administer or service the Splunk Offerings. Splunk is the party responsible for the management of jointly-used Personal Data. Splunk maintains intragroup agreements with its affiliates covering the use of Personal Data within the Splunk family of companies.
- Service Providers. We may disclose Information to our third-party service providers or vendors who help service Splunk’s business operations. This may include such things as infrastructure, data analysis, order fulfillment, IT services, customer service, professional services or audit services, among others. Splunk’s third-party service providers are under written agreements with Splunk that require them to protect your Information, including without limitation your Personal Data. Splunk maintains a list of its sub-processors who process Personal Data as part of the Splunk Offerings, and updates this list as needed from time to time.
- Partners. We may disclose contact and account Information to our partners to permit them to assess your interest in the Splunk Offerings, conduct user research and surveys, or send you marketing communications, subject to the terms of their privacy policies. We may also share License Usage, Aggregated Usage and Support Usage Data with partners who are providing support services to you to assist you with troubleshooting the performance issues you report. Partners are subject to written agreements with Splunk that require them to protect the Information we share with them, including your Personal Data.
- Compliance and Safety. We may disclose Information as necessary or appropriate under applicable laws (including laws outside your country of residence) to: comply with legal process or requirements, including applicable notification obligations; respond to requests from public and government authorities (including public and government authorities outside your country of residence); enforce our terms and conditions; and protect our operations or those of any of our affiliates and our rights, privacy, safety, or property, and/or that of our affiliates, you or others.
- Merger, Sale, Etc. We may disclose Information in the event of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Splunk business, assets or stock (including Information regarding any bankruptcy or similar proceedings).
- Other Users. We may disclose Information to other users of the Service in aggregated format, provided it does not include Personal Data. This may include “best practices” tips, KPIs, benchmark data or other such aggregated information useful to the user community.
Lawful Basis for Transferring Your Data
Splunk is committed to uphold the privacy principles articulated in the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield (“Privacy Principles”) to which Splunk has self-certified. Splunk’s certifications to these Privacy Shield Frameworks may be found here.
How We Secure Your Information
Splunk takes appropriate technical and organizational measures to safeguard Personal Data against loss, theft, and unauthorized access, disclosure, alteration, misuse, or destruction. Unfortunately, no data transmission, software, or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please notify us immediately in accordance with the “Contact Splunk” section below. If Splunk learns of a breach of its systems, Splunk may notify you or others consistent with applicable law and/or as agreed in our contract with you. Splunk may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Splunk Offerings and the Information you provide to us.
Splunk Also Observes the Following Practices
Use of Splunk Offerings by Minors. The Splunk Offerings are not directed to individuals under the age of thirteen (13) or those not of the age of majority in your jurisdiction, and we request that these individuals not provide Personal Data through the Splunk Offerings.
Cross-border Transfers. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers based in countries outside of your country of residence, including to the United States, which may have different data protection rules than in your country. As indicated above, Splunk has certified to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Frameworks for the transfer of Personal Data from the EEA and Switzerland to the U.S. We take steps to put in place adequacy mechanisms to protect your Personal Data in our agreements with our service providers.
- For partners
- For app developer or app providers listed on Splunk’s app ecosystem, Splunkbase
- For industry content providers (such as providers of research, white papers, etc.)
- For industry award providers (such as those listed on Splunk.com)
- For third-party resources (such as source code repositories, sample data sources, customers, event sponsors or speakers, etc.) mentioned in blogs and press releases
- For social media platform providers (such as Twitter, LinkedIn, Google+, YouTube, or Facebook)
270 Brannan Street
San Francisco, CA 94107
3 Sheldon Square, 7th Floor
Paddington, W2 6HY
Please note that email communications are not always secure, so please do not include credit card information or other sensitive information in your emails to us.
If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority.
Links to Related Agreements, Policies and Information:
Splunk Website Terms and Conditions of Use
Splunk Privacy Shield Notice
Splunk Cloud Terms of Service
Splunk Software License Agreement