We collect information that you give us or that we get from your use of our sites and Services, including without limitation, the following:
Information about your use of our Services, including details of your visits to our sites, pages viewed and the resources that you accessed. Examples of information include device, IP address, browser information, cookie information, geographic location, and traffic data.
Information specifically provided by you, including your name, telephone number, email address, physical address, login username, password, or other information that you voluntarily share with us.
Cookies are small pieces of data stored on your device (computer or mobile device). Cookies can be used to provide you with a tailored user experience and to make it easier for you to use a site upon a future visit. When used, cookies are downloaded and stored on your device. Such information, on its own, will not identify you personally. It is statistical data. Generally, you can turn off the cookie function on your device, but that may prevent you from using our sites and Services. We may use such cookies to deliver and improve our Services. Some third-party services that we use to improve the Services (including usage, measuring performance, and advertising), such as Google Analytics, may also place cookies on your device.
Examples of Cookies we use:
Session Cookies. We use session cookies to operate our Services.
Preference Cookies. We use preference cookies to remember your preferences and various settings.
Advertising and Marketing Cookies. We use advertising and marketing cookies to deliver and measure the effectiveness of our marketing campaigns.
Security Cookies. We use security cookies for security purposes.
For any questions or preferences on cookie opt-outs or about our policy listed here, please contact us.
We use the information we collect from you to provide, maintain, protect, and improve our sites and Services, and to develop new ones.
In addition, we may use the information for one or more of the following purposes:
To provide information to you that you request from us relating to our products or services
To provide information to you related to products or services provided by us
To inform you of any changes, offers, updates or other announcements about our Services
To allow you to participate in interactive features of our Services when you choose to do so
To provide customer support
To gather analysis or valuable information so that we can improve our services
To monitor the usage of our Services
To detect, prevent, and address technical issues
To provide you with new Services offers and relevant Services information and events unless you have opted not to receive such information
Platform.sh provides tools to make your development workflow more productive such as our CLI (command line interface). Also, Platform.sh will provide from time to time application-specific modules or libraries, that you may opt into, in order to integrate into your software project in order to make its configuration simpler. Such applications, libraries, or modules may report usage information to us, which we may collect. Information collected may contain the type of actions performed, log data of API activity as well as configuration information. This information may be linked to you and we may use this information to better provide technical support you and to improve our Services.
Platform.sh may process your personal information because:
We need to perform a contract with you
You have given us permission to do so
The processing is in our legitimate interest and it’s not overridden by your rights
For payment processing purposes
To comply with applicable law
Your Rights Under GDPR: If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Platform.sh aims to take all reasonable steps to allow you to correct, amend, delete, or limit the use of your personal information and data. If you wish to be informed of what personal information and data we hold about you and if you want it to be removed from our systems, please contact us. For existing customers, please file a support ticket.
In certain circumstances, you have the following data protection rights:
The right to access, update or to delete the information we have on you. Whenever made possible on your account settings, you can access, update or request deletion of your personal information and data directly within your account settings section. Please also file a support ticket to confirm any account changes, or contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your personal information or data.
The right of restriction. You have the right to request that we restrict the processing of your personal information.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time when Platform.sh relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
Your Rights Under Canada’s PIPEDA (Privacy Rights): The Personal Information Protection and Electronic Documents Act (PIPEDA) is the Canadian federal privacy law for private-sector organizations to regulate the way private-sector organizations handle the personal information in a commercial activity.
Under the PIPEDA principles, individuals have the right to know why their personal information is being collected, how their personal information will be used, and to whom their personal information will be disclosed, and to have the ability to ask for access to, or correction of, their personal information. More details on the PIPEDA principles can be found on the Office of the Privacy Commissioner of Canada’s site.
Accountability and Openness. Platform.sh has a designated Security, Compliance, and Data Protection Officer who is accountable for the management of your personal information, including collection, usage, disclosure, retention, and transfer of personal information to third parties for processing. Contact us to be connected or email email@example.com. For existing customers, please file a support ticket.
Identifying Purposes. When your personal information is collected, it will be clearly identified what purpose it is being collected for (e.g. when you sign up for the Services and enter your contact information to have customer support).
Consent. Your individual consent or consent on behalf of the organization is required when we collect, use, or disclose any such personal information. In certain circumstances, we may disclose your personal information for legal, medical, or security reasons. If at any time you wish to withdraw your consent, you will be notified of any account implications.
Limiting Collection. Platform.sh collects only the personal information which is necessary for the purposes identified at the time of collection (providing technical support you, and to improve your Services).
Safeguards. Platform.sh uses physical, organizational, technological methods and policies to protect and safeguard your personal information. For more on our security, please visit platform.sh/security.
Challenging Compliance. Our procedures are in place to receive and respond to any complaints and inquiries you may have. Contact us or email our Security, Compliance, and Data Protection Officer at firstname.lastname@example.org. For existing customers, please file a support ticket.
Your Rights Under California’s Privacy Laws: The California Consumer Privacy Act (CCPA) gives California Consumers/residents eight new privacy rights and imposes eight corresponding, and three independent, obligations on businesses processing California Consumers’ Personal Information. Where applicable, we have added contractual requirements instructing our service providers to not further collect, sell, or use the Consumers’ Personal Information except as necessary to perform the business purpose.
Consumer Right No. 1: Abbreviated Disclosure Right Applicable to Businesses that Collect PI. A Consumer has the right to request that a business that collects a Consumer’s PI disclose to that Consumer the categories and specific pieces of PI the business has collected. The types of Consumer Personal Data to be Processed are:
Consumer Right No. 2: Expanded Disclosure Right Applicable to Businesses that Collect PI.
Consumer Right No. 3: Right to Request Information from Businesses that Sell or Disclose PI for a Business Purpose. We do not sell or disclose PI as defined under the CCPA.
Consumer Right No. 4: Right to Opt Out of Sale of Data. We do not sell or disclose PI as defined under the CCPA.
Consumer Right No. 5: Right to Opt-in for Children: Business Obligation Not to Sell Children’s PI unless there is Affirmative Authorization. We do not sell or disclose PI as defined under the CCPA.
Consumer Right No. 6: Deletion Rights. Whenever made possible on your account settings, you can access, update or request deletion of your personal information and data directly within your account settings section. Please also file a support ticket to confirm any account changes, or contact us to assist you.
Consumer Right No. 7: Rights to Access and Portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
Consumer Right No. 8: Not to be Discriminated Against for Exercising Any of the Consumer’s Rights under the Title. We do not use financial incentive practices that are unjust, unreasonable, coercive or usurious.
We take all reasonable measures to:
Protect your personal data and information, and to protect our Services from unauthorized access to, or unauthorized alteration, disclosure or destruction of, information we maintain.
We may transfer personal data outside the European Union. Data may be transferred from the Platform.sh Accounts portal located in Ireland to clusters in France, Ireland, USA, Australia, Canada, the UK, and Germany using securely encrypted transfer channels (TLS) and stored with no access to any third-party. Platform.sh transfers its data, only as necessary to fulfill a needed function, to companies that are GDPR or Privacy Shield compliant. Platform.sh signs Data Processing Agreements or GDPR compliant contracts with all processors, and has replaced vendors who were not compliant.
Examples of third-party services include data storage, maintenance services, database management, web analytics, and payment processing. For a list of all third-party services or providers using your personal information or data, or to opt-out at any time, please contact us. For existing customers, please file a support ticket.
We will share personal information if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
under certain circumstances, to comply with legal obligation, to meet applicable law, regulation, legal process, or enforceable governmental request
enforce applicable Terms of Service or any of our other agreements with you, including investigation of potential breaches
detect, prevent, or otherwise address fraud, security or technical issues in connection with the Services
protect against harm to the rights, property, liability, or safety of Platform.sh, our users and customers, or the general public, as required or permitted by law
If you wish to withdraw your consent of having your personal information used for certain purposes, please contact us. For existing customers, please file a support ticket.
All information you disclose in your public profile, forum posts, blogs, comments, issue queues, or other public portions of our Services becomes public information. Please be careful in what you choose to disclose publicly.
We will report any unlawful data breach of this website’s database or the database(s) of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is reasonably apparent that personal information stored in an identifiable manner has been accessed. Should you have any complaint about a breach, or the way in which we will handle a breach, please contact us.
You have the right to access your personal information that we hold, and correct, amend, or delete that information where it is inaccurate, except where the rights of persons other than you would be violated. Please contact us to assist you. Whenever made possible, you can access, update or request deletion of your personal information and data directly within your account settings section. If you are unable to perform these actions yourself (e.g. you don’t have an account), please contact us using the various methods detailed below to assist you. For customers located in Australia, you may also email “email@example.com”.
Our Services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third-party’s site. We do not endorse these sites, nor are we responsible for the content or accuracy of any information contained on them. We strongly advise you to review the privacy policies of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
To the extent prohibited by applicable law, our Service does not address anyone under the age of 16 (“Children”). By agreeing to these Terms of Service, you represent that you are the age of majority in your state, province, or country of residence or 16 years of age whichever is greater. We do not knowingly collect personally identifiable information from anyone under such age of majority. If you are a parent or guardian and you are aware that your Children have provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verifiable verification of parental consent, we will take steps to delete that information from our databases and servers.
Platform.sh has a designated Security, Compliance, and Data Protection Officer who is accountable for the management of your personal information, including collection, usage, disclosure, retention, and transfer of personal information to third parties for processing.
Visitors have the following options for correcting personal information or removing their information from our database in order to discontinue future communications from Platform.sh.
Click on the “Unsubscribe” link on any Platform.sh email
Contact us using our website contact form
Send a request by mail to: Attention Legal, Platform.sh, 131, Boulevard de Sébastopol, Paris, 75002 France
Should you deem that we have not satisfactorily handled your complaint you have the right to contact our Supervisory Authorities listed in the About Us section and file a complaint.
|1.1||2017-10-25||Added information about GDPR compliance|
|1.2||2018-01-20||Added GDPR Supervisory Authority|
|2.0||2018-06-16||1) Updated from Legal Review|
2) Added additional privacy related compliance with GDPR, PIPEDA, and California
|2.1||2018-11-05||1) Grammar and punctuation fixes|
3) Added toll-free contact number pursuant to the California Consumer Privacy Act of 2018
|2.2||2019-04-23||Expanded Article 7 in regard to transferring your private data and information|
|2.3||2019-06-10||Added additional customer site information to the existing material in Section 1|
|3.0||2019-12-04||1) Expanded CCPA section with updated rights information|
2) Removed toll-free number added in v2.1 as it is no longer required with recent CCPA revisions
3) Grammar and punctuation fixes
4) Converted changelog into table for readability
5) Revised “About Us” wording to include only main office. Our full office list is available on our “Contact Us” page
6) Added information about how to file a complaint regarding a breach in compliance with the Australian Privacy Act
|3.1||2019-12-05||1) Fix capitalization in section 11 title|
2) added https://console.platform.sh/ to the list of sites this policy applies to
3) Formatting fixes
|3.2||2019-12-20||1) Additional Australian Privacy Act details|
2) Fix spelling mistakes
3) Expand ways for filing complaints
4) Expand list of named privacy acts in Section 7
5) Clarify wording in Section 7 concerning where data is transferred to, including the explicit recognition of the UK
|3.3||2020-01-09||1) Add DPO email address to Section 10 at the request of the Australian OAIC|
2) Fix incorrect link to the OAIC in Section 13