Privacy Information

1. INTRODUCTION

This Privacy Policy applies to all Personal Data which is processed by Appian as set out below, including which has been collected through Appian’s websites that directly link to this Policy when you click on ‘Privacy Policy” in the website footer (the “Websites”) or in the ways outlined in section 3 below. This Privacy Policy provides you with details of how we collect and process your Personal Data through your use of our Websites.  A reference to “Appian”, “we” or “us” is a reference to Appian Corporation Inc. and/or the relevant Appian affiliate involved in the processing activity.

This Internet Privacy Policy does not apply to the extent we process Personal Data in the role of a processor on behalf of our Cloud Offering or Appian Software customers.

2. WHAT DATA DO WE COLLECT ABOUT YOU, FOR WHAT PURPOSE AND ON WHAT GROUND WE PROCESS IT

Personal Data means any information capable of identifying an individual. It does not include anonymized data.

We may process the following categories of Personal Data about you:

  • Basic Personal Data: Name, title, organization, job responsibilities, phone number, postal address, and email address.
  • Registration data: Newsletter subscriptions, event/seminar/webinar registrations, dietary preferences (excluding special categories of data), downloads, and username/passwords.
  • Marketing data: Data about individual participation in event/seminar/webinars, credentials, associations, and product interests.
  • Technical data: Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Websites.

Sensitive Data

We do not collect any Sensitive Data about you though the Websites. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offenses.

3. HOW WE COLLECT YOUR PERSONAL DATA

We may collect data about you in the following ways:

*by you providing the data directly to us (for example by registering or filling in forms on our Websites or by sending us emails);

*automatically by collecting certain data from you as you use our Websites by using cookies and similar technologies. Please see our cookie policy for more details about this;

* from social media features on our Websites;

*when you visit our offices;

*when you register for or attend one of our physical or virtual events or webinars;

*when we communicate with you via for example email, phone calls or texts;

*from publicly available sources and third parties.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Websites may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie preferences page.  If you are based in the European Union you can learn more about how third parties use these types of cookies by visiting www.youronlinechoices.eu. If you are based in the United States, please visit www.aboutads.info.

4. PURPOSE

We or a company with who we share information as stated in Section 4 below, may use the Personal Data that you provide to us to:

  • respond to your inquiries;
  • ask a question;
  • provide announcements about products and future events;
  • conduct surveys;
  • operate, evaluate, and improve our business within our group of companies;
  • for shared Appian group systems (such as Salesforce and email systems);
  • for finance and administration purposes and
  • for other reasons related to offering and improving our products and services.

We may store your Personal Data on our systems or shared Appian group systems to facilitate these purposes. We use the Personal Data for these purposes because we have a legitimate business interest in providing services to our customers and other interested individuals that is not overridden by your interests, rights and freedoms to protect Personal Data about you.

We may also use the information to protect against and prevent fraud, claims, and other liabilities and to comply with or enforce applicable legal requirements, industry standards, and our policies and terms. We use Personal Data for these purposes when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so by law that applies to us.

We will only use your Personal Data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at privacy@appian.com. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.

We do not carry out automated decision making or any type of automated profiling on information collected through our Websites. exercise or defend our legal rights, or when we are required to do so by law that ap

5. MARKETING COMMUNICATIONS 

Our lawful ground of processing your Personal Data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).

Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time.

We also collect business contact information about you from third parties from whom we have purchased Personal Data, for example mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, and social/business media profiles for the purposes of targeted advertising, delivering relevant email content, event promotion and profiling. We may combine this information with Personal Data provided by you we already hold. This helps us to update, expand and analyze our records, identify new customers and create more tailored advertising to provide services that may be of interest to you.

You can ask us or third parties to stop sending you marketing messages at any time by clicking here, by following the opt-out links on any marketing message sent to you or by emailing us at privacy@appian.com at any time.

If you opt out of receiving marketing communications this opt-out does not apply to Personal Data provided as a result of other transactions, such as purchases.

6. DISCLOSURES OF YOUR PERSONAL DATA

We do not share your Personal Data with third parties, unless it is necessary to carry out your request, for our professional or legitimate business needs, or as required or permitted by law.

We may have to share your Personal Data with, for example:

  • Other companies in our group who provide services to us.
  • Service providers who provide IT, system administration and other centralized services.
  • Professional advisers including lawyers, bankers, auditors and insurers
  • Government bodies that require us to report processing activities.

In order to market our services, we may also share information, including Personal Data, with our partners, for the purposes of enabling our partners to contact you about our services.  You can find more information about the partners that we work with here.

We require all third parties to whom we transfer your data to respect the security of your Personal Data and to treat it in accordance with the law. We only allow such third parties to process your Personal Data for specified purposes and in accordance with our instructions. You can ask our partners to stop sending you communications at any time by emailing us at privacy@appian.com at any time.

7. INTERNATIONAL TRANSFERS

We share your Personal Data within our group of companies or service providers which involves transferring your data outside the European Economic Area (EEA).

We are subject to the provisions of the General Data Protection Regulation that protects your Personal Data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your Personal Data. As such:

  • We may transfer your Personal Data to countries that the European Commission have approved as providing an adequate level of protection for Personal Data by; or
  • We may transfer your Personal Data to affiliates or service providers who are established outside of the EEA, using Standard Contractual Clauses or certification mechanisms approved by the European Commission which give Personal Data the same protection it has in Europe.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

8. DATA SECURITY

We have put in place security measures to prevent your Personal Data from being accidentally lost, used, altered, disclosed, or accessed without authorization. We also allow access to your Personal Data only to those who have a business need to know such data. They will only process your Personal Data on our instructions and they must keep it confidential.

We have procedures in place to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach if we are legally required to.

9. DATA RETENTION

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorized use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.

10. YOUR LEGAL RIGHTS

Your rights under the GDPR:

Under data protection laws you have rights in relation to your Personal Data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.

If you wish to exercise any of the rights set out above, please email us at gdpr.requests@appian.com.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the relevant supervisory authority for data protection issues in your country of residence. We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

Your rights under the CCPA

The California Consumer Privacy Act (“CCPA”) grants residents of California certain privacy protections as “consumers”, unless a statutory exception applies. You have a number of consumer rights, including the right to access or delete Personal Data collected by a business. To submit a request to access and/or delete your Personal Data if you are a resident of California, please submit an email request to privacy@appian.com.

You also have the right to opt out of a “sale” of your Personal Data. Whilst the CCPA defines “sale” in very broad terms that encompass many commonly occurring data sharing arrangements, transfers to service providers are not considered “sales” as defined under the CCPA. Appian does not sell Personal Data. As set out above we do share some Personal Data with service providers, we do not allow any third party to sell that information.

11. CONTACT DETAILS

For the purposes of the GDPR, Appian is the data controller and we are responsible for your Personal Data.

The addresses and contact details of our offices where Appian and its affiliates are located can be found here.

Details of our Representatives: in the United States is Cathy Lazarus (cathy.lazarus@appian.com) and located in the EU our GDPR contact is Caroline Johnson (caroline.johnson@appian.com).

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your Personal Data changes by emailing us at privacy@appian.com.

You should be aware that our websites are not intended for, or designed to attract, individuals under the age of 18. We do not collect personally identifiable information from any person we actually know is an individual under the age of 18.

12. THIRD-PARTY LINKS

As a convenience to our visitors, our Websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit, as the Policies and procedures we described here do not apply to those sites.

We may also make chat rooms, forums, message boards, and news groups available to you. Please understand that any information you disclose in such areas becomes public information. We have no control over its use and encourage you to exercise caution when deciding what information to share. These sites and message board, chat rooms and forums are not intended for, or designed to attract, individuals under the age of 18.

13. CHANGES TO THIS POLICY

This Policy may be updated from time to time to reflect changing legal, regulatory or operational requirements. We encourage you to periodically review this page for the latest information on our privacy practices. If there are any material changes to this Policy, you will be notified by our posting of a prominent notice on the Websites prior to the change becoming effective. If you do not accept any changes made to this Policy, please discontinue use of the Websites.

Published: September 2020