Confluent Privacy Notice

Confluent, Inc. and its subsidiaries (“Confluent,” “we,” “our,” or “us”) understand that privacy is important to visitors to our websites (our “Sites”) and users of our products and services (our “Products”). This Privacy Notice ("Notice") explains how we collect, use, and share your personal information, and how you can exercise your privacy rights.

If you are unable to access this Notice due to a disability or any physical or mental impairment, please contact us using the contact details in the How to Contact Us Section and we will arrange to supply you with the information you need in an alternative format that you can access.

This Notice covers personal information we process:
(1) When you visit our Sites, and in the usual course of business, such as in connection with our events, sales, and marketing activities (collectively, "Visitors"); and

(2) When you register to or otherwise use Confluent Products whether as an individual, as an
applicant, team member, or employee of our customers (collectively, "Users").

This Notice does not apply to Sites or Products that display or link to different privacy policies.
This Notice also does not apply where Confluent processes personal information of our
customers on their behalf; our collection and processing of such personal information is
governed by our agreements with those customers.

Quick Links

We recommend that you read this Notice in full to ensure you are fully informed. However, to
make it easier for you to review those parts of this Notice, which apply to you, we have divided
up the document into the following sections:

1. WHO WE ARE
2. PERSONAL INFORMATION WE COLLECT
3. OUR USE OF COOKIES AND SIMILAR TECHNOLOGIES
4. OUR USE OF PERSONAL INFORMATION
5. SHARING OF PERSONAL INFORMATION
6. YOUR CHOICES ABOUT PERSONAL INFORMATION
7. U.S. STATE DATA PRIVACY
8. CALIFORNIA DISCLOSURES
9. HOW WE STORE AND PROTECT PERSONAL INFORMATION 
10. CHILDREN PRIVACY
11. CHANGES TO THIS NOTICE
12. HOW TO CONTACT US

1. WHO WE ARE

Confluent is a company headquartered in Mountain View, California. Confluent is pioneering a fundamentally new category of data infrastructure focused on data in motion. Confluent’s cloud-native offering is the foundational platform for data in motion – designed to be the intelligent connective tissue enabling real-time data, from multiple sources, to constantly stream across the organization. With Confluent, organizations can create a central nervous system to innovate and win in a digital-first world.

2. PERSONAL INFORMATION WE COLLECT

The information we collect depends on the context of your interactions with Confluent and the choices you make (including your privacy settings), the Products and features you use, your location, and applicable law.

(i) Information You Provide to Us

WHEN YOU VISIT OUR SITES

Certain parts of our Sites may ask you to provide personal information voluntarily. We collect and store personal information that you directly provide us through our Site, through interactions on social media, participation in a survey or promotion, application for a job, when downloading white papers on our Sites, and at events. We will collect certain personal information so that we may fulfill your request or keep in touch in connection with our sales
and marketing activities (always in accordance with your marketing preferences). Information we collect includes:

• Contact information: your name, email address, phone number, mailing address, billing address, and usernames;
• Demographic data: your job title, company name, city, state, and country;
• Payment information: your credit card numbers and other payment information. Our third- party payment processors (like Stripe) collect this information if you purchase our Products, such as online training, cloud services, or software subscriptions; and
• Content and communications: any data you enter into any ‘free text’ boxes on our forms; comments in our chat forms, and communications with us on social media and other platforms (like GitHub and Twitter), through phone, or messaging services (like Slack).

WHEN YOU USE OUR PRODUCTS

If you are a User, you or your employer, may provide certain personal information to us through the use of Confluent Products - for example, when you register for a Confluent account to access and use our Products, when you consult with customer support, or send us an email or communicate with us in any way. Personal information we collect may include:

• Business contact information: such as your name, job title, organization, phone number,
  email address and country.
• Marketing information: such as your contact preferences.
• Account log-in credentials: such as your email or username and password when you
  sign up for an account with us and the unique User/ team ID assigned to you in our
  systems.
• Troubleshooting and support data: such as personal information you provide or we
  otherwise access in connection with support queries we receive from Users. This may
  include, for example, contact or authentication data, the content of your chats and other
  communications with Confluent, and the product or service you are using related to
  your help inquiry.

(ii) Information We Collect Automatically.

WHEN YOU VISIT OUR SITES

When you visit our Sites or interact with our emails, we gather certain technical information from your browser or device automatically and store it in log files. In some (but not all) countries, including countries in the European Economic Area ("EEA"), UK and Switzerland, this information is considered personal information under data protection laws. To the extent that this automatically collected data includes, or is linked to, personal information, we will treat the data in accordance with this Notice.

This information we collect includes:

• Geolocation data: Such as your geolocation data when you visit our Sites and use our Products. For example, we may derive your general location using IP address.
• Identifiers and device information. Such as your device’s operating system, device identifier, customer ID and other device information, user agent string, Internet Protocol (IP) address, access times, browser type, and log data detailing your interactions with our Site (e.g., number of clicks, pages viewed, information searched for), and the website you visited before and after coming to our Site (i.e., referrer header) are logged automatically. When you submit a support ticket, we receive data from the user agent string of your browser, which includes device information, browser information, OS information, city, state, country, and IP address.
• Information collected through social media and other platforms. We receive information about you when you engage with us through various third-party platforms, for example, by joining our Slack community or Google group, liking us on Facebook, connecting on LinkedIn, GitHub, or Meetup, following us on Twitter or Instagram, registering for training through Content Raven, or sharing content from our Site on Facebook, Twitter, or LinkedIn. The data we exchange with these third-party platforms may depend upon your privacy settings with these platforms. You should review and consider adjusting your privacy settings on third-party websites and services before engaging. Do not provide us with any sensitive personal information through these platforms. We are not responsible for the data protection and use practices of these third-party platforms. Please see their privacy policies to learn how they use your information.

For more information please see the “Our Use of Cookies and Other Technologies” and “Product
telemetry data” sections below.

WHEN YOU USE OUR PRODUCTS

When you use our Products, we collect certain technical information from your browser or
device automatically. This information includes:

• Geolocation data: Depending on your device settings, we collect geolocation data when you use our Products. For example, we may derive your general location using IP address.
• Product telemetry data: Such as telemetry data and other data about your usage, including your IP Address and other unique identifiers in combination with information about the version of our software you are running and how it is configured, to collect and aggregate certain diagnostic and analytics information. We may combine this information with information you provide when you download our Products or provide to customer support, including the name of your organization or company. You can turn off the collection of telemetry data as described in the “Choices” section below and as described further in the applicable product documentation including the More Information page.
• Inferences. We infer new information about you and your company from data we collect, including using automated means to generate information about your likely preferences, your service and product needs or other characteristics. For example, we infer your city, state, and country location based on your IP address.
• Information collected through social media and other platforms. We receive information about you when you engage with us through various third-party platforms, for example, by joining our Slack community or Google group, liking us on Facebook, connecting on LinkedIn, GitHub, or Meetup, following us on Twitter or Instagram, registering for training through Content Raven, or sharing content from our Site on Facebook, Twitter, or LinkedIn. The data we exchange with these third-party platforms may depend upon your privacy settings with these platforms. You should review and consider adjusting your privacy settings on third- party websites and services before engaging. Do not provide us with any sensitive personal information through these platforms. We are not responsible for the data protection and use practices of these third-party platforms. Please see their privacy policies to learn how they use your information.

(iii) Information We Collect from Third-party Sources.

We may occasionally receive your personal information from third party sources including our affiliates, marketing and research partners, and companies such as DiscoverOrg (contact database), Hootsuite (social media management platform), Kickfire (company database), and LinkedIn.

Users of our Products may also provide your personal information when they identify you as a billing, support, or technical contact, or when inviting you to use our Products or attend our events. If you integrate or link a third-party service with our Sites or Products, we may receive personal information about you from that third-party service based upon the settings and permissions you've established with such third party service, and that third party service's privacy practices.

The types of information we collect from third parties may include contact information, demographic data, and content and communications. We use this information to maintain and improve the accuracy of the records we hold about you, identify new customers, and provide a more tailored advertising experience. We may combine this information with other information we collect about you through our Sites and Products.

When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary to provide certain Products, those Products may not be available or function correctly.

Finally, you have the option to create a Confluent Cloud account and log into such account using Google sign-in services. Google sign-in services will authenticate your identity and provide you with the option to share with us certain information, such as your full name, nickname, e-mail address and picture. Confluent receives this data from Google as part of the creation, authentication and authorization framework in connection to your Confluent Cloud account.

3. OUR USE OF COOKIES AND SIMILAR TECHNOLOGIES

Our Sites and related online services use cookies and similar technologies to enable certain functionality and help collect information about your visit. We use the following technologies, over which you have certain options: “Cookies” are small text files, typically containing a unique string of letters and numbers, stored on your hard drive by a Site. When you return to the Site using the same browser, the Site can read the cookie and thereby gather information about your usage over time. Among other things, we use cookies and other technology to see which areas and features are popular and to count visits, which helps us to improve our Site, our Products, and your experience. Most Web browsers are set to accept cookies by default. If you prefer, you can usually set your browser to remove cookies and to reject cookies. If you choose to remove reject cookies, this could affect certain features or services of our Site or other Products. For specific opt out links and to manage your preferences in relation to first and third party cookies please see our Cookie Notice.

Web Beacons. We may collect information using Web beacons. Web beacons are electronic  images that may be used on our Site, Products, or in our emails. We use Web beacons to deliver cookies, count visits, understand usage and campaign effectiveness, and to tell if an email has been opened and acted upon.

Google Analytics: We use cookies served by Google Analytics to collect limited data directly from your browser to enable us to better understand your use of the Sites and Services, including making use of the demographics and interests reports services of Google Analytics. Further information on how Google collects and uses this data can be found at https://policies.google.com/technologies/partner-sites. You can opt-out of all Google supported analytics within the Services by visiting https://tools.google.com/dlpage/gaoptout.

Analytics and Advertising. We work with third parties to provide analytics and advertising services in connection with our Sites and Products. These third parties use cookies, web beacons, or similar technologies to automatically collect some of the information described above from visitors of our Sites and Products over time and across third party Web sites and mobile applications for purposes of analytics and advertising. We use the analytics information to analyze and improve our services. Our advertising partners use the information to try to understand your interests and show you relevant advertising about products and services from and on behalf of us and others. Our third-party analytics and advertising partners may provide you with options to opt-out of certain information collection. For additional information about online interest-based advertising, our use of cookies and other similar tracking technologies, and how to opt-out of having your information used for these purposes by many of these third- parties, please see our Cookie Notice.

Telemetry data. If you prefer that we do not collect certain telemetry data, including IP Address, through ksqlDB or Health+, you can turn off the collection of this data as detailed in our More Information page. Please note that if you initiate a support request, you may be required to provide us with certain log information or other data about your systems, servers, and clients to allow us to provide such support services.

Do Not Track. There are many ways through which web browser signals and other similar mechanisms (for example, “Do Not Track”) can indicate your choice to disable tracking, and, while we and others give you choices described in this Notice, we do not currently honor these mechanisms.

4. OUR USE OF PERSONAL INFORMATION

Confluent processes personal information for the following business purposes, and if you are a resident in the EEA or UK, on the legal basis identified below:

• Providing our websites and Confluent Products: In reliance on our legitimate interest, we process your personal information to operate and administer our websites, and to provide, operate, and maintain the Confluent Products;
• Communicating with you about the Confluent Products: We may send you service, technical and other administrative or technical email, messages and other types of notifications (such as distribution and product updates and product patches and fixes) in reliance on our legitimate interests in administering the Confluent Products and providing certain features. These communications are considered part of the Confluent Products and in most cases you cannot opt- out of them. If an opt-out is available, you will find that option within the communication itself;
• Providing necessary functionality: We process your personal information in reliance on our legitimate interest to provide you with the necessary functionality required during your use of our websites and Confluent Products;
• Transactional considerations: We process your personal information to complete transactions, and send you related information, including purchase confirmations and invoices, to perform our contract with you and to the extent necessary in reliance on our legitimate interest;
• Handling contact and support requests: If you fill out a “Contact Us” web form or request support as a User, or if you contact us by other means including via a phone call, we process your personal information to perform our contract with you and/or (if we have not entered into a contract with you) to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you;
• Administering Events: We process your personal information to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, billing, registration and to connect you with other event attendees, to perform of our contract with you, or to the extent necessary for our legitimate interests in fulfilling your requests to attend any such events;
• Developing and improving our websites and services: We process your personal information to analyze trends and to track your usage of and interactions with our websites to the extent it is necessary for our legitimate interest in developing, improving and troubleshooting our websites, marketing activities and the Confluent Products and providing you with more relevant content and service offerings, or where necessary, in reliance on your consent;
• Sending marketing communications: We will process your personal information for marketing purposes in accordance with your preferences, such as to communicate with you via email, SMS or telephone about services, features, surveys, newsletters, promotions or events we think may be of interest to you and/or to provide other news or information about Confluent and/or our select partners, in each case in reliance on our legitimate interest in conducting direct marketing or where necessary with your consent. Please see the "Your Privacy Rights" section below, to learn how you can control the processing of your personal information by Confluent for marketing purposes;
• Displaying personalized advertisements and content: We process your personal information to conduct marketing research, advertise to you, provide personalized information about us on and off our websites and to provide other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interest in supporting our marketing activities or advertising the Confluent Products or, where necessary, to the extent you have provided your prior consent (please see the "Your Privacy Rights" section, below, to learn how you can control how the processing of your personal information for personalized advertising purposes);
• Promoting the security of our websites and services: To the extent necessary for our legitimate interests in promoting the safety and security of our websites and services, we use your personal information to investigate and prevent fraudulent transactions, unauthorized access to the websites, Confluent Products, and other illegal activities;
• For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products and features, enhancing, improving or modifying our products and services, identifying usage trends and expanding our business activities in reliance on our legitimate interests;
• Complying with legal obligations: We process your personal information when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal information to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our websites, the Confluent Products, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests. As a U.S. company, Confluent is prohibited under U.S. laws and regulations from engaging in business, directly or indirectly, with certain countries and persons designated by the U.S. government. To comply with such laws and regulations, including for purposes of compliance with the Office of Foreign Assets Control guidelines and sanctions program, Confluent may request additional personal information and process such additional personal information for purposes of compliance with a legal obligation to which Confluent is subject.
• Reviewing compliance with applicable usage terms: We process your personal information to review compliance with our contract with you or your organization (where applicable) to the extent that it is in our legitimate interest to ensure adherence to the relevant terms; and
• Other purposes: We will process your personal information for other purposes about which we notify you in advance, or for which we receive your consent. In general, we collect and process personal information about you, as necessary to provide the Products you use, operate our Sites and business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests as described in this Notice and in our notices to you.

5. SHARING OF PERSONAL INFORMATION

We may share or disclose your personal information to the following categories of recipients:

• Among our affiliates. We may share your personal information with our affiliates, which include companies owned by or under common ownership of Confluent such as Confluent Europe Ltd., Confluent Germany GmbH, Confluent Singapore Pte. Ltd., Confluent Australia Pty Limited, Confluent India Private Limited, Confluent France SAS, Infinitem Canada Ltd, Confluent Sweden AB, Confluent Switzerland GmBH, Confluent Czech Republic S.R.O., Confluent Israel Ltd., Confluent Japan Godo Kaisha, Confluent Malaysia Sdn. Bhd., Confluent Korea Limited, Confluent Spain, Sociedad Limitada, Confluent ME FZ-LLC and Confluent Federal, LLC, all of which will be required to use your personal information as described in this Notice.
• Partners and other similar parties. We may share your personal information with our sponsors and co-sponsors of events, whose information we believe may be relevant to you. We may also share your personal information with research and advisory firms whose reports are offered through our Sites (subject to applicable laws).
• Third-party vendors and other service providers. We may share your personal information with our third-party vendors and service providers that we use to provide services such as payment processing, reselling services, support ticket portals, secure transfer software, cloud hosting, video conference services, venues, marketing automation platforms, project management tools, registration services, learning management services, collaboration and communication tools (including surveys), data backup services, and professional services.
• Business transfers. We may share your personal information with other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business or assets by another company or third party, or in the event of a bankruptcy, dissolution, or related or similar proceedings.
• Compliance with laws. We may share your personal information as required by law or subpoena or if we reasonably believe that such action is necessary to comply with the law or the reasonable requests of law enforcement.
• Legal rights. We may share your personal information to enforce our Terms of Use or other agreements, to protect the security or integrity of our Sites and Products, or to exercise or protect the rights, property, or personal safety of Confluent, our customers, users, or others.
• Advertising partners. We may partner with third party advertising networks, exchanges and social media platforms to display advertising on our websites or to manage and service advertising on other sites and we may share personal information with them for this purpose. Please see the section above "Our Use of Cookies and Similar Tracking Technologies" for further information.

6. YOUR CHOICES ABOUT PERSONAL INFORMATION

Depending on your location, your jurisdiction, and subject to applicable law, you may have the rights below with regard to the personal information we control about you. We will respond to your requests within the appropriate timeline under applicable law.

Communications preferences. You can stop receiving promotional emails from us by clicking on the “unsubscribe link” provided in such emails or by contacting us at the contact details set forth below. In addition, you can make changes to your preferences in our Preference Center. We make every effort to promptly process all unsubscribe requests. If you opt out, we may still send you transactional communications (e.g., non-promotional emails such as emails about training and events you registered to attend and technical or security notices).

Privacy Rights (EEA residents). EEA residents are afforded certain privacy rights by relevant privacy laws, such as the General Data Protection Regulation ("GDPR")

European Data Protection Rights (EEA Residents) If the processing of personal information about you is subject to European Union data protection law, you have certain rights with respect to that data:

• You may request access to, and correction or erasure of, your personal information at anytime.
• You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
• If the processing of personal information is based on your consent, you have a right to withdraw consent at any time for future processing. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent
• You have the right to complain to a data protection authority about our collection and use of your personal information but we encourage you to first contact us with any questions or concerns. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area (“EEA“) are available at https://ec.europa.eu/justice/article-29/structure/data- protection-authorities/index_en.htm
• Confluent does not engage in any automated decision making with User personal information. You may exercise the rights above by using this form or by e-mailing us at privacy@confluent.io.

7. U.S. STATE DATA PRIVACY

If you reside in a U.S. state which has a data privacy law currently in effect (including but not limited to: California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia), please refer to the state in which you reside to learn more about additional terms and rights that may apply to you.

California

The California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), requires us to provide California consumers with some additional information regarding how we collect, use, and disclose your personal information, and the rights available to California consumers under the CCPA. The terms used in this section have the same meaning as in the CCPA.

As described in detail in Section 2 ("Personal Information We Collect") of this Notice, we may collect the following categories of information about you through the Confluent Product or when you visit our sites:

• Identifiers, such as your name and email address;
• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as your contact information;
• Device identifiers, such as your IP address;
• Internet or other network activity information, such as your browsing history or app usage;
• Geolocation data; such as your approximate location based on your IP address and other information that identifies or can be reasonably associated with your device;
• Commercial information, such as transaction data;
• Your account log-in information i.e. username and password to access your account (if you have an account with us);
• Professional or other employment related information, such as where you work and your title; and
• Financial information, such as credit card and payment data.

The sources from which we collect personal information are described in Section 2 ("Personal Information We Collect") of this Notice. The business and commercial purposes for which we collect this information are described in Section 4 ("Our Use of Personal Information") of Notice. The categories of third parties to whom we "disclose" this information for a business purpose are described in Section 5 ("Sharing of Personal Information") of this Notice

Sales and Sharing of Personal Information

Confluent does not sell personal information as the term “sell” is traditionally understood (i.e. for money). However, the CCPA defines "sale" very broadly. It includes the disclosure of a California resident's personal information in exchange for anything of value. Like many websites and apps, our Sites and related online services use cookies and similar technologies to enable certain functionality, help collect information about your visit, and, if you choose to enable such cookies, show you relevant advertising about products and services from and on behalf of us and others, as described in Section 3 ("Our Use of Cookies and Similar Tracking Technologies"). The use of such cookies which disclose or make available a California resident’s personal information (including IP addresses, cookie IDs, and mobile IDs) to third parties including advertising partners may be considered a “sale” of personal information under the CCPA (given its broad definition of "sale"), or a "share" of personal information under the CPRA amendments (which is defined as the disclosure of personal information for the purposes of cross-context behavioral advertising).

According to how the terms "sale" and "share" are defined under the CCPA, in the year before this section was last updated, we may have "sold" or "shared" the following categories of personal information to third parties: identifiers (like your IP Address) and other electronic network activity (such as browsing history). We may have "sold" or "shared" these categories of personal information to the third parties listed in Section 5 ("Sharing of Personal Information") of this Notice.

We do not knowingly sell or share personal information of California residents who are under 16 years of age.

California Privacy Rights

If you are a California resident, you may have the following rights under the CCPA, subject to certain limitations and exceptions under applicable law:

• Know and Access: You have the right to request to know and access the following information covering the 12 months preceding your request:
  • the categories of personal information we have collected about you;
  • the categories of sources from which your personal information was collected;
  • the business or commercial purposes for collecting, "selling" and/or "sharing" your personal information;
  • the categories of third parties to whom we have disclosed, "sold" or "shared" personal information about you; and
  • the specific pieces of personal information we have collected about you.

You have the right to receive your personal information in a portable and commonly used format.

• Correct: You have the right to request that we correct any of your personal information that we have collected from you that is inaccurate.
• Delete: You may have the right to request that we delete certain personal information we have collected from you.
• Opt out of the Sale and Sharing of your personal information. You have the right to request that a business not "sell" or "share" your personal information with a third party, as those terms are defined under the CCPA. As described above, Confluent uses cookies and similar technologies to make available certain personal information (including IP addresses, cookie IDs, and mobile IDs) to third party service providers and advertising partners to display personalized advertisements to you, or to provide similar advertising or analytics services to their other customers. To the extent that such practice constitutes a “sale” or “share” of personal information under the CCPA, you may opt-out of such “sale” or “share” of your Personal Information at any time by adjusting your cookie choices in the Cookie Settings link on our Site, or by visiting our Cookie Notice and following its instructions.
• Limit the use and disclosure of sensitive personal information: Although Confluent may use "personal information", as defined by the CCPA, for the purposes described in Section 4 ("Our Use of Personal Information"), including for the purpose of inferring characteristics about you, we do not use or disclose "sensitive personal information,” as defined by the CCPA, for the purpose of inferring characteristics about you, or in any way that would require a right to limit under the CCPA. As a result, we do not offer an ability to limit the use or disclosure of sensitive personal information.
• Non-Discrimination: You have the right to not be discriminated against for exercising any of your CCPA rights.

Additional U.S. States

This section applies to residents of certain U.S. states which also have an applicable data privacy law currently in effect, including but not limited to: Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia. Depending on your U.S. state of residency, you may have the following privacy rights (as and to the extent applicable):

• Know and Access: You have the right to request to know and access the personal data that we have collected about you.
• Data Portability: You have the right to obtain your personal data in a portable and readily usable format.
• Correction: You have the right to request that we correct inaccuracies in the personal data we have collected about you.
• Deletion: You have the right to request that we delete personal data provided by you or obtained about you.
• Opt-out of Data Processing for purposes of Targeted Advertising; Sales to Third Parties; and Profiling: As described in the California section above, we do not sell personal data to third parties for money, nor for the purpose of profiling in connection with decisions that produce legal or similarly significant effects. However, we do process personal data for the purpose of displaying personalized advertisements to you, if you instruct us to do so. You have the right to opt out of the processing of personal data for personalized advertising purposes at any time by adjusting your cookie choices in the Cookie Settings link on our Site or by visiting our Cookie Notice and following its instructions.
• Appeal: You have the right to appeal a refusal to take action on your request. You must ask us to reconsider our decision within 45 days after we send you our decision. We will endeavor to respond to your appeal within 60 days of such an appeal, including a written explanation of the reasons for the decision, and any action taken or not taken in response to the appeal.

Please note that the rights listed above in this Additional U.S. States section only apply to residents who are acting in an individual or household context only, and do not include residents acting in a commercial or employment context.

Making Rights Requests

If you are a resident of one of the above U.S. states and would like to exercise any of your rights described above, please submit your rights request by using this form or by e-mailing us at privacy@confluent.io. To protect the personal data that we maintain, we may verify your identity when you make a request.

Please note that the rights described above are not absolute, and where an exception under applicable law applies, we may be entitled to refuse requests in whole or in part. For example, where responding to your request involves disproportionate effort, when we are unable to verify your identity or if the rights and freedoms of another individual would be negatively affected.

In certain states (such as California), an authorized agent may submit a rights request on your behalf. We may require an authorized agent to verify their authority to submit a request on your behalf, or we may require you to verify your own identity or confirm with us that you provided the agent with permission to submit the request. We will only use the information provided for verification to confirm the requestor’s identity or authority to make the request, and for our compliance records.

We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period (up to a total of 90 days) in writing.

 

8. CALIFORNIA DISCLOSURES

California law allows California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a. request, please put “Shine the Light” in the “Request Details” portion of your request on the form above or in the subject line, if submitted by e-mail. Note that there are restrictions on the number of times you can exercise some of these rights. You may designate an authorized agent to make a request on your behalf. The agent must provide proof of your authorization. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf. We may need to verify your request before completing it. For example, we may ask you to confirm data points we already have about you. We will only use Personal Information provided in a request to verify the requestor’s identity or authority.

If you are a California resident under 18 years old and a registered user of one of the Sites, you can request that we remove content or information that you have posted to our Sites. Fulfillment of the request may not ensure complete or comprehensive removal (e.g., if the content or information has been reposted by another user). To request removal of content or information, please contact us at privacy@confluent.io.

9. HOW WE STORE AND PROTECT PERSONAL INFORMATION

Storage and processing. Your information collected through the Sites and our Products may be stored and processed in any country in which Confluent or its subsidiaries, affiliates, or service providers maintain facilities including your region, the United States, United Kingdom, European Economic Area, Canada, Singapore, India, Hong Kong, Israel, Japan, Malaysia, Singapore, South Korea, United Arab Emirates, Australia, amongst others. Our processing locations are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps designed to ensure that the data we collect under this Notice is processed according to the provisions of this Notice and applicable law wherever the data is located.

International data transfers. When we transfer personal information from the European Economic Area, the United Kingdom, or from Switzerland to the United States or other countries which have not been determined by the European Commission to have laws that provide an adequate level of data protection, we use legal mechanisms, including contracts, designed to help ensure your rights and protections. Specifically, our website servers are located in the United States and our affiliates, partners, third parties and service providers operate in the United States, United Kingdom, European Economic Area, Canada, Singapore, India, Hong Kong, Israel, Japan, Malaysia, Singapore, South Korea, United Arab Emirates, Australia, amongst others. This means when we collect your personal information, we may process it in any of these countries. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Notice. The safeguard Confluent primarily relies upon is the European Commission-approved standard contractual clauses. For more information about these mechanisms, please contact us using the contact details provided in the “How to Contact Us” section below.

Keeping your information safe. Confluent cares about the security of your information and takes reasonable and appropriate technical and organizational measures designed to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction of personal information. However, no security system is impenetrable, and we cannot guarantee the security of our systems or your information. For this reason, you should be mindful of the information you provide to us.

Lawful basis for processing personal information (EEA only). If you are located in the European Economic Area (EEA), Confluent, Inc. is as a rule the data controller of your information. For more details on the legal bases used for the processing of your personal information, please see section 4 "Our Use of Personal Information".

Our legal basis for collecting and using the personal information above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will indicate this at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences, if any, if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of a third party), we will indicate to you at the relevant time what those legitimate interests are. If you have questions about the legal basis for processing or want to find out more, please contact us using the details at the end of this Notice in the Section "How to Contact Us".

Retention. We retain personal information for as long as we have an ongoing legitimate business need to do so. For example, we retain your account information for as long as your account is active or as needed to provide you with Products you have requested or authorized, including maintaining and improving the performance of the Products and protecting system security. We also retain personal information as needed to maintain appropriate business and financial records, protect our legal interests, resolve disputes, or comply with legal or regulatory requirements. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or if this is not possible (for example, because your personal information has been stored in backup archives), then we will store your personal information using appropriate security measures and take appropriate steps designed to isolate it from any further processing until deletion is possible.

10. CHILDREN PRIVACY

Our Sites are not intended for or directed to children under the age of 14. We do not knowingly collect personal information directly from children under the age of 14 without parental consent. If we become aware that a child under the age of 14 has provided us with personal information, we will delete the information from our records.

Additionally, our Sites are not intended for or directed to the residents of Colorado, Connecticut, Delaware, Maryland, or New Jersey who are under the age of 18 years. For these states, if we become aware that anyone under the age of 18 has provided us with personal information, we will delete the information from our records.

11. CHANGES TO THIS NOTICE

Confluent may modify or update this Notice from time to time to reflect the changes in our business and practices. Please review this page periodically. If we make any changes to this Notice, we will notify you by changing the "Last Updated" date above. If we make any material changes, we will provide you with additional notice or obtain consent as may be required by applicable law.

12. HOW TO CONTACT US

If you have any questions, complaints, or concerns about how your information is handled, please email us at privacy@confluent.io.

Our main address is 899 West Evelyn, Mountain View, CA 94041, USA.

Our EU representative’s contact information is Confluent Germany GmbH c/o Osborne Clarke, Innere Kanalstraße 15, D-50823 Cologne, Germany and may also be reached at privacy@confluent.io.

Our United Kingdom representative’s contact information is Confluent Europe Ltd. - EMEA, 1 Bedford Street London WC2E 9HG and may also be reached at privacy@confluent.io.

If you would like to exercise any of your rights for yourself or on behalf of someone else, please use this form or e-mail us at privacy@confluent.io.