Last Update: October 4, 2024
This Celonis Privacy Notice (“Privacy Notice”), on behalf of Celonis SE and all subsidiaries (“Celonis”), explains how and what type of data related to you as a natural person (“Personal Data”) is collected, why it is collected and to whom it is shared or disclosed. It also contains information about your rights related to your Personal Data. Please read this Privacy Notice carefully.
This Privacy Notice applies when you:
Visit any of our websites, social media pages, or office premises,
Access or use any of our applications or platforms, such as Celonis Platform, Celonis Free Plan, Celonis Academy, Celonis Community and the Celonis Partner Hub, or make.com,
Register and/or attend any virtual or in-person events hosted or attended by us,
Your employer does business with us,
Contact our customer support or complete a webform,
Participate in our user research activities,
Otherwise interact or communicate with us.
These services are hereinafter collectively referred to as the “Services”.
For employment candidates with Celonis, the dedicated Privacy Notice for the application process can be found here.
On our websites, we also collect cookies information, for details please see our Cookies notice.
When we refer to “Celonis” (“we”, “us”) in this Privacy Notice, we mean Celonis SE (Theresienstraße 6, 80333 Munich, Germany) and/or the Celonis subsidiary that is responsible for the processing of your Personal Data (e.g. Celonis Inc).
Any request related to data privacy may be addressed to privacy@celonis.com.
We collect and process the following types of Personal Data:
Contact and business data Contact data includes, but are not limited to, last name, first name, email address, physical address, job position, phone number, country of origin and in some circumstances usernames and passwords related to the product.
Communication and interaction data Communication data refers to the data resulting from your interaction with us, e.g., emails, chat messages, webinars visited, files downloaded, user research activities and product interest information. We may also collect registration information related to your attendance at one of our events, including travel information, scheduling information, food preferences or allergies, and accessibility requests. When attending an event, Celonis and its agents may photograph and record the event and activities related to the event in visual and audio media. For property under Celonis responsibility, we may process video surveillance (CCTV) information.
Application-related usage data We may automatically gather and analyze information on how and whether specific features of our Services are used, such as details about which of our applications and versions are being used, user interactions with the Services (including searches and other actions taken by users), pages and files viewed, online trainings attended, types of data sources queried, types of visualizations built, system configuration information, number of steps in a workflow, the type(s) of operations used and the queries submitted, as well as hardware properties such as CPU type and amount of RAM, logfile data, and date and time stamps associated with use of the Services.
Device and browser data When you visit one of our websites or applications, data from your computer or mobile device may be collected, such as device type, location, information about the browser type and version, the operating system and version, the internet service provider or mobile carrier, the IP Address (or proxy server) as well as geographic areas derived from your IP address, time and date of access, duration of access, referring URL (if any), and identifiers that help us to recognize your device and validate that you are a licensed user.
You provide Personal Data directly to us by accessing one of our websites or applications, attending one of our events, registering and/or using one of the Services, and participating in activities with us (e.g. user research). We may also obtain Personal Data from your employer in the context of providing the Services or obtain information about you from third party sources, such as public databases, websites, resellers and distributors, marketing or business partners, security and fraud detection firms and social media platforms.
We may process your Personal Data for one or more of the following purposes:
Provide the requested Services To provide the requested Services and to make sure that we fulfill contractual obligations with you or your organization. This includes but is not limited to resolving technical issues you encounter, responding to your requests for assistance, providing training related to our Services and responding to any request you may send us through our website, email or any other way.
Improve and enhanced our Services To improve our operations, systems, products, processes in order to enhance your experience, we need to understand your preferences, analyze aggregated, anonymized or statistical usage data and crash information as well as conduct surveys with regards to our Services.
Enable security and compliance To maintain the security and compliance of our Services with the objective to protect against, investigate and deter fraudulent, unauthorized, or illegal activity and to avoid and detect attacks on our applications or misuse of our Services. To ensure appropriate security of our office premises and comply with any legal and regulatory obligations.
Perform sales, marketing and events related activities To communicate news about upcoming events, products, services and for direct advertising. To inform you about our Services. To manage your registration to our events and to make visual and audio media related to the event available to you. Other legitimate business purposes Such as to conduct customer surveys, collect and assess feedback, determine the effectiveness of our marketing campaigns, and to evaluate and improve our customer relationships. 6. On which legal basis do we process your Personal Data?
We process your Personal Data only where one of the following applies:
We need to process your Personal Data to perform our contractual responsibilities or requested Services,
We have a legitimate interest to process your Personal Data (which is not overridden by your rights),
You have given consent to process your Personal Data,
We need to process your Personal Data to comply with a legal or regulatory obligation.
Depending on the purpose and the necessity, we may disclose your Personal Data to the following categories of recipients:
To any subsidiaries of Celonis SE (i.e. internal transfer within our organization),
To third parties who entered into a written agreement with us. Examples include vendors and service providers who provide assistance with marketing, billing, processing credit card payments, data analysis, fraud prevention, network and information security, technical support and customer service,
To our auditors, attorneys or other advisors under professional obligations of confidentiality in connection with corporate functions,
When you sign up to one of our events and we ask third parties to host, sponsor or present, including webinars and trainings, we may forward your contact data to the respective third party who may use it to provide access to the event or to contact you for related marketing purposes,
To government, law enforcement and regulatory bodies to meet applicable legal or regulatory obligations.
A list of applicable recipients can be provided upon request.
If you are a EU, UK or Swiss resident, your Personal Data may be transferred outside of the European Economic Area (EEA), UK or Switzerland. We are liable for onward transfers to third parties and we take the necessary steps to ensure that the transfer of your Personal Data outside of the EEA, UK or Switzerland receives an adequate level of protection.
Celonis complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Celonis has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Celonis has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
When permitted and in compliance with applicable laws and regulations, Your Personal Data will be deleted upon your request or as soon as it is no longer serving the purpose for which it has been collected. If regulations require longer storage of your Personal Data, or if we need your Personal Data to assert legal claims or defend against legal claims, we will store your Personal Data until the expiration of the corresponding storage period or until the settlement of the claims.
To protect your Personal Data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical and organizational security measures.
As permitted by, and in compliance with, applicable laws and regulations, we provide you with the following rights:
Request access, update, correction, or deletion of your Personal Data,
Withdraw your consent at any time for future processing (i.e., our marketing emails permit you to opt-out of receiving further communications by selecting the “unsubscribe” link),
Request to restrict the processing or object to the processing of your Personal Data,
Have your Personal Data transmitted to other recipients, if technically feasible,
File a complaint with us and/or with a relevant data protection authority,
Not to be discriminated for exercising your rights,
As we may be subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) you have the possibility, under certain circumstances, to invoke binding arbitration.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Celonis commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
Additional rights may be applicable to you based on local laws and regulations.
You may exercise your rights by contacting us at privacy@celonis.com
Celonis use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy , including the Limited Use requirements.
We regularly review this Privacy Notice. This Privacy Notice was last updated on October 4, 2024.