Last Revised: March 27, 2019
- What does Split do?
- What personal information does Split collect and why?
- Who does Split share my personal information with?
- Legal basis for processing personal information (EEA visitors only)
- How does Split keep my personal information secure?
- International data transfers
- Privacy Shield notice
- Data retention
- Your data protection rights
- How to contact us
What does Split do?
Split is the leading platform for feature experimentation, empowering businesses of all sizes to make smarter product decisions. The Split platform is a unified solution for continuous delivery and full-stack experimentation. Split unifies DevOps and product management, helping agile engineering and product teams accelerate the pace of product delivery and make data-driven decisions, through our robust feature flagging and extensive experimentation capabilities. With Split, organizations can now accelerate time to value, mitigate risk, and drive better outcomes, all in a unified platform.
For more information about Split, please see the “About Us” section of our Website at https://www.split.io/company/.
What personal information does Split collect and why?
The personal information that we may collect about you broadly falls into the following categories:
Information that you provide voluntarily
Account, Profile and Contact Information. Certain parts of our Website may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details in order to register an account with us, to subscribe to marketing communications from us, and/or to submit enquiries to us. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
Information that we collect automatically
When you visit our Website, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.
Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.
Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.
We collect analytics information when you use our Website and services to help us improve our products. In the services, this analytics information consists of the feature and functions being used, the associated organization and domain name, the username and IP address of the individual who is using the feature or function, and additional information required to detail the operation of the function and which parts of the services are being affected. The analytics information we collect may include personal information or business information that the user has chosen to upload, submit, post, create, transmit, store or display in the Split service.
Analytics information also consists of data we collect as a result of running queries against our user base for the purposes of generating Usage Data. “Usage Data” is aggregated data about a group or category of services, features or users that does not contain personal information.
Cookies and Other Tracking Technologies
Information that we obtain from other sources
Information from third party services
From time to time, we may receive personal information about you from third party sources (e.g. sales and marketing database and data enrichment platforms), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
The types of information we collect from third parties include account and/or contact information and we use the information we receive from these third parties to, including but not limited to, market and sell to you, and/or maintain and improve the accuracy of the records we hold about you, etc.
Information that our customers provide
Our customers can send to us data about their users. Split’s service allows our customers to submit details about their end-users to enrich their experiences through our platform. Our customers have a responsibility to understand the data they send to us and to take the appropriate disclosures, precautions, and responsibilities regarding the content of the service data they provide to us. We utilize this data for no purpose except to deliver the functionality that the Split platform provides to our customers.
Who does Split share my personal information with?
We may disclose your personal information to the following categories of recipients:
Services providers and partners
Competent law enforcement body, regulatory, government agency, court or other third party
We will disclose where is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
To any other person with your consent to the disclosure.
Split does not sell personal data to any third parties.
Legal basis for processing personal information (EEA visitors only)
If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
How does Split keep my personal information secure?
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Additional information regarding splits security practices can be found at www.split.io/trust.
Split takes security very seriously, and if you have reason to believe that your data or someone else’s data is no longer secure, please contact firstname.lastname@example.org.
In the event of a security breach, we will take take necessary measures to ensure the continued safety of data and contact affected parties and relevant regulators within a reasonable amount of time about the scope and scale of the unauthorized disclosure, as required by applicable laws.
International data transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
Specifically, our Website servers are located in the United States and our third party service providers and partners operate around the world but with our data stored in the United States.
Privacy Shield notice
Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, we are responsible for the processing of personal information we receive from the EU, the United Kingdom and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal information from the European Union, the United Kingdom and Switzerland, including the onward transfer of liability provisions.
You can direct any questions or complaints about the use of disclosure of your personal information to us at email@example.com. We will investigate and resolve any complaints or disputes regarding the use of personal information within forty-five (45) days of receiving your complaint.
We encourage you to contact us as provided above should you have a Privacy Shield-related (or general privacy-related) complaint. However if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact JAMS, a U.S. based independent third-party dispute resolution body that will assist you free of charge. A binding arbitration option may also be available to you in order to resolve complaints not resolved by other means. You can file a claim on their website (https://www.jamsadr.com/eu-us-privacy-shield).
Under certain conditions, more fully described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted as per Annex I of Privacy Shield, https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
With respect to personal information received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory and enforcement powers of the US Federal Trade Commission (“FTC”). In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Your data protection rights
You have the following data protection rights:
Access, correct update or request deletion
If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
Object to processing, restrict processing, or request portability
In addition, if you are a resident of the European Union, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to contact us” heading below.
Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Right to complain
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area are available here.)
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
How to contact us
If you have any questions or concerns about our use of your personal information, please contact firstname.lastname@example.org.