SPLUNK PRIVACY POLICY

Updated: December 2020

This Privacy Policy explains how Splunk Inc. and its affiliates ("Splunk") collect, use, and disclose information you provide to us or which we otherwise collect in providing products or services to you (“Information”), including “Personal Data” by which we mean information that allows us to determine your identity when you engage with us.

This Privacy Policy applies to splunk.com and to other websites Splunk operates and that are linked to it. From time to time, Splunk acquires companies who may operate under their own privacy policies. You will continue to be presented with those companies’ privacy policies on their websites until the integration with Splunk is complete and those websites are linked to this Privacy Policy.

The use of our products and services, including those available through other Splunk websites that link to this Privacy Policy (collectively, “Offerings”), are subject to the terms of the applicable customer agreement. The use of our website is subject to the Splunk Website Terms and Conditions of Use. The terms of this Privacy Policy are incorporated into and form part of those agreements.

Data Collection
Interactions
What We Collect via Your Interactions
How We Use Information Collected from Interactions
Opting Out Of Marketing Emails
Offerings
What We Collect via Our Offerings and How We Use It
Other Collection Practices
Data Collection Practices Associated with Apps
How Splunk Shares Your Information
How We Secure Your Information
Splunk Also Observes the Following Practices
Lawful Basis for Transferring Your Data
Supplemental Terms and Conditions for Certain Regions
Links to Other Parties
Updates to This Privacy Policy
Contact Splunk
Links to Related Agreements, Policies, and Information

 

Data Collection

There are two primary ways in which Splunk collects Information from you: through Interactions and through Offerings as set forth below.

Interactions

When you interact online or offline with Splunk, we may receive your Information, including your Personal Data. For example, we receive your Information when you:

  • Visit Splunk’s websites or offices
  • Download materials through our websites
  • Provide or update account information through our websites
  • Register or attend Splunk-hosted or sponsored events (such as promotional events, webcasts, contests, or hackathons)
  • Participate in community programs
  • Communicate with us including by emails, phone, texts, and online chats
  • Provide testimonials

We collect Information about you from other sources such as public databases, joint marketing partners, social media platforms, conference/event hosts, and partners when you interact with them. 

We refer collectively to these contacts as “Interactions” and we explain below how we use the Information we collect through them.

What We Collect via Your Interactions

We (or others acting on our behalf) may collect your Information, including your Personal Data, through the Interactions described more fully below. The Personal Data we collect includes such things as:

  • Name
  • Email address
  • Physical address, including country
  • Employer
  • Title / position
  • Payment details
  • Phone number
  • User name / user ID
  • IP address
  • MAC address (or other device identifiers automatically assigned to your device when you access the internet)
  • Photographs (for example, when visiting our offices or attending an event)
  • Videos (for example, when you consent to provide a product testimonial)

We collect Personal Data in various ways, such as when you manually key in your Personal Data to our website forms or provide it to us or others from whom we receive marketing leads. From time to time, we offer virtual private networks (VPNs) for attendees at Splunk events or visitors to our offices. If you access a Splunk-provided VPN, we may collect Personal Data from you, such as IP and MAC addresses, when we monitor the VPNs for security or performance.

IP addresses are also collected on an automated basis through your use of the website services using cookies, web beacons, and like technologies. We may infer your location from your IP address. For more on the use of cookies and like technologies, see the Splunk Cookie Policy.

When you make purchases through our website, we use third-party payment processors to collect credit card or other financial information. Splunk does not store the credit card information you provide, only confirmation that payment was made.

How We Use Information Collected from Interactions

Splunk uses the Information it collects from your Interactions to deliver services to you in accordance with our terms, to fulfill our legal obligations, or to conduct necessary business activities (sometimes called “legitimate interests”), as described below. We take seriously the need to balance our legitimate interests with your privacy rights and summarize for you here how we use your Information, including Personal Data.

We use your Information to:

  • Fulfill your orders or respond to your requests for information
    For example, to satisfy your requests for website materials such as marketing collateral or white papers, we collect and use your name and email address.

  • Operate, enhance, and personalize your experience on our website
    We collect Information via cookies and like technologies as set forth in the Splunk Cookie Policy to fulfill our legitimate interest in operating our website, making it easy to navigate, enriching the available content and offering information tailored to your interests. In doing so, we may receive your location information, which you can stop at any time by configuring the location setting permissions in your device.

  • Issue you Splunk accounts for access to online communities and forums (including blogs)
    When you join our online communities and forums, including blogs (collectively, “online forums”), we collect your Personal Data so you can participate. The guidelines associated with those online forums recommend not sharing private or proprietary information on them, as many aspects of them are public. If you choose to submit content to online forums, such content will be considered “public” and will not be subject to the privacy protections set forth in this Privacy Policy.

  • Send you administrative information
    We may need to notify you (or we may choose to inform you) when we make updates to our terms or policies or make changes to our website services. We will use your name and email address to send administrative notices to you, which due to their nature are treated differently from marketing communications from which you can opt out.

  • Manage your Splunk account
    In order to perform the services under the contract between you and Splunk, we need to collect certain Information from you such as your contact and payment details. Without this Information, we may not be able to deliver the services or comply with our legal obligations.

  • Send you marketing communications
    Where we have your consent to do so (if required), we will provide you with product announcements, educational materials, announcements about special offers, or information about upcoming or ongoing online/offline events, such as SplunkLive! or .conf and related offers. In accordance with applicable law, we give you the choice to opt out of receiving these communications.

  • Invite you to participate on customer advisory boards or in surveys, studies, and assessments of Offerings
    We use your Personal Data to register you to participate on advisory boards (such as our Customer Advisory Board or Product Advisory Council) or to request feedback from you about Splunk Offerings. We use your feedback to fulfill our legitimate interest in improving our Offerings and growing our business. Your participation is voluntary and subject to the terms of your agreements with us and this Privacy Policy.

  • Diagnose and fix technical issues, monitor for security, and otherwise protect our property
    We do this to satisfy our legitimate interest in assessing actual or potential threats to our facilities, attendees at Splunk-sponsored events, our IT systems and networks, and website services. We may process your Personal Data, in particular your IP address, for this purpose.

  • To comply with any applicable law, regulation, legal process, or governmental request, or to protect our legal rights or those of others
  • For any other purpose disclosed to you in connection with our website services from time to time

If we process your Personal Data for a purpose other than that set out above, we will provide you with information about such processing, and if required, obtain your consent.

 

Opting Out of Marketing Emails

If you no longer want to receive marketing emails from Splunk on a go-forward basis, please submit your request through our data request portal. Alternatively, you may use the "unsubscribe" feature in our email messages.

Offerings

We also collect Information, including Personal Data, when providing our Offerings. We may ask you for this Information directly, or in some cases, we may collect it when certain features are enabled. For example, we collect Information from you when you (or someone you work with):

  • Trial or order any of our Offerings
  • Interact with Splunk online or offline, including when you request support services
  • Use our Offerings to process information in the cloud

What We Collect via Our Offerings and How We Use It

We collect and process different types of product data (described below) when you deploy our Offerings in order to fulfill our legal obligations to you and operate our business. We work hard to help ensure a balance between our legitimate interests and your privacy rights.

  • License Usage Data is Information that allows us to identify your account entitlements, such as license consumption, capacity, or type in our systems through an assigned license ID. We use this information to validate accounts and automate license verification.

  • Usage Data is Information about your operating environment, user/product interactions, and sessions. This includes information such as your network and systems architecture, OS and product versions, page loads and views, searches by number and type, errors, number of active and licensed users, source types and format (e.g., json, xml, and csv), web browser, http referrer page, and app workflows.

    We use Usage Data to fulfill our legal obligations in providing the Offerings to you and to fulfill our legitimate interest in supporting and enhancing them. For example, we may use this data to:

    • Troubleshoot issues, provide support, and update our Offerings
    • Provide guidance to help you optimize your usage of our Offerings
    • Better understand how our users configure our Offerings
    • Determine which configurations or practices optimize performance (e.g., best practices)
    • Benchmark key performance indicators (“KPIs”)
    • Recommend enhancements
    • Perform data analysis and audits
    • Identify, understand, and anticipate performance issues and the factors that affect them
    • Identify product security issues that may affect you
    • Improve and develop new features and functionality
    • Monitor the health, performance, and security of our Offerings

    We hash or otherwise pseudonymize identifiable information connected to user activity for data analytics purposes.

    In our paid on-premises products, you can set your level of participation. For more details on what we collect and your participation options, see Splunk's Documentation (Share Performance Data).

  • Support Usage Data includes License Usage and/or Usage Data as part of a customized support program that offers you accelerated troubleshooting, notices of patches/upgrades, tips to optimize performance, and suggestions about other Offerings that may be of interest to you. The data is customer-identifiable so that we can help personalize your experience. From time to time, we may also use the Information to analyze usage trends, such as by data type, environment size, scale and architecture, and industry or sector, to develop and prioritize product enhancements (e.g., bug fixes or new features). On-premises customers can opt out at any time. However, this Information is essential for the operation of our cloud Offerings.

  • Mobile Device Data is Information we collect in certain Splunk Offerings (“Apps” as discussed below) that associates your mobile device with an identifier for your App to help us improve the user experience and personalize your services and content. We may also receive information that your mobile device sends when you use our Apps, such as a device identifier or OS. Depending on your configuration of Splunk’s Offerings, location information about you (or your end users) may be shared with Splunk; however, you can disable location sharing using the location-setting features on your mobile device.

Certain Splunk Offerings rely on automated methods of processing, such as artificial intelligence, which are a set of technologies and processes that allow computers to learn, reason, and assist in decision making. These technologies may consume Usage Data or other data you input into the Offering that may be associated with you. The use of data in connection with such Offerings is set forth in the relevant terms.

For more information about the data collected through our Offerings, see Offering-specific Documentation (e.g., Share Performance Data for Splunk Enterprise).

Other Collection Practices

We also collect Personal Data from you to fulfill our contractual commitments to you. For example, we collect contact information such as name, address (email and physical) and phone number to enter you into our customer databases and manage your account. We also collect billing and payment information and information about your Offerings, such as browser type, version number and OS, to administer your account, respond to customer service/support inquiries, and provide you with information about software updates via alerts or other “push” notifications.

We may share this Information with our affiliates, vendors and partners who help us service your account and with whom we have written agreements protecting the confidentiality, privacy, and security of your Information. We do not sell this Information.

Data Collection Practices Associated with Apps

The Splunk Offerings are extendible using software applications commonly called “apps,” “add-ons,” “widgets,” or “technical add-ons” that we offer through splunkbase.splunk.com or other websites that link to this Privacy Policy. We refer to these collectively as “Apps.” These Apps are versatile and have access to a broad set of web technologies that can be used to collect and use your Information. This Privacy Policy only applies to Apps built by or on behalf of Splunk. It does not apply to Apps developed by others (“App Developers”) and available through splunkbase.splunk.com, third-party marketplaces (e.g., AWS Marketplace and Google Play Store), or interoperable with Splunk Offerings.

Splunk requires App Developers to comply with applicable privacy and data protection laws but cannot guarantee that they do so.  Before you use Apps created by App Developers, you should familiarize yourself with their privacy policies and license agreements.

Splunk collects data generated from the use and performance of Apps that interoperate with Splunk Offerings, such as crash information, version, session duration, and user engagement (e.g., number of downloads, active/licensed users, and log-ins). We may share this information with App Developers so they can improve and enhance the performance of their Apps.

How Splunk Shares Your Information

Splunk may disclose your Information to others in the following ways:

  • Affiliates. We may disclose Information to our affiliates subject to this Privacy Policy in order for them to help market, sell, and service our Offerings. Splunk is the party responsible for the management of jointly-used Personal Data. Splunk maintains intragroup agreements with its affiliates covering the use of Personal Data within the Splunk family of companies.

  • Service Providers. We may disclose Information to our service providers (e.g., infrastructure as a service, order fulfillment, professional/customer/support services), pursuant to written agreements with confidentiality, privacy, and security obligations. Splunk maintains a list of its sub-processors who process Personal Data as part of the Offerings, which Splunk updates as needed.

  • App Developers. We may disclose Information about App use and performance with App Developers so that they can improve and enhance the performance of their Apps. App Developers will be identified to you when you deploy and use their Apps pursuant to their license terms, including their privacy policies.

  • Partners and Sponsors. We may disclose contact and account Information to our partners and event sponsors (identified at time of registration or event participation) pursuant to written agreements with confidentiality, privacy and security obligations.  They may use the Information to assess your interest in Splunk Offerings, conduct user research and surveys, or send you marketing communications, subject to the terms of their privacy policies.  We may also share Support Usage Data with partners when they manage your Offering for you. 

  • Compliance and Safety. We may disclose Information as necessary or appropriate under applicable laws (including laws outside your country of residence) to: comply with legal process or requirements; respond to requests from public or government authorities (including those outside your country of residence); enforce our terms and conditions; and protect our operations, rights and safety, and that of you and others, as needed.

  • Merger, Sale, etc. We may disclose Information in the event of a proposed or actual corporate or financing transaction, such as a reorganization, merger, sale, joint venture, assignment, transfer, or disposition of all or any portion of Splunk business, assets, or stock (including Information regarding any bankruptcy or similar proceedings).

  • Other Users. We may disclose Information to other users of the service in aggregated format, provided it does not include Personal Data. This may include “best practices” tips, KPIs, benchmark data or other such aggregated information useful to the user community. For select Offerings, we may share Information you provide, such as security artifacts that may contain Personal Data (e.g., IP address) with other subscribers, but only if required as part of the Offering, as set forth in the relevant terms.

How We Secure Your Information

Splunk takes reasonable technical and organizational measures to safeguard Personal Data against loss, theft, and unauthorized access, disclosure, alteration, misuse, or destruction.  Unfortunately, no data transmission, software, or storage system can be guaranteed to be 100% secure.  If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of an account has been compromised), please notify us immediately in accordance with the Contact Splunk section below.  If Splunk learns of a breach of its systems, Splunk may notify you or others consistent with applicable law and/or as agreed in our contract with you. Splunk may communicate with you electronically regarding privacy and security issues affecting Information collected through your Interactions or use of our Offerings.

Splunk Also Observes the Following Practices

Retention Period. We retain your Information for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by applicable law. Information you store in Splunk cloud environments is portable by you at the end of the term of your agreement with Splunk. We retain your contract information for the duration of your agreement with us and thereafter as required or permitted by law. We keep a record of your data requests, including your requests to opt out of marketing communications, in order to honor them in the future. See the Splunk Data Retention Policy for additional details.

Use of Splunk Offerings by Minors. The Splunk Offerings are not directed to individuals 16 and under or those not of the age of majority in your jurisdiction, and we request that these individuals, or others on their behalf, not provide us with their Personal Data.

Lawful Basis for Transferring Your Data

While Splunk acknowledges the invalidation of the EU-U.S. Privacy Shield Framework by the European Court of Justice in July 2020, and the invalidation of the Swiss-U.S. Privacy Shield Framework by the Swiss Federal Data Protection and Information Commission in September 2020, Splunk continues to comply with these Frameworks regarding the collection, use, and retention of Personal Data transferred from the European Economic Area, the United Kingdom, and/or Switzerland, as applicable, to the United States. Splunk has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (“Principles”). If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles will govern. To learn more about the Privacy Shield program, please visit privacyshield.gov where you may view Splunk’s certifications

Cross-border Transfers. Your Personal Data may be stored and processed in any country where Splunk, its affiliates, or third-party service providers conduct business or hosts events. These locations may be outside of your country of residence, including in the United States, and therefore, different data protection laws may apply globally. When we transfer Personal Data, we implement safeguards to help ensure an adequate level of data protection exists for the transfer, such as standard contractual clauses. We put also in place appropriate terms to protect your Personal Data in our agreements with our service providers.

Supplemental Terms and Conditions for Certain Regions

Europe

If you are in the European Union or the United Kingdom, you have the right to: request access to and correction of your Personal Data; restrict or object to the processing of your Personal Data; and request your Personal Data be deleted or “forgotten” (technically erased). If you would like to exercise these rights, please submit your request through our data requests portal or call us at 1(855) 775-8657. We will comply as soon as reasonably practicable consistent with applicable law. Please describe the nature of your request and the Personal Data at issue, and we will comply as soon as reasonably practicable consistent with applicable law. We will verify your identity before we comply with your request, and therefore, ask for your cooperation with our identity verification process.

If we process your Personal Data based on your consent, you may withdraw your consent at any time.  We will let you know if we are seeking to rely on your consent at the time of collection.  

In Europe, Splunk Services UK Limited is responsible for the management of Personal Data used for completing orders as described above in Other Collection Practices.

California (Effective January 01, 2020)

If you are a California resident, California law provides you with specific rights regarding your personal information, including (i) the right to request that we disclose certain information to you about its collection and use over the past 12 months, and (ii) the right to request that we delete your personal information, subject to certain exceptions.  For purposes of California law, personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household.

If you or a designated third-party agent would like to exercise these rights, please submit the request through our data requests portal, and we will comply as soon as reasonably practicable consistent with applicable law. We will verify your identity, and the identity of any third-party agent acting on your behalf, before we comply with the request, and therefore, ask for your cooperation with our identity verification process.

Please note that we are only required to respond to two such requests per individual each year.  You also have the right not to be discriminated against if you exercise any of your rights under California privacy law.

Over the past 12 months, we may have collected the following categories of personal information from California residents:

This information is collected and used for the purposes disclosed in this Privacy Policy. We have not sold personal information of California residents in the 12 months immediately preceding the posting of this updated Privacy Policy. We may have disclosed any of the above categories of personal information pursuant to an individual’s consent or under a written contract with a service provider for a business purpose in the 12 months immediately preceding the posting of this updated Privacy Policy.

Links to Other Parties

Our Offerings may contain links to, or facilitate access to, other websites or online services.  This Privacy Policy does not address, and Splunk is not responsible for, the privacy, information, or practices of other parties, including without limitation any App Developer, social media platform provider, wireless service provider, or device manufacturer.  The inclusion of a link within the Offerings does not imply endorsement of the linked site or service by Splunk or its affiliates.  Splunk encourages you to review the privacy policies and learn about the privacy practices of those companies whose websites you choose to visit or apps you choose to use.  We list below links to resources about many of the other parties with whom we interact as described in this Privacy Policy: 

Updates to this Privacy Policy

We may change this Privacy Policy from time to time and will post our updates here. We will also communicate any material changes of the Privacy Policy to you.

Contact Splunk

If you have any questions or comments about this Privacy Policy or Splunk’s privacy practices, you can contact us at any time at dpo@splunk.com or by mail as provided below:

Splunk Inc.
Attention: Legal Dept.
San Francisco, CA
Headquarters

Splunk UK
Attention: Legal Dept.
London Paddington
United Kingdom office

Splunk Germany
Attention: Legal Dept.
Munich
Germany office


If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority

 

Links to Related Agreements, Policies, and Information

Splunk Cookie Policy
Splunk Website Terms and Conditions of Use
Splunk Privacy Shield Notice
Splunk General Terms
Phantom Terms of Service
Splunk Protects