Talend Product Privacy Notice

How Talend manages privacy in its products

Talend realizes that privacy is a significant priority for customers and users of our offerings. Talend takes our privacy obligations seriously and adheres to data privacy laws, including by implementing both security-by-design and privacy-by-design practices in our products, as well as our development processes. We believe in communicating in an open, transparent manner about the ways in which user data is collected and used, in particular any personal data relating to an identifiable person (“Personal Data”), and respecting customers’ and users’ choice and control over their Personal Data.

1. Scope of this Notice
2. Talend Product Deployment Options
3. Cloud Deployment of Talend Products
4. Hybrid-Cloud Deployments
5. Client-Managed Deployments
6. Sharing of download/usage/consumption data
7. Talend as a Data Processor on behalf of customers
8. Privacy compliance at Talend & other information

1. Scope of this Notice

This Talend Product Privacy Notice (the "Notice") addresses how Personal Data is processed by Talend SAS and its affiliates (“Talend”, “we” or “us”) within the Talend product portfolio. Specifically, this Notice:

A. informs users of our products about Personal Data collection and use from their use of our products, in Talend’s capacity as Data Controller (as defined under applicable privacy laws, such as the EU GDPR);

B. provides information useful for customer’s privacy related choices, e.g., Cloud Product regions; and

C. describes, in general terms, Talend’s role as a Data Processor (as defined under applicable privacy laws, such as the EU GDPR) where we may process customer data on a customer’s behalf (“Content Data”). This Content Data may include, if the customer chooses to include in it, Personal Data. If your organization has a written agreement with Talend governing Talend’s processing of Content Data containing Personal Data, such as the Qlik/TalendData Processing Addendum, then that agreement applies with regard to its subject matter.

For privacy information relating to Talend’s other activities, such as our websites, please see the Talend Privacy & Cookie Notice. For privacy information relating to Qlik’s products, please see the Qlik Product Privacy Notice.

2. Talend Product Deployment Options

Customers may choose to deploy Talend's products on-premise (a "Client-Managed Deployment"), on customer's cloud provider of choice (a “Hybrid-Cloud Deployment"), or by utilizing a cloud hosted solution provided and managed by Talend, including Stitch (“Cloud-Deployment” or “Cloud Services”). Some Talend products may be deployed as a Client-Managed Deployment and on Talend Cloud. Further information regarding deployment options for Talend products can be found at help.talend and Talend Community. For Confirmation of how your Talend is deployed, you should contact your organization's system administrator / IT department .

3. Cloud-Deployment of Talend Products

A. What user Personal Data is processed by Talend when a user uses Cloud Services?

i. Personal Data: Talend is the Data Controller of user Personal Data collected and processed by us to administer, maintain, and improve our products and services. When using Cloud-Deployed Talend products (including Stitch), user data processed may include (i) licence/tenantactivation and consumption data, (ii) authentication data such as usernames and passwords (e.g., when using Talend Account), however less data, such as merely a token (depending on how your organization has configured their IdP, which may or not contain your name), is received by Talend when the customer uses their own IdP, (iii) technical data from interacting with Cloud Services, such as IP address, (iv) usage data such as frequency of log-in, feature usage, usage per day, etc. and (v) contact data, such as work email and phone number for example when a user is invited into a tenant. Such data may be provided directly by you, or by others within your organization (e.g., when a colleague uses your work email to invite you into a tenant). Such data may be Personal Data where it is associated with or contains your name or other identifiers.

ii. Uses of Personal Data: Talend processes Personal Data described above for the uses set out below.

(a) Operate Talend Cloud Services: We may process your Personal Data to ensure the availability and quality of Talend Cloud Services (e.g., authentication) and to monitor consumption (e.g., licences) for customer consumption management purposes. We do this to carry out our contract with you/your organization under the applicable terms.

(b) Talend Services: We may process your Personal Data to provide you with Talend services, such as Support and/or Consulting services. We do this to carry out our contract with you/your organization under the applicable terms.

(c) Customer success & adoption: We may process your Personal Data for customer success purposes to assist customers and users in improving their use of Talend Cloud Services, for example by making tailored suggestions and delivering insights to customers/users based on their interaction with our offerings. We may also use this data to enhance conversations with existing customers by providing Talend account teams with greater context and background regarding how customers deploy and use our offerings. We do this to carry out our contract with you/your organization under the applicable terms and for our legitimate business interests in ensuring customers improve/maximize their use of our offerings.

(d) Communication: We may process your Personal Data to contact you, such as in relation to errors, or if you complete a feedback form in the product and ask to be contacted by us. We process Personal Data for this purpose for our legitimate interest in reviewing your submission and to fulfil/respond to your request.

(e) Improve our offerings: We may process your Personal Data to analyze use of our products and services (e.g., reviewing trends and which features are popular) to improve these. We do this for our legitimate interest in improving our offerings.

(f) Security & compliance: We may process user Personal Data for our legitimate interests in ensuring the security of our offerings, for example to monitor for suspicious activity, and for compliance purposes, such as to review compliance with the applicable usage terms (e.g., validate licensed user numbers) and to comply with our legal obligations (e.g., regarding restricted/denied party lists).

While certain uses of Personal Data may require it to be individualized (e.g., for authentication), Personal Data identifiers are typically removed by Talend where the data is used for other purposes (e.g., when using statistical data to analyze usage trends to improve our offerings).

B. When is Talend a Data Processor of customer Content Data within Talend Cloud Services?

Subject to our Data Processing Addendum, Talend would be a Data Processor of any Personal Data within Content Data of a customer while it resides within Talend Cloud Services. For further information, please see Section 7 below.

C. Where are Talend’s Cloud Service offerings hosted?

Customers can choose at the time of tenant creation the region of their tenant, and consequently, where their Content Data will reside in our Cloud Service offerings.

Talend Cloud currently has four (4) regions: Germany, Japan, Australia and two in the United States (one utilizing AWS infrastructure, one utilizing MS Azure Infrastructure).  Backups of our Talend Cloud are stored in-region in the US, EU and APAC.

Stitch currently has (2) two regions: United States and Germany. Backups for Stitch are stored in-region in the US and EU.

D. Can I choose to keep my Talend Cloud Service Content Data in my region (e.g., can EU customers ensure their Content Data does not leave the EU)?

When you create a new Talend Cloud Service tenant, you can select any of the available regions to store your Content Data (e.g., apps), such as the EU. Customers maintain control over and are responsible for the access to and disclosure of their Content Data, through permissions and access granting. Please note that certain Content Data may be visible to users within your organization that you have chosen to grant heightened access to (i.e., admins). For further information, please see help.talend and Talend Community resources regarding permissions/roles. While Cloud Service customer Content Data is hosted in the selected region, Content Data will leave your region if you:

i. share/transmit your Content Data with users outside your region, e.g., invite into your tenant a colleague in a different region; and/or

ii. invite into your tenant or otherwise share/transmit your Content Data with Talend team members to perform Talend services, such as Talend Support or Consulting. For further information, please see Section 7 below.

For queries relating to international transfers of customer Content Data, Please see our Data Privacy Framework Policy.

4. Hybrid-Cloud Deployments

A. What customer Content Data is sent to Talend by virtue of a customer using a Hybrid-Cloud Deployment?

For cloud customers with hybrid or remote engine configurations, all Talend products will reside on customer’s infrastructure except for the Talend Management Console (TMC), which will reside on Talend’s infrastructure. For Hybrid-Cloud deployments, all customer Content Data will remain within the customer-managed environments and systems. The hybrid configuration for Talend products is further described here.

B. What user Personal Data is processed by Talend when a user uses Talend’s Hybrid-Cloud Deployment?

Talend will collect user personal data from products deployed in Hybrid-Cloud. For more information on what information is collected, see Section 3.A (What user Personal Data is processed by Talend when a user uses Cloud Services?) above.

5. Client-Managed Deployments

What data is sent to Talend by virtue of a customer using a Client-Managed Deployment?

A. License Activation:

When a Client-Managed Deployment is implemented for Talend products, it may be activated using a License Enabler File (LEF). A license document provided with purchase needs to be locally registered. The LEF identifies technical details, such as software, hardware, and network restrictions, and the name of the licensed organization unit. Talend products may be activated using a Talend Installer or by manually installing the Talend products. More information on how to activate a Client-Managed Deployment of a Talend product can be found here. As part of the activation process, the user is required to provide information such as license key number, email, owner organization, owner (activator) name, and in the case of Talend Data Catalog, the MAC address, to Talend via the applicable Client-Managed Deployment for verification and forensic purposes. This information, together with other product-specific non-Personal Data (e.g., product version, user agent, machine name) is transmitted from the Client-Managed Deployment to Talend at the time of initial activation and on such future occasions when the product needs to download an updated LEF file (e.g., when additional purchased user licenses are activated).  Talend may also receive basic Personal Data (e.g., username, work email, IP address) of the user.

Talend processes licence data to (i) deliver our offerings and manage our relationship and contract(s) with our customers (e.g., licence forensics, quantification and audit), (ii) provide Talend services (if relevant), and (iii) for customer success purposes to assist customers and users in improving their use of our products. Our lawful bases for processing this information are to carry out our contract with you/your organization under applicable terms and for our legitimate interests in managing access to and improving our offerings and customers’ use of these.

B. Authentication: Authentication is a process that happens on a per-user basis, once per usage session. Once logged in, the user does not have to authenticate again until the session that tracks the user has timed out or the user chooses to actively log out. The purpose of this authentication process is to verify the identity of the user for governance purposes. Authentication differs from authorization; authentication determines whether a user can access the Client-Managed Deployment at all, whereas authorization determines what the user, once authenticated, can see or do (as determined by the customer’s system administrator (“Admin User”)). Talend does not receive this data for Client-Managed Deployments.

C. Usage Data: For Talend products deployed as a Client-Managed Deployment, Talend may periodically collect system data about your installation ("Installation Data") and user metrics ("Usage Data") using Talend’s Usage Data Collector within Talend Studio and Talend Administration Console. Talend Usage Data Collector receives non-Personal Data (e.g., operating system data, license type, type and number of CPUs, projects, and active users) identifiable on a customer (i.e., company name) level but is generally anonymized on an individual (user) level and is analyzed on a macro, statistical (deidentified) basis only. Talend Usage Data Collector is turned on by default. For more information on how each user can modify Usage Data Collector preferences, please see here. In case of internet connection loss, tracked events are saved locally and resent when the user later regains connectivity.

Talend uses Installation Data and Usage Data for analytics purposes so we may better understand the technical environments in which our software is installed and the behavior of users in our products so that we may optimize, support and improve our offerings. We process any Personal Data within Installation Data and Usage Data for our legitimate interest in improving our offerings.

D. Talend Log Files & Support data

i. What are Log Files?

Client-Managed Deployments collect operational data, consisting largely of non-personal statistical, demographic and usage data generated by the Talend product, in log files ("Log Files") that can later be used for auditing, monitoring and troubleshooting. These Log Files may include metadata such as user IDs, which could contain basic Personal Data. For Talend Data products, while the content of the Log Files varies significantly depending on customer-specified logging configurations, it often includes information of servers, network addresses, databases, tables and similar technical data. When the highest level of logging is enabled for Talend products, the Log Files may contain fragments of the data processed by the products, including Personal Data.

ii. Are Log Files sent to Talend?

Typically, no. Log Files are saved locally within the customer Client-Managed Deployment. However, a customer can send Log Files and other data to Talend to assist with troubleshooting/support issues. Any data sent to Talend Support is processed only to resolve the support issue, is kept securely and is subject to our access and data retention policies. We recommend that our customers treat Log Files and any other data content sent to Talend for troubleshooting/support issues in accordance with IT best practices pertaining to security and access permissions. For further information on Talend’s role as a Data Processor on behalf of customers for Support Content Data, please see Section 7 below.

Most Talend product Log Files when provided to Talend do not contain any Personal Data; they typically contain technical data such as server and network information. In line with data minimization best practices, customers should review any Log Files or similar transmissions before sending to Talend to remove any Personal Data content. In the event that Talend receives Personal Data content within Log Files for user number verification, we process this data pursuant to our contract with you/your organization under the applicable terms and for our legitimate interest in auditing licence numbers. Client-Managed Deployments may be configured via administrative settings to adjust what data is captured in their Log Files. Documentation on Log Files by product type is available on help.talend and Talend Community.

6. Sharing of download/usage/consumption data

For all deployment methods, Talend may share with your organization/employer your usage/consumption (e.g., licence activation, data amount) and download (e.g., patch) data relating to Talend offerings in order to assist your organization in managing its Talend offerings. Talend may also share such information with our affiliates to perform our services and/or operate our products, as well as with third party service providers in order to operate our business. Finally, where your organization has purchased our offerings through a Talend partner, we may share such data with that relevant partner to manage our relationships with your organization, the relevant partner, and to aid the direct relationship between your organization and the relevant partner. For further information sharing of Personal Data, please see the Talend Privacy & Cookie Notice.

7. Talend as a Data Processor on behalf of customers

The information below describes when Talend is a data processor on behalf of our customers. If your organization is a party to the Qlik Customer Agreement,this incorporates our Qlik/Talend Data Processing Addendum, which, subject to its terms and receipt by Talend, enables your organization to provide Talend with Personal Data within your Content Data to process on your organization’s behalf, both for Talend Cloud and/or Talend services, such as Support or Consulting.

A. Talend Cloud:

i. Talend Cloud Content Data: Talend is the Data Processor of Personal Data within customers’ Content Data while it resides in Talend Cloud Services, subject to our written agreements. Talend Cloud Services are a no-view service, with customer Content Data, and any Personal Data within it (and access to it) decided and controlled by the customer. For further information please see your agreement with Talend.

iii. Talend Cloud Service Content Data Access and Use by Talend: For Talend Cloud Service offerings customers and their users control who has access to their Content Data shared through their personal spaces and tenant, which may be controlled via the customer’s identity provider (e.g., IdP). Under our policies and controls and subject to our legal obligations, Talend team members do not access a customer's Content Data in their Talend Cloud Service tenant unless (a) the customer/user actively shares it with someone at Talend by invitation into the tenant (e.g., for Consulting or Support services), or (b) the customer/users removes such Content Data from Talend Cloud Service and otherwise sends it to Talend (e.g., in a Support ticket on Talend Community). Only a specific, limited group of Talend employees can access individual user Talend Cloud Service Content Data to troubleshoot, following an explicit invitation by the customer, and only under strict controls.

iv. Data Retention of Content Data: Users may at any time during their subscription delete their Content Data. Once deleted by the user, all information hosted by Talend in that application is deleted, with back-ups deleted after a period of time in line with our internal data retention rules. For dormant Content Data (i.e., applications within accounts that have been inactive for over 12 months), Talend may delete such Content Data. Likewise, Talend Cloud Service accounts that are inactive for more than 12 months may be deactivated by Talend.

B. Hybrid-Cloud Deployments

Customers may use a hybrid configuration of Talend Cloud to stream and/or transform Content Data from on-premise or in a Client-Managed Deployment to Talend Cloud or another 3rd party cloud destination of the customer's choosing. Such Content Data may be transferred and/or transformed to make it analytics-ready and usable with Talend's offerings. Content Data streaming via Talend Hybrid-Cloud Deployments is configured and triggered by the customer. Talend will only host the Content Data (and be a Data Processor of any Personal Data within it) transferred or otherwise processed by Talend Hybrid Cloud if (a) the destination chosen by the customer is Talend Cloud Services, or (b) where the customer configures Talend products to temporarily route the Content Data via Talend Cloud Services (and only while it is within Talend Cloud Services). Further information regarding Talend Cloud Data Integration is available here.

C. Client-Managed Deployments

Talend is not typically a Data Processor for customers of Client-Managed Deployments. This is because any Content Data a customer chooses to put into or create in the Talend Client-Managed Deployment stays on the customer's system(s). Talend does not host, access or otherwise process this Content Data; therefore, the customer, and not Talend, is the Data Controller (and the Data Processor, where relevant) of this Content Data in data protection law terms. It is therefore not typically necessary for customers to enter into a data processing agreement with Talend for Client-Managed Deployments, unless the customer wishes to share with Talend for Talend Services (see 7(D) below) Content Data containing Personal Data elements.

D. Talend Services

When Talend provides Support or Consulting services to a customer, customers may choose to share Content Data (from Talend Cloud Services or a Client-Managed Deployment) with Talend, which may contain Personal Data. Such sharing, and whether the Content Data contains any Personal Data, is at the discretion and control of the customer. Personal Data aspects within Content Data, in particular for Talend Support, should be anonymized or minimized by the customer as per privacy law data anonymization / minimization best-practice prior to sharing with Talend, for example before upload to the support portal on Talend Community.

Please note that Content Data provided to Talend for support or consulting services may leave the customer’s region. This is because, while Talend Support is generally provided in-region to customers, Talend’s Support model is 24 / 7 / 365 (“follow-the-sun”) in order to provide continuous support to our customers. As such, Support tickets may be dealt with by Talend team members outside the customer’s region and Support Content Data may be stored/accessible outside of the customer’s region. For Talend Consulting, while our Consulting team members tend to primarily service customers in the same region, again to best serve our customers, we may rely on Consulting resources and systems outside of the customer’s region.

Talend uses third party subprocessors in relation to Talend Cloud Services and Talend Support and Consulting Services. You can find a list of Talend’s subprocessors here. Talend’s responsibilities relating to subprocessors are set out in our terms with your organization.