This Website Privacy Policy (“Privacy Policy”) applies to Appian Corporation Inc and/or the relevant Appian affiliate (“Appian “we” or “us”). This Privacy Policy applies to personal data Appian handles as a Controller (meaning where Appian controls how and why your personal data is processed). This may occur as follows, (together referred to as the “Activities”):
This Privacy Policy does not apply to the extent we process Personal Data in the role of a Processor for Appian customers. In that instance, we may process Personal Data solely for the purpose of making our Cloud Offering available and providing support and maintenance on our Cloud Offering or on-premise offering. The categories of personal data processed will generally not be known to Appian as it will be dependent on the customer’s use case of the Appian product. Further information on the processing of personal data in this context is available in a customer’s agreement with Appian.
Personal Data means any information capable of identifying an individual. It does not include anonymized data.
We may process the following categories of Personal Data about you in the following situations:
Situations | Categories of Personal Data |
When you fill in a form on our Websites, such as the “Contact Us” form, or download a whitepaper, or subscribe to a newsletter | Your name, job title, company, email address and phone number, and any other information you chose to share. |
When you attend an online or in person event | Your name, job title, company, email address and phone number, and any associations, skills, professional profiles, images and product interests you share with us. |
When you register with Appian Community and/or Appian Forum | Your name, job title, company, email address and credentials, and any associations, skills, professional profiles, images and product interests you share with us. |
When you interact with our Websites | Information about your device and your usage of our Websites through log files and other technologies, some of which may qualify as Personal Data (including Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Websites. For more information on cookies, please see our cookie preferences page. We do not honour Do Not Track signals at this time. |
When you visit our offices | Your name, job title, company, email address and phone number, CCTV images and any other information you chose to share. |
We do not intentionally collect any Sensitive Data about you for the purposes of the Activities described in this Policy. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. If you volunteer such information to us on Appian Community or Appian Forum, it may be available to others publicly viewing Appian Community or Appian Forum, and we will handle such Sensitive Data the same way we handle all unstructured user-provided data in Appian Community and Appian Forum.
We collect data from publicly available sources and/or third parties, including from parties from whom we collect or purchase personal data, or social media features on our Websites. We may combine this information with Personal Data you yourself have provided. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Websites may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie preferences page.
We or a company with who we share information as stated in Section 4 below, may use the Personal Data that you provide to us to:
Purpose | Legal Basis |
Making available, improving and securing our Websites | Our legitimate interests in providing content and information to our customers and others regarding our products in an effective and secure manner. |
Collecting information on event attendance and registrations, and webinars | Performance of a contract or your explicit consent. |
Registration for Appian Community and Forum | Providing you with access to the Appian Community and Appian Forum services, legitimate interests in protecting or confidential information and intellectual property. |
Visitor registration | Legitimate interests in protecting our staff, our premises and our confidential information. |
Sending communications | Our legitimate interests in conducting direct marketing activities, or where you have explicitly consented to receive such communications. See below how you can opt out of such communications. |
Administration of the provision of our services, including shared Appian group systems | Performance of our contract with you or our legitimate interests in providing and administering our services. |
Managing payments and related internal administration | Performance of a contract. |
Administering surveys, seeking feedback or conducting other types of research | Where necessary, consent, or our legitimate interests in conducting research for the stated goal. |
Financial reporting or as otherwise necessary to meet our legal obligations | Legitimate interests in meeting our legal obligations, to protect against and prevent fraud, claims, and other liabilities. |
We do not carry out automated decision making or any type of automated profiling on information collected through our Websites.
We may have to share your Personal Data with, for example:
Other companies in our group who provide services to us.
Service providers who provide IT, system administration and other centralized services.
Service providers who provide marketing, research, events planning and hosting, and data enrichment.
Professional advisers including lawyers, bankers, auditors and insurers.
Government bodies that require us to report processing activities, or as otherwise required by law or to respond to legal processes.
Our partners, for the purposes of enabling our partners to contact you about our services. You can find more information about the partners that we work with here.
We require all third parties to whom we transfer your data to respect the security of your Personal Data and to treat it in accordance with the law. We only allow such third parties to process your Personal Data for specified purposes and in accordance with our instructions. You can ask our partners to stop sending you communications at any time by sending a message through our Privacy Portal and selecting “Other” (https://portals.appian.com/privacy).
We share your Personal Data within our group of companies or service providers which involves transferring your data outside the European Economic Area (EEA).
We are subject to the provisions of the General Data Protection Regulation that protects your Personal Data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your Personal Data. As such:
We may transfer your Personal Data to countries that the European Commission have approved as providing an adequate level of protection for Personal Data by; or
We may transfer your Personal Data to affiliates or service providers who are established outside of the EEA, using Standard Contractual Clauses or certification mechanisms approved by the European Commission which give Personal Data the same protection it has in Europe.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We have put in place security measures to prevent your Personal Data from being accidentally lost, used, altered, disclosed, or accessed without authorization. We also allow access to your Personal Data only to those who have a business need to know such data. They will only process your Personal Data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach if we are legally required to.
We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorized use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
8.1 Under the data protection laws which apply to you, you may have certain rights in relation to your Personal Data. Depending on which laws apply to you these may include the right to:
Request access to your personal data
Request correction of inaccuracies in your personal data
Erasure or deletion of your personal data
Restriction of our processing of your personal data
Transfer of your personal data to another controller, to the extent that this is possible
Object to the processing of your personal data
Understand which categories of your personal data are , to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
If you wish to exercise any of the rights set out above, please submit a request through our Privacy Portal (https://home.appianportals.com/privacy).
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the relevant supervisory authority for data protection issues in your country of residence. We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you. Please also see section 9 below.
You can ask us or third parties to stop sending you marketing messages at any time by clicking here, by following the opt-out links on any marketing message sent to you or by sending us a message through our Privacy Portal (https://home.appianportals.com/privacy) at any time.
If you opt out of receiving marketing communications this opt-out does not apply to Personal Data provided as a result of other transactions, such as purchases.
The California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”) grant residents of California certain privacy protections as “consumers”, unless a statutory exception applies. You have a number of consumer rights, including the right to access or delete Personal Data collected by a business, the right to have that data corrected, the right to know of and opt out of automated decision making, and to opt-out of sharing your Personal Data for targeted advertising purposes. The categories of data we collect are set out in Section 2 above.
You also have the right to opt out of a “sale” of your Personal Data. Whilst the CCPA defines “sale” in very broad terms that encompass many commonly occurring data sharing arrangements, transfers to service providers are not considered “sales” as defined under the CCPA. Appian does not sell Personal Data. As set out above we do share some Personal Data with service providers, for the purposes set out above, including targeted advertising..
To submit a request to exercise any of your rights under the CCPA or CPRA access and/or delete your Personal Data if you are a resident of California, please submit a request through our Privacy Portal and select ‘other”. (https://portals.appian.com/privacy).
For the purposes of the processing envisaged in this Policy, with regards to personal data transferred the the United States from the European Union, Switzerland, or the UK, Appian is a participant in and adheres to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). Appian has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles with respect to such processing activities.
If there is any conflict between the terms in this notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/.
The Federal Trade Commission has jurisdiction over Appian’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Appian commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
EU, UK and Swiss individuals also have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Appian’s compliance with the Data Privacy Framework Principles, which have not been resolved by any of the other Data Privacy Framework mechanisms. You can find additional information here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2
As explained above Appian sometimes provides personal information to third parties to perform services on our behalf. If we transfer personal information received under the Data Privacy Framework to a third party, the third party's access, use, and disclosure of the personal information must also be in compliance with our Data Privacy Framework obligations, and we will remain liable under the Data Privacy Framework for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.
For the purposes of the GDPR, Appian is the data controller and we are responsible for your Personal Data.
The addresses and contact details of our offices where Appian and its affiliates are located can be found here. You can contact a member of our privacy team at privacy@appian.com.
It is very important that the information we hold about you is accurate and up-to-date. Please let us know if at any time your Personal Data changes by submitting a request through our Privacy Portal (https://portals.appian.com/privacy).
You should be aware that our websites are not intended for, or designed to attract, individuals under the age of 18. We do not collect personally identifiable information from any person we actually know is an individual under the age of 18.
As a convenience to our visitors, our Websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit, as the Policies and procedures we described here do not apply to those sites.
We may also make chat rooms, forums, message boards, and news groups available to you. Please understand that any information you disclose in such areas becomes public information. We have no control over its use and encourage you to exercise caution when deciding what information to share. These sites and message boards, chat rooms and forums are not intended for, or designed to attract, individuals under the age of 18.
This Policy may be updated from time to time to reflect changing legal, regulatory or operational requirements. We encourage you to periodically review this page for the latest information on our privacy practices. If there are any material changes to this Policy, you will be notified by our posting of a prominent notice on the Websites prior to the change becoming effective.
Published: November 15th 2023