Privacy policy

Last Update: September 2018

Website data protection statement and information for data subjects pursuant to Article 13 and Article 14 of the EU General Data Protection Regulation.

This Celonis Privacy Policy (โ€œPrivacy Policyโ€) describes how we collect, use, protect, and discloses information and information associated with a natural person (โ€œPersonal Dataโ€) , and what choices you have with respect to the Personal Data. This Privacy Policy Applies when you install our software, access or use any of our websites, or other digital properties and when you otherwise interact with us, including when you attend events hosted or attended by Celonis and when you contact us for customer support (collectively, the โ€œServicesโ€).

When we refer to โ€œCelonisโ€, we mean the Celonis entity that acts as the controller or processor of your information, as explained in more detail in the โ€œIdentifying the Data Controller and Processorโ€ section below.

We may change this Privacy Policy at any time or substitute this Privacy Policy at our sole discretion. You should check regularly for the most up-to-date version of this Privacy Policy whenever you access the Services.

1. General data processing information

Data Collected:

The Personal Data that we collect directly from you may include the following: if you express an interest in obtaining additional information about our services, request customer support, use our any or similar features, register to use our websites, sign up for an event or webinar, or download certain content, we generally require you to provide us with your contact information, such as your name, job title, company name, address, phone number, email address, or username and password; if you use and interact with our websites, we automatically collect log files and other information about your device and your usage of our websites through cookies, web beacons or similar technologies, such as IP-addresses or other identifiers, which may qualify as Personal Data (view section 2&3 below). Any processing of your personal data that goes beyond the scope of the statutory permission is only possible on the basis of your express consent.

Processing Purprose:

We process Personal Data for the purpose of providing the Services to customers. To fulfill these purposes, we may access data to provide the Services, to prevent or address service or technical problems, to respond to customer support matters, to follow the instructions of our customer who submitted the data, or in response to contractual requirements with our customers. Personal Data will be used by Celonis in accordance with your instructions, for contract execution and as further described section 2 & 3 below.

Who we share data with:

We use a limited number of third party providers to assist us in providing the Services to our customers, as further described in section 2&3. As of the date hereof, these third party providers perform technical operations such as database monitoring, data storage and hosting services and customer support software tools. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only. Further we share data with the following categories:

โ€ข Public authorities in the event of priority legislation.

โ€ข External service providers or other contractors.

โ€ข Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.

If we receive Personal Data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.

Transfers of data:

Celonis may transfer your Personal Data to countries other than the one in which you live. Therefore, your Personal Data may be processed outside the EEA, and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection in the EEA. In this event, we will ensure that such recipient offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers. To comply with European Union and Swiss data protection laws, Celonis, Inc. (โ€œCelonis USโ€) self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, as further described below.

Duration of data storage:

The duration of data storage depends on the statutory storage requirements and is usually 10 years.

2. How we use, process, and disclose your information on the website

Use of a newsletter When registering for our newsletter, you provide us with your email address and, where applicable, other contact information. We use these data solely for the purpose of sending you the newsletter. We retain the data that you disclose in your newsletter application until you cancel your subscription to our newsletter. You can unsubscribe at any time via the link in the newsletter intended for this purpose, or by sending us the appropriate notification. By unsubscribing, you revoke the use of your email address.

My.Celonis When registering for the my.celonis space through our website, you will provide us with your email address, name and other related contact information. We use this data to open and manage your account and related permissions on the my.celonis space. You can delete your account on the my.celonis space at any time by providing us with an appropriate notification. We will delete your my.celonis account including any of your data stored in the account upon receipt of such notification.

We also use your email address, which we receive in connection with the sale of a product or service, and in relation to your registration on my.celonis, exclusively for direct advertising in the form of our newsletter for products or services that we sell that are similar to the ones you ordered, and for user questionnaires, provided that you have not objected to having your email used in this way. You may object to the use of your email address at any time without incurring any costs other than the transmission costs according to the basic rates. Your objection (and thus the cancellation of our newsletter) can be communicated by sending the appropriate message to our email address (see the Legal Notice).

Use of Google Analytics This website uses Google Analytics, a web analytics service provided by Google Inc. (โ€œGoogleโ€). Google Analytics uses so-called โ€œcookies,โ€ text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the US and stored there. However, in the event IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states to the Treaty on the European Economic Area. The full IP address will be transmitted to a Google server in the USA and shortened there only on an exceptional basis. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services to website operators relating to website activity and Internet usage. Google will not associate the IP address transmitted under Google Analytics by your browser with other data held by Google. You may prevent the storage of cookies by selecting the appropriate settings on your browser software; however, we should inform you in this case that you might not be able to enjoy all of the functionality of this website to its full extent. You may additionally prevent the recording of the data (including your IP address) to Google that is generated by the cookie and that pertains to your use of the website, or the processing of these data, by downloading and installing the following browser plug-in available through the following link: https://tools.google.com/dlpage/gaoptout?hl=en. In view of the discussion about the use of analytics tools with full IP addresses, we would like to point out that this website uses Google Analytics with the extension โ€œ_anonymizeIp()โ€ which means that IP addresses are used only in a shortened form in order to prevent any direct correlation to specific persons. For browsers on mobile devices, please click this link to, in future, prevent anonymous tracking by Google Analytics and to activate a so-called โ€œopt-out cookieโ€ for your browser.

Google AdWords Conversion Tracking This website uses Google AdWords Conversion Tracking, a web analytics service provided by Google Inc. (โ€œGoogleโ€). Google AdWords Conversion Tracking also uses โ€œcookiesโ€ stored on your computer that allow analysis of your use of the website. The information generated by the cookie about your use of this website is transmitted to a Google server in the US and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or in so far as third parties process this data on behalf of Google. Google will in no case connect the data with other data from Google. You can generally prevent the use of cookies by prohibiting the storage of cookies in your browser.

Facebook Our online presence uses the โ€œFacebook Pixelโ€ developed by Facebook, Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). This feature makes it possible to track the behavior of users who have clicked on a Facebook ad and been directed to the website of the provider in question. The effectiveness of Facebook ads can then be assessed for statistical and market research purposes, which in turn can help optimize future advertising measures. The data we obtain through this process is anonymous, meaning it gives us no means of tracing the identity of any user. This information is stored and processed by Facebook on servers in Princeville, Oregon (USA), in order to facilitate a connection to each userโ€™s profile. Facebook can then use the data for its own advertising purposes in line with its data usage guidelines (https://www.facebook.com/about/privacy/). As a result, Facebook and its partners can insert ads both on and outside of Facebook. A cookie may also be stored on your computer for these purposes. In your browserโ€™s settings, you can allow or deny cookies as a general rule. Please note, however, that doing so may prevent you from enjoying the full functionality of this website.

Salesforce Pardot Our website uses Pardot Services, an analysis tool of salesforce.com, Inc., The Landmark @ One Market Street, San Francisco, CA 94105, USA. Pardot Services only set a maximum of three (3) cookies which are stored on your computer and enable analysis of your website usage (โ€œVisitor Cookieโ€, โ€œOpt-In Cookieโ€ and โ€œPardot App Session Cookieโ€). The Visitor Cookie generates an identification number which serves to re-identify the website visitor. The identification number is a numeric code which has no meaning outside Pardot Services. The Opt-in Cookie ensures that visitors who have opted for the โ€œdo not trackโ€ option are not applied with a Visitor Cookie. The Pardot App Session Cookie is only placed if a customer is logging onto the Pardot App as a user. All cookies only contain the generated numeric code, personal data are not collected. If you would like to avoid tracking by Pardot, you can ensure this by adjusting your browser settings or through a respective extension of your browser. Data collected though the Pardot Services are not used to identify individuals. None of the identification numbers are matched against other personal information.

Use of cookies:

Celonis uses โ€œcookiesโ€ and similar technologies to increase user-friendliness (โ€œcookiesโ€ are text files sent by the web server to the userโ€™s browser and stored there for later retrieval). You can prevent the use of โ€œcookiesโ€ in general if you set your browser to disallow the storage of โ€œcookies.โ€

3. How we use, process, and disclose your information on specific activities

Specific information about the application process

Affected data:

Application information

Processing Purpose:

Implementation of application process

Categories of recipients:

Public authorities in the event of priority legislation.

External service providers or other contractors.

Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.

Third-country transfers:

As part of contractual execution, processors could also be used outside the European Union.

Duration of data storage:

Application data will generally be deleted within four months after communication of the decision, unless consent has been given for a longer period of data storage.

Specific information for the processing of customer data/prospective partiesโ€™ data

Affected data:

Data communicated for contract execution; if necessary, additional data for processing on the basis of your express consent.

Processing Purpose:

Contract execution.

Categories of recipients:

Public authorities in the event of priority legislation.

External service providers or other contractors.

Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.

Third-country transfers:

As part of contractual execution, processors could also be used outside the European Union.

Duration of data storage:

The duration of data storage depends on the statutory storage requirements and is usually 10 years.

Specific information on the processing of employee data

Affected data:

Data communicated for contract execution; if necessary, additional data for processing on the basis of your express consent.

Processing Purpose:

Contract execution.

Categories of recipients:

Public authorities in the event of priority legislation.

External service providers or other contractors.

Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.

Third-country transfers:

As part of contractual execution, processors could also be used outside the European Union.

Duration of data storage:

The duration of data storage depends on the statutory storage requirements and is usually 10 years.

Specific information for the processing of supplier data

Affected data:

Data communicated for contract execution; if necessary, additional data for processing on the basis of your express consent.

Processing Purpose:

Contract execution.

Categories of recipients:

Public authorities in the event of priority legislation.

External service providers or other contractors.

Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.

Third-country transfers:

As part of contractual execution, processors could also be used outside the European Union.

Duration of data storage:

The duration of data storage depends on the statutory storage requirements and is usually 10 years.

4. EU-U.S. and Swiss-U.S. Privacy Shield Notice

Celonis, Inc. has certified with and complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Celonis US has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, Celonis commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Celonis at: cfo@celonis.com, Attn: CFO Organization

Celonis has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and to Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Celonis is subject to the investigatory and enforcement powers of the FTC. If Celonis shares EU Data with a third-party service provider that processes the data solely on Celonisโ€™s behalf, then Celonis may be held liable for that third partyโ€™s processing of EU Data in violation of the Principles, unless Celonis can prove that it is not responsible for the event giving rise to the damage.

Requirement to Disclose. We may disclose personal data when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.

5. Identifying the Data Controller and DPO

Depending on your location, the Celonis entity described below is the controller of your Personal Data and responsible for the collection, processing and disclosure of your Personal Data as described in this Privacy Policy. Please note for all activity and related information collected on the celonis website, Celonis SE is the processor of Personal Data.

Controller for all website activities and for all other activities hereunder if you are located outside North America:

Celonis SE

TheresienstraรŸe. 6

80333 Munich, Germany

Legal representative: Mr. Bastian Nominacher, Mr. Alexander Rinke

Contact details for data protection officer: Dr. Sebastian Kraska, skraska@ittr.de

Controller for all other activities if you are located in North America:

Celonis, Inc.

114 W 41st, 16th Floor

New York, NY, 10036, USA

Attn: CFO Organization

cfo@celonis.com

6. Your rights

According to the General Data Protection Regulation 2016/679 of the European parliament and of the council of 27 April 2016 (the โ€œRegulationโ€), you have โ€“ at any time โ€“ a right of access, correction, deletion, to restrict processing, to object to processing, as well as the right to define guidelines related to the fate of your Data after your death.

You also have the right to receive Data which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller under conditions and in accordance with the Regulation.

You may exercise your rights by contacting us in writing, with a proof of your identity, at the address provided at: https://www.celonis.com/legal/. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to the lead supervisory authority.

Cookies Opt-out

You can opt out of cookie usage by clicking the following button.

You have opted out of cookie -usage.

If cookies were previously enabled, please refresh your browser window to delete them.

Get Started with Intelligent Business Cloud

Dear visitor, you're using an outdated browser. Parts of this website will not work correctly. For a better experience, update or change your browser.