California Privacy Rights Statement
Effective Date: January 24, 2024
This California Privacy Rights Statement explains how we collect, use, and disclose personal information relating to California residents covered by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2021 ("CCPA") and the California Civil Code section 1798.83 (the "Shine the Light" law).
Scope
California Shine the Light Law/Your California Privacy Rights
Personal Information We Collected
Third Party Disclosures
Business Purposes for Use or Disclosure of Personal Information
No "Sale" or "Sharing" of Personal Information
Rights under the CCPA
How to Exercise Your Rights
Changes to This California Privacy Rights Statement
Scope
For purposes of this Statement, except where a different definition is noted, "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
"Elastic", "we," "us," and "our" refers to Elasticsearch, Inc., and its subsidiaries and affiliated companies. This Statement provides the following details about your Personal Information over the last 12 months:
- the categories of Personal Information we collected,
- the categories of sources from which we collected Personal Information,
- the categories of third parties to whom we disclosed Personal Information,
- the business purpose for which Personal Information may be used or disclosed,
- confirmation that there has been no “sale” or “sharing” or Personal Information; and
- a description of your rights.
This Statement supplements Elastic's General Privacy Statement posted at https://www.elastic.co/legal/privacy-statement.
Personal Information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Other information excluded from the CCPA's scope, such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
This Statement also does not cover the Personal Information we process as a CCPA "service provider" in connection with the use of our products and services as deployed by our business customers. The agreements between Elastic and each of its customers outlines our commitments as a service provider.
California Shine the Light Law/Your California Privacy Rights
California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits consumers who are California residents, to request and obtain from us once a year, free of charge, information about the categories of personal information (as defined in the Shine the Light law), if any, that we disclosed in the preceding calendar year to third parties for those third parties' direct marketing purposes. Our disclosure requirements apply only if we share our consumers' personal information with third parties for them to directly market their products to those consumers, instead of assisting us with our own business. If you are a California resident and would like to make such a request, contact us as provided in the How to Exercise Your Rights section below.
Personal Information We Collected
The categories of Personal Information that we collected depends on our relationship or interaction with you. In the past 12 months, we may have collected the following categories of Personal Information for our business purposes:
- Identifiers, such as name, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address or other similar identifiers;
- Personal information as defined in § 1798.80 of the California Customer Records statute, such as contact information and financial information;
- Characteristics of protected classifications under California or federal law, such as sex and marital status;
- Commercial information, such as transaction information and purchase history;
- Internet or network activity information, such as browsing history and interactions with our website;
- Geolocation data, such as approximate device location (derived from an IP address);
- Audio, electronic, visual and similar information, such as call and video recordings;
- Professional or employment-related information, such as work history and prior employer;
- Education information, such as student records and directory information.
Sources from Which We Collected Personal Information
We collected Personal Information from the following categories of sources:
- Directly from you or your employer. For example, during account registration, from forms you complete, or from your downloads or purchases;
- Indirectly from you. For example, from observing your actions on our website or using our products and services; and
- From third parties. For example, third party social networking providers and advertising companies, our affiliates, and service providers who provide services or information to us. If you do not want us to collect data from social networks, you should review and adjust your privacy settings on those networks as desired before linking or connecting them to our Websites.
Third Party Disclosures
We may disclose your Personal Information to the following categories of other parties for a business purpose or commercial purpose, as the CCPA defines those terms:
- Our affiliates;
- Service providers;
- Advertising technology companies, analytics companies and other third parties with whom we have business relationships;
- Government regulators;
- Our legal advisors and parties involved in a legal process;
- To an entity involved in the sale of our business; and
- Third parties to whom you or your agents authorize us to disclose your Personal Information in connection with products or services we provide to you.
In order to provide advertisements and content that are more relevant to you, our advertising providers may collect Personal Information when you use our Websites (such as the IP address of your device) and may share the information with third parties. Please see our Cookie Statement for more details.
Business Purposes for Use or Disclosure of Personal Information
In the past 12 months, we may have used or disclosed your Personal Information to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes, including the following:
- Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing, providing analytic services, or providing similar services.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Short-term, transient use where the information is not disclosed to a third party and is not used to build a profile or otherwise alter an individual consumer's experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
- Undertaking activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance our products.
- Debugging to identify and repair errors that impair existing intended functionality.
- Undertaking internal research for technological development and demonstration.
- Complying with laws and regulations and with other legal process and law enforcement requirements.
We disclose personal information to third parties that perform the preceding services on our behalf, only when such disclosure is pursuant to an agreement that is compliant with the CCPA. In certain circumstances, we may use or disclose sensitive personal information for the limited purposes permitted under CCPA and not for the purposes of inferring characteristics about you.
No "Sale" or "Sharing" of Personal Information
In the past 12 months, we have not "sold" or “shared” Personal Information as defined by the CCPA, including Personal Information of minors under the age of 16.
Personal Information is "sold" when it is disclosed to a third-party for monetary or other valuable consideration. Personal Information is “shared” when it is disclosed, transferred or otherwise made available to a third-party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
To learn about how Elastic collects, uses and discloses personal information see our General Privacy Statement.
Rights under the CCPA
If you are a California resident, you have the right to:
- 1. Receive, free of charge, the following information covering the 12 months preceding your request:
- a. the categories of Personal Information about you that we collected;
- b. the categories of sources from which the Personal Information was collected;
- c. the purpose for collecting Personal Information about you;
- d. the categories of third parties to whom we disclosed Personal Information about you and the categories of Personal Information that was disclosed (if applicable) and the purpose for disclosing the Personal Information about you; and
- e. the specific pieces of Personal Information we collected about you;
- 2. Request the deletion of Personal Information we collected from you, unless the CCPA recognizes an exception;
- 3. Request the correction of inaccurate Personal Information we maintain about you;
- 4. Not have your Personal Information Sold or Shared for purposes of cross-context behavioral advertising; and
- 5. Be free from unlawful discrimination for exercising your rights under the CCPA.
If you submit a request on behalf of another person, we may require proof of authorization and verification of identity directly from the person for whom you are submitting a request.
In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we will not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA's access or deletion rights.
We will advise you in our response if we are not able to honor your request. We will not provide social security numbers, driver's license numbers or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
We will work to process all verified requests within 45 days pursuant to the CCPA. If we need an extension for up to an additional 45 days to process your request, we will provide you with an explanation for the delay.
How to Exercise Your Rights
If you are a California resident, you may raise a request by submitting this form, calling us at +1.650.458.2620, or sending your request via postal mail to:
Elasticsearch, Inc.
Attn: Privacy Team
88 Kearny Street
Floor 19
San Francisco, CA 94108 USA
Changes to This California Privacy Rights Statement
We may change or update this Statement from time to time. When we do, we will post the revised Statement on this page with a new "Effective" date.