Last Updated on March 14, 2022

 

Puppet Privacy Policy

Puppet, Inc. and its affiliates (collectively referred to here as “we,” “our,” or “Puppet”) created this Privacy Policy to explain how we collect, use, and share information through our website and other interactions and set out the rights individuals have to control the use of their information.  For more detail on the roles the different Puppet companies perform, please see below for more details.

Who does this policy apply to?

This policy applies to:

  • visitors to users of our website at www.puppet.com, or other Puppet websites (together “the Site”)
  • people who register for or attend our exams or events
  • individuals who sign up through the Site or otherwise to receive newsletters and other marketing or sales updates about Puppet and our products and services
  • individuals who choose to take part in contests, surveys and other promotions which may take place through the Site or otherwise
  • individuals who take part in our online community available through the Site
  • individuals who purchase or inquire about our products and services through the Site, by telephone or otherwise
  • in respect of our use of certain usage data for analytics purposes, users of our services or on-premises software products We call all these people “customers” in our policy. 

Important note for European and UK users and customers: Please note that information covered by this Privacy Policy will be hosted and stored in the USA, which does not have similar data protection laws to the EU or UK.

While our Site or other materials may include links or references to non-Puppet websites, materials or entities, this Privacy Policy does not apply to those non-Puppet sites, materials or entities unless otherwise indicated.

Information Collection and Use

We may collect personal data from customers both online and offline. Online, we may collect information through our Site, an affiliated site (such as a promotional microsite linked to our site), a Puppet page on a community website (such as Facebook, LinkedIn, Twitter, or the like) or through similar online avenues. In many cases, such information will be collected directly from you, such as through a transaction or inquiry (including via a telephone call) or your submission of a form, registration or communication to us. Information may also be gathered from our affiliates and from third-party sources including without limitation:

  1. Trade shows – when you attend a trade show which we also attend and you visit our booth or stall, you may scan your badge or in some other way leave your details with us and we will follow up with you by email or phone call in relation to our products and services. The trade show organizer may on occasion provide us with your name and contact information in accordance with the disclosures they make to you and we will follow up by email or phone call in relation to our products and services.
  2. Partner hosted webinars – when you attend a webinar which we sponsor or participate in, the organizer may provide us with your name and contact information in accordance with the disclosures they make to you.
  3. Third party platforms like Slack, and Google (via Google Groups), and Meet Up – when you choose to participate in groups we or our providers run on these platforms, we can view through the platforms who you are and may contact you in relation to our products and services.
  4. Event partners – when you attend an event which we sponsor the organizer may provide us with your name and contact information in accordance with the disclosures they make to you and we will follow up by email or phone call in relation to our products and services.
  5. Where permitted under applicable law, we may obtain your details through providers of prospect data.
  6. Our digital agency places ads for us on third party websites and through the use of cookies served by those platforms on the Site, we can tell us which of our users has interacted with those advertisements.

We may combine data collected from these disparate sources. Please see below for more details.

As you use our website, some information can be “passively” collected using various technologies, such as cookies, web beacons and navigational data collection (clickstream, log files, server logs). Your Internet browser automatically transmits some of this information, such as the URL of the website you just visited and the Internet Protocol (IP) address and browser version currently being used by your computer. Additionally, we utilize widgets on our website so that you can either share information with third party social media sites or connect to your social media account. By associating your social media account with this site or by interacting with them, we may be given access to certain information about the content you viewed on that site, subject to the access permissions you grant on that third party site and to the separate privacy settings and privacy policy of that site. Any such information provided to us by social media sites will be subject to our privacy policy. Such technologies help us to keep track of your interactions with our website and provide you with a more customized experience. We also engage with digital advertising partners to advertise our products and services to you on social media platforms and other websites, and they may share some information regarding your use of the Site with platforms in the digital advertising ecosystem. Please see our Cookie Policy below for more details.

We use personal data about customers for a wide range of purposes. We use it to respond to your requests (including requests for newsletter subscriptions, materials, pricing and so on); to provide products or services that you have ordered; to process your order transactions and contact you regarding your order; to invite and help you participate in a range of online and offline events and activities; to allow you to post information and other content online; to improve our products, services and websites; to follow up with you after you have communicated with us or submitted information to us; to send promotional or marketing communications or offers (unless you have requested that we not send such communications or, where the law requires consent, you have not given consent); for research and legal purposes and other purposes (including, without limitation, call center or training session recordings made for quality and standards assurance purposes); to permit you to participate in and to otherwise administer competitions, promotions and contests; to allow you to communicate with other customers (for example, you may ask or answer questions with other customers on Puppet-related channels on other platforms like Slack and Google Cloud Messaging); to address your interests and concerns; and as otherwise specified in this Privacy Policy and/or at the point of personal data collection. Please see below for more details.

We may disclose personal data you provide to our affiliates and to consultants, service providers, contractors, and channel partners that we use to support our business and operations (e.g., delivery services, financial institutions, fulfillment services, technical support, advertising, public relations, media and marketing services, competitions and contest-related services, e-commerce and other web-related services such as web hosting and web monitoring services and event-related services such as online and offline data capture) who have agreed to keep the information confidential and use it only to provide the applicable service(s). In some cases, we work with other companies who help to gather information from you or help us to communicate with you.  Where consultants, service providers and consultants process the personal data of EU or UK users outside the European Economic Area, and in particular in the United States our policy is to have an appropriate legal mechanism in place to ensure that transfer of personal data is in compliance with European and UK data protection law, typically model clauses or standard contractual clauses.

Where the law allows it, we may share customers’ personal data with affiliates or selected third-party partners to enable them to market their or other selected third parties’ products and services to you.

We may also disclose personal data to third parties (including, without limitation, governmental agencies) if required to do so by law, regulation or court order; to respond to governmental and/or law enforcement requests; to identify, contact or bring legal action against someone who may be causing injury to or interfering with our (or others’) rights or property; to support any actual or threatened claim, defense or declaration in a case or before any jurisdictional and/or administrative authority, arbitration or mediation panel; or in connection with disciplinary actions/investigations. Likewise, we may disclose or transfer personal data to third parties in connection with the sale, assignment or other transfer of our business.

Information submitted by you, including recordings of your participation in training sessions, will be stored, processed and used by us and by our third party service providers who help us to deliver our services and operate our business in the United States of America or other jurisdictions that may not provide a level of protection equivalent to the laws in your jurisdiction. For customers based in the European Union, please note that the USA does not have similar data protection laws to the EU. We will take all reasonable steps to ensure that your privacy rights continue to be protected in accordance with this Privacy Policy.

We may make full use of all information that is de-identified or otherwise not in personally identifiable form.

Data Retention

We retain personal information for as long as we have a lawful basis to keep it; this includes when we require it in order to meet our contractual obligations, to establish or defend our legal rights or resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.

Security

We take appropriate steps to protect personal data from loss, misuse and unauthorized access, disclosure, alteration or destruction, whether in transmission or storage. Please keep in mind, however, that there is no such thing as perfect security, and no Internet transmission is ever completely secure or error-free. Moreover, you are responsible for maintaining the confidentiality of any username and password you use.

Payments are made through a third party payments solution provider and use of their service will be subject to their applicable terms of use and privacy policy.  Our current payment processor is Stripe, Inc. (its privacy policy).

It’s Your Choice: Contact Preferences

Puppet wants to keep in touch with you in ways that you find to be beneficial. If you don’t want Puppet to use your contact information to communicate with you for promotional purposes (such as to tell you about other products and services that might be of interest), please tell us that when you provide your contact information, or you can also let us know your preference later, by contacting us as specified in the “Contact Us” section below. Keep in mind that these preferences regarding promotional contacts do not mean that Puppet might not contact you for other reasons connected to the service you request or receive, such as those related to an order you placed, an inquiry you made, a newsletter to which you may have subscribed, a membership you undertook, an event for which you registered, a legally required notice and so on.

California Privacy Rights

As of January 1, 2020, the California Consumer Privacy Act provides specific rights to those who live in the state of California. If you are a California-based consumer, as that term is defined under California law, this section applies in addition to all other applicable rights and information contained in this Policy:

  • You have the right to request that we provide you with information about what personal information we collect, use, and disclose.
  • You have the right to request that we delete personal information we, or our service providers, store about you.
  • We will not discriminate or retaliate against you if you elect to exercise any rights under this section of our Privacy Policy.
  • We do not sell your personal information but we do share personal information with trusted third parties in certain circumstances that may qualify as a “sale” under California law, such as with event sponsors and our channel partners. Our use of cookies may also qualify as a sale.

You may exercise your California privacy rights by:

  • For knowledge/deletion requests, clicking here;
  • For requests not to “sell” your personal information, clicking here; or
  • Calling (855) 584-2870.

To the extent our third-party advertising and analytics providers’ collection of information from visitors to our websites and online services constitutes a “sale” under the CCPA, please see our Cookie Policy for more information about how third parties use cookies and related technologies to automatically collect information and the choices and opt-out options you have in relation to those practices.

EU and UK Data Subject Rights

You have the right under certain circumstances:

  • to be provided with a copy of your personal data held by us;
  • to request the rectification or erasure of your personal data held by us;
  • to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
  • to request that your provided personal data be moved to a third party;
  • to lodge a complaint with your supervisory authority;
  • where consent is relied upon as the lawful basis for processing your personal data, you can withdraw this consent at any time.

You may exercise the rights listed above at any time by completing this form or by contacting us at privacy-requests@puppet.com.

If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data. You can visit their website at www.ico.org.uk.

Identity Verification Requirement

The law requires that we verify any request submitted was made by someone with the legal right to access the information. Therefore, before accessing or divulging any information pursuant to a data subject access request, we may request that you provide us with additional information so we can verify your identity and legal authority.

To make a request, please complete this form or contact us at privacy-requests@puppet.com with “Personal Information Request” in the subject line and provide full details about your request, including your contact information and anything you believe is relevant. We will provide a response to an access request within the timeframes required by law. If we cannot substantively respond in a timely manner, we will notify you and provide the reason for the delay.

Under certain circumstances, we may not fulfill your request, such as when doing so would interfere with our regulatory or legal obligations, when we cannot verify your identity, if your request involves disproportionate cost or effort, or where the law allows us to retain that information. Regardless, we will respond to your request within a reasonable time, as required by law, and provide an explanation.
Contact Us

If you have general questions or concerns related to this Privacy Policy or our information practices, please contact us at:

Attn: Legal
Puppet, Inc.
308 SW 2nd Ave
Fifth Floor
Portland, OR 97204

Or at privacy@puppet.com.

Changes to This Privacy Policy

If this Privacy Policy changes, the revised policy will include a new effective date and will be posted on this page. Be sure to check the Privacy Policy whenever you submit personal data.

More Details: Puppet Affiliates’ Roles

Puppet, Inc. is the US-based parent company and is responsible for the operation and design of the Site and for setting global strategy of Puppet’s marketing activities and the selection and configuration of IT systems.  Puppet, Inc. has subsidiaries in various countries including Puppet Labs Limited in the UK, Puppet Labs Australia Pty. Ltd. In Australia, Puppet Labs s.r.o. in the Czech Republic, Puppet Pte. Ltd. in Singapore, and Puppet Software GmbH in Germany.

More Details: EU and UK users and our “lawful basis” for using their data

Data protection law in the European Economic Area and the United Kingdom contains a number of “lawful bases” – which are really legal justifications which mean organizations like us are allowed to have your personal information in the first place.  For our EU and UK users, we have been careful to ensure we have a lawful basis for all data we have.  Our lawful bases include:

Performing the contract we have with you

In certain circumstances, we need your personal data to comply with our contractual obligation to deliver Puppet software products and services.  For example, if you want to use Puppet software products and order or download them through our Site, we need your name and contact details so we can communicate with you and provide the software.

Legal compliance

Sometimes the law says we need to collect and use your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement and tax laws require us to retain records of orders and payments for Puppet software and related services, which can include contact details at our corporate clients.

Legitimate interests

This is a technical term in data protection law which really means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights.

We sometimes require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

For example, we will send your promotional communications about our service, subject to your legal rights to control whether we do so.

We do analyze how users interact with our Site and the Puppet software so we can understand better what elements of the design are working well and which are not working so well.  This allows us to improve and develop the quality of the online experience we offer all our users.

Where we talk about the different data we collect and how we use it in this policy, we aim to mention which lawful basis applies.

More Details: Personal Data Collection

We collect personal data about our customers in a number of ways. In this section, we describe what types of personal data we collect, the ways we collect it and how we use it. While we have tried to be complete, this list is not necessarily exhaustive, given that these activities can vary from time to time. When we collect information, we will tell you at the point of collection what information is required and what information is optional.

The types of personal data collected by us include the following, depending on how you access or use our services:

  • Contact information, including name, title, street address (home, work, billing, shipping), postal code, country, telephone numbers (home, work, cell, etc.), email address, company name and other similar information.
  • Personal/demographic information, including occupation, level of education, and the like.
  • Authentication information, including user IDs, log-in names, passwords, password reminders, etc. (in addition to other personal data such as contact information and the like).
  • Transactional and financial information, including products or services you purchase, inquire about or request, payment information, debit/credit card information.
  • Participation information, including event attendance, webinar attendance, competitions/contest entries (including all information submitted on an entry), information provided when requesting or receiving discounts/coupons/rebates, registrations, information relating to use of online communities and all other user submissions and content you provide.

We use the information to provide and promote our products and services to you, allow you to attend events and webinars and enter contests and promotions, maintain our business records and other purposes set out in our policy. Providing the information is not mandatory, but we do need to collect in order to do these things. We say in our online forms if any of the information we ask for is not required.

Note that using our website as a registered user enables information that is passively collected as you navigate the site to be associated with personal data actively collected from you on the site.

More Details: Passive Information Collection

As is the case with many websites, our Site uses cookies and other automated information collection means. Cookies are information about you from the website that is stored on your browser or hard drive and may be set by us or by third parties who are delivering services on our behalf. Certain cookies on our website last only for the duration of your session and expire when you close the browser whilst other cookies are used to remember you when you return to the site and last for longer. Certain cookies save you time because you do not need to manually re-enter the information stored on your hard drive – for instance when you log back in as a user you can opt to have your browser store your login information and it is a cookie that makes this happen. Cookies also help us upgrade the website by showing when and how users use the site. Most computer and some mobile browsers automatically accept cookies but, if you prefer, you can set your browser to notify you when a cookie is sent or refuse cookies altogether, but certain features of our website might not work without cookies. To review or set your preferences regarding cookies we use please select Cookie Preferences in the website footer. More information is available in our Cookie Policy.

We, or our third party providers, also collect and use information automatically generated as users interact with the Site or our software products, which may include the browser and operating systems types and versions used, installer commands, web interface clicks, mouse gestures, data relating to the submission of online forms, IP addresses, and page views, URLs visited within our software products, error messages and related data about software errors, or session recordings (“Usage Data”). Puppet may use and share the Usage Data with third parties, like our cloud-based support management system to help Puppet improve the user experience of our software products and/or the Site.

The Site may also use IP addresses for the same purposes identified above, as well as to analyze trends, administer the site, track users’ use of our software products and gather broad demographic information for aggregate use.

We also engage one or more third party service providers to serve online advertisements on our behalf. They may use a “pixel tag” which triggers a cookie to collect information about your visits to the Site and to other websites, and they may use that information and share and combine it with other information with their partners to show you advertisements for goods and services you might be interested in on the Website and on other websites and apps and social media platforms like Facebook and LinkedIn including by observing the kinds of products and subject-matter you are interested in and certain demographic information about you.

We may use web beacons (also known as Internet tags or clear GIFs) on our websites to access and set cookies and otherwise help us to better understand how users are moving through our websites. Information provided by the web beacon includes the computer’s IP address, the type of browser being used and the time that the web beacon was viewed. We may also use web beacons in emails and newsletters so that we know when such communications have been opened and to otherwise help us tailor our communications to individual users.

More Details: Uses of Information

We use personal data about customers in contexts that include the following:

  • Conducting and following up on transactions. We may use personal information to conduct transactions with you, process your order, contact you about your order and so on.  We do this in our legitimate interests in promoting and selling our software and related services, and customer management and engagement.
  • Registration, such as for events, memberships, accounts (i.e., log-ins and passwords, etc.).  Customers may be given an opportunity to register for a variety of reasons, including to receive promotional communications/offers; to attend an event (e.g., a conference or training seminar); to join/participate in an online community, blog, chatroom or other interactive areas or to otherwise provide user-generated content; to take an exam for a Puppet certification; and so on. Such activities may entail collection of name, title, contact information, user name and password, experiences with our products and personal information/preferences related to the subject matter of the particular activity. In some cases, you will select a user ID and password when you register and you will use this to gain access to certain registration-restricted areas.
  • Participation in communities/provision of user-generated content. Our website may provide online community features and may allow you to submit user-generated content for posting on the site. You are responsible for any postings you make in any online community. Before using such areas or submitting any user-generated content, you should review and adhere to the applicable Terms of Use and also keep in mind that anything you make available as a participant in an online community or submit for posting by us may be made available for others to see; you should therefore carefully consider whether you wish to submit personal data, or any data, for these purposes. Any content submitted to an online community will be subject to the applicable Terms of Use; therefore, read such terms carefully prior to submitting or posting any information. We also reserve the right not to post or make available any data submitted to us, as further described in the Terms of Use.
  • To participate in online training sessions. When you register for or attend an online training session offered by Puppet, you may provide information such as your name, location, and contact details.  Additionally, you may have the option of active participation in the class, whether through online chat rooms, audio or video interactions, screen sharing, and other interactions.  We use the comments and other information you provide through registration and interaction to provide you with the benefits of the interactive online training session.
  • To follow up with you after you have completed a form, business reply card or survey, whether online or offline. When you attend an event where Puppet is present, you might fill in an optional form, telling us your name, title, email address, whether you attended past events, your postal code, comments, whether you would like us to contact you in the future and/or other information. Likewise, you might choose to participate in an online or offline survey (anonymously or with name/contact information) where you provide demographic information and survey-specific preference data. We use the personal data you provide to improve our products, services and website content and otherwise to more effectively communicate with you.
  • To allow you to contact us with questions, comments or concerns and to address your communications. We provide a number of ways for you to contact us to ask questions, provide comments or share concerns. Depending on the circumstances, we may collect your name, title, contact information, message type, case number (if tied to a previous issue), comments and other types of data relevant to the specific situation (e.g., product involved, use of the product, any problems with the product and the like).
  • To allow you to contact us with questions, comments or concerns and to address your communications. We provide a number of ways for you to contact us to ask questions, provide comments or share concerns. Depending on the circumstances, we may collect your name, title, contact information, message type, case number (if tied to a previous issue), comments and other types of data relevant to the specific situation (e.g., product involved, use of the product, any problems with the product and the like).
  • To provide materials you request. We provide a number of ways for you to request materials from us, such as newsletters, brochures, product literature and the like. We may collect and use contact name, title, contact information, preferences, and other information relevant to responding to your request.
  • To permit your participation in contests, competitions and other promotions. To participate in competitions, contests and other similar promotions, we often collect name, title, contact information, and other information related to the particular activity. We will indicate which information is required (e.g., to contact winners, to verify eligibility to participate, etc.) and which is optional (e.g., demographic information, preferences, etc., designed to help us better understand you and address your interests).
  • For marketing purposes (unless you have told us otherwise or, if the law requires consent, you have withheld your consent). Puppet may use your contact information to tell you about other products and services that we believe might be of interest provided you have indicated that you are happy to be contacted for these purposes. If at any time you do not want communications from Puppet for promotional purposes or do not want us to share your information with our third party partners for promotional purposes, please let us know (see the “It’s Your Choice” section of the Privacy Policy).

More Details – Cookies and related technologies: see Perforce Cookie Policy