Last Updated: June 24, 2020
Red Hat updated our Privacy Statement effective June 24, 2020 to add a California Supplemental Privacy Statement on Sale of Personal Data.
Privacy statement table of contents
- Scope of This Privacy Statement
- The Categories of Personal Data We Collect
- How We Collect Personal Data (Sources of Data)
- How We Use (Process) Your Personal Data
- How We Disclose (Share) Your Personal Data
- Cookies and Other Technology
- Your Rights and Choices
- Social Media, Public Forums and Links to Other Websites
- Children’s Online Privacy
- Data Transfers and Privacy Shield Frameworks
- Changes to This Privacy Statement
- EEA Data Protection Authority
- How to Contact Us
Scope of this privacy statement
Red Hat, Inc. and its affiliated companies and subsidiaries (collectively, “Red Hat”) respect your privacy. This Privacy Statement applies to personal data collected by Red Hat through the redhat.com website, and other websites which we operate and on which we post a direct link to this Privacy Statement. For some websites managed by Red Hat affiliates, the affiliate may act as a controller for data collected from the website. This Privacy Statement may not apply to open source project websites sponsored by Red Hat. Such project websites may have their own privacy statements, which we encourage you to review.
Please also note that co-branded websites (websites where Red Hat presents content together with one or more of our business partners) may be governed by additional or different privacy statements. Please refer to the privacy statement on those websites for more information about applicable privacy practices.
Red Hat’s obligations with respect to personal data that may be held on behalf of customers in connection with cloud services Red Hat provides, such as personal data stored by customers using our OpenShift Online offering, are defined in our agreements with our customers and are not governed by this Privacy Statement.
As used in this Privacy Statement, “personal data” means any information that relates to, is capable of being associated with, describes, or could be linked to, an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The categories of personal data we collect
To the extent permitted by applicable law, the categories and types of personal data collected directly from you may include, without limitation:
- Contact information, including identifiers: Information used to communicate with you, such as first and last name, title, company name, email address, telephone number, and postal address;
- Account and commercial information: Information that Red Hat maintains in association with your account, such as your account number, username/user ID, password, payment information, purchase records, information about your use of the product or service, information about your registration or participation in a class, exam, certification, training, webcast or other event, your preferred language and other preferences, credit and billing status and support inquiries;
- Professional or employment-related information: Information contained in your job inquiries or applications, such as resume, cover letter, age, education, professional history and contact details;
- Internet or other similar network activity: Information collected when you visit a website, such as IP address, browsing history, information on your interaction with the website, browser type and language, operating system, location, date and time;
- Location information: Information about your physical location, such as if you provide your postal address or based on your IP address if you visit a website; and
- Inferences: Information drawn from the personal data collected above, such as what topics you may be interested in based on the areas of the website you visit or what products you may be interested in based on purchase records.
How We Collect Personal Data (Sources of Data)
Red Hat collects personal data directly from you and from other categories of sources as described in more detail below. The categories of personal data collected directly from you by Red Hat include all of the categories identified above in “The Categories of Personal Data We Collect” section. Red Hat collects personal data directly from you when you interact with us through our websites, including, without limitation, when you:
- Create a user account (individual or corporate);
- Make online purchases or register products;
- Request support;
- Register for or participate in a class, exam, certification, training, webcast or other event;
- Request information or materials (e.g., whitepapers);
- Participate in surveys or evaluations;
- Participate in promotions, contests, or giveaways;
- Apply for employment;
- Submit questions or comments; or
- Submit content or posts on our customer portal pages or other interactive webpages.
Personal data we collect online may also be combined with personal data you provide to us through offline channels such as through a call center, during an interview or in conjunction with a Red Hat event you attend.
We may also collect information indirectly from you relating to your use of our websites and response to our emails through the use of various technology. The categories of personal data collected in this manner are what we refer to above as Internet or other similar network activity and inferences. Collecting information in this manner allows us to analyze the effectiveness of our websites and our marketing efforts, personalize your experience and improve our interactions with you. For more information about the technology we employ for these purposes, see the “Cookies and Other Technology” section below.
We may also supplement the personal data we collect from you with additional personal data we receive from third parties, such as your employer, our customers, and our business partners where you purchase any of our products or services through such business partners. The categories of personal data we receive from this type of third party includes account and commercial information and professional or employment-related information. We do this to help us improve the overall accuracy of the information and its completeness and to help us better tailor our interactions with you.
From time to time, we may collect contact information through other sources, such as list vendors. When we do so, we ask the vendors to confirm that the information was legally acquired by the third party and that we have the right to obtain it from them and use it.
How We Use (Process) Your Personal Data
Red Hat may use personal data we collect about you to:
- Identify and Authenticate You. We use your personal data to verify your identity when you
access and use our services and to ensure the security of your personal data. This includes your
creation of an account that is associated with your personal data.
- The personal data that may be collected and processed for this purpose includes: name, title, company name, email address, telephone number, postal address, account number, username/user ID, password, preferred language and preferences. We process this information in order to comply with our contractual obligations to you. In other cases, it is in our legitimate business interests to be able to identify and authenticate you.
- Fulfill Your Requests. If you request something from Red Hat, such as a product or service, a call
back, a newsletter subscription, or specific marketing or other materials, we use the personal
data you provide to respond to your request. We or our representatives may also contact you as
part of customer satisfaction surveys or for market research purposes. Where required by
applicable law, we will obtain your consent before sending marketing messages.
- The personal data that may be collected and processed for this purpose includes: name, title, company name, email address, telephone number, postal address, account number, username/user ID, payment information, purchase records, information about your use of the product or service, information about your registration or participation in an event, your preferred language and other preferences, credit and billing status, and support inquiries. We process this information in order to comply with our contractual obligations to you when responding to your requests. In other cases it is in our legitimate business interests to be able to provide customers and prospective customers with information, goods, or services they request.
- Provide You with Information About Our Products, Services and Events. Red Hat may use your
personal data to notify you about product and service offerings as well as events that we believe
may be of interest to you. Red Hat also may use your personal data to respond directly to your
requests for information, including registrations for newsletters or other specific requests.
- The personal data that may be collected and processed for this purpose includes: name, title, company name, email address, telephone number, postal address, account number, username/user ID, payment information, purchase records, information about your use of the product or service, information about your registration or participation in an event, your language and other preferences, credit and billing status, and support inquiries and location information and inferences. It is in our legitimate business interests to be able to provide customers, prospective customers, and the public with information about our products, services, and events.
- Provide Support and Customer Service. We use your personal data to provide support for
products or services you have obtained from us and answer other questions. In the course of
providing technical support to you, we may sometimes have incidental access to data that you
have provided to us or data that is located on your systems. This data may contain information
about you, or your organization’s business, employees, customers, partners, or suppliers. This
Privacy Statement does not govern our access to or handling of this information. The conditions
regarding the handling and processing of that data is covered by the applicable agreement
between you and Red Hat, such as our Enterprise Agreement.
- The personal data that may be collected and processed for this purpose includes: name, title, company name, email address, telephone number, postal address, account number, username/user ID, payment information, purchase records, information about your use of the product or service, information about your registration or participation in an event, your language and other preferences, credit and billing status, and support inquiries. We process this information in order to comply with our contractual obligations to you.
- Process Your Job Application. When you apply for a position at Red Hat, we use the personal
data you provide for the purpose of assessing your application, considering you for future
positions and carrying out human resources functions in accordance with applicable law. Red
Hat will share the personal data you supply during the application process with internal human
resources professionals as well as professionals in our business functions who are participating
in the application and interview process.
- The personal data that may be collected, shared, and/or processed for this purpose includes: name, title, company name, email address, telephone number, postal address, your preferred language and other preferences, resume, cover letter, age, education, professional history and contact details. It is in our legitimate business interests to be able to review the qualifications of prospective employees and perform human resources functions with regard to our employees.
- Enhance the Website Experience. When you use our websites and/or respond to our emails, we
use the personal data you provide for the purpose of enhancing and customizing your
experience on our websites and to deliver content and product and service offerings relevant to
your interests, including targeted offers through our website, third-party sites or email (with
your consent, where required by applicable law). We may also use this information to help us
improve and further develop our websites, products and services.
- The personal data that may be collected, shared and/or processed for this purpose includes: name, title, company name, email address, telephone number, postal address, information about your use of the product or service, information about your registration or participation in an event, your preferred language and other preferences, location information, inferences, information collected when you visit a website, such as IP address, browsing history, information on your interaction with the website, browser type and language, operating system, location, date and time. It is in our legitimate business interests to improve the Red Hat websites, products and services and to enhance our users’ experience with the websites, products and services.
We will not use your personal data in a manner that is inconsistent with the purpose of its original collection, unless we have provided you additional notice and you have consented.
Red Hat will retain your personal data for as long as is required to fulfill the purposes for which the information is processed or for other valid reasons to retain your personal information (for example to comply with our legal and regulatory obligations, resolve disputes, enforce our agreements and for the establishment, exercise or defense of legal claims).
How We Disclose (Share) Your Personal Data
Red Hat discloses personal data for the following business purposes:
- Red Hat may disclose personal data to business partners and service providers in order to
support our business operations, such as (but not limited to) fulfilling your orders, following up
on requests, providing support and assisting Red Hat with sales, marketing and communication
initiatives. These business partners and service providers include distributors, resellers, payment
processors, financial service providers and institutions, materials production and shipping
companies, postal or government authorities, market intelligence and consulting service
providers, and information technology service providers. Business partners and service
providers are required by contract to keep the information received on behalf of Red Hat
confidential and secure and not use it for any purpose other than the purpose for which it was
provided to them.
- The categories of personal data we may disclose to these third parties include: contact information, including identifiers; account and commercial information; professional or employment-related information; internet or other similar network activity; location information; and inferences.
- Red Hat may disclose personal data as required by law or legal process, such as responding to a
duly authorized and lawful request of a police or public authority (including to meet national
security or law enforcement requirements), to enforce or protect the rights of Red Hat, when
such disclosure is necessary or appropriate to prevent physical harm or financial loss as
permitted by applicable law, or in connection with an investigation of suspected or actual illegal
- The categories of personal data we may disclose to these third parties include: contact information, including identifiers; account and commercial information; professional or employment-related information; internet or other similar network activity; location information; and inferences.
- Red Hat may disclose personal data in the context of a business transaction involving part or all
of Red Hat, such as a merger, acquisition, consolidation, or divestiture. Such a transaction may
involve the disclosure of personal data to prospective or actual purchasers, or the receipt of it
from sellers. It is Red Hat’s practice to seek appropriate protection for information in these
types of transactions. Following such a business transaction, you may contact the entity to
which we transferred your personal data with any inquiries concerning the use of that
- Red Hat may also disclose personal data to its affiliates and subsidiaries, including its parent
company, International Business Machines Corporation (IBM), for the business purposes
described above, and transfer personal data to countries where Red Hat and IBM conduct
business in accordance with the "Data Transfers and Privacy Shield Frameworks" section of this
Except with respect to Red Hat’s use of certain third party cookies and similar technology which activity may constitute a “sale” under California law, Red Hat does not, and does not have any plans in the future to, sell your personal data. For California consumers, please see the California Supplemental Privacy Statement on Sale of Personal Data.
Cookies and Other Technology
Red Hat categorizes the cookies on our websites into three categories: Required, Functional and Advertising cookies.
- Required Cookies. Required cookies are necessary to enable the basic features of the website to function. Red Hat uses some cookies that are required for the delivery of services on our websites. Cookies that are required allow us to maintain and improve the safety and security of our websites, authenticate account users, allow you to access your private accounts on our websites, allow you to sign into different portions of our websites with the use of only one login, balance the traffic on our websites, and remember items in your shopping cart. Cookies that are required are not used for marketing purposes.
- Advertising Cookies. Advertising cookies are used to show you ads that are more relevant to you. We may share this information with advertisers or use it to better understand your interests. For example, advertising cookies may be used to share data with advertisers so that the ads you see are more relevant to you. In addition, we may use remarketing technology to advertise on other websites you may visit. In doing so, a third party may place or read a unique ad-serving cookie on your device and use technical information about your browser and your activity at a Red Hat website to serve advertisements to you on non-Red Hat websites.
If you do not want your information to be stored by cookies, you can manage your cookie preferences by using the options and tools made available to you by either your web browser or Red Hat. You can configure your browser so that it always rejects these cookies or asks you each time whether you want to accept them or not. Your browser documentation includes instructions explaining how to enable, disable or delete cookies at the browser level (usually located within the “Help”, “Tools” or “Edit” facility). If a cookie manager has been implemented by Red Hat on the website you are visiting, the cookie tool will be displayed on the website during your visit (e.g., click the “Cookie Preferences” or similar link at the bottom of the website). You can use the cookie manager to set your cookie preference and to see a list of the cookies used on the Red Hat website. The cookie manager also provides information on the specific cookies used and the classification of the cookie (i.e., Required, Functional or Advertising). Whether you utilize the cookie manager or manage cookies at the individual browser level, please remember that Required cookies will remain and cannot be turned off. Please also understand that choosing to reject cookies may reduce the performance and functionality of our websites.
While Red Hat websites at this time generally do not recognize automated browser signals regarding tracking mechanisms, such as “do not track” instructions, you can generally express your privacy preferences regarding the use of most cookies and similar technology through your web browser.
Red Hat also uses web beacons alone or in conjunction with cookies to compile information about usage of our websites and interaction with emails from Red Hat (e.g., open rates, click through rates). Web beacons are clear electronic images that can recognize certain types of information on your device, such as cookies, when you viewed a particular website tied to the web beacon, and a description of a website tied to the web beacon. For example, Red Hat may place web beacons in marketing emails that notify Red Hat when you click on a link in the email that directs you to one of our websites. Red Hat uses web beacons to operate and improve our websites and email communications.
Your Rights and Choices
In accordance with the laws of certain countries, you may have certain rights and choices regarding the personal data we collect and maintain about you, and how we communicate with you.
Where the EU General Data Protection Regulation 2016/679 (“GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”) or similar legal requirements apply to the processing of your personal data, especially when you access the website from a country in the European Economic Area (“EEA”), as a consumer in the state of California or in a jurisdiction with similar legal protections, you have the following rights, subject to some limitations, against the respective Red Hat Company responsible for the website you are using:
- The right to request information about our use of your personal data (e.g., the pieces and categories of personal data we have; the categories of sources, purposes for collection, and personal data we have disclosed);
- The right to review and access your personal data;
- The right to rectify (correct or modify) the personal data we hold about you;
- The right to erase (e.g., delete) your personal data;
- The right to restrict our use of your personal data;
- The right to object to our use of, or certain types of disclosures of, your personal data;
- The right to receive your personal data in a usable format and transmit it to a third party (also known as the right of data portability); and
- The right to lodge a complaint with your local data protection authority;
If you would like to exercise any of these rights, you may do so via our Personal Data Request Form. For California consumers, you may also submit requests by calling Red Hat’s U.S. toll free number at 1-800- 546-7274.
Where the GDPR, CCPA or similar legal requirements apply, you also have the right to withdraw any consent you have given to uses of your personal data. If you wish to withdraw consent that you have previously provided to us, you may do so via our Feedback Form. However, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Where the GDPR, CCPA or similar legal requirements do not apply, Red Hat grants you the ability to access, modify, or update some of your personal data online at any time. You may log in and make changes to your information, such as your password, your contact information, your general preferences, and your personalization settings. If necessary, you may also contact us via our Feedback Form and describe the changes you want made to the information you have previously provided. However, note that changing or deleting information necessary for Red Hat to assist with support, services, and purchases may result in a delay or interruption in processing your requests.
You will be given an opportunity to tell us whether you would like to receive information, special offers, and promotional materials by email from Red Hat or our business partners when you create a redhat.com account, when you register for a service, when you provide us with your personal data, or when we send you a marketing email. Where required by applicable law, we will obtain adequate consent to provide you with these marketing materials. You also have the ability to opt out of receiving marketing emails from Red Hat at any time without cost by clicking on the relevant link contained in our marketing emails or by contacting us via our Feedback Form. You can also exercise your rights and choices by contacting us as described below under “How to Contact Us.”
When you exercise your privacy rights, such as those conferred by the GDPR or the CCPA, you have a right not to receive discriminatory treatment by Red Hat for the exercise of such privacy rights.
Before responding to a request for information about your personal data, we must verify the request. Verification is important to protect your information and to help confirm that we are responding to a valid request and providing the response to the correct individual. To verify the request we initially ask for at least two (2) or three (3) identifiers, such as name, email address and location. If we have a need to request additional identifiers to reasonably verify your identity, we will contact you and request additional verification. The information we ask to verify your identity may depend on your relationship with us.
When you exercise your privacy rights under the GDPR, CCPA or similar laws, you can designate an authorized agent or representative to make a request on your behalf by providing the authorized agent with written permission to do so and verifying your identity with us as part of the request, or by providing the authorized agent with Power of Attorney pursuant to applicable law (e.g., the California Probate code). We will ask the individual submitting the request to denote that they are an authorized agent or representative. When submitted by an authorized agent or representative, we ask the authorized agent or representative to provide name, email address and a description of the relationship with the individual who is the subject of the request and to certify that the representative has permission to submit the request, and may request proof of the consumer’s written permission.
Red Hat intends to protect your personal data. We have implemented appropriate physical, administrative and technical safeguards to help us protect your personal data from unauthorized access, use and disclosure. For example, we encrypt certain personal data such as payment information when we transmit such information over the Internet. We also require that our business partners and service providers protect such information from unauthorized access, use and disclosure.
Social Media, Public Forums and Links to Other Websites
Red Hat may provide social media features that enable you to share information with your social networks and interact with Red Hat on various social media websites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media websites with which you interact to make sure you understand the information that may be collected, used, and shared by those websites.
Our websites may make chat rooms, forums, blogs, message boards, and/or news groups available to its users. Remember that your comments and posts become publicly available, and we urge you to exercise discretion when submitting such content.
Our websites may contain links to other websites. Red Hat does not control and is not responsible for the information collected by websites that can be reached through links from our websites. If you have questions about the data collection procedures of linked websites, please contact the organizations that operate those websites directly.
Children’s Online Privacy
Red Hat’s products and services are not directed to children and Red Hat does not knowingly collect online personal data from children under the age of 16. If you are a parent or guardian of a minor under the age of 16 and believe that he or she has disclosed personal data to us, please contact us via our Feedback Form or as described below under “How to Contact Us.”
Data Transfers and Privacy Shield Frameworks
Red Hat is a global organization, with legal entities, business processes, and technical systems that operate across borders. Red Hat may transfer your personal data to other Red Hat entities in the United States and elsewhere. The United States and other countries may not have the same data protection laws as the country from which you initially provided the information.
Where required by applicable law, we have put in place appropriate safeguards (such as standard contractual clauses approved by the European Commission) in accordance with applicable legal requirements to ensure that your data is adequately protected. When transferring your personal data internationally, Red Hat will protect your personal data as provided in this Privacy Statement. If you wish to obtain a copy of the relevant safeguards that are in place to protect the international transfer of your personal data, please contact us as described below under “How to Contact Us.”
If you are located in the European Economic Area (“EEA”) or Switzerland, Red Hat and its controlled United States subsidiaries have certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks for the transfer of personal data from the EEA and Switzerland to the United States, as described in our Privacy Shield Privacy Notice. To learn more about the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and to view our certification, please visit www.privacyshield.gov.
Changes to This Privacy Statement
Red Hat reserves the right to make corrections, changes or amendments to this Privacy Statement at any time. The revised Privacy Statement will be posted on this website. A notice will be posted on our homepage for 30 days whenever this Privacy Statement is changed in a material way, and the date of last update will be indicated at the top of the Privacy Statement. If you do not refuse the changes in writing within that notice period, this shall mean that you have consented to the Privacy Statement as changed, including with respect to personal data provided to us prior to the changes in the Privacy Statement. We encourage you to periodically review this Privacy Statement for any changes or updates.
EEA Data Protection Authority
If you are a resident of the European Economic Area and wish to raise a concern about our use of your personal data, you may direct questions or complaints to the Irish Data Protection Commissioner, which is Red Hat’s lead supervisory authority, at:
Irish Data Protection Commissioner
Office of the Data Protection Commissioner
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
Phone: +353 57 8684800
+353 (0)761 104 800
Fax: +353 57 868 4757
Alternatively, you may contact your local supervisory authority.
How to Contact Us
We provided this information above in the “Your Rights and Choices” section, but remember that if you would like to exercise any of your privacy rights, you may do so via our Personal Data Request Form. For California consumers, you may also submit requests, or access the information provided in this Privacy Statement in an alternative format, by calling Red Hat’s U.S. toll free number at 1-800-546-7274.
Red Hat, Inc.
Corporate Legal Group
100 East Davie Street
Raleigh, North Carolina 27601
Red Hat Representative Contact Information in the European Economic Area:
Red Hat Limited
6700 Cork Airport Business Park
Phase II 1st Floor
For a PDF version of the Privacy Statement, please click here.