RED HAT PRIVACY STATEMENT
Last Updated: December 16, 2022
Table of contents
- Scope of This Privacy Statement
- The Categories of Personal Data We Collect
- How We Collect Personal Data (Sources of Data)
- How We Use (Process) Your Personal Data
- How We Disclose Your Personal Data
- Cookies and Other Technology
- Your Rights and Choices
- Social Media, Public Forums and Links to Other Websites
- Children’s Online Privacy
- Data Transfers and Privacy Shield Frameworks
- Changes to This Privacy Statement
- EEA Data Protection Authority
- How to Contact Us
Scope of this privacy statement
Red Hat, Inc. and its affiliated companies and subsidiaries (collectively, “Red Hat”) respect your privacy. This Privacy Statement applies to personal data collected by Red Hat through the redhat.com website, and other websites which we operate and on which we post a direct link to this Privacy Statement. For some websites managed by Red Hat affiliates, the affiliate may act as a controller for data collected from the website. This Privacy Statement may not apply to open source project websites sponsored by Red Hat. Such project websites may have their own privacy statements, which we encourage you to review. In certain cases, this Privacy Statement applies to personal data collected by Red Hat when Red Hat makes this Privacy Statement or a link to the Privacy Statement available in a digital communication, paper form or in person (for example when attending an event).
Please also note that co-branded websites (websites where Red Hat presents content together with one or more of our business partners) may be governed by additional or different privacy statements. Please refer to the privacy statement on those websites for more information about applicable privacy practices.
Red Hat’s obligations with respect to personal data that may be held on behalf of customers in connection with cloud services Red Hat provides, such as personal data stored by customers using our OpenShift Online offering, are defined in our agreements with our customers and are not governed by this Privacy Statement.
As used in this Privacy Statement, “personal data” means any information that relates to, is capable of being associated with, describes, or could be linked to, an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The categories of personal data we collect
To the extent permitted by applicable law, the categories and types of personal data collected directly from you may include, without limitation:
- Contact information, including identifiers: Information used to communicate with you and verify your identity, such as first and last name, title, company name, email address, telephone number, and postal address;
- Account and commercial information: Information that Red Hat maintains in association with your account, such as your account number, username/user ID, password, payment information, purchase records, information about your use of the product or service, information about your registration or participation in a class, exam, certification, training, webcast or other event, your preferred language and other preferences, credit and billing status and support inquiries;
- Professional or employment-related information: Information contained in your job inquiries or applications, such as resume, cover letter, age, education, professional history and contact details;
- Internet or other similar network activity: Information collected when you visit a website, such as IP address, browsing history, information on your interaction with the website, browser type and language, operating system, location, date and time;
- Location information: Information about your physical location, such as if you provide your postal address or based on your IP address if you visit a website; and
- Inferences: Information drawn from the personal data collected above, such as what topics you may be interested in based on the areas of the website you visit or what products you may be interested in based on purchase records.
Red Hat generally does not collect sensitive personal data, which is data such as your religious or philosophical beliefs, racial or ethnic origin, health or medical information (other than for the purpose of responding to an accommodation request for an event), genetic or biometric data, bank account information (other than for the purpose of processing your order) or other similar sensitive personal data as such term is defined under applicable law. If Red Hat reasonably needs to collect any sensitive personal data from you, Red Hat will obtain your consent for the collection of such personal data as may be required under applicable law. For California consumers, please see the California Supplemental Privacy Statement to review the California required disclosures on sensitive personal information.
How We Collect Personal Data (Sources of Data)
Red Hat collects personal data directly from you and from other categories of sources as described in more detail below. The categories of personal data collected directly from you by Red Hat include all of the categories identified above in “The Categories of Personal Data We Collect” section. Red Hat collects personal data directly from you when you interact with us through our websites, including, without limitation, when you:
- Create a user account (individual or corporate);
- Make online purchases or register products;
- Request support;
- Register for or participate in a class, exam, certification, training, webcast or other event;
- Request information or materials (e.g., whitepapers);
- Participate in surveys or evaluations;
- Participate in promotions, contests, or giveaways;
- Apply for employment;
- Submit questions or comments; or
- Submit content or posts on our customer portal pages or other interactive webpages.
Personal data we collect online may also be combined with personal data you provide to us through offline channels such as through a call center, during an interview or in conjunction with a Red Hat event you attend.
We may also collect information indirectly from you relating to your use of our websites and response to our emails through the use of various technology. The categories of personal data collected in this manner are what we refer to above as Internet or other similar network activity and inferences. Collecting information in this manner allows us to analyze the effectiveness of our websites and our marketing efforts, personalize your experience and improve our interactions with you. For more information about the technology we employ for these purposes, see the “Cookies and Other Technology” section below.
We may also supplement the personal data we collect from you with additional personal data we receive from third parties, such as your employer, our customers, and our business partners where you purchase any of our products or services through such business partners. The categories of personal data we receive from this type of third party includes account and commercial information and professional or employment-related information. We do this to help us improve the overall accuracy of the information and its completeness and to help us better tailor our interactions with you.
From time to time, we may collect contact information through other sources, such as list vendors. When we do so, we ask the vendors to confirm that the information was legally acquired by the third party and that we have the right to obtain it from them and use it.
How We Use (Process) Your Personal Data
Red Hat may use personal data we collect about you to:
- Identify and Authenticate You. We use your personal data to verify your identity when you access and use our services and to ensure the security of your personal data. This includes your creation of an account that is associated with your personal data.
- The personal data that may be collected and processed for this purpose includes: name, title, company name, email address, telephone number, postal address, account number, username/user ID, password, preferred language and preferences. We process this information in order to comply with our contractual obligations to you. In other cases, it is in our legitimate business interests to be able to identify and authenticate you.
- Fulfill Your Requests. if you request something from Red Hat, such as a product or service, a call back, a newsletter subscription, or specific marketing or other materials, we use the personal data you provide to respond to your request. We or our representatives may also contact you as part of customer satisfaction surveys or for market research purposes. Where required by applicable law, we will obtain your consent before sending marketing messages.
- The personal data that may be collected and processed for this purpose includes: name, title, company name, email address, telephone number, postal address, account number, username/user ID, payment information, purchase records, information about your use of the product or service, information about your registration or participation in an event, your preferred language and other preferences, credit and billing status, and support inquiries. We process this information in order to comply with our contractual obligations to you when responding to your requests. In other cases it is in our legitimate business interests to be able to provide customers and prospective customers with information, goods, or services they request.
- Provide You with Information About Our Products, Services and Events. Red Hat may use your personal data to notify you about product and service offerings as well as events that we believe may be of interest to you. Red Hat also may use your personal data to respond directly to your requests for information, including registrations for newsletters or other specific requests.
- The personal data that may be collected and processed for this purpose includes: name, title, company name, email address, telephone number, postal address, account number, username/user ID, payment information, purchase records, information about your use of the product or service, information about your registration or participation in an event, your language and other preferences, credit and billing status, and support inquiries and location information and inferences. It is in our legitimate business interests to be able to provide customers, prospective customers, and the public with information about our products, services, and events.
- Provide Support and Customer Service. We use your personal data to provide support for products or services you have obtained from us and answer other questions. In the course of providing technical support to you, we may sometimes have incidental access to data that you have provided to us or data that is located on your systems. This data may contain information about you, or your organization’s business, employees, customers, partners, or suppliers. This Privacy Statement does not govern our access to or handling of this information. The conditions regarding the handling and processing of that data is covered by the applicable agreement between you and Red Hat, such as our Enterprise Agreement.
- The personal data that may be collected and processed for this purpose includes: name, title, company name, email address, telephone number, postal address, account number, username/user ID, payment information, purchase records, information about your use of the product or service, information about your registration or participation in an event, your language and other preferences, credit and billing status, and support inquiries. We process this information in order to comply with our contractual obligations to you.
- Process Your Job Application. When you apply for a position at Red Hat, we use the personal data you provide for the purpose of assessing your application, considering you for future positions and carrying out human resources functions in accordance with applicable law. Red Hat will disclose the personal data you supply during the application process to internal human resources professionals as well as professionals in our business functions who are participating in the application and interview process.
- The personal data that may be collected, disclosed, and/or processed for this purpose includes: name, title, company name, email address, telephone number, postal address, your preferred language and other preferences, resume, cover letter, age, education, professional history and contact details. It is in our legitimate business interests to be able to review the qualifications of prospective employees and perform human resources functions with regard to our employees.
- Enhance the Website Experience. When you use our websites and/or respond to our emails, we use the personal data you provide for the purpose of enhancing and customizing your experience on our websites and to deliver content and product and service offerings relevant to your interests, including targeted offers through our website, third-party sites or email (with your consent, where required by applicable law). We may also use this information to help us improve and further develop our websites, products and services.
- The personal data that may be collected, disclosed and/or processed for this purpose includes: name, title, company name, email address, telephone number, postal address, information about your use of the product or service, information about your registration or participation in an event, your preferred language and other preferences, location information, inferences, information collected when you visit a website, such as IP address, browsing history, information on your interaction with the website, browser type and language, operating system, location, date and time. It is in our legitimate business interests to improve the Red Hat websites, products and services and to enhance our users’ experience with the websites, products and services.
If you are in the People’s Republic of China (PRC, for the purpose of this Privacy Statement only, excluding Hong Kong, Macau and Taiwan), the information necessary for entering into or performing a contract with Red Hat may be collected and processed by Red Hat without your express consent or the act of providing the information to Red Hat by you is deemed as consent.
We will not use your personal data in a manner that is inconsistent with the purpose of its original collection, unless we have provided you additional notice and you have consented.
Red Hat will retain your personal data for only as long as is required to fulfill the purposes for which the information is processed or for other valid reasons to retain your personal information (for example to comply with our legal and regulatory obligations, resolve disputes, enforce our agreements and for the establishment, exercise or defense of legal claims).
How We Disclose Your Personal Data
Red Hat discloses personal data for the following business purposes:
- Red Hat may disclose personal data to business partners and service providers in order to support our business operations, such as (but not limited to) fulfilling your orders, following up on requests, providing support and assisting Red Hat with sales, marketing and communication initiatives. These business partners and service providers include distributors, resellers, payment processors, financial service providers and institutions, materials production and shipping companies, postal or government authorities, market intelligence and consulting service providers, and information technology service providers. Business partners and service providers are required by contract to keep the information received on behalf of Red Hat confidential and secure and not use it for any purpose other than the purpose for which it was provided to them.
- The categories of personal data we may disclose to these third parties include: contact information, including identifiers; account and commercial information; professional or employment-related information; internet or other similar network activity; location information; and inferences.
- Red Hat may disclose personal data as required by law or legal process, such as responding to a duly authorized and lawful request of a police or public authority (including to meet national security or law enforcement requirements), to enforce or protect the rights of Red Hat, when such disclosure is necessary or appropriate to prevent physical harm or financial loss as permitted by applicable law, or in connection with an investigation of suspected or actual illegal activity.
- The categories of personal data we may disclose to these third parties include: contact information, including identifiers; account and commercial information; professional or employment-related information; internet or other similar network activity; location information; and inferences.
- Red Hat may disclose personal data in the context of a business transaction involving part or all of Red Hat, such as a merger, acquisition, consolidation, or divestiture. Such a transaction may involve the disclosure of personal data to prospective or actual purchasers, or the receipt of it from sellers. It is Red Hat’s practice to seek appropriate protection for information in these types of transactions. Red Hat will inform you of the name and the contact information of the receiver of your personal data. Following such a business transaction, you may contact the entity to which we transferred your personal data with any inquiries concerning the use of that information.
- Red Hat may also disclose personal data to its affiliates and subsidiaries, including its parent company, International Business Machines Corporation (IBM), for the business purposes described above, and transfer personal data to countries where Red Hat and IBM conduct business in accordance with the "Data Transfers and Privacy Shield Frameworks" section of this Privacy Statement.
Except with respect to Red Hat’s use of certain third party cookies and similar technology which activity may constitute a “sale” under California law, Red Hat does not, and does not have any plans in the future to, “sell” your personal data. For California consumers, please see the California Supplemental Privacy Statement.
Cookies and Other Technology
Red Hat categorizes the cookies on our websites into three categories: Required, Functional and Advertising cookies.
- Required Cookies. Required cookies are necessary to enable the basic features of the website to function. Red Hat uses some cookies that are required for the delivery of services on our websites. Cookies that are required allow us to maintain and improve the safety and security of our websites, authenticate account users, allow you to access your private accounts on our websites, allow you to sign into different portions of our websites with the use of only one login, balance the traffic on our websites, and remember items in your shopping cart. Cookies that are required are not used for marketing purposes.
- Advertising Cookies. Advertising cookies are used to show you ads that are more relevant to you. We may disclose this information to advertisers or use it to better understand your interests. For example, advertising cookies may be used to disclose data to advertisers so that the ads you see are more relevant to you (e.g., targeted ads). In addition, we may use remarketing technology to advertise on other websites you may visit. In doing so, a third party may place or read a unique ad-serving cookie on your device and use technical information about your browser and your activity at a Red Hat website to serve advertisements to you on non-Red Hat websites.
If you do not want your information to be stored by cookies, you can manage your cookie preferences by using the options and tools made available to you by either your web browser or Red Hat. You can configure your browser so that it always rejects these cookies or asks you each time whether you want to accept them or not. Your browser documentation includes instructions explaining how to enable, disable or delete cookies at the browser level (usually located within the “Help”, “Tools” or “Edit” facility). If a cookie manager has been implemented by Red Hat on the website you are visiting, the cookie tool will be displayed on the website during your visit (e.g., click the “Cookie Preferences” or similar link at the bottom of the website). You can use the cookie manager to set your cookie preference and to see a list of the cookies used on the Red Hat website. The cookie manager also provides information on the specific cookies used and the classification of the cookie (i.e., Required, Functional or Advertising). Whether you utilize the cookie manager or manage cookies at the individual browser level, please remember that Required cookies will remain and cannot be turned off. Please also understand that choosing to reject cookies may reduce the performance and functionality of our websites.
Red Hat also uses web beacons alone or in conjunction with cookies to compile information about usage of our websites and interaction with emails from Red Hat (e.g., open rates, click through rates). Web beacons are clear electronic images that can recognize certain types of information on your device, such as cookies, when you viewed a particular website tied to the web beacon, and a description of a website tied to the web beacon. For example, Red Hat may place web beacons in marketing emails that notify Red Hat when you click on a link in the email that directs you to one of our websites. Red Hat uses web beacons to operate and improve our websites and email communications.
Your Rights and Choices
In accordance with the laws of certain countries, you may have certain rights and choices regarding the personal data we collect and maintain about you, and how we communicate with you.
Where the EU General Data Protection Regulation 2016/679 (“GDPR”), the Brazilian General Data Protection Law (“LGPD”), the California Consumer Privacy Act of 2018 (“CCPA”) (as amended by the California Privacy Rights Act of 2020 (“CPRA”)), the Personal Information Protection Law (“PIPL”) of the PRC, the Virginia Consumer Data Protection Act (“VCDPA”) or similar legal requirements apply to the processing of your personal data (collectively, “Data Protection Laws”), especially when you access the website from a country in the European Economic Area (“EEA”), Brazil, the PRC or as a consumer in the states of California or Virginia or in a jurisdiction with similar legal protections, you have the following rights, subject to some limitations, against the respective Red Hat Company responsible for the website you are using:
- The right to request information about our use of your personal data (e.g., the pieces and categories of personal data we have; the categories of sources, purposes for collection, the third parties to whom we have disclosed personal data, and personal data we have disclosed);
- The right to review and access your personal data;
- The right to rectify (correct, update or modify) the personal data we hold about you;
- The right to erase (e.g., delete), de-identify, anonymize or block your personal data;
- The right to restrict our use of your personal data;
- The right to object to our use of, or certain types of disclosures of, your personal data;
- The right to request the transfer of your personal data we hold about you to a third party;
- The right to receive your personal data in a usable format and transmit it to a third party (also known as the right of data portability); and
- The right to lodge a complaint with your local data protection authority.
If you would like to exercise any of these rights, you may do so via our Personal Data Request Form. For California consumers, you may also submit requests by calling Red Hat’s U.S. toll free number at 1-800-546-7274. Where the VCDPA applies, and we inform you that we are unable to take action in response to your request to exercise your rights under the VCDPA, you may appeal our decision within a reasonable period of time following our decision. To submit your appeal, please do so via our Personal Data Request Form.
Where the applicable Data Protection Laws apply, you also have the right to withdraw any consent you have given to uses of your personal data. If you wish to withdraw consent that you have previously provided to us, you may do so via our Feedback Form. However, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Where the applicable Data Protection Laws do not apply, Red Hat grants you the ability to access, modify, or update some of your personal data online at any time. You may log in and make changes to your information, such as your password, your contact information, your general preferences, and your personalization settings. If necessary, you may also contact us via our Feedback Form and describe the changes you want made to the information you have previously provided. However, note that changing or deleting information necessary for Red Hat to assist with support, services, and purchases may result in a delay or interruption in processing your requests.
You will be given an opportunity to tell us whether you would like to receive information, special offers, and promotional materials by email from Red Hat or our business partners when you create a redhat.com account, when you register for a service, when you provide us with your personal data, or when we send you a marketing email. Where required by applicable law, we will obtain adequate consent to provide you with these marketing materials. You also have the ability to opt out of receiving marketing emails from Red Hat at any time without cost by clicking on the relevant link contained in our marketing emails or by contacting us via our Feedback Form. You can also exercise your rights and choices by contacting us as described below under “How to Contact Us.”
When you exercise your privacy rights, such as those conferred by the applicable Data Protection Laws, you have a right not to receive discriminatory treatment by Red Hat for the exercise of such privacy rights.
Before responding to a request for information about your personal data, we must verify the request. Verification is important to protect your information and to help confirm that we are responding to a valid request and providing the response to the correct individual. To verify the request we initially ask for at least two (2) or three (3) identifiers, such as name, email address and location. If we have a need to request additional identifiers to reasonably verify your identity, we will contact you and request additional verification. The information we ask to verify your identity may depend on your relationship with us.
When you exercise your privacy rights under the applicable Data Protection Laws, you can designate an authorized agent or representative to make a request on your behalf by providing the authorized agent with written permission to do so and verifying your identity with us as part of the request, or by providing the authorized agent with Power of Attorney pursuant to applicable law (e.g., the California Probate code). We will ask the individual submitting the request to denote that they are an authorized agent or representative. When submitted by an authorized agent or representative, we ask the authorized agent or representative to provide name, email address and a description of the relationship with the individual who is the subject of the request and to certify that the representative has permission to submit the request, and may request proof of the consumer’s written permission.
Red Hat intends to protect your personal data. We have implemented appropriate physical, administrative and technical safeguards to help us protect your personal data from unauthorized access, use and disclosure. For example, we encrypt certain personal data such as payment information when we transmit such information over the Internet. We also require that our business partners and service providers protect such information from unauthorized access, use and disclosure.
Social Media, Public Forums and Links to Other Websites
Red Hat may provide social media features that enable you to share information with your social networks and interact with Red Hat on various social media websites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media websites with which you interact to make sure you understand the information that may be collected, used, and shared by those websites.
Our websites may make chat rooms, forums, blogs, message boards, and/or news groups available to its users. Remember that your comments and posts become publicly available, and we urge you to exercise discretion when submitting such content.
Our websites may contain links to other websites. Red Hat does not control and is not responsible for the information collected by websites that can be reached through links from our websites. If you have questions about the data collection procedures of linked websites, please contact the organizations that operate those websites directly.
Children’s Online Privacy
Red Hat’s products and services are not directed to children and Red Hat does not knowingly collect online personal data from children under the age of 16. If you are a parent or guardian of a minor under the age of 16 and believe that he or she has disclosed personal data to us, please contact us via our Feedback Form or as described below under “How to Contact Us.” Red Hat will ensure their personal data is properly processed and disposed of with the consent of their parent or guardian.
Data Transfers and Privacy Shield Frameworks
Red Hat is a global organization, with legal entities, business processes, and technical systems that operate across borders. Red Hat may transfer your personal data to other Red Hat entities in the United States and elsewhere. The United States and other countries may not have the same data protection laws as the country from which you initially provided the information.
Where required by applicable law, we have put in place appropriate safeguards (such as standard contractual clauses approved by the European Commission) in accordance with applicable legal requirements to ensure that your data is adequately protected. When transferring your personal data internationally, Red Hat will protect your personal data as provided in this Privacy Statement and comply with applicable legal requirements as may be in effect from time to time. If you wish to obtain a copy of the relevant safeguards that are in place to protect the international transfer of your personal data, please contact us as described below under “How to Contact Us.”
If you are located in the European Economic Area (“EEA”), the United Kingdom or Switzerland, Red Hat, Inc., and Red Hat Professional Consulting, Inc. have certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks for the transfer of personal data from the EEA, the United Kingdom and Switzerland to the United States, although Red Hat does not rely on such Frameworks as a legal basis for transfers of personal data as described further in our Privacy Shield Privacy Notice. To learn more about the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and to view our certification, please visit www.privacyshield.gov.
Changes to This Privacy Statement
Red Hat reserves the right to make corrections, changes or amendments to this Privacy Statement at any time. The revised Privacy Statement will be posted on this website. A notice will be posted on our homepage for 30 days whenever this Privacy Statement is changed in a material way, and the date of last update will be indicated at the top of the Privacy Statement. If you do not refuse the changes in writing within that notice period and you continue to use our websites, we consider that you have read and understand the Privacy Statement as changed, including with respect to personal data provided to us prior to the changes in the Privacy Statement. We encourage you to periodically review this Privacy Statement for any changes or updates. If you would like information related to the previous version of this Privacy Statement and/or a copy of the previous version, please contact us as described below under “How to Contact Us.”
EEA Data Protection Authority
If you are a resident of the European Economic Area and wish to raise a concern about our use of your personal data, you may direct questions or complaints to the Irish Data Protection Commissioner, which is Red Hat’s lead supervisory authority, at:
Irish Data Protection Commissioner
Office of the Data Protection Commissioner
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
Phone: +353 57 8684800
+353 (0)761 104 800
Fax: +353 57 868 4757
Alternatively, you may contact your local supervisory authority.
How to Contact Us
We provided this information above in the “Your Rights and Choices” section, but remember that if you would like to exercise any of your privacy rights, you may do so via our Personal Data Request Form. For California consumers, you may also submit requests, or access the information provided in this Privacy Statement in an alternative format, by calling Red Hat’s U.S. toll free number at 1-800-546-7274.
Red Hat, Inc.
Corporate Legal Group
100 East Davie Street
Raleigh, North Carolina 27601
Red Hat Representative Contact Information in the European Economic Area:
Red Hat Limited
6700 Cork Airport Business Park
Phase II 1st Floor
For a PDF version of the Privacy Statement, please click here.