Privacy and Security

Aspen Technology is committed to protecting your privacy.

Effective May 16, 2018

Aspen Technology is committed to protecting your privacy.

Aspen Technology (“Aspen Tech”) is providing this Privacy and Security Policy (“Privacy Policy”) to inform you of our privacy and security practices, including the choices you can make about how we collect and use information.

This Privacy Policy applies to customers, potential customers, vendors, job applicants and other interested individuals. AspenTech has separate policies that apply to current and former employees, workers, volunteers, and consultants.

This Privacy Policy applies to any of our websites in which it is posted, as well as to information that we collect off-line, such as through product registrations, call centers, tradeshows or seminars unless otherwise set forth in a separate agreement between you and AspenTech.

Privacy Compliance Information, Including GDPR

AspenTech intends to comply with our legal obligations under international privacy and security regulations, including the EU General Data Protection Regulation (GDPR) which imposes rules on controlling and processing personal data.

AspenTech needs to gather and use information or ‘data’ about you as part of our business and to manage our relationship with you, possibly including some personal data.

Data Controller

For the information we collect from you, AspenTech is the data controller.

Aspen Technology, Inc.
20 Crosby Drive
Bedford, Massachusetts 01730
United States

Personal Information That We Collect

On some of our webpages, you can request information, subscribe to marketing or support materials, register for events, apply for jobs, or obtain technical support. The types of data you provide to us on these pages may include name, address, phone number, email address, user IDs and passwords, and contact preferences.

AspenTech collects and analyzes web site usage information; that may include the pages visited on the AspenTech websites, unique URLs visited, browser type, device type, network provider and IP address. Most usage information is collected via cookies or other analysis technologies. AspenTech’s web pages use cookies, web beacons, and other technologies for data analysis and personalization services. See below for more information about our use of cookies *.

Except for job applicants (see below), AspenTech does not generally collect “special categories” of personal data (as defined under GDPR). However, we may collect your photo for legitimate purposes, such as security or to confirm dietary information if we host events.

For job applicants, we may lawfully collect special categories of data such as race, ethnic origin, or gender.


Lawful Basis and Legitimate Interests

AspenTech will process your personal data in accordance with our privacy obligations, including GDPR, and we will only do so in performing contracted services, complying with any legal obligation, or when we have a legitimate interest.

Examples of how we use your personal data:

  • Providing marketing and promotional materials
  • Organizing and conducting events
  • Administering surveys to improve our products and services
  • Providing good and services that have been contracted for
  • Communicating with you about our services, including order management and billing
  • Reviewing job applicant credentials and making hiring decisions
  • Providing technical support on AspenTech products
  • Preventing, detecting and fighting fraud or other illegal or unauthorized activities
  • Running our business and planning for the future
  • For any other legitimate interest

We will not use your personal data for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.

Sharing Your Personal Data

Sometimes we might share your personal data with our group companies or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests.

We may transfer your information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.

Applicable law may require us and our service providers to disclose your information if: (i) reasonably necessary to comply with a legal process, such as a court order, subpoena or search warrant, government investigation or other legal requirements; or (ii) necessary for the prevention or detection of crime (subject in each case to applicable law).

We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

We may ask for your consent to share your information with third parties. In any such case, we will make it clear why we want to share the information.

We may also use and share usage information that, by itself, does not identify who you are (such as device information, general demographics and behavioral data). We may combine this information with additional information collected from other sources.

When we share information, we require those companies and other entities to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.

Cross-Border Data Transfers

Our use of information subject to this Privacy Policy sometimes involves cross-border data transfers. As an example, personal data of users located in the European Economic Area (“EEA”) may be transferred to the U.S. or other jurisdictions.  We use standard contract clauses approved by the European Commission or other adequate mechanisms to legitimize data transfers from the EEA to other countries.  Standard contractual clauses are commitments between companies transferring personal data, binding them to protect the privacy and security of your data.

Links to Third-Party Web Sites

Our websites may provide links to third-party websites for your convenience and information.  If you access those links, you will leave the AspenTech websites, and we do not control those sites or their privacy practices, which may differ from ours. We do not endorse or make any representations or undertakings about third-party websites.  The personal data you choose to give to unrelated third parties is not covered by this Privacy Policy.  We encourage you to review the privacy policy of any company before submitting your personal data.

Your Rights

Applicable privacy laws, including GDPR, may give you the right to review, update and request that we stop using or delete personal data we keep about you. To protect your privacy, we may ask you to verify your identity or provide additional information before we let you access or update your information.  We may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets, intellectual property or privacy of another user.  Also, we may not be able to accommodate certain requests to rectify or object to the processing of personal data, notably where such requests would not allow us to provide our service to you.

In certain countries, including countries in the European Union, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal data.

If you are an EU resident covered by GDPR, you can make a ‘subject access request’ (“SAR”) related to the information AspenTech holds about them. This request must be made in writing and sent to:

Job applicants: esar@aspentech.com
All other: csar@aspentech.com

If you are a California resident, you can make a subject access request for AspenTech to disclose the categories of personal data about you that we have shared with third parties for their direct marketing purposes during the preceding calendar year. Send your subject access requests to:

Job applicants: esar@aspentech.com
All other: csar@aspentech.com

If you submit a SAR, AspenTech will respond within one month unless the request is complex or numerous in which case the period in which we must respond can be extended; AspenTech will promptly notify you if the response needs to be extended. Note: AspenTech may require additional identifying documentation to verify the requestor’s identify.

There is no fee for making a SAR. However, if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.

How We Protect Your Information

We use physical, technical and organizational measures designed to protect your information against unauthorized access, theft and loss.

You are responsible for maintaining the security of your account and the information in your account. We may suspend your use of all or part of the services without notice if we suspect or detect any breach of security.

Retaining Your Information

We keep your personal data for legitimate business purposes and as permitted by applicable law. For example, we must keep personal data to prove our compliance with applicable laws or when an outstanding issue, claim or dispute requires us to keep the relevant information until it is resolved.

Children’s Privacy

We do not knowingly collect personal data from children under age 18.  If you know that a user is under the age of 18, please use the reporting mechanism described below.

Privacy Policy Changes

From time to time, we will update this Privacy Policy when any material changes take effect.

How to Contact Us

For Questions about AspenTech’s Privacy Policy or if you believe that your account or information is no longer secure, please notify us at:

Privacyinfo@aspentech.com

For Questions about AspenTech’s GDPR Compliance Program, please contact us at:

GDPRinfo@aspentech.com

For Subject Access Requests

If you are an EU resident covered by GDPR or a California resident, you can make a ‘subject access request’ (“SAR”) related to the information AspenTech holds about you. This request must be made in writing and sent to:

Job applicants: esar@aspentech.com
All other: csar@aspentech.com

---------------------------------------------------------------------------------------------------------------------------------

* COOKIES AND OTHER DATA COLLECTION TECHNOLOGY

What are cookies?

Cookies are small text files that are sent to or accessed from your web browser or your computer's hard drive.  A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your computer, such as user settings, browsing history and activities conducted while using our services.

Web beacons (also called pixel tags or clear GIFs) are another type of data collection technology. A web beacon is computer code that enables user activity and website traffic monitoring.

To learn more about cookies and web beacons, visit www.allaboutcookies.org.

Are there different types of cookies?

First-party and third-party cookies

First-party cookies are placed on your computer or mobile device directly by a company through it’s website. For example, we may use first-party cookies to apply personalization elements to our website and to better understand your use of our website. Third-party cookies may also be placed on your device by our partners and service providers. For example, we use third-party cookies to measure user numbers on our website.

Session and persistent cookies

Session cookies only last until you close your browser. We use session cookies for a variety of reasons, including to learn more about your use of our website during a single browser session and to help you to use our website more efficiently. Persistent cookies have a longer lifespan and aren't automatically deleted when you close your browser. These types of cookies are primarily used to help you quickly sign-in to our website again and for analytical purposes.

Why do we use cookies?

We use cookies to provide, secure and improve our services.  For example, cookies remember your preferences and recognize you when you visit our website. To provide a better user experience, we also may link information from cookies with other data we hold about you. When you visit our websites, some or all of the following types of cookies may be set on your computer or device:

Types of Cookies

Description

Essential website cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features, such as access to secure areas.

Analytics cookies

These cookies help us understand how our website is being used, the effectiveness of our marketing campaigns, and how we can customize and improve our websites for you.

Advertising cookies

These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and selecting advertisements that are based on your interests.

Social networking cookies

These cookies are used to enable you to share pages and content that you find interesting on our website through third party social networking and other websites. These cookies may also be used for advertising purposes too.

 

How can you control cookies?

Some web browsers provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer.  The procedure for managing cookies is slightly different for each internet browser. You can check the specific steps in your browser’s help menu.  Please note that changes you make to your cookie preferences may make browsing our websites less satisfying or you may not be able to use all or part of the features on our website.