Effective May 16, 2018
Aspen Technology is committed to protecting your privacy.
Privacy Compliance Information, Including GDPR
AspenTech intends to comply with our legal obligations under international privacy and security regulations, including the EU General Data Protection Regulation (GDPR) which imposes rules on controlling and processing personal data.
AspenTech needs to gather and use information or ‘data’ about you as part of our business and to manage our relationship with you, possibly including some personal data.
For the information we collect from you, AspenTech is the data controller.
Aspen Technology, Inc.
20 Crosby Drive
Bedford, Massachusetts 01730
Personal Information That We Collect
On some of our webpages, you can request information, subscribe to marketing or support materials, register for events, apply for jobs, or obtain technical support. The types of data you provide to us on these pages may include name, address, phone number, email address, user IDs and passwords, and contact preferences.
Except for job applicants (see below), AspenTech does not generally collect “special categories” of personal data (as defined under GDPR). However, we may collect your photo for legitimate purposes, such as security or to confirm dietary information if we host events.
For job applicants, we may lawfully collect special categories of data such as race, ethnic origin, or gender.
Lawful Basis and Legitimate Interests
AspenTech will process your personal data in accordance with our privacy obligations, including GDPR, and we will only do so in performing contracted services, complying with any legal obligation, or when we have a legitimate interest.
Examples of how we use your personal data:
We will not use your personal data for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.
Sharing Your Personal Data
Sometimes we might share your personal data with our group companies or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests.
We may transfer your information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
Applicable law may require us and our service providers to disclose your information if: (i) reasonably necessary to comply with a legal process, such as a court order, subpoena or search warrant, government investigation or other legal requirements; or (ii) necessary for the prevention or detection of crime (subject in each case to applicable law).
We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
We may ask for your consent to share your information with third parties. In any such case, we will make it clear why we want to share the information.
We may also use and share usage information that, by itself, does not identify who you are (such as device information, general demographics and behavioral data). We may combine this information with additional information collected from other sources.
When we share information, we require those companies and other entities to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.
Cross-Border Data Transfers
Links to Third-Party Web Sites
Applicable privacy laws, including GDPR, may give you the right to review, update and request that we stop using or delete personal data we keep about you. To protect your privacy, we may ask you to verify your identity or provide additional information before we let you access or update your information. We may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets, intellectual property or privacy of another user. Also, we may not be able to accommodate certain requests to rectify or object to the processing of personal data, notably where such requests would not allow us to provide our service to you.
In certain countries, including countries in the European Union, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal data.
If you are an EU resident covered by GDPR, you can make a ‘subject access request’ (“SAR”) related to the information AspenTech holds about them. This request must be made in writing and sent to:
If you are a California resident, you can make a subject access request for AspenTech to disclose the categories of personal data about you that we have shared with third parties for their direct marketing purposes during the preceding calendar year. Send your subject access requests to:
If you submit a SAR, AspenTech will respond within one month unless the request is complex or numerous in which case the period in which we must respond can be extended; AspenTech will promptly notify you if the response needs to be extended. Note: AspenTech may require additional identifying documentation to verify the requestor’s identify.
There is no fee for making a SAR. However, if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.
How We Protect Your Information
We use physical, technical and organizational measures designed to protect your information against unauthorized access, theft and loss.
You are responsible for maintaining the security of your account and the information in your account. We may suspend your use of all or part of the services without notice if we suspect or detect any breach of security.
Retaining Your Information
We keep your personal data for legitimate business purposes and as permitted by applicable law. For example, we must keep personal data to prove our compliance with applicable laws or when an outstanding issue, claim or dispute requires us to keep the relevant information until it is resolved.
We do not knowingly collect personal data from children under age 18. If you know that a user is under the age of 18, please use the reporting mechanism described below.
How to Contact Us
For Questions about AspenTech’s GDPR Compliance Program, please contact us at:
For Subject Access Requests
If you are an EU resident covered by GDPR or a California resident, you can make a ‘subject access request’ (“SAR”) related to the information AspenTech holds about you. This request must be made in writing and sent to:
* COOKIES AND OTHER DATA COLLECTION TECHNOLOGY
What are cookies?
Cookies are small text files that are sent to or accessed from your web browser or your computer's hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your computer, such as user settings, browsing history and activities conducted while using our services.
Web beacons (also called pixel tags or clear GIFs) are another type of data collection technology. A web beacon is computer code that enables user activity and website traffic monitoring.
To learn more about cookies and web beacons, visit www.allaboutcookies.org.
Are there different types of cookies?
First-party and third-party cookies
First-party cookies are placed on your computer or mobile device directly by a company through it’s website. For example, we may use first-party cookies to apply personalization elements to our website and to better understand your use of our website. Third-party cookies may also be placed on your device by our partners and service providers. For example, we use third-party cookies to measure user numbers on our website.
Session and persistent cookies
Session cookies only last until you close your browser. We use session cookies for a variety of reasons, including to learn more about your use of our website during a single browser session and to help you to use our website more efficiently. Persistent cookies have a longer lifespan and aren't automatically deleted when you close your browser. These types of cookies are primarily used to help you quickly sign-in to our website again and for analytical purposes.
Types of Cookies
Essential website cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features, such as access to secure areas.
These cookies help us understand how our website is being used, the effectiveness of our marketing campaigns, and how we can customize and improve our websites for you.
These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and selecting advertisements that are based on your interests.
Social networking cookies
These cookies are used to enable you to share pages and content that you find interesting on our website through third party social networking and other websites. These cookies may also be used for advertising purposes too.
How can you control cookies?
Some web browsers provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer. The procedure for managing cookies is slightly different for each internet browser. You can check the specific steps in your browser’s help menu. Please note that changes you make to your cookie preferences may make browsing our websites less satisfying or you may not be able to use all or part of the features on our website.