Last Update: August 30, 2023
1. Services Use and Information Collected
2. Use of Information Collected
Docker uses Data About Docker Customers to perform the services requested. Docker may also use Data About Docker Customers for marketing purposes. For example, Docker may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding Docker and its partners, such as information about promotions or events. Docker uses credit card information you provide for payment, solely to check the financial qualifications of prospective Customers and to collect payment for the Services. Docker uses Website Navigational Information to operate and improve the Website. Docker may also use Website Navigational Information alone or in combination with Data About Docker Customers to provide personalized information about Docker.
3. Docker Website, Cookies and Navigation Information
3.1 Website and Navigation Information
Docker may use commonly used information gathering tools, such as cookies and Web beacons, to collect information as you navigate the Website (“Website Navigational Information”). This section describes the types of Website Navigational Information that may be collected on the Website and how this information may be used.
3.1(b) Web Beacons – Docker may use Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of the Website and interaction with emails from Docker. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Website tied to the Web beacon, and a description of a Website tied to the Web beacon. For example, Docker may place Web beacons in marketing emails that notify Docker when you click on a link in the email that directs you to one of the Websites. Docker uses Web beacons to operate and improve the Website and email communications including for marketing purposes. Docker may use information from Web beacons in combination with Data About Docker Customers to provide you with information about Docker and the Services.
3.1(c) Flash Cookies – Docker may use local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on our site to personalize your visit. Third parties, with whom Docker partners to provide certain features on our site or to display advertising based upon your Web browsing activity, use Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. Cookie management tools provided by your browser will not remove Flash cookies.
3.1(d) IP Addresses – When you visit the Website, Docker may collect your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, Docker may use IP addresses to monitor the regions from which Customers and Visitors navigate the Website.
4. Public Forums, Refer a Friend, and Customer Testimonials
Docker may provide bulletin boards, blogs, or chat rooms on the Website. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. Docker is not responsible for the personal information you choose to submit in these forums. Customers and Visitors may elect to use Docker’s referral program to inform friends about the Website. When using the referral program, Docker requests the friend’s name and email address. Docker will automatically send the friend a one-time email inviting him or her to visit the Website. Docker does not store this information. Docker may post a list of Customers and testimonials on the Website that contain information such as Customer names and titles. Docker obtains the consent of each Customer prior to posting any information on such a list or posting testimonials.
5. Third party providers
We use third party providers such as Google Analytics and others to help us provide the Services. In order to gain useful insights these analytics providers may set tracking technologies (like cookies) to collect information about your use of the Services and across other websites and online services.
6. Sharing of Information Collected
Under the EU-U.S. and Swiss-U.S. Data Privacy Framework, Docker is responsible for the processing of personal data received from Customers from the EU, the UK, and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Data Privacy Framework Principles for such onward transfers and remain liable in accordance with the Data Privacy Framework Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Data Privacy Framework Principles, unless we prove that we are not responsible for the event giving rise to the damage.
7. Users from outside the United States
8. Supplemental Privacy Notices for the EEA, California and other States
9. Communications Preferences; Opt In Policy
Docker offers Customers and Visitors who provide contact information a means to choose how Docker uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of Docker’s marketing emails. Additionally, you may send a request specifying your communications preferences to please contact us using this form https://preferences.docker.com/privacy. If, at any time after registering, you change your mind about receiving information from us or about the use of information volunteered by you, please send us a request specifying your new choice. Please contact us as specified herein.
10. Correcting and Updating Your Information
Customers may view, update or change their registration information by logging in to their accounts at www.docker.com. Requests to access, change, or delete your information will be handled within 30 days.
12. Change of Control
As Docker develops its business, it may buy or sell assets or business offerings. Data About Docker Customers is generally one of the transferred business assets in these types of transactions. Docker may also transfer such information in the course of corporate divestitures, mergers, or dissolution.
13. Contacting Us
15. Supplemental Privacy Notices
Supplement A – Supplemental EEA+ Privacy Notice
If you are located in the EEA, the EU General Data Protection Regulation applies to the processing of your personal data. If you are located in the UK, the UK General Data Protection Regulation applies to the processing of your personal data. If you are located in the EEA or UK, references to the “GDPR” below are references to the General Data Protection Regulation as it applies in the country where you are located. If you are located in Switzerland, the provisions of the Swiss Federal Data Protection Act (the “FDPA”) apply to you, and references to the GDPR below shall be interpreted analogously for the purposes of applying the FDPA.
- Who is the Data Controller?
Docker Inc. is the responsible controller for personal data that you submit through our Website. Docker Inc.’s representative in the EU is Docker Germany GmbH and in the UK is Docker (UK) Limited.
- What are the legal bases for processing?
To the extent required by applicable law, we collect and process personal data of individuals located in the EEA+ only where there exists a legal basis for doing so. Such legal bases are as follows:
- It is in accordance with your consent, per Art. 6(1)(a) of the GDPR, when you accept non-essential cookies via our cookies banner.
- It is necessary for us to perform a contract with you—specifically, the terms and conditions that apply to our Services—or take steps at your request prior to entering into the contract, per Art. 6(1)(b) of the GDPR.
- It is necessary to comply with our legal obligations, per Art. 6(1)(c), such as if we are required by law to disclose personal data to law enforcement agencies or governmental authorities.
- It is necessary for us or third parties to pursue legitimate interests that are not outweighed by your privacy and other fundamental interests, per Art. 6(1)(f) of the GDPR. Those legitimate interests are to provide corporate customers and other users of our Services with a good and safe experience, administer and enforce our contractual and legal rights, develop new services and features that we can offer to you and others, and manage our business operations and relationships with you and third parties.
- It is necessary for our legitimate interests, per Art. 6(1)(f) of the GDPR, to exercise our legal rights or defend legal claims.
- It is necessary, per Art. 6(1)(f) of the GDPR, to give effect to a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider.
- On What Basis Do We Transfer Personal Data Across Borders?
The European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF) entered into force on July 10, 2023.
Docker, Inc. and its U.S. subsidiary (Infosiftr, LLC.) adhere to the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework Principles regarding the collection, use, and retention of personal data that is transferred from the European Union and Switzerland to the U.S.
- How Long Do We Retain Personal Data?
In general, we store personal data only as long as necessary to fulfill the purpose for which we collected it (the “General Retention Period”), except in the following situations:
- Where applicable laws require us to retain your personal data for a legally prescribed period beyond the General Retention Period, in which case we will keep that personal data for the legally prescribed time period before deleting it;
- Where your personal data is relevant to potential legal claims by or against us, in which case we will keep that personal data for as long as the legal claims can be made or, if it has been made, for as long as the personal data is relevant to the resolution of the claims or any appeal thereto;
- Where we are instructed by a court order, subpoena, or other legal directive to retain your personal data beyond the General Retention Period; and
- Where we need a reasonable period of additional time to verify that the purposes for which we collected your data no longer apply and to delete the data following such verification.
If none of these exceptions apply to certain personal data, we will retain personal data for as long as necessary to fulfill the purpose for which we collected it, which in most cases does not exceed 12 months.
- Do You Have to Provide Personal Data?
There is no law or contract stating that individuals in the EEA+ have to use our Services. We will try to tell you what personal data we need from you to provide certain Services or a certain level of quality of Services to you. In those cases, if you do not provide the personal data that we request from you, we will not be able to provide you with the Services or level of quality of Services that you request from us.
- Your Rights
You have the following rights, subject to conditions and in some cases limitations under the data protection laws that apply to you:
- To object, on grounds relating to your particular situation, to the processing of your personal data by us. This includes the right to object to our processing of your personal data for direct marketing and the right to object to our processing of your personal data where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. If we process your personal data based on our legitimate interests or those of a third party, or in the public interest, you can object to this processing, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where we use your personal data for direct marketing for our own products and services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
- To obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and copies of the personal data.
- To transfer or receive a copy of your personal data in a usable and portable format if we process it on the basis of your consent or a contract with you.
- To obtain from us the rectification of inaccurate personal data concerning you.
- To ask us to erase your personal data to the extent it is not required for legally required purposes or an exception to erasure applies under applicable law.
- To withdraw your consent at any time with future effect if we process your personal data on the basis of consent.
- To request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
Docker is subject to the authority of the Federal Trade Commission regarding its adherence to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns. You may view a list of supervisory authorities in the EEA, UK and Switzerland and their respective contact information here:
- EEA: https://edpb.europa.eu/about-edpb/board/members_en
- United Kingdom: https://ico.org.uk/global/contact-us/
- Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
Under certain conditions, more fully described on the Data Privacy Framework website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration. Under certain conditions, more fully described on the Data Privacy Framework website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Docker commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
You may also contact Docker by emailing [email protected] or by sending postal mail to:
3790 El Camino Real # 1052
Palo Alto, CA 94306
Supplement B – Supplemental Privacy Notice for California Residents
- Personal Information Collected by Docker
We have set out below categories of personal information about California residents we have collected, and as applicable disclosed, for a business purpose in the preceding 12 months. The table is followed by a description of the purposes for which we collected personal information. In the preceding 12 months we did not sell or share for cross context behavioral advertising, the personal information of California residents.
|Category of Information
|Purpose(s) for Collecting & Disclosing
|Recipients of Disclosures for Business Purposes
|Identifiers, such as name, email address, unique identifiers associated with user or user account, IP Address
|Commercial information, such as purchase details, transaction records, billing information, billing address, payment card details
|Internet or other electronic network activity information, such as information about your usage of the Services, pseudonymous IDs, clickstream data, device and connection information, browser information, crash data, referring/exit URLs, IP Address
|Visual information, such as photos or avatars, with your consent, recordings of your attendance at our events
|Professional or employment information, such as job title, company name, company domain
|Geolocation data, such as your approximate location, IP address, time zone
|Sensitive personal information, such as login credentials and passwords
- Business or Commercial Purpose for Collecting Personal Information
We use the personal information for the following business purposes:
- To verify your identity;
- To perform the services requested by individuals who register or visit our sites;
- For marketing purposes, such as sending information about Docker and its partners and promoting events;
- To check the financial qualifications of prospective customers and collect payment for the services;
- To operate and improve the our sites;
- To provide personalized information about Docker;
- To process and investigate reports under Docker codes and policies for employees;
- To respond to law enforcement requests and as required by applicable law or court order;
- To prepare for and give effect to any mergers, acquisitions, business sales or similar transactions; and
- To otherwise establish, defend or protect Docker’s rights or interests, including in the context of anticipated or actual litigation with third parties.
We do not have actual knowledge that we sell or share for cross context behavioral advertising, the personal information of California residents under 16 years of age.
- CCPA Rights as amended by the CPRA
As a California resident, you have the following rights under the CCPA:
- The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. You may only exercise your right to know twice within a 12-month period.
- The right to delete personal information that we have collected from you, subject to certain exceptions.
- The right to correct inaccurate personal information that we maintain about you.
- The right to opt-out of the sale or sharing of your personal information by us. We do not sell or share for cross-context behavioral advertising any of the categories of personal information that we collect about California residents.
- The right to limit our use and disclosure of sensitive personal information to purposes specified in Cal. Civil Code 1798.121(a). We do not use or disclose sensitive personal information for purposes other than those specified in Cal. Civil Code 1798.121(a).
- The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, in violation of California Civil Code § 1798.125, including an employee’s, applicant’s, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights.
- How to Exercise CCPA Rights
To submit a request to exercise your rights to know, delete or correct, please populate our web form https://preferences.docker.com/privacy/ or call +1 415.941.0376
Verification: Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may designate an authorized agent by taking the steps outlined under “Authorized Agent” further below. In your request or in response to us seeking additional information, you, or your authorized agent, must provide sufficient information to allow us to reasonably verify that you are, in fact, the person whose personal information was collected which will depend on your prior interactions with us and the sensitivity of the personal information being requested. We may ask you for information to verify your identity and, if you do not provide enough information for us to reasonably verify your identity, we will not be able to fulfill your request. We will only use the personal information you provide to us in a request for the purposes of verifying your identity and to fulfill your request.
Authorized Agents: You can designate an authorized agent to make a request under the CCPA on your behalf if:
- The authorized agent is a natural person or a business entity and the agent provides proof that you gave the agent signed permission to submit the request; and
- You directly confirm with Docker that you provided the authorized agent with permission to submit the request.
If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
If you have any questions or comments about these disclosures or our practices, please contact us at:
Email address: [email protected]
Phone: +1 415.941.0376
Postal address: Docker Privacy
3790 El Camino Real, # 1052
Palo Alto, CA 94306 USA
Supplement C – Supplemental Privacy Notice for other US States
Depending on your state of residence the following state data privacy laws may apply to you: (i) the Colorado Privacy Act (“CPA”), (ii) the Connecticut Data Privacy Act (“CTDPA”), (iii) the Virginia Consumer Data Protection Act (“VCDPA”) and (iv) the Utah Consumer Privacy Act (“UCPA”). This Addendum describes how Docker, Inc. collects, uses, and shares the personal information of residents of these state residents and how to exercise your rights under these state privacy laws.
If applicable, in addition to the rights provided by the privacy laws in your state of residence, there may be certain exemptions that apply to Docker’s collection of your personal information, including personal information that we’ve collected from or about you that is publicly available. Therefore, the privacy rights described herein may not apply to you or to all your personal information. Docker does not engage in profiling/automated decision making that produces legal or similarly significant effects.
- Personal Information Collected by Docker and Use.
- Sharing of Personal Information.
- Privacy Rights.
Depending on the applicable laws in your state of residence, you may have the right to the following:
- request to confirm whether we process your personal information and to access such personal information;
- request to correct inaccuracies in your personal information;
- request deletion of your personal information, subject to certain exceptions;
- request to obtain a copy of your personal information;
- request to opt-out of processing of personal information for purposes of targeted-advertising;
- request to opt-out of the “sale” of personal information; and
- opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
To exercise your applicable rights listed please contact [email protected]. We may need to verify your identity to process your request. If we are unable to verify your identity, we reserve the right to not process your request. If we refuse to take action on a request, we will provide instructions on how you may appeal the decision. We will respond to requests consistent with applicable law.
You may use an authorized agent to submit a request on your behalf, but we may ask your agent to provide information to verify that they have the proper authority to act on your behalf or ask you to verify your identity with us directly. The Exercise of any of your rights will not result in different pricing, service levels, and/or use of any no-fee Services.