On September 18, 2019, Semmle Ltd. was acquired by GitHub, Inc.
For the purpose of the EU General Data Protection Regulation 2016/679 (“GDPR”), the data controller is GitHub Software UK Ltd., The Broadgate Tower Third Floor, 20 Primrose Street, London, United Kingdom, EC2A 2RS.
Personal data we may collect from you
We may collect and process the following personal data about you:
Information that you provide by filling in forms on our Sites such as the contact form. We may also ask you for information when you report a problem with our site. In the unlikely event we reject an application to subscribe to our newsletter we will not retain any personal data you have provided in your application.
If you contact us, we may keep a record of that correspondence.
If you register for a personal account on our support portal, we will store your name and email address on that portal and on other internal support systems so that we can provide support to you.
We do this in order to be able to run the Sites, in order to contact you on a tailored basis to let you know about our products, and in order to provide support if you represent a customer.
Information we may collect about you indirectly
As part of carefully managed, selective business to business marketing and sales activities, we may collect your contact details from third party sources such as LinkedIn and use it to contact you on a tailored basis about services which we think might be of interest.
Third-party data processing
We use the third-party Addsearch service to implement site search on help.semmle.com and your use of that search functionality is subject to their privacy terms at https://www.addsearch.com/about/privacy/. We host our website using Cloudflare and Heroku.
We may store your contact details, and send you marketing emails using third-party service providers.
These services may transfer small amounts of personal data outside the European Economic Area (“EEA”), under strict privacy and security controls.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to ensure the proper operation of our site.
Cookies and similar technologies
In operating our Sites, we may use a technology called "cookies." A cookie is a piece of information that the computer that hosts our service gives to your browser when you access our Sites. When you interact with Semmle through our Sites, we receive and store certain cookies or similar technologies. Semmle may store such information itself or such information may be included in databases owned and maintained by Semmle affiliates (such as GitHub, Inc.), agents or service providers. Such information helps us improve our Sites and your experience thereon by customizing your experience, helping us analyse usage, technical and browsing metrics as well as detecting and preventing fraud.
These cookies are strictly necessary to provide you with our service available through our Sites and to secure our Sites. These cookies are set by Semmle as well as Cloudflare (https://www.cloudflare.com). Because these cookies are strictly necessary to deliver the Sites to you, you cannot refuse them.
You can block or delete them by changing your browser settings, as described in the section "Your choices regarding cookies" below. However, blocking or deleting essential cookies may make browsing our Sites a less satisfying experience. In some cases, you may even find yourself unable to use all or part of our Sites.
The cookies we use are “analytical” cookies provided by Google Analytics. They allow us to recognize and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our website works, for example by ensuring that users are finding what they are looking for easily. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/.
In addition, and if you agree, we may use additional cookies (such as Eloqua) to see how you move around the website, and other websites operated by us. This allows us to deliver further optimized content and messages for you and other visitors. This processing is done on the basis of your consent, which you can revoke at any time by clicking here, or following the instructions below under the heading "Your choices regarding cookies". If you subsequently provide us with your contact details, these will be linked to our records of your visits to our web sites.
Your choices regarding cookies
You may express your preferences regarding cookies using several options. Please note that changes you make to your cookie preferences may prevent all or part of our Sites from functioning as intended.
Browser and devices controls
Most web browsers provide settings that allow users to control or reject cookies or to alert users when a cookie is set on their computer. The procedure for managing cookies is slightly different for each internet browser, so please check the specific steps in the “help” menu of your web browser. Since cookies are browser-specific, you may need to manage your cookies preferences across all the web browsers you use.
You also may be able to reject device identifiers by activating the appropriate setting on your mobile device, as available. The procedure for managing device identifiers is slightly different for each device, so please check the specific steps in the documentation relating to the device you use.
Our Legal Basis for Processing
Under certain international laws (including GDPR), Semmle must have a legal basis to process personal data regarding you. There are different legal bases that we rely on to process such personal data, namely:
a. Performance of a contract
The processing of your information may be necessary to perform the terms and conditions or other contractual obligations and policies under which We provide our Sites to you;
c. Legitimate interests
We process personal data regarding you for our legitimate interests to improve our Sites, security purposes, and to share information with our affiliates. In such circumstances it is for us to ensure that these interests are not overridden by your data protection interests or fundamental rights and freedoms; and
d. Legal obligation and public interest
In some cases, we may also have a legal obligation to collect personal data regarding you or may otherwise need personal data regarding you to protect your vital interests or those of another person.
Various different jurisdictions require us to inform you about your rights as a user. The GDPR is one of the most strict data regulations, therefore we decided to use that as a guideline here.
Right to be informed
This document is designed to inform you exactly how Semmle processes personal data regarding you.
Right of access
Our Sites allow you to provide us with a very limited amount of personal data regarding you, which we store to provide you with our Sites as well as a good user experience. You have the right to access and obtain a copy of personal data regarding you that is processed by us.
Please contact us if you would like us to provide you with this personal data.
Right to rectification
The data held by us on our Sites is provided by yourself. You can, free of charge, update this personal data regarding you at any point by logging in to our Sites. Feel free to contact us if you require assistance.
Right to object, right to erasure, and right to restrict processing
Subject to any relevant legal requirements and exemptions applicable to us, you may oppose to or limit the processing of personal data regarding you or request that certain personal data regarding you be deleted from our files.
Right to data portability
If you reside within the EU, you may also exercise the right of portability of personal data regarding you where the lawful basis for the processing is (i) (a) a contract or (b) your consent and (ii) by automated means. Please note that such a request could be limited to the sole personal data you provided us with or that we hold at that given time and subject to any relevant legal requirements and exemptions, including identity verification procedures.
Rights in relation to automated decision making and profiling
Our Sites do not perform any automated decision making or profiling.
You can learn more about the CCPA and how we comply with it here: https://help.github.com/en/github/site-policy/github-ccpa-page.
Our disclosure of Personal Data regarding you and other information
Semmle is not in the business of selling personal data regarding you. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share personal data regarding you with certain third parties whether located inside or outside of the European Union and European Economic Area, as set forth below.
We will perform any cross-borders transfer in compliance with applicable privacy and data protection regulations, including the GDPR. Where mandated by applicable law, to ensure that personal data regarding you receives an adequate level of protection, we implement the appropriate measures to ensure that personal data regarding you is processed across our affiliated entities, including GitHub, Inc., and by the following third parties in a way that is consistent with and which respects the applicable privacy and data protection laws. Measures include Data Processing Agreements (“DPAs”) and EU Standard Contract Clauses.
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets.
Agents, consultants and related third parties
Semmle, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include maintaining databases. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
Semmle may disclose personal data regarding you if required to do so by law or in the good faith belief that such action is necessary to (i) comply with legal process, applicable laws or government requests; (ii) enforce our Terms of Service; or (iii) protect the rights, property, or personal safety of Semmle, its users or the public.
Links to other websites
The security and confidentiality of personal data regarding you is important to us. Semmle implements appropriate physical, administrative, and technical measures and safeguards designed to protect the personal data provided via the Sites from loss, theft, misuse, and unlawful or unauthorized access, disclosure, alteration, or destruction. The Internet and any communication thereon cannot be guaranteed to be secure at all times, and we cannot ensure or warrant the security of any personal data you provide us through this technology. In particular, email sent to or from the Sites may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any personal data to Semmle via the internet.
Filing a complaint
This policy was last modified on 15 May 2020. Here's what changed:
- Update legal company name and address
20 February 2020:
- Move the content to a new page on help.semmle.com
25 November 2019:
- Add notice of acquisition by GitHub
- Removed mentions of webinars
- Clarify use of storing contact details for marketing
- Remove mentions of HubSpot, and replace with Eloqua
- Add CCPA details
- Explicitly mention GitHub, Inc. in a number of places
23 August 2019:
- Added head office address
- Removed technologies/companies we no longer use
- Added choices regarding cookies
- Added our legal basis for processing personal data
- Added our disclosure of personal data regarding you and other information
- Added section on business transfers
15 May 2019:
- Added information about Zoom webinars
5 April 2019:
- Clarify that Semmle's website includes subdomains
14th January 2019:
20 August 2018:
- Added information about Hubspot tracking
21 June 2018:
- Updated third party processors
25 May 2018:
- Explicitly state the lawful basis upon which Semmle processes user data, and mention the rights of individuals under the GDPR.
- Add information about third party processors
- Provide additional information about how we process data about customer contacts and sales leads
- Clarify position on analytics