Privacy Policy

Cherwell Software Privacy Statement

Who are We?

For the purposes of the Data Protection Act 1998, the data controller is Cherwell Software, LLC, including its subsidiaries and affiliates (collectively, “Cherwell”). 


This Privacy Statement describes Cherwell’s privacy practices in relation to the use of the Company’s Websites (as defined below). By using the Websites, you consent to the terms of this Privacy Statement. IF YOU DO NOT CONSENT TO THIS PRIVACY STATEMENT IN ITS ENTIRETY, YOUR SOLE AND EXCLUSIVE REMEDY IS TO IMMEDIATELY CEASE USE OF THE WEBSITES.

Websites Covered

This Privacy Statement covers the information practices of websites that link to this Privacy Statement, which include and its subdomains (the “Websites”).

Information Collected

Information you give to us. In general, you can visit the Websites without telling us who you are or revealing any personal information about yourself. In some cases, you may be required to provide personal contact information if you are, for example, interested in obtaining additional information about Cherwell’s products or services, requesting access to certain content, inquiring about a Cherwell partner program, registering for an event, or participating in discussions taking place within the Cherwell Community or blog, or a customer of Cherwell's products or services. In such instances, depending on the nature of your request or your status as a customer of Cherwell's products or services, you may be asked to provide personal contact information including, but not limited to, name, email, phone number, location (country and state/province), company name, company country and city, business email, business phone number, and job title (collectively, “Personal Data”).

Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information:

Information we receive from other sources. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We may receive some of the above detailed information from those third parties. For more information about the third parties we exchange information with see the “Information Disclosed to Third Parties” section below.

Use of Information Collected

Cherwell uses your Personal Data to contact you about the products or service on our Websites in which you have expressed interest. If you are a customer of Cherwell’s products or services, then we may use your Personal Data to provide you with implementation services and/or technical support related to your use of Cherwell’s software or to inform you about new software products and services or updates to existing products and services.

Cherwell may also use your Personal Data to improve both the usability of our Websites and our user support procedures and to help prevent misuse of our system, as well as for the following purposes:

Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Information Disclosed to Third Parties

Cherwell may share your Personal Data with contracted service providers so that these service providers can provide services on Cherwell’s behalf, such as analytics and search engine providers that assist us in the improvement and optimization of our Websites, email services, software support services, implementation services, and reselling services. These companies are authorized to use your Personal Data only as necessary to provide the services for which they were contracted to provide to Cherwell.

Partners receive your data when you visit or use their services or through third parties they work with. We require each of these partners to have lawful rights to collect, use and share your data before providing any data to us. We will also disclose your personal information to third parties:

If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply or a contract we have entered into with you and other agreements; or to protect the rights, property, or safety of Cherwell, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Marketing Communications: Choice/Opt-Out

If you have given permission, we may share your personal data with organizations who are our business partners and we or they may contact you (unless you have asked us or them not to do so) by telephone, sms (text) and email about products, services, promotions, special offers that may be of interest to you.

Where you are an existing customer we may contact you by email or telephone about products, services, promotions and special offers where we have determined that it is in our legitimate interests to do so.

Where you have given your permission and you change your mind and you no longer wish to receive our newsletter and promotional communications, you may unsubscribe or opt-out of receiving them by following the instructions included in each newsletter or communication or by emailing us at

Generally, if you are a customer of Cherwell’s products and services, you may not opt-out of software service or technical support related announcements, which are not promotional in nature. If you do not wish to receive these announcements, please contact

Cherwell will also offer you the opportunity to choose (opt-out) whether your Personal Data is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by you. Questions regarding procedures, or requests to opt-out, should be directed to

See further “Your Rights”, below for more information about what you can do in relation to your Personal Data collected and used by us.

Onward Transfer

All information you provide to us is stored on secure servers. As a company providing services internationally, we may receive and transfer information all over the world. Consequently, your personal information may be used, stored and processed outside of the country where you entered that information or from which we collected it. It may also be processed outside the location from which it was collected by staff operating in a different location who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order and the provision of support services.

You can obtain more information about the locations where your data is stored and transferred to, including the identity of third party suppliers and their locations and processing activities by contacting us:

Wherever we are required to transfer your personal information, regardless of where this occurs, we have taken steps to ensure that your information is treated securely and in accordance with this privacy policy and all applicable data protection laws and regulations.

Whenever we transfer your personal information out of the European Union, we ensure a similar degree of protection is afforded to it by ensuring that the organisation to which it is transferred is E.U.-U.S. Privacy Shield Framework certified or alternatively that at least one of the other safeguards listed below is implemented.

Privacy Shield: Cherwell Software LLC complies with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Cherwell Software LLC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, and to view our certification (where you will find details of what information is sent to Cherwell Software LLC, and the purposes for which it processes it), please see

If you have a concern about the way your data has been handled when it was collected by  Cherwell Software LLC in the United States using the Privacy Shield Framework, please refer to the “Questions and Complaints” section below.

Adequacy: the transfer is made only to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission. For further details, see European Commission webpage on Adequacy:, or

EU Model Contracts/Standard Contractual Clauses: where the party is outside of the European Union, not in a country subject to an adequacy decision and not privacy shield certified, we enter into specific contracts approved by the European Commission which give personal information the same protection it has in Europe. For further details, see European Commission webpage on Model Contract Clauses:

Data Integrity and Security

The security of your Personal Data is important to us. We follow generally accepted standards to protect the Personal Data you submit to us, both during transmission and once we receive it. We follow generally accepted industry standards to protect the Personal Data submitted to us. While we will use all reasonable efforts to safeguard your personal data, you acknowledge that no method of transmission over the Internet, or method of electronic storage, is 100% secure, therefore, we cannot guarantee its absolute security and integrity of any personal data that are transferred from you or to you via the internet; any transmission is at your own risk.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Websites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

If you have any questions about security on our Websites, you may contact us at

Data Retention

We keep your data for so long as it is necessary to fulfill the purpose for which it was collected. Therefore, we will retain your Personal Data for as long as your account is active or as needed to provide you services. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example, we may retain your Personal Data after termination of our agreement with you or closure of your account in the following circumstances:

If you wish to cancel your account or request that we no longer use your Personal Data to provide you services, contact us at

Your Rights

Right to ask us to stop contacting you with direct marketing. Even if you have accepted the processing of your personal data for marketing purposes (by ticking the relevant box), you have the right to ask us to stop processing your personal data for such purposes. Let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).

Right to request a copy of your information. You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please contact us and let us know the information you want a copy of, including any account or reference numbers, if you have them. Any subject access request may be subject to a reasonable fee to cover the cost of providing you with details of the information we hold about you. 

Right to correct any mistakes in your information. You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please contact us and let us know the information that is incorrect and the information you want it replaced with.

Right to request we cease processing your information. You may request that we cease processing your Personal Data.  If you make such a request, we shall retain only the amount of personal data pertaining you that is necessary to ensure that no further processing of your Personal Data takes place.  Please note that if you exercise this right and you have contracted for a service from us we may not be able to continue providing the service.

Right to request deletion of your information. You can ask us to erase all your Personal Data (also known as the “right to be forgotten”) in the following circumstances:

Unless we have reasonable grounds to refuse to erase your Personal Data (e.g. because it is necessary to continue to process it in order to provide a service which you have contracted), all requests for erasure shall be complied with.

Right to take your data with you. The right to data portability only applies:

when processing is carried out by automated means.

We can refuse your data portability request if the processing does not satisfy the above criteria.  Also, if the personal data concerns more than one individual, we may not be able to transfer the information to you if doing so would prejudice the other person’s rights.

To exercise the above rights to object to processing, review, update, make changes, or delete your Personal Data, please send an email to

Additional Information
Cookies and Other Technical Information

We employ the use of “cookies” to enhance your online experience and to store preferences, record which session information, record user-specific information on pages you access or visit, alert you to new areas that we think might be of interest to you when you return to our Websites, record past activity at our Websites in order to provide better service when you return to our Websites, to better target any display advertising, and customize site content based on your browser type or other information that you send. Cookies are files that can identify you as a unique customer and store your personal preferences as well as technical information (including click through and click stream data). Cookies can either be permanent (i.e., they remain on your computer until you delete them) or temporary (i.e., they last only until you close your browser).

We may also use “Web beacons” that monitor your use of our Websites. Web beacons are small strings of code that provide a method for delivering a display advertisement on a webpage for the purpose of transferring data, such as the Internet Protocol (“IP”) address of the computer that downloaded the page on which the Web beacon appears, the Uniform Resource Locator (“URL”) of the webpage on which the Web beacon appears, the time the webpage containing the Web beacon was viewed, the types of browser that fetched the Web beacon and the identification number of any cookie on the computer previously placed by that server. When corresponding with you via HTML capable e-mail, Web beacons let us know whether you received and opened our e-mail.

Third party vendors may show you our ads on websites across the Internet. We and third party vendors use first-party cookies and third party cookies together to inform, optimize, and serve ads based on someone’s past visits to the Websites.

For more information on the cookies that we use please see our Cookie Policy.

Links to Other Websites

Cherwell’s Websites contain links to other websites, for example those of our value-added resellers or solutions partners, that are not owned or controlled by Cherwell. We are not responsible for the privacy practices of these other websites and encourage you to read the privacy policies of these websites.

Social Media Features and Widgets

Our Websites include social media features, such as the Facebook Like button, and widgets, such as the Share This button or interactive mini-programs that run our Websites. These features may collect your IP address, which webpages you are visiting on our Websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Websites. Your interactions with these features are governed by the privacy policy of the company providing the feature.


We may display personal testimonials of satisfied customers on our Websites. If you wish to update or delete your testimonial, you can contact us at

Unauthorized Profiles

If an account/profile was created without your knowledge/authorization, please contact us at to request removal of the profile.

Public Forums

Cherwell may provide blogs, forums, or community sites (collectively, “Forums”) on the Websites. Any personal information you chose to submit in such a Forum may be read, collected, or used by others who visit these Forums, and may be used to send you unsolicited messages. Cherwell is not responsible for the personal information you choose to submit in these Forums. The use of any Forums by you are subject to any Terms of Use that appear on those Forums.

To request removal of your Personal Data from a Forum, contact us at In some cases, we may not be able to remove Personal Data that you submitted on a Forum, in which case we will let you know if we are unable to do so and why.

Questions or Complaints

You may contact us about any questions or concerns you may have regarding the use or disclosure of your Personal Data at

If you have any complaints about the way in which we collect, store and use your information, and these have not been addressed by contacting us first, you can contact the supervisory authority in the United Kingdom, the Information Commissioner’s Office: or you can contact our U.S.-based third party dispute resolution provider (free of charge) at  For residual complaints not fully or partially resolved by other means, you may be able to invoke a binding arbitration mechanism.

Complaints relating to Privacy Shield

In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us as specified above. 

[We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. For more information on the rules and procedures of the EU Panel of DPAs see:

Legal Disclaimer; Compelled Disclosure

We reserve the right to disclose information collected through our Websites, including your Personal Data, when we believe that disclosure is necessary to protect our legal rights, protect your safety or the safety of others, investigate fraud, respond to a government request or to comply with a legal proceeding, court order, law, rule or regulation.

U.S. Federal Trade Commission enforcement: Cherwell Software LLC’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

If Cherwell is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Websites of any change in ownership or uses of your Personal Data, as well as any choice you may have regarding your Personal Data.

Changes in this Privacy Statement

We reserve the right to modify this Privacy Statement at any time, so please review it frequently. If we decide to change our Privacy Statement, we will post those changes to this Privacy Statement. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on prior to the change becoming effective. However, it is your responsibility to check the Websites on a regular basis for updates to the Privacy Statement.


Last updated: May 25, 2019