We at ScyllaDB Inc. are self-certified to comply with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF (“EU-U.S. DPF”), as well as the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively “DPF Principles”), as set forth by the U.S. Department of Commerce.
If there is any conflict between the terms in this Data Privacy Framework Statement and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF Principles and to view our certification, please visit https://www.dataprivacyframework.gov/.
ScyllaDB provides cloud-based services and database solutions to businesses world-wide, acting as a data processor on behalf of those businesses. For these business ScyllaDB may process personal data of data subjects within the EU, UK and otherwise world-wide, depending on the metadata uploaded to the ScyllaDB platform by its customers. The personal data types that our customers put into our services is at their discretion (subject to any limitations in our contracts) and we only process it in accordance with their instructions as can be seen in the Scylla DPA: https://www.scylladb.com/data-processing-agreement/
However, in its role as a data controller, Scylla receives and collects personal data about its customers, prospects, former customers, and customers’ users. ScyllaDB Inc. is fully owned by ScyllaDB Ltd. and provides sales and customer success services, through these services, ScyllaDB Inc. will process the following data sets of EU and UK data subjects: contact information such as full name and email, address, correspondence record (if applicable), and additional information such as title, job, position, etc. This data is processed for the purpose of providing the services, such as customer support, success, sales and marketing. The data is shared, as detailed in the privacy policy solely with the following: service providers (such as the CRM provider, cloud hosting providers, and other essential service providers) and with ScyllaDB Ltd.
Our privacy policy discloses the purpose and use of personal data, in the event ScyllaDB Inc. will process the personal data for a purpose that is materially different from the purpose(s) for which it was originally collected it will seek your consent and shall not process for that purpose unless consent was obtained.
With regard to onward transfers of Personal Data to third parties, ScyllaDB is responsible for ensuring that these third parties comply with applicable data protection principles, including ensuring that the third parties do not process such Personal Data in a manner inconsistent with the DPF Principles.
In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, ScyllaDB commits to resolve all EU-U.S. DPF and Swiss-U.S. DPF related complaints about our collection and use of your Personal Data in accordance with the DPF Principles. EU, UK and Switzerland individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF or the Swiss-U.S. DPF, should first contact us at: [email protected]. We will investigate and attempt to resolve any Data Privacy Framework-related complaints or disputes within forty-five (45) days of receipt.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ScyllaDB Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the DPF Principles.
Please note that if your complaint is not resolved through these methods above, a binding arbitration option may be available under limited circumstances. Additional information can be found here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Additionally, ScyllaDB Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”), and the FTC has jurisdiction over ScyllaDB Inc. compliance with the DPF Principles. Individuals may have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms above. For more information, please see Annex I of the DPF Principles.
Notwithstanding the above, under certain circumstances, ScyllaDB Inc. may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
