DataStax Vector Privacy and Data Processing Policy

Last Updated April 9,  2020

 

This  DataStax Vector Privacy and Data Processing Policy (“DataStax Vector DPP”) forms a part of the DataStax Vetor Terms (the “Agreement”) or other agreement(s) entered into between you or the entity which you represent (“Customer”) and DataStax, Inc. Capitalised terms shall have the meanings as set out in section 18.

  1. Scope

 

  1. This DataStax Vector DPP applies to the use by Customer of DataStax Vector.
  2. This DataStax Vector DPP governs the processing of Account Data, which is the Personal Data that is processed by DataStax, where applicable, in relation to DataStax Vector services.
  3. This DataStax Vector DPP is updated from time to time by DataStax.
  4. In respect of sections 1.1 and 1.2, the Customer and DataStax have entered into this DataStax Vector DPP to ensure that adequate safeguards are put in place with respect to the protection of such Personal Data as required by the EU Data Protection Laws.

 

  1. Each party will comply with all applicable rules, regulations and laws to it, including the performance of this DataStax Vector DPP.
  1. Personal Data Processing
  1. The type of Personal Data (categories of data) that may be processed pursuant to this DataStax Vector DPP and the subject matter, duration, nature (processing operations), purpose of the processing, and the categories of Data Subjects, are as described in this section 2 and section 3  as amended from time to time. Customer shall use all reasonable endeavours to avoid making Personal Data, other than such Personal Data requested by DataStax, accessible by DataStax.
  2. Each of the Customer and DataStax warrant in relation to Personal Data that it will where applicable comply (and will procure that any of its staff and/or Processors comply) with EU Data Protection Laws and all other applicable laws.
  3. In respect of the parties' rights and obligations regarding the processing of Personal Data under this DataStax Vector DPP, the parties hereby acknowledge and agree that DataStax is the Controller as defined under this DataStax Vector DPP and accordingly DataStax agrees that it shall process all Personal Data, defined under section 3, in accordance with its obligations pursuant to this DataStax Vector DPP.
  1. DataStax details
  1. DataStax, Inc  is the Data Controller of Personal Data, as set out under this DataStax Vector DPP.
  2. How to contact us regarding this DataStax Vector DPP:

        privacy@datastax.com

  1. DataStax’s representative within the European Union is:

DataStax

19-23 Wells Street

Fitzrovia

London W1T 3PQ

privacy@datastax.com

 

  1. Details of Personal Data Processing:

Subject Matter: Account Data

Categories of data subjects: Customer, Customer’s staff;

Categories of data: Account Data: First name, last name, company name, date of registration, email address, passwords, job title/role, IP address, browser information, geolocation data, operating system information;

Special categories of data: DataStax does not intend to process any special categories of data;

Purpose of data processing:

Account Data:

 

  1. the provision of services initiated by Customer from time to time;
  2. verification;
  3. account management activities;
  4. relevant outreach activities;
  5. information provision;
  6. provision of information relating to DataStax Products;
  7. analysis;

        

 

Processing operations: Account Data processing operations: storage, analysis, verification, operational.

Duration of processing: Account Data:  As required by applicable laws, necessary for the performance of the Agreement, the necessary provision of Products, upon Termination as outlined under the Agreement.

 

 

 

  1. Legal basis for processing Personal Data

 

  1. DataStax’s legal basis for processing Personal Data as described in section 3, except “provision of information relating to DataStax Products”, is that the processing is necessary for the performance of the Agreement or that the processing is necessary for the purposes of the legitimate interests pursued by DataStax, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is a child;

 

  1. legitimate Interests pursued by DataStax are:

 

  1. the provision of DataStax Products to Customer;
  2. performance of the Agreement and DPP between DataStax and Customer;
  3. improvement of DataStax Products and user experience,
  4. compliance with any applicable laws.

 

  1. Where DataStax processes information for the purposes of “provision of information relating to DataStax Products” as described in section 3, DataStax does so on the lawful basis of consent. That is the Data Subject (Customer) has given consent for the processing of Personal Data for this purpose (provision of information relating to DataStax Products).

 

  1. [reserved]

 

  1. Sharing of Personal Data

 

  1. DataStax shares the Personal Data described in section 3 with the following categories of recipients:
  1. Suppliers and/or vendors;
  2. Customer;
  3. Entities in the DataStax Group.

 

  1. DataStax Obligations

 

  1. With respect to all Personal Data, and insofar as DataStax processes Personal Data, DataStax warrants that it shall:

 

  1. only process the Personal Data, described in section 3, in order to provide the Products and shall act only in accordance with this DataStax Vector DPP and the Agreement;

 

  1. if applicable laws require DataStax to process Personal Data other than pursuant to this DataStax Vector DPP, DataStax will notify the Customer (unless prohibited from so doing by applicable laws);

 

  1. implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing, in particular protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. Such measures include, without limitation, the security measures set out at https://www.datastax.com/products/datastax-security-assurance;

 

  1. take reasonable steps to ensure that only authorised personnel have access to such Personal Data and that any persons whom it authorises to have access to the Personal Data are under obligations of confidentiality;

 

  1. as soon as reasonably practicable following termination or expiry of the Agreement or other such longer period as specified in: the DataStax Data Retention Policy (if applicable, available at https://www.datastax.com/security/dataretention); the DataStax Vector DPP; or the Agreement, DataStax will delete all Personal Data (including copies thereof) processed pursuant to this DataStax Vector DPP, unless required to retain the Personal Data by applicable laws;

 

  1. Customer Obligations

 

  1. Customer agrees that, taking into account DataStax obligations under this DataStax Vector DPP, Customer is solely responsible for its use of DataStax Vector to ensure:

 

  1. that Customer does not disclose or otherwise compromise Account Data;

 

  1. that unless otherwise directed by DataStax in writing, Customer shall not make any Personal Data accessible to or by DataStax outside of such Personal Data that is requested by DataStax;

 

  1. that Customer warrants that it has all and any applicable legal consents and authority required by any applicable laws  to disclose any and all Personal Data that it shares with DataStax.

 

  1. Data Subject Rights and Information

 

  1. The Data Subject has the right to request from DataStax access to and rectification or erasure of Personal Data or restriction of processing concerning the Data Subject or to object to processing as well as the right to data portability;

 

  1. the right to lodge a complaint with a Supervisory Authority (the Information Commissioner’s Office being DataStax lead Supervisory Authority);

 

  1. the provision of Personal Data is necessary to enter into a contract;

 

  1. the Data Subject is not obliged to provide the Personal Data, however without such information DataStax cannot provide the Products for the Customer.

 

  1. Security
  1. DataStax recognises and takes the privacy and security of its Customer seriously. DataStax's approach to security can be found at: https://www.datastax.com/products/datastax-security-assurance
  1. Processing
  1. The Customer grants a general authorisation: (a) to DataStax to appoint other members of the DataStax Group as Data Processors; and (b) to DataStax and other members of the DataStax Group to appoint third party data centre operators, providers of information technology tools, and outsourced service providers as Sub-Processors to support the performance and delivery of the DataStax Vector services.
  2. DataStax will ensure that any Data Processor it engages to provide the services on its behalf in connection with the Agreement does so only on the basis of a written contract which imposes on such Data Processor terms substantially no less protective of Personal Data than those imposed on DataStax in this DataStax Vector DPP. DataStax shall procure the performance by such Data Processor of the Relevant Terms.
  1. Data Transfers
  1. The Customer acknowledges that the provision of DataStax Vector under the Agreement may require the processing of Personal Data by DataStax and its Data Processor(s) in countries outside the EEA from time to time.
  2. In relation to any processing of Personal Data by DataStax that takes place in a country outside the EEA that is not an Adequate Country, the parties agree that the Standard Contractual Clauses (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32004D0915&from=EN) are incorporated into this DataStax Vector DPP and deemed to have been executed by the parties (such that DataStax will comply with the obligations of the ‘data importer’ in the Standard Contractual Clauses and the Customer will comply with the obligations of 'data exporter') and that the Appendices in Annex B (Appendices to the SCCs) of this DataStax Vector DPP shall be incorporated into those Standard Contractual Clauses and shall apply in respect of that processing.
  3. The following terms shall apply to the Standard Contractual Clauses:
  1. Customer may exercise its right of audit under clause II(g) of the Standard Contractual Clauses as set out in, and subject to the requirements of section 12.2 and 13 of this DataStax Vector DPP;
  2. DataStax may appoint Data Processors as set out, and subject to the requirements of sections 11 and 12.3 of this DataStax Vector DPP; if, in the performance of this DataStax Vector DPP and/or the Agreement, DataStax transfers any Personal Data to a Data Processor (which shall include without limitation any affiliates of DataStax) and without prejudice to section 11 where such Data Processor will process Personal Data outside the EEA, DataStax shall in advance of any such transfer ensure that a mechanism to achieve adequacy in respect of that processing is in place such as:
  1. the requirement for DataStax to execute or procure that the third party execute on behalf of the Customer standard contractual clauses approved by the EU authorities under EU Data Protection Laws;
  2. the requirement for the third party to be certified under the Privacy Shield framework; or
  3. the existence of any other specifically approved safeguard for data transfers (as recognised under the EU Data Protection Laws) and/or a European Commission finding of adequacy.
  1. Audit and Records
  1. DataStax shall, in accordance with and to the extent required by EU Data Protection Laws and Clause II(g) of the Standard Contractual Clauses where applicable, make available to the Customer such information in DataStax's possession or control as the Customer may reasonably request and which DataStax is lawfully entitled to disclose with a view to demonstrating DataStax's compliance with the obligations of Data Processors under EU Data Protection Law in relation to its processing of Personal Data.
  2. The Customer where applicable may exercise its right of audit under EU Data Protection Laws and Clause II(g), through DataStax providing:
  1. to Customer a summary of an audit report provided that the applicable audit(s): are performed periodically; are assessed against relevant standards; are conducted by auditor(s) selected by DataStax but otherwise conducted with all due and necessary independence and professionalism; and are documented in a report that affirms that DataStax's controls meet the standards against which they are assessed; and
  2. additional information in DataStax's possession or control to a Supervisory Authority when it requests or requires additional information in relation to the data processing activities carried out by DataStax under this DataStax Vector DPP, unless DataStax is  prohibited from doing so by applicable laws.
  1. DataStax shall further provide detailed written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer considers necessary under Clause II(g) of the Standard Contractual Clauses.
  2. Customer shall promptly notify DataStax with information regarding any non-compliance discovered during the course of a review of the audit summaries and additional information provided by DataStax, and DataStax shall use commercially reasonable efforts to address any confirmed non-compliance.
  3. This section does not affect the rights of Data Subjects or Supervisory Authorities under the Standard Contractual Clauses where applicable, nor does it vary or modify the Standard Contractual Clauses where they are applicable.
  4. Section 13 is subject to the Customer and DataStax having an applicable non-disclosure or confidentiality agreement in place, the Customer agrees to enter such an agreement pursuant to exercising its rights under section 13.
  1. Request for Financial Resources Proof
  1. DataStax shall, in accordance with and to the extent required by Clause II(f) of the Standard Contractual Clauses where applicable, make available to the Customer such information in DataStax's possession or control as the Customer may reasonably request and which DataStax is lawfully entitled to disclose with a view to demonstrating DataStax's compliance with the obligations under the Standard Contractual Clauses.
  2. The Customer where applicable may exercise its right that DataStax provide evidence of financial resources sufficient to fulfil its responsibilities under clause III (which may include insurance coverage), under Standard Contractual Clause II(f), through DataStax providing:
  1. to Customer a summary of an insurance policy that is active.
  1. Customer shall promptly notify DataStax with information regarding any non-compliance discovered during the course of reviewing such a summary of an insurance policy as described in section 14.2.1 and DataStax shall use commercially reasonable efforts to address any confirmed non-compliance.
  2. This section does not affect the rights of Data Subjects or Supervisory Authorities under the Standard Contractual Clauses where applicable, nor does it vary or modify the Standard Contractual Clauses where they are applicable.
  3. Section 14 is subject to the Customer and DataStax having an applicable non-disclosure or confidentiality agreement in place, the Customer agrees to enter such an agreement pursuant to exercising its rights under section 14.
  1. Requests for Personal Data
  1. If a government or government agency demands that DataStax supply it with Personal Data as defined in section 3 of this DataStax Vector DPP, DataStax will attempt to direct the government (or agency) towards making a request directly to the Customer. DataStax may therefore supply the government (or agency) with limited contact information, Account Data that is known or available to DataStax. If compelled by the government (or agency) to disclose Personal Data related to this DataStax Vector DPP, as defined under section 3, DataStax will first give Customer reasonable notice of this so that Customer may seek a protective, injunctive or other such appropriate judicial or otherwise order, unless DataStax is prohibited by applicable laws from giving Customer such notice. If the Standard Contractual Clauses apply, nothing in this section varies or modifies the Standard Contractual Clauses.
  1. Conflict of terms
  1. This DataStax Vector DPP is without prejudice to the rights and obligations of the parties under the Agreement which shall continue to have full force and effect. In the event of any conflict between the terms of this DataStax Vector DPP and the terms of the Agreement, the terms of this DataStax Vector DPP shall prevail so far as the subject matter concerns the processing of Personal Data within the scope of this DataStax Vector DPP.
  1. Miscellaneous
  1. If the Customer decides that a Security Breach must be notified to any Supervisory Authority and/or Data Subjects and/or the public or portions of the public, the Customer will notify DataStax before the communication is made and supply DataStax with copies of any written documentation to be filed with the Supervisory Authority and of any notification the Customer proposes to make (whether to any Supervisory Authority, Data Subjects the public or portions of the public) which references DataStax, its security measures and/or role in the Security Breach, whether or not by name. Subject to the Customer's compliance with any mandatory notification deadlines under the GDPR, the Customer will consult with DataStax in good faith and take account of any clarifications or corrections DataStax reasonably requests to such notifications and which are consistent with the GDPR.
  2. DataStax's liability to the Customer and Customer Group under or in connection with this DataStax Vector DPP (including under the Standard Contractual Clauses incorporated via section 12 of this DataStax Vector DPP) shall be subject to the same limitations and exclusions of liability as apply under the Agreement as if that liability arose under the Agreement.  Nothing in this DataStax Vector DPP will limit DataStax's liability in respect of personal injury or death in negligence or for any other liability or loss which may not be limited by agreement under applicable law.
  3. This DataStax Vector DPP sets out all of the terms that have been agreed between the parties in relation to the Processing of Personal Data as defined in sections 1, 2 and 3.  Other than in respect of statements made fraudulently, no other representations or terms shall apply or form part of this DataStax Vector DPP.
  4. A person who is not a party to this DataStax Vector DPP shall not have any rights to enforce this DataStax Vector DPP including (where applicable) under the Contracts (Rights of Third Parties) Act 1999 of the United Kingdom to enforce any term of this DataStax Vector DPP.  
  5. Should any provision of this DataStax Vector DPP be invalid or unenforceable, then the remainder of this DataStax Vector DPP shall remain valid and in force.  The invalid or unenforceable provision shall be either amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, construed in a manner as if the invalid or unenforceable part had never been contained therein.
  6. Without prejudice to clause II (h) (iii), clause IV, and clause V of the Standard Contractual Clauses, this DataStax Vector DPP shall be governed by and construed in accordance with the laws of the country of territory stipulated for this purpose in the Agreement and each of the parties agrees to submit to the choice of jurisdiction as stipulated in the Agreement in respect of any claim or matter arising under this DataStax Vector DPP
  7. Other than in respect of any accrued liabilities of either party and the provisions of this section 17, this DataStax Vector DPP shall terminate automatically on the expiry or termination for whatever reason of the Agreement.  Notwithstanding the foregoing, DataStax’s obligations hereunder with respect to any Customer Personal Data processed pursuant to this DataStax Vector DPP shall continue until the later of the expiration or termination of the Agreement or DataStax’s deletion of Customer’s Personal Data.
  1. Definitions and Interpretation
  1. The following expressions are used in this DataStax Vector DPP:
  1. “Account Data” means the data created or made available by the Customer in order to register for and/or use the Products;

 

  1. "Adequate Country" means a country or territory that is recognised under EU Data Protection Laws      from time to time as providing adequate protection for personal data;

 

  1. “Agreement” means the DataStax Vector Terms that the Customer entered into with DataStax for the provision of DataStax Vector services;

 

  1. “Breach Notice” means an announcement by either DataStax or Customer of a Security Breach,  to anyone or entity other than DataStax or Customer;
  2. “Customer”, “Customers”, “Customer’s”, “You”, “you” means you or the entity which you represent;  

 

  1. "Customer Group" means Customer and any corporate entities which are from time to time: (a) under Common Control with Customer; and (b) established and/or doing business in the European Economic Area or Switzerland;

 

  1. "Data Controller” shall have the meaning ascribed to it in the EU Data Protection Laws;

 

  1. Data Exporter”, “data exporter” is defined by the Standard Contractual Clauses;

 

  1. Data importer”, “data importer” is defined by the Standard Contractual Clauses;

 

  1. "Data Processor" shall have the meaning ascribed to it in the EU Data Protection Laws;

 

  1. “Data Subject”, “data subject” shall have the meaning ascribed to it in the EU Data Protection Laws;

 

  1. "Data Subject Request" means a request from or on behalf of a Data Subject relating to and including the exercise of their rights under articles 12 to 23 of the GDPR which include but are not limited to,  access to, or rectification, erasure or data portability in respect of that person’s Personal Data or an objection from or on behalf of a Data Subject to the processing of its Personal Data;

 

  1. “DataStax” means DataStax, Inc;

 

  1. "DataStax Group" means DataStax and any corporate entities which are from time to time under Common Control with or by DataStax;

 

  1. DataStax Vector” means the DataStax software designated “DataStax Vector”;

 

  1. DataStax Vector DPP” means this “DataStax Vector Privacy and Data Processing Policy”;

 

  1. DataStax Data Retention Policy” means the policy set out at:            
                       
    https://www.datastax.com/security/dataretention

 

  1. EEA” means the European Economic Area.

 

  1. "EU Data Protection Laws" means all laws and regulations, including laws and regulations of the European Union, the European Economic Area, their member states and the United Kingdom, applicable to the processing of Personal Data under the Agreement, including (where applicable) the GDPR;

 

  1. "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (known as the General Data Protection Regulation);

 

  1. "Personal Data" means all data which is defined as Personal Data under the EU Data Protection Laws and to which EU Data Protection Laws apply and which is provided by the Customer to DataStax or accessed, stored or otherwise processed by DataStax;

 

  1. “Privacy Shield” means the framework, under which Personal Data flows to the United States of America, established by the ‘European Commission Implementing Decision (EU) 2016/1250 OF 12 July 2016’ in the Official Journal of the European Union;

 

  1. "Processing" shall have the meaning ascribed to it in the EU Data Protection Laws;

 

  1. "Products" means the applicable products and/or services that Customer has procured from DataStax under the Agreement;

 

  1. “Relevant Terms” means the agreement that DataStax imposes, or will impose, upon any Data Processor it engages to provide the services on its behalf in connection with the Agreement and which terms are substantially no less protective of Personal Data than those imposed on DataStax in this DataStax Vector DPP;

 

  1. “Security Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data that DataStax processes under this DataStax Vector DPP. A Security Breach will not include unsuccessful attempts or activities that do not compromise the security of the Personal Data processed under this DataStax Vector DPP in DataStax’s reasonable opinion, including unsuccessful attempts and activities such as: pings, unsuccessful log in, firewall attacks, no compromise of security of Account Data, port scans, denial of service attacks, or other similar events and attacks;

 

  1. Standard Contractual Clauses” means the Controller-to-Controller standard contractual clauses as referred to in COMMISSION DECISION of 27 December 2004 2001/497/EC(as referred to in https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32004D0915&from=EN);

 

  1. “Sub-Processor” shall have the meaning ascribed to it in the EU Data Protection Laws;

 

  1. "Supervisory Authority" shall have the meaning ascribed to it in the EU Data Protection Laws; and

 

 

  1. An entity "Controls" another entity if it: (a) holds a majority of the voting rights in it; (b) is a member or shareholder of it and has the right to remove a majority of its board of directors or equivalent managing body; (c) is a member or shareholder of it and controls alone or pursuant to an agreement with other shareholders or members, a majority of the voting rights in it; or (d) has the right to exercise a dominant influence over it pursuant to its constitutional documents or pursuant to a contract; and two entities are treated as being in "Common Control" if either controls the other (directly or indirectly) or both are controlled (directly or indirectly) by the same entity.

 

 

Annex B

 

Appendices to the SCCs

 

As further described in section 12 of the DataStax Vector Privacy and Data Processing Policy, the following Appendices are incorporated into the SCCs entered into between the parties to the DataStax Vector DPP.  

 

Appendix B

 

to the Standard Contractual Clauses

 

This Appendix forms part of the Clauses and must be completed and signed by the parties

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix

 

DESCRIPTION OF THE TRANSFER

 

(To be completed by the parties)

 

Data subjects

 

The personal data transferred concern the following categories of data subjects:

 

The categories of data are defined in section 3 of the DataStax Vector Privacy and Data Processing Policy.

 

Purposes of the transfer(s)

 

The transfer is made for the following purposes:

 

The purposes of the transfer are defined in section 3 of the DataStax Vector Privacy and Data Processing Policy.

Categories of data

 

The personal data transferred the following categories of data:

 

The categories of data are defined in section 3 of the DataStax Vector Privacy and Data Processing Policy.

Recipients

 

The personal data transferred may be disclosed only to the following recipients or categories of recipients:

 

The recipients or categories of recipients are defined in section 6 and 12 of the DataStax Vector Privacy and Data Processing Policy.

Sensitive data (if appropriate)

 

The personal data transferred concern the following categories of sensitive data:

 

The special categories of data are defined in section 3 of the DataStax Vector Privacy and Data Processing Policy.

Data protection registration information of data exporter (where applicable)

 

Additional useful information (storage limits and other relevant information)

 

Data importer acts as an Independent Controller. The Data exporter acts as an Independent Controller. Data importer does not act as a processor. Data importer does not act as a joint-controller.  Data exporter is not a processor of Data importer.

 

Contact points for data protection enquiries

 

Data importer                                                                                

DataStax, Inc                                                                                                                

privacy@datastax.com                                             

3975 Freedom Circle

4th Floor

Santa Clara, California 95054, United States of America

 

Data exporter

Is the Customer,  “Customer” being defined under this DataStax Vector Privacy and Data Processing Policy.

 

 


Appendix C

to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses II(a) and 5(c) (or document/legislation attached):

The technical and organisational security measures set out at:

https://www.datastax.com/products/datastax-security-assurance,

as amended from time to time.

 

Appendix D

to the Standard Contractual Clauses

This Appendix forms part of the Clauses.

This Appendix sets out the parties’ interpretation of their respective obligations under specific Clauses identified below. Where a party complies with the interpretations set out in this Appendix, that party shall be deemed by the other party to have complied with its commitments under the Clauses.

  1. Clause I(e) and VIII: Disclosure of these Clauses

 

  1. Nothing herein shall prevent disclosure of these Clauses by data exporter or data importer to a third party for its legitimate business purposes, including to a data subject pursuant to Clause I(e) and VIII.

 

  1. Clause III: Liability

 

  1. Any claims brought under the Clauses shall be subject to the terms and conditions, including but not limited to, the exclusions and limitations set forth in the Agreement. In no event shall any party limit its liability with respect to any data subject rights under these Clauses.

 

  1. Clause II(b) and Annex A (4): Processors

 

  1. The parties agree and acknowledge that Clause 11 of the DataStax Vector Privacy and Data Processing Policy ensures that DataStax is in compliance with Clause II(b) and Annex A(4) of the Standard Contractual Clauses.

 

  1. Clause II(i): Data Transfers

 

  1. The parties agree and acknowledge that Clause 12 of the DataStax Vector Privacy and Data Processing Policy ensures that DataStax is in compliance with Clause II(i) of the Standard Contractual Clauses.

 

  1. Clause II (h) (iii), Clause IV, and Clause V: Mediation and Governing Law

 

  1. DataStax elects that it will process the Personal Data, at its options, in accordance with that data processing principles set forth in Annex A of the Standard Contractual Clauses, that is DataStax elects to apply Clause II(h)(iii) of Clause II(h) of the Standard Contractual Clauses.

 

  1. Clause 17.6 of the DataStax Vector Privacy and Data Processing Policy shall apply without prejudice to Clause II (h) (iii), Clause IV, and Clause V of the Standard Contractual Clauses.

 

  1. Clause II(f): Financial Resources

 

  1. The parties agree and acknowledge that Clause 14 of the DataStax Vector Privacy and Data Processing Policy ensures that DataStax is in compliance with Clause II(f) of the Standard Contractual Clauses.

 

  1. Clause II(e): Contact Point

 

  1. The parties agree and acknowledge that section 3.2 of the DataStax Vector DPP details the contact point for data exporter, which DataStax authorised to respond to enquiries concerning the processing of personal data and that this section ensures that DataStax is in compliance with Clause II(e) of the Standard Contractual Clauses.

 

 

California Consumer Privacy Act Addendum (CCPA-A)

Scope

This CCPA-A is an addendum to the DataStax Vector DPP and applies to California residents.

This CCPA-A governs the collection of Account Data that is collected by DataStax, where applicable, in relation to the provision of DataStax Vector.

Capitalised terms shall have the meanings as set out in section 18 of the DataStax Vector DPP, except where a term is defined in this CCPA-A in which case section the definition in the CCPA-A shall control the meaning of the word.

This CCPA-A may be updated from time to time by DataStax.

Categories Of Personal Information Collected About You.

We may have collected the following categories of Personal Information about California residents in the preceding 12 months.

 

Type of Information

Examples

Sources of Personal Information

Purpose for Collection

Who Information is Shared With

Identifiers such as real name, postal address, Internet Protocol (“IP”) address, etc.

Real name, postal address, IP address, etc. as laid out in the Account Data,  Section of the DataStax Vector DPP

You the customer, information from tracking or analytics tools such as cookies

See the Purpose of data processing Section of the DataStax Vector DPP

You the customer. Our third-party service providers for certain business purposes, such as payment processing, web analytics, IT services, etc.

Our affiliates for business purposes.

When required by law with various government agencies.

To a third party in the event of a sale, transfer, merger, etc.

With other parties if directed by you.

Categories of Information described in subdivision (e) of Section 1798.80 of the California Civil Code

Bank account, credit card or debit card numbers, name, signature, etc. as laid out in the Account Data,  Section of the DataStax Vector DPP

You the customer, information from tracking or analytics tools such as cookies

See the Purpose of data processing Section of the DataStax Vector DPP

You the customer. Our third-party service providers for certain business purposes, such as payment processing, web analytics, IT services, etc.

Our affiliates for business purposes.

When required by law with various government agencies.

To a third party in the event of a sale, transfer, merger, etc.

With other parties if directed by you.

 

Commercial Information

Products or services purchased, obtained, or considered as laid out in the Account Data,  Section of the DataStax Vector DPP

You the customer, information from tracking or analytics tools such as cookies

See the Purpose of data processing Section of the DataStax Vector DPP

You the customer. Our third-party service providers for certain business purposes, such as payment processing, web analytics, IT services, etc.

Our affiliates for business purposes.

When required by law with various government agencies.

To a third party in the event of a sale, transfer, merger, etc.

With other parties if directed by you.

 

Internet or other electronic network activity

Browsing history and search history as laid out in the Account Data,  Section of the DataStax Vector DPP

You the customer, information from tracking or analytics tools such as cookies

See the Purpose of data processing Section of the DataStax Vector DPP

You the customer. Our third-party service providers for certain business purposes, such as payment processing, web analytics, IT services, etc.

Our affiliates for business purposes.

When required by law with various government agencies.

To a third party in the event of a sale, transfer, merger, etc.

With other parties if directed by you.

 

Geolocation Data

Physical location of device, etc. as laid out in the Account Data,  Section of the DataStax Vector DPP

You the customer, information from tracking or analytics tools such as cookies

See the Purpose of data processing Section of the DataStax Vector DPP

You the customer. Our third-party service providers for certain business purposes, such as payment processing, web analytics, IT services, etc.

Our affiliates for business purposes.

When required by law with various government agencies.

To a third party in the event of a sale, transfer, merger, etc.

With other parties if directed by you.

 

Professional or Employment-related information

Company name, title, etc. aas laid out in the Account Data,  Section of the DataStax Vector DPP

You the customer, information from tracking or analytics tools such as cookies

See the Purpose of data processing Section of the DataStax Vector DPP

You the customer. Our third-party service providers for certain business purposes, such as payment processing, web analytics, IT services, etc.

Our affiliates for business purposes.

When required by law with various government agencies.

To a third party in the event of a sale, transfer, merger, etc.

With other parties if directed by you.

 

 

 

 

Consumer Rights

Subject to certain limitations, the CCPA grants California residents the following:

You have the right to request deletion of any Personal Information that we have or otherwise process.

You have the right to request disclosure of the Personal Information we have collected about you (including why it was collected and with whom it was shared).

You have the right to request disclosure regarding any sale of your Personal Information, and the right to opt-out of any such sale.

You have the right to not face discrimination for exercising a right or rights granted to You under the CCPA.

You may exercise your right to disclosure or right to request deletion by clicking here. You may be required to verify your identity. Additionally, you may designate an authorized agent to make a request for the right to disclosure or right to request deletion, but such authorized agent must submit proof they are authorized to act on your behalf or have power of attorney

You may also exercise your right to disclosure or right to request deletion by emailing privacy@datastax.com.

 

Do Not Sell My Information/Selling Personal Information

DataStax does not sell Your Personal Information for monetary consideration.

However, some of the targeting cookies that DataStax utilizes may be considered a “sale” as defined under the CCPA. If that is the case, DataStax only “sells” Personal Information as it is related to these targeting cookies used to provide You with relevant ads and information when you are browsing other sites. For more information on cookies, please see the Sections 12 and 13 of DataStax’s privacy policy located at https://www.datastax.com/legal/datastax-website-privacy-policy related to DataStax’s use of cookies. You have the right to opt-out of any sale of information and other cookies at any time by changing your settings for cookie placement on the site. To opt-out of the targeting cookies, follow the instructions provided in Sections 12 and 13.

Conflict Of Terms

This CCPA-A is without prejudice to the rights and obligations of the parties under the Agreement which shall continue to have full force and effect. In the event of any conflict between the terms of this CCPA-A and the terms of the Agreement and/or DataStax Vector DPP, the terms of this CCPA-A shall prevail so far as the subject matter concerns California residents.

Definitions And Interpretation

“California Consumer Privacy Act” or “CCPA” means the “Assembly Bill No.375” enacted by the legislature, and as amended from time to time of aforementioned legislature, in the state of California, the United States of America;

“CCPA-A” means this “California Consumer Privacy Act Addendum”;

“Personal Information” means all data which is defined as “Personal Information” under the California Consumer Privacy Act and to which the California Privacy Act applies.

How To Contact Us Regarding This CCPA-A Addendum

For any enquiries please email privacy@datastax.com.