Percona adheres to the EU-U.S. DPF Principles with regard to personal data transferred from the European Union and the United Kingdom and the Swiss-U.S. DPF Principles with regard to personal data transferred from Switzerland.
This EU-US and SWISS-US Data Privacy Framework Policy (“DPF Policy”) supplements the Percona Privacy Policy or other applicable privacy notices that are generally provided at the time of data collection or as soon as practical thereafter. This DPF Policy applies to the transfers of personal data from the European Union, the United Kingdom (and Gibraltar), and Switzerland to comply with the transfer requirements under data protection laws, including the EU General Data Protection Regulation (“GDPR”).
Percona, LLC (“Percona”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), (collectively the “Data Privacy Framework” or “DPF”) as set forth by the U.S. Department of Commerce. Percona has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Percona has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Percona has certified that it adheres to the DPF principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability with respect to all personal data received from the EU, UK, or Switzerland in reliance on the DPF. Percona is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC), which has jurisdiction over Percona’s compliance with this Policy and the DPF.
Purpose of Data Processing
Percona processes personal data for the purpose of providing client services. Personal Data relating to clients is collected from clients who provide it to us in connection with our provision of services to those clients. Client data is processed in the normal conduct of our business relationship with the client to perform the services requested by and contracted with our clients. Percona also processes personal data for the purposes of recruitment, employment, and marketing, or for other purposes, which will be disclosed at the time we collect personal data.
Notice
At the time of data collection, or as soon as practical thereafter, Percona notifies data subjects about its data practices regarding personal data, including the types of personal data it collects about them, the purposes for which it collects and uses such personal data, the types of third parties to which it discloses such personal data and the purposes for which it does so, the rights of data subjects to access their personal data, and the choices and means that Percona offers for limiting its use and disclosure of such personal data.
Choice
Percona provides individuals with notice and an opportunity to “opt-out” if such personal data is to be:
- Disclosed to a third party (other than a third party acting on behalf of Percona), or
- Used for a reason that is incompatible with the purposes for which it was originally collected.
Access
Individuals for whom Percona may process Personal Data are entitled to obtain confirmation of whether his/her Personal Data is being processed, to access the information held, and to ask Percona to correct, amend, or delete that information where it is inaccurate or has been processed in violation of the laws. Individuals may request access as provided above via email to: [email protected].
Accountability for Onward Transfer
We will not share, sell, or distribute any of the information you provide to us without your consent, except as described in the relevant privacy notice provided at or near the time of collection, or when acting on behalf of our clients, at the direction of our clients (the data controllers) on whose behalf we are processing personal data.
The information provided to Percona will be available to Percona, as well as to affiliated companies within the Percona group who act for us for the purposes set out in this Policy and who are subject to this Policy.
Percona may share your information with external third parties, such as vendors, consultants and other service providers who are performing certain services on behalf of Percona (our agents). Such third parties have access to Personal Data solely for the purposes of performing the services specified in the applicable service contract and not for any other purpose. Percona requires these third parties to undertake security measures consistent with the protections specified in this Policy.
Percona will remain responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf, unless Percona proves that it is not responsible in an event giving rise to damage.
In the event Percona transfers personal data covered by this DPF Policy to a third party acting as a controller, we will do so consistent with any notice provided to data subjects and any consent they have given (where applicable), and only if the third party has given us contractual assurances that it will (i) process the personal data for limited and specified purposes consistent with any consent provided, (ii) provide at least the same level of protection as is required by the DPF Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the personal data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Percona has knowledge that a third party acting as a controller is processing Personal Data covered by this DPF Policy in a way that is contrary to the DPF Principles, Percona will take reasonable steps to prevent or stop such processing.
Percona may be required to disclose Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
Security
Percona takes reasonable and appropriate measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We will permit only authorized employees, who are trained in the proper handling of personal information to have access to that information. Employees who violate our security and privacy policies will be subject to our disciplinary process. We employ security measures to protect your information from access by unauthorized persons and against unlawful processing, accidental loss, destruction and damage.
Data Integrity and Purpose Limitation
Percona will retain Personal Data for a reasonable period of time, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period of time necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with Percona’s Document Retention Schedule.
We will not use your information in a manner that is incompatible with the purpose for which it was originally collected without providing you with notice and an opportunity to opt-out.
Contact Information
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Percona commits to resolve DPF principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Percona at:
Percona, LLC
Percona Privacy Team
Email: [email protected]
Post: Percona Privacy Team, 4819 Emperor Blvd, Suite 400, Durham, NC 27703, United States
Percona EU, UK and Swiss Data Protection Officer
EU Representative
Osano International Compliance Services Limited
ATTN: S7IA
3 Dublin Landings
North Wall Quay
Dublin 1
D01C4E0
UK Representative
Osano UK Compliance LTD
ATTN: S7IA
42-46 Fountain Street
Belfast
Antrim
BT1 – 5EF
Enforcement and Dispute Resolution
Under certain conditions, more fully described on the DPF website, a data subject may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. As per this right, Percona has committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to JAMS (Judicial Arbitration & Mediation Services), an independent alternative dispute resolution provider located in the United States and recognized for this purpose by the US Department of Commerce.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Percona commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
The Federal Trade Commission has enforcement authority regarding Percona LLC Info’s compliance with the Data Privacy Framework Principles.