Engine Yard EU Safe Harbor Privacy Policy
EU Safe Harbor
Engine Yard is committed to conducting its business in a manner that complies with the EU Safe Harbor Principles published by the U.S. Department of Commerce (“Safe Harbor Principles”). The Safe Harbor Principles provide a framework for U.S. businesses with respect to their privacy practices as they relate to information regarding an identified or identifiable natural person (“Personal Data”) that is subject to the European Union’s Directive 95/46/EC on data privacy (“Directive”). For more information regarding the Safe Harbor Principles and the Directive, please visit http://www.export.gov/safeharbor/.
This EU Safe Harbor Privacy Policy applies to Engine Yard’s processing of Personal Data that is stored on Engine Yard’s servers at the direction of Engine Yard’s customers and their end users located in the European Union. It does not apply to Personal Data collected by Engine Yard directly from its customers. For information regarding Engine Yard’s use, disclosure and handling of information collected by Engine Yard directly from its customers located in the European Union, please see the Engine Yard Privacy Statement located at http://www.engineyard.com/legal/privacy.
Data Processor
Engine Yard provides hosting services for customers who develop and deploy applications using the Ruby programming language. As a hosting company, Engine Yard provides the technology platform from which its customers (“Customers”) make their applications (“Customer Applications”) available. Engine Yard does not own, control or direct the use any of the information stored or processed by any Customer via its Customer Application. Only the Customer or the end users of the Customer Application (“End Users”) are entitled to access, retrieve and direct the use of such information. Engine Yard is largely unaware of what information is actually being stored or made available by Customers on their Customer Applications and does not directly access such information or data except as authorized by the Customer or as necessary to provide services to the Customer. Except as provided in this EU Safe Harbor Privacy Policy, Engine Yard does not independently cause data stored in connection with the Customer Application to be transferred or otherwise made available to third parties (except to third party subcontractors who may process such data on behalf of Engine Yard in connection with Engine Yard’s provision of services to Customers). Instead, such actions are performed or authorized only by the applicable Customer or the End User. Engine Yard should be considered only as a processor on behalf of its Customers as to any Personal Data transferred from the European Union to the United States that is subject to the requirements of the Directive. The Customer or the End User is the “Data Controller” under the Directive, meaning that such party controls the manner Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data. Engine Yard is not responsible for the content of the Personal Data or other information stored on its servers at the direction of the Customer or the End Users nor is Engine Yard responsible for the manner in which the Customer or the End Users collect, handle, disclose and distribute such information.
Data Controller
The Safe Harbor Principles require that those who collect and determine the purposes and the means of the processing of Personal Data adhere to certain requirements related to compliance with the Directive. The specific functions of a Data Controller depend on the laws of each EU member state. However, because Engine Yard does not collect or determine the use of any Personal Data stored on its servers in connection with the Customer Applications, and because it does not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such data, Engine Yard is not acting in the capacity of Data Controller and does not have the associated responsibilities under the Directive or the Safe Harbor Principles.
Customer Agreement and Security
Engine Yard and each Customer located in the European Union will enter into an agreement that specifies each party’s role in complying with the Directive and the Safe Harbor Principles. The contract with an EU Customer will also specify that the Customer is responsible for security measures with respect to the Customer Application and Personal Data accessible via the Customer Application. Although Engine Yard has implemented commercially reasonable security measures to protect data stored on its servers, Customer and its End Users are ultimately in control of whether the Personal Data associated with a Customer Application is made available to third parties through such Customer Application. Engine Yard will comply with Customer’s instructions with respect to the return or destruction of Personal Data stored on Engine Yard’s servers.
In its role as a processor of Personal Data on behalf of its Customers, Engine Yard is not able to or required to apply all of the Safe Harbor Principles to Personal Data subject to the Directive that is received for processing from Customers or End Users. Instead, Engine Yard’s role as a data processor is to assist the Customer, at the Customer’s request, in complying with its obligations under the Directive.
Notice
Engine Yard requires its Customers located in the European Union to comply with their obligations under the Directive prior to the transfer of any such Personal Data from the European Union to the United States in connection with a Customer Application, including compliance with the obligations to provide the notices and obtain the consents required under the Directive with respect to Personal Data.
Data Integrity
Engine Yard is not authorized to access or manipulate Personal Data located on its servers other than as necessary to provide services to a Customer or as otherwise permitted or directed by such Customer. Engine Yard takes reasonable steps to assure that Personal Data transferred from the European Union to the United States and stored on Engine Yard’s servers in connection with a Customer Application is maintained in a reliable, accurate and complete state, subject to any deficiencies in the state in which such Personal Data was received.
Security
The control, access, and security of the Personal Data stored on the Engine Yard servers in connection with a Customer Application is in the direct and primary control of, and subject to the security measures undertaken by, the Customer with respect to such Customer Application. Subject to the foregoing, Engine Yard has in place information security procedures and commercially reasonable security measures designed to protect Personal Data stored on its servers from loss, misuse, unauthorized access, disclosure, alteration and destruction. Customers will be notified of any breach with respect to Personal Data of security measures implemented by Engine Yard of which Engine Yard becomes aware.
Any compromise of security or potential compromise of security of which a Customer becomes aware and any inquiries concerning security should be reported promptly by such Customer to Engine Yard. Contact information is provided below.
Director of Customer Support
Engine Yard, Inc.
PO Box 77130
San Francisco, CA 94107
And to:
Enforcement
Individuals who wish to file a complaint or who take issue with Engine Yard’s EU Safe Harbor Privacy Policy should direct such communication to the Engine Yard contact set forth immediately above (“Privacy Administrator”) who can explain the process to be followed when filing a complaint. Should an individual be unable to resolve a complaint after having contacted the Privacy Administrator, that individual can contact the International Centre for Dispute Resolution of the American Arbitration Association at www.adr.org. This organization will provide independent dispute resolution in which Engine Yard will participate. Engine Yard is subject to the jurisdiction of the U.S. Federal Trade Commission, which may be contacted at the following address:
Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW
Washington, D.C. 20580
consumerline@ftc.gov
www.ftc.gov
Limitations
Engine Yard’s adherence to the Safe Harbor Principles is limited to the extent permitted or required by applicable United States laws, rules or regulations.
Updates to EU Safe Harbor Privacy Policy
Engine Yard may update this EU Safe Harbor Privacy Policy from time to time to reflect changes in its services and Customer feedback, and such changes shall become effective promptly after they are posted. Engine Yard encourages Customers to periodically review this EU Safe Harbor Privacy Policy to be informed of any changes. This EU Safe Harbor Privacy Policy was last updated on December 2, 2008.