Engine Yard is committed to conducting its business in a manner that complies with the U.S. - EU Safe Harbor Framework and the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce (collectively, the “Safe Harbor Principles”). The Safe Harbor Principles provide a framework for U.S. businesses with respect to their privacy practices as they relate to information regarding an identified or identifiable natural person (“Personal Data”). For more information regarding the Safe Harbor Principles, please visit http://www.export.gov/safeharbor/.
The Safe Harbor Principles require that those who collect and determine the purposes and the means of the processing of Personal Data adhere to certain requirements to comply with the Privacy Rules. The specific functions of a Data Controller depend on the laws of each EU member state, and of Switzerland. However, because Engine Yard does not collect or determine the use of any Personal Data stored on its servers in connection with the Customer Applications, and because it does not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such data, Engine Yard is not acting in the capacity of Data Controller and (a) does not have the associated responsibilities under the EU Directive or the U.S. - EU Safe Harbor Framework, and (b) has those associated responsibilities only to the limited extent they have been imposed on data processors under the Swiss Act or the U.S. – Swiss Safe Harbor Framework.
Engine Yard and each Customer located in European Union member countries or Switzerland will enter into an agreement that specifies each party’s role in complying with the EU Directive, the Swiss Act, and the Safe Harbor Principles, as applicable. The contract with such a Customer will also specify that the Customer is responsible for security measures with respect to the Customer Application and Personal Data accessible via the Customer Application. Although Engine Yard has implemented commercially reasonable security measures to protect data stored on its servers, Customer and its End Users are ultimately in control of whether the Personal Data associated with a Customer Application is made available to third parties through such Customer Application. Engine Yard will comply with Customer’s instructions with respect to the return or destruction of Personal Data stored on Engine Yard’s servers.
In its role as a processor of Personal Data on behalf of its Customers, Engine Yard is not able to or required to apply all of the Safe Harbor Principles to Personal Data subject to the EU Directive or the Swiss Act that is received for processing from Customers or End Users, except to the limited extent the U.S. – Swiss Safe Harbor Framework has been imposed on data processors under the Swiss Act. Subject to that qualification, Engine Yard’s role as a data processor is to assist the Customer, at the Customer’s request, in complying with its obligations under the EU Directive and the Swiss Act.
Engine Yard requires that its Customers located in European Union member countries or Switzerland comply with their obligations under the Privacy Rules prior to the transfer of any such Personal Data from the European Union or Switzerland to the United States in connection with a Customer Application, including compliance with the obligations to provide the notices and obtain the consents required under the EU Directive and the Swiss Act with respect to Personal Data.
Engine Yard is not authorized to access or manipulate Personal Data located on its servers other than as necessary to provide services to a Customer or as otherwise permitted or directed by such Customer. Engine Yard takes reasonable steps to assure that Personal Data transferred from the European Union or Switzerland to the United States and stored on Engine Yard’s servers in connection with a Customer Application is maintained in a reliable, accurate and complete state, subject to any deficiencies in the state in which such Personal Data was received.
The control, access, and security of the Personal Data stored on the Engine Yard servers in connection with a Customer Application is in the direct and primary control of, and subject to the security measures undertaken by, the Customer with respect to such Customer Application. Subject to the foregoing, Engine Yard has in place information security procedures and commercially reasonable security measures designed to protect Personal Data stored on its servers from loss, misuse, unauthorized access, disclosure, alteration and destruction. Customers will be notified of any breach with respect to Personal Data of security measures implemented by Engine Yard of which Engine Yard becomes aware.
Any compromise of security or potential compromise of security of which a Customer becomes aware and any inquiries concerning security should be reported promptly by such Customer to Engine Yard. Contact information is provided below.
Director of Information Security & Compliance
Engine Yard, Inc.
PO Box 77130
San Francisco, CA 94107
Engine Yard’s adherence to the Safe Harbor Principles is limited to the extent permitted or required by applicable United States laws, rules or regulations.