Last Updated: October 15, 2019
This Notice explains how Snowflake, Inc. and its affiliates and subsidiaries (“Snowflake“, “we“, “our” or “us“) collect, store, use, disclose, and otherwise process information about you in the course of our business, including through our websites that link to this Notice (such as, www.snowflake.com) (the “Sites“), our SaaS-based data-warehousing service (the “Service”) and through other means such as our and our partner’s events, sales and marketing activities. It also sets out more information about your privacy rights.
ABOUT OUR SERVICE. We provide the Service to our customers under an agreement with the customer and solely for the benefit of their personnel and other personnel authorized by the customer as users of the Service (“Authorized Users“). Our customers can efficiently store and analyze all their data in the Service. Because the Service is SaaS, Authorized Users may access and use the Service from all over the world, subject to Snowflake’s contract with the customer and any applicable laws.
This Notice does not apply to the content that our customers and their Authorized Users upload and store in the Service (“Customer Content”). In those circumstances:
(a) Snowflake is a processor and is acting on behalf of a customer in relation to any Customer Content and that customer is responsible for the collection and use of your data; and
(b) That customer’s privacy notice will apply to the collection and customer’s use of such data.
In such circumstances you should refer to their privacy notice and direct any queries to the relevant Snowflake customer. The provisions of the customer’s agreement with Snowflake govern our use of and processing of Customer Content in these circumstances. For more information about our data collection and use in connection with our Service see the “Information when using the Service” Section below.
We recommend that you read this Privacy Notice to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link below to jump to that section.
- OUR INFORMATION COLLECTION
- INFORMATION WE AUTOMATICALLY COLLECT
- INFORMATION WE RECEIVE FROM THIRD PARTIES
- THIRD PARTY APPLICATIONS
- TARGETED ONLINE ADVERTISEMENTS
- USE OF INFORMATION WE COLLECT
- SHARING OF PERSONAL INFORMATION
- LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA AND SWITZERLAND VISITORS AND USERS ONLY)
- SECURITY OF YOUR PERSONAL INFORMATION
- INTERNATIONAL DATA TRANSFERS
- YOUR INFORMATION CHOICES AND CHANGES
- CALIFORNIA USERS: YOUR CALIFORNIA PRIVACY RIGHTS
- EEA AND SWITZERLAND USERS: YOUR PRIVACY RIGHTS
- EEA AND SWITZERLAND USERS: YOUR PRIVACY RIGHTS IN RESPECT OF CUSTOMER CONTENT
- DATA RETENTION AND DELETION
- CHANGES TO THIS NOTICE
- FOR EEA AND SWITZERLAND USERS
OUR INFORMATION COLLECTION: The personal information that we collect when you use the Sites, including when you sign up to the Service through our Sites self-service portal (“Self-Service”), and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information. We will let you know prior to collection whether the provision of personal information we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information.
When using the Sites: We may collect your name, email, postal address, phone number and other information you provide via the Sites when, for example, you submit inquiries, request more information about our services, complete surveys or download Snowflake collateral, provide feedback about our services, or register for sales events or marketing activities.
When you register to use our Service: When you register to use our Service we may collect your personal information (like name and contact details) and, for Self-Service we collect credit card information. We may share such credit card information with our third-party service providers, including for payment and billing purposes.
INFORMATION WE AUTOMATICALLY COLLECT:
When using the Service: Further, we automatically collect certain data relating to the performance and configuration of our Service and our Customers’ and Authorized Users’ consumption, use of, and interaction with the Service (collectively, “Usage Data“). Usage Data generally includes:
- technical information, or data obtained from APIs, software or systems hosting the products and services, devices accessing these products and services, log files generated during such use;
- data and metadata about the Authorized Users’, such as user ID, email, IP address, other data about the user’s computer or other device, browser and connecting software (e.g., OS and software versions); and
- data and metadata about the Authorized Users’ activities and behavior within our Service, such as click-patterns and feature utilization.
Usage Data is used by Snowflake for (a) providing, maintaining, and operating our products and services, (b) network and information security, and (c) to analyze, develop, and improve our products and services.
INFORMATION WE RECEIVE FROM THIRD PARTIES: From time to time, we may obtain information about you from third party sources, such as public databases and websites, resellers and distributors, joint marketing or business partners, security and fraud detection firms, and social media platforms. Examples of the information we may receive from other sources include: account information, page-view information, and contact information from business partners with which we operate co-branded events, services, marketing campaigns or joint offerings; search results and links, including paid listings (such as sponsored links); and credit history information from credit bureaus.
THIRD PARTY APPLICATIONS: We may link to certain third-party websites and applications in our Service or on our Sites, such as Facebook. In those circumstances, the data we collect, use and share via the Sites or the Service will be subject to this Privacy Notice. However, your use of the third-party websites, applications, and any information you instruct us to send to the third-party shall be subject solely to the third-party’s terms and conditions and privacy notice, and shall not be subject to any agreements you have with us or this Notice.
Targeted Online Advertisements: We use one or more third party service providers to serve ads on the Sites and/or other websites. These third parties may automatically collect and use certain information about your online activities, either on our Sites and/or other websites, such your IP address, your ISP, and the browser you are using. They do this using cookies, clear gifs and similar tracking technologies.
USE OF INFORMATION WE COLLECT: We use personal information collected via the Sites, our Service, and through other means for purposes described in this Notice, including using your information to:
- operate and improve our Sites, products, and services;
- to provide customer service;
- provide and to facilitate the delivery of products and services you request;
- to send you related information, including confirmations, invoices, technical notices, updates, security alerts, training, and support and administrative messages;
- enhance security, monitor and verify identity or service access, combat fraud, spam, malware or other network and/or information security risks;
- understand you and your preferences to enhance and personalize your experience and enjoyment when using our Sites, products, and services;
- to send you marketing and promotional communications (where this is in accordance with your marketing preferences);
- to communicate with you about one of our events or our partner events;
- respond to your comments or questions or provide information requested by you;
- link or combine it with other personal information we get from third parties, to help understand your needs, provide you with better service, or to prevent fraud;
- process and deliver contest entries and rewards;
- process your information for other legitimate business purposes, such as customer surveys, data analysis, audits, collecting and assessing feedback, identifying usage trends, determining the effectiveness of our marketing campaigns and to evaluate and improve our products, services, marketing and customer relationships.
Snowflake may store and process personal information in the United States and other countries.
SHARING OF PERSONAL INFORMATION: We do not share your personal information with third parties other than as follows:
- where it has been de-identified, including through aggregation or anonymization;
- if applicable, when you instruct us to do so;
- with your consent, for example, when you agree to our sharing your information with other third parties for their own marketing purposes subject to their separate privacy policies;
- with Snowflake affiliates, for example we may share your information with our parent companies, subsidiaries and/or affiliates. In such case the information will be processed as otherwise described in this Notice;
- with third party vendors, consultants and other service providers who work for us and need access to your information to do that work. Examples include vendors and service providers who provide assistance with marketing, billing, processing credit card payments, data analysis, fraud prevention, network and information security, technical support and customer service. Unless described in this Notice, we do not share, sell, rent, or trade any of your personal information with third parties for their promotional purposes;
- with third party business partners, such as distributors, and/or referral partners, that are involved in providing services to our prospects and/or customers, to fulfill product and information requests and to provide customers and prospective customers with information about Snowflake and its products and services. From time to time, we may engage in joint sales or product promotions with select business partners. If you purchase or specifically express an interest in a jointly-offered product, promotion or services, we may share relevant personal information with those partner(s). Where you have given your consent to do so these business partners may send you marketing communications about their own products and services. Please be aware that we do not control our business partners’ use of such information. Our partners are responsible for managing their own use of the personal information collected in these circumstances. We recommend you review the privacy notices of the relevant partner to find out more about their handling of your personal information.
- in order to protect any individual’s vital interests, but only where we believe it necessary in order to protect the vital interests of any person;
- in connection with or during negotiation of any business transfer, merger, financing, acquisition, or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company.
LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA AND SWITZERLAND VISITORS AND USERS ONLY): If you are a visitor or user based in the European Economic Area (“EEA“), Snowflake, Inc., is the data controller of your personal information unless the data is collected in circumstances where one of our affiliates is running a local event, training session or survey, for example, and they collect and control that information. In such circumstances, we will endeavor to make this clear to you in a context specific notification at the point we collect your personal information.
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of a third party), we will make clear to you at the relevant time what those legitimate interests are.
For more information on our legal basis for processing data please contact us using the details provided at the bottom of this Notice.
SECURITY OF YOUR PERSONAL INFORMATION: We take all reasonable and appropriate steps to help protect your personal information in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We use appropriate technical and organizational measures to protect your personal information. The measures we take to protect your personal information while processing may include: physical access controls, encryption, internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. Our staff who may have access to your information are required to keep that information confidential.
INTERNATIONAL DATA TRANSFERS: Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country, and in some cases, may not be as protective.
Specifically, our website servers are located in the U.S., and our affiliates/partners and third-party service providers operate in the U.S., U.K., Ireland, Germany, France, Netherlands, Australia, India. This means that when we collect your personal information we may process it in any of these countries.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Notice. These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between us and our business affiliates and associates to which we choose to transfer the information that requires these companies to protect personal information they process from the EEA or Switzerland in accordance with European Union data protection law.
Our Standard Contractual Clauses can be provided on request. We implement similar appropriate safeguards with our third-party service providers and further details can be provided upon request.
Please note we have additionally certified to comply with the Privacy Shield Principles for limited international data transfers from the EEA and Switzerland, where we act as a processor on behalf of business customers based in the EEA and Switzerland and where we act as a controller regarding Snowflake human resources and internal business operations data from the EEA and Switzerland. For more information, please see our Privacy Shield Statement here.
YOUR INFORMATION CHOICES AND CHANGES: You may opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations. You may also send requests about your contact preferences and changes to your information including requests to opt-out of sharing your personal information with third parties by emailing firstname.lastname@example.org.
CALIFORNIA USERS: YOUR CALIFORNIA PRIVACY RIGHTS: In addition, California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. If you wish to find out about any rights you may have under California Civil Code section 1798.83, you may notify us in writing at email@example.com.
EEA AND SWITZERLAND USERS: YOUR PRIVACY RIGHTS: In addition, if you are a resident of the EEA or Switzerland you have the following data protection rights:
- If you wish to access, correct, update or request deletion of your Personal Information, you can do so at any time.
- You can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information.
- If we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your Personal Information. Contact details for data protection authorities in the EEA are available here and Switzerland here
If you wish to exercise any of these rights or want further information, please contact firstname.lastname@example.org.
EEA AND SWITZERLAND USERS: YOUR PRIVACY RIGHTS IN RESPECT OF CUSTOMER CONTENT: If personal information pertaining to you as an individual has been submitted to the Service by or on behalf of a customer and you wish to exercise any data protection rights you may have in respect of that data under applicable law, including (as applicable) the right to access, port, correct, amend, or delete such data, please inquire with the relevant customer directly. We have a limited ability to access Customer Content. However, if you wish to make your request directly to us, please provide the name of the customer who submitted your data to our Service. We will refer your request to that customer and will support them as needed in responding to your request within a reasonable timeframe.
DATA RETENTION AND DELETION: We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing, until deletion is possible.
CHANGES TO THIS NOTICE: We may change this Notice from time to time. If we make any changes to this Notice, we will change the “Last Updated” date above. If such changes are material in nature we will provide you with additional notice (such as adding a statement to the main website page or sending you an email notification).
QUESTIONS: If you have any questions about this Notice, please contact us at email@example.com or Snowflake, Inc., 450 Concar Drive, San Mateo, CA, 94402.
FOR EEA AND SWITZERLAND USERS: The best way to reach us regarding questions about this Notice is to contact us at firstname.lastname@example.org or Snowflake, Inc., 450 Concar Drive, San Mateo, CA, 94402.