Splunk Privacy Shield Notice

Updated: December 2020

 

Splunk Privacy Shield Certification

Splunk Inc. (“Splunk”) has certified with the Department of Commerce to participate in the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield frameworks (collectively, the “Privacy Shield”) by adopting and implementing the Privacy Shield Principles (the “Principles”). Our certification can be found here, and it covers Splunk and its affiliates. If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. More information about the Privacy Shield can be found at http://www.privacyshield.gov.

 

Data Protection Compliance

Splunk is committed to complying with the Principles with respect to all of the Personal Data it received in reliance on the Privacy Shield. This Privacy Shield Notice supplements the Splunk Privacy Policy where you will find details about the types of Personal Data we collect, the purpose for which we collect and share Personal Data, and your rights with respect to our processing of your Personal Data.

 

European Data Processing and Transfers Under the Privacy Shield

As of July 16, 2020, Splunk no longer relies on the Privacy Shield to facilitate cross-border data transfers. Splunk continues to process Personal Data it received under the Privacy Shield in compliance with the Principles, including those related to the onward transfer of Personal Data to third parties. Splunk remains liable if such agents process Personal Data from the European Economic Area, the United Kingdom, and Switzerland in a manner inconsistent with the Principles (unless Splunk can prove that it is not responsible for the event giving rise to the damage).

 

Standard Contractual Clauses

Splunk offers a Data Protection Addendum (“DPA”) that includes EU Standard Contractual Clauses (“SCCs”). The European Commission has approved of the use of SCCs as an adequate cross-border data transfer mechanism. Splunk customers who want to enter into a DPA with Splunk may do so here.

 

Inquiries and Dispute Resolution

You may contact us at privacyshield@splunk.com if you have questions about our Privacy Shield compliance. For any inquiries we cannot resolve directly, you may contact JAMS, which is a U.S.-based, independent dispute resolution body that is available to you free of charge. You may contact them here. If neither Splunk nor JAMS is able to resolve your inquiry, you have the right to invoke binding arbitration.

 

U.S. Federal Trade Commission Enforcement

Splunk is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).