Updated: December 2020
Splunk Inc. (“Splunk”) has certified with the Department of Commerce to participate in the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield frameworks (collectively, the “Privacy Shield”) by adopting and implementing the Privacy Shield Principles (the “Principles”). Our certification can be found here, and it covers Splunk and its affiliates. If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. More information about the Privacy Shield can be found at http://www.privacyshield.gov.
As of July 16, 2020, Splunk no longer relies on the Privacy Shield to facilitate cross-border data transfers. Splunk continues to process Personal Data it received under the Privacy Shield in compliance with the Principles, including those related to the onward transfer of Personal Data to third parties. Splunk remains liable if such agents process Personal Data from the European Economic Area, the United Kingdom, and Switzerland in a manner inconsistent with the Principles (unless Splunk can prove that it is not responsible for the event giving rise to the damage).
Splunk offers a Data Protection Addendum (“DPA”) that includes EU Standard Contractual Clauses (“SCCs”). The European Commission has approved of the use of SCCs as an adequate cross-border data transfer mechanism. Splunk customers who want to enter into a DPA with Splunk may do so here.
You may contact us at email@example.com if you have questions about our Privacy Shield compliance. For any inquiries we cannot resolve directly, you may contact JAMS, which is a U.S.-based, independent dispute resolution body that is available to you free of charge. You may contact them here. If neither Splunk nor JAMS is able to resolve your inquiry, you have the right to invoke binding arbitration.
Splunk is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).