Consumer Statement

I. Introduction

Treasure Data, Inc. is committed to protecting the information of its customers and preventing the unauthorized disclosure, use, modification, or access of or to the information customers store within the platform by which Treasure Data provides its Big Data analytics service and personal information concerning our customers’ representatives. We recognize the importance of appropriate policies and procedures to protect customer information. We have therefore created this document to describe Treasure Data’s privacy practices and procedures relating to customer information.

By “customer information,” we are referring to information and data we receive, process, create, maintain, or transmit on behalf of a customer when providing the Treasure Data service to a customer or other information and data customers otherwise provide to Treasure Data. For instance, customer information includes information customers upload, analyze, and store within the Treasure Data service. That customer information may include personal information, for instance concerning the customers of our customers. Customer information also includes personal information about customer representatives that communicate with Treasure Data.
The terms “Treasure Data,” “we,” “us,” and “our” refer to Treasure Data, Inc.

This statement summarizes the types of customer information we collect, how we process customer information, the circumstances in which we will disclose customer information, how we safeguard customer information, gaining access to customer information, updating or correcting customer information, and resolving disputes relating to Treasure Data’s privacy practices concerning customer information.

II. Types of Customer Information Treasure Data Collects

Treasure Data, Inc. provides to its customers a cloud-based, managed Big Data service for data collection, storage, and analysis. Treasure Data’s tools facilitate the collection and uploading of customer information to the service. The Treasure Data service stores customer information in massively scalable databases. Customers can analyze uploaded data in various ways and export the results of their analyses, including to third party services designated by our customers.

In general, Treasure Data collects two categories of customer information. First, Treasure Data collects data that customers upload to the Treasure Data service to populate massively scalable databases. Some of the data uploaded to the service contains personal information. If a customer plans to upload personal information of end users to the service, the customer must first notify its Treasure Data account manager or the Customer Service team. We do not monitor or review the customer information that customers upload to the service, except, if and to the extent necessary, to verify that a customer is in compliance with our Terms of Service, or in response to a customer’s request to provide customer support.

Second, Treasure Data collects customer information relating to customer accounts and their management. For instance, Treasure Data collects personal information about representatives and contacts at its customer organizations, including their contact information (name, address, telephone numbers, and email addresses), job title, and name of employer.

We may add to the information we receive from customer representatives and contacts by information they provide to us at other occasions and using other means. Examples include information they provide to us at educational programs, trade shows, or meetings, as well as information gathered using other data-appending methods, including by purchasing contact lists from third- party providers, which we may use to communicate with you for marketing purposes. We may also review and collect biographical information about representatives and contacts that they post to the Internet.

III. Treasure Data’s Role as a Data Processor

When customers upload personal information to the Treasure Data service, it is the customers that are data controllers with respect to such personal information. That is, the customer has the direct contact with the individuals whose personal information was uploaded to the service. Treasure Data customers are the ones who would collect the personal information from their customers, personnel, or other data subjects.
Treasure Data has no such contact with these individuals.

We may process any personal information, among other information, when customers use the Treasure Data service to collect, store, analyze, and transmit customer information. When performing its services, the Treasure Data service processes data strictly in accordance with the actions of the applicable customer using Treasure Data’s tools, queries, or instructions of the applicable customer. For instance, customers have the ability to export data to certain third party services for further processing.

As a data processor, with certain exceptions, Treasure Data has an obligation under its agreement with the customer not to disclose or otherwise transfer data to a third party except to provide the Treasure Data service or the customer has instructed us to disclose or transfer the information. Except as noted below, Treasure Data processes any personal information and other customer information solely for the purpose of delivering services to the customer. Treasure Data may use third party data processors to assist it in delivering the service to its customers.

IV. Privacy Shield Disclosures

Treasure Data complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Arm, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Treasure Data’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Section V(H) below discusses information about the specific independent dispute resolution body that is available to address complaints about Treasure Data’s privacy practices and to provide appropriate recourse free of charge to individuals.

V. Statement of Customer Information Privacy Practices

A. How Treasure Data Collects Customer Information

  1. Customer Information Uploaded by Customers to the Service

We receive customer information from customers for use in the service when they upload it or otherwise transfer it to the service. For instance, Treasure Data offers various bulk import tools and solutions to permit customers to upload customer information to the service.

  1. Account-Related Information

We receive account -related contact information from customer representatives and contacts when they provide it to us. Customer representatives may provide Treasure Data’s third-party payment processors with payment card information in order to pay for Treasure Data’s services. We may also obtain biographical information about representatives and contacts through our review of information they post to the Internet. We may obtain additional information about our customer representatives from public sources and from third-party providers of contact lists. This information may include a prospective customer representative’s name, phone number, and work address. We use this information solely for marketing purposes.

B. How Treasure Data Processes Customer Information

  1. Customer Information Uploaded by Customers to the Service

We process data uploaded by customers by providing customers Treasure Data’s cloud-based, managed Big Data service for data collection, storage, and analysis. Treasure Data uses such customer information to provide, administer, manage, deploy, enhance, and improve the Treasure Data service pursuant to customers’ instructions or Treasure Data’s agreements with customers. Customers can use the tools provided by the service to analyze data, run queries, and generate reports. Our systems process customer information to perform these functions based on the instructions, commands, and queries of our customers’ users. Our systems can export reports or data to various third party services pursuant to customers’ instructions.

Treasure Data may also use personal information about individuals for other purposes to which such individuals have consented. Treasure Data’s customer or other data controller are obligated to obtain such consents where required by applicable law.

  1. Account-Related Information

We use account-related information in order to market our service, establish relationships, set up the Treasure Data service, deliver the service, obtain payment for the service, provide customer and technical support for the service, and otherwise communicate with customers.

C. Third Party Use of Customer Information

We use certain third party service providers to help Treasure Data provide, administer, manage, deploy, enhance, and improve the Treasure Data service, including service providers that host and maintain customer information that we may receive from you. More specifically, we use Amazon Web Services and other cloud platform providers to host the Treasure Data service and collect and maintain customer information uploaded to the service. In addition, we upload some account-related information to cloud service providers to maintain and analyze information about our relationships with customers, undertake Treasure Data marketing campaigns, and provide customer and technical support.

We enter into agreements with third parties hosting customer information and providing other services necessary to our delivery of the service. These agreements bind such third parties to confidentiality restrictions requiring them to use customer information only for purposes of delivering their services to us, not to disclose customer information without authorization, and to adhere to the practices equivalent to those disclosed in this privacy statement. These agreements also require service providers to notify Treasure Data if there is any unauthorized access, use, or disclosure of personal information, or if they are no longer able to meet the agreements’ security requirements. Treasure Data monitors the activities of third party service providers where necessary to verify that they process the personal information transferred to them in a manner consistent with their obligations under their agreements with Treasure Data. Treasure Data may be liable for damages if such third party service providers fail to meet their obligations under these agreements and if we are responsible for the event causing such damages.

D. When Treasure Data Will Disclose or Transfer Customer Information

We do not sell or rent customer information to anyone. Nonetheless, our customers may instruct us to export customer information to third party services or other service providers. We will transfer customer information in accordance with these instructions.

Moreover, we may sell, transfer, or otherwise share some or all of Treasure Data’s assets in connection with a merger, acquisition, reorganization, or sale of assets of our business, or in the event of bankruptcy.

Also, we may disclose customer information when required by a subpoena, court order, search warrant, other legal process, lawful requests by law enforcement or other public agencies, or applicable law. These requests may include those pursuant to national security or law enforcement requirements. Moreover, we may disclose customer information to the extent necessary to maintain the security of our websites, resolve disputes, or investigate possible misconduct.

E. How Treasure Data Safeguards Customer Information

Treasure Data is committed to protecting customer information and preventing loss, misuse, or unauthorized disclosure, use, alteration, destruction, or access of or to customer information. In specific, Treasure Data is committed to maintain reasonable and appropriate administrative, physical, and technical safeguards to:

  • Provide assurances of the integrity and confidentiality of customer information,
  • Protect against any reasonably anticipated threats or hazards to the security or integrity of customer information, and unauthorized uses or disclosures of customer information, and
  • Maintain compliance with the legal framework of requirements for the privacy and security of customer information.

For more details concerning safeguards we maintain to protect customer information, please see the Statement of Treasure Data’s Security Practices for Customer Information.

F. Accessing Customer information and Making Changes

  1. Data Uploaded by Customers to the Service

Treasure Data’s service provides complete access to customers to customer information they have uploaded to the service. Using the service, they can view, update, append, and correct data maintained in the service. Customers may also export customer information to themselves or to third party services they designate by downloading their data in industry standard formats that can be transitioned to other systems or service providers. Customers requiring assistance accessing and changing data in the service can contact technical support for assistance by email sent to privacy@treasuredata.com.

If you believe that Treasure Data holds personal information about you, and you wish to access that personal information or wish to make changes to that information, please contact us at privacy@treasuredata.com or by postal mail to the address in Section V(H) below. Please provide Treasure Data with the name of the Treasure Data customer or other data controller who you believe uploaded your personal information to our service. We will work with that customer or data controller to respond to your request.

  1. Account-Related Information

If you would like to access personal information we may have about you or to make changes to that information, please contact us at privacy@treasuredata.com.

G. Notice to Residents of the European Economic Area

If you reside in a member state of the European Economic Area, you may have the right under applicable law to exercise certain privacy rights. Among these rights are the right of access, the right of rectification, the right not to consent or to withdraw previously-provided consent, the right of erasure, the right to object to processing, and the right to restrict processing.

If you believe that Treasure Data holds personal information about you, and you wish to exercise any of these rights, please contact our Data Protection Officer at privacy@treasuredata.com or by postal mail to the address in Section V(H) below. Please provide Treasure Data with the name of the Treasure Data customer or other data controller who you believe uploaded your personal information to our service. We will work with that customer or data controller to respond to your request.

H. Contact Information and Resolving Disputes

If you would like to discuss this privacy statement or provide us with feedback, questions, or concerns about our privacy practices regarding customer information, please contact our Data Protection Officer at privacy@treasuredata.com. You may also write us at:

Treasure Data,
Inc.
2565 Leghorn Street
Mountain View, CA 94043<
Attention: Privacy

If you are a citizen of a member state of the European Economic Area, you may also contact our EU Privacy Representative at privacy-rep@treasure-data.com. If we’re unable to answer your question, you have the right to contact your local data protection supervisory authority.

If you have a complaint about our customer information privacy practices, you may submit a complaint to us at the above contact information. Also, in compliance with the Privacy Shield Principles, Treasure Data commits to resolve complaints about the collection or processing of personal information of residents of the European Economic Area or Switzerland. Individual residents of the European Economic Area or Switzerland with inquiries or complaints regarding our Privacy Shield policy should first contact us at the above contact information.

Our privacy team will look into your complaint and provide a response. You will need to provide sufficient information for us to evaluate your complaint and we may ask you to provide additional information as a condition of evaluating your complaint.

Arm, Inc. has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the United States. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield- claim. If neither Arm nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.

If the informal discussions with Treasure Data and the formal dispute resolution process described above fail to resolve your complaint, you may be entitled to engage in binding arbitration with Treasure Data through the Privacy Shield Panel, which is the ICDR/AAA Privacy Shield Program, an alternative dispute resolution provider located in the United States. Please contact or visit go.adr.org/privacyshield.html for more information or to file a complaint.

Dispute resolution processes will be conducted in English.

VI. Changes to This Privacy Statement

We reserve the right to make changes to this privacy statement from time to time. If we make a change to the privacy statement, we will post a new copy of it on our website. For customers, your continued use of the Treasure Data service after such notification indicates your continued agreement to the terms of this privacy statement as amended. Please review this privacy statement to review the latest information about our privacy practices for handling customer information.