This Arc Compute Data Privacy Addendum (“Privacy Addendum”) applies whenever it is incorporated by reference into the terms of service for a particular Arc Compute Service Offering (“Agreement”).
This Privacy Addendum consists of two parts:
1. Definitions and Interpretation.
1.1 Definitions. Any capitalized terms used but not defined in this Privacy Addendum will have the meanings given to them in the Agreement. In addition, the following definitions will apply throughout this Privacy Addendum:
(i) “Controller” means an entity that determines the purposes and means of the Processing of Personal Data.
(ii) “Data Breach” means any accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, access or other Processing of or to Service Data.
(iii) “Personal Data” means any information relating to an identified or identifiable individual.
(iv) “Processor” means an entity that Processes Personal Data on behalf of a Controller.
(v) “Processing” means any operation or set of operations performed upon Service Data, Relationship Data or Usage Data. The terms " Process" and " Processes" will be construed accordingly.
(vi) “Relationship Data” means any account-related data provided by you to Arc Compute during the purchase, sign up, use or support of your account. Relationship Data may include Personal Data. Arc Compute Processes Relationship Data for the purposes described in Section 3.
(vii) "Service Data" means any data (including any Personal Data) that Arc Compute Processes on your behalf in the course of providing you with the Service. Depending on the Service Offering you purchase or receive, Service Data may include the content of textual, visual, audio, audiovisual, executable or database files that you or your Users upload or otherwise import into the Service Offering. Service Data does not include Usage Data or Relationship Data.
(viii) “Usage Data” means any data (other than Service Data) relating to your consumption of the Service Offering. Usage Data does not include any Personal Data. Usage Data includes, without limitation, information about the amount of computing, tasks being executed, kernels being executed, binary code, machine language, PTX/SASS and storage resources purchased or consumed, User counts, and third party licenses consumed. Usage Data may also include information related to the consumption of optional or third party or co-branded services provided to you through the Service Offering.
1.2 Conflicts. If there is a conflict between: (i) this Privacy Addendum and the terms of service for any Service Offering, then the provisions of this Privacy Addendum will prevail to the extent of that conflict; (ii) Part I (General Privacy Provisions) and Part II (Specific Privacy Provisions) of this Privacy Addendum, then Part II (Specific Privacy Provisions) will prevail to the extent of that conflict; and (iii) this Privacy Addendum and any applicable Third Party Terms, then the applicable Third Party Terms will prevail to the extent of that conflict with respect to the Third Party Content.
2. Service Data.
2.1 Our Role. As between you and us, you are the Controller of Service Data. We Process Service Data only as a Processor on your behalf and for the purposes set forth in the Agreement. We will not disclose Service Data to any third party, except in accordance with this Privacy Addendum or where required by law.
2.2 Your Compliance. You will (i) comply with all applicable privacy and data protection laws with respect to your Processing of Service Data and any Processing instructions you issue to us; and (ii) ensure that you have obtained (or will obtain) all consents and rights necessary for us to process Service Data in accordance with this Privacy Addendum.
2.3 Security. We will maintain appropriate technical and organizational measures (including administrative, physical and technical safeguards) to protect any Service Data we Process on your behalf. For details of any specific security measures that may apply to the Service Offering you have purchased or receive, please see the relevant security terms for that Service Offering in Part II (Specific Privacy Provisions) of this Privacy Addendum.
2.4 Subprocessing. You agree that we may subcontract Processing of your Service Data to a third party. We will ensure any subcontractor we appoint protects your Service Data in a manner which is substantially similar to the standard that is set forth in this Privacy Addendum. We will be responsible for any breaches of this Privacy Addendum that are caused by any such subcontractor.
2.5 Cooperation. During the term of the Agreement we will provide all assistance reasonably required by you (at your expense) to enable you to address any request or complaint received by you from (i) any natural individual whose Personal Data is contained within Service Data that we Process on your behalf or (ii) any applicable data protection authority.
2.6 Data Breach. Upon becoming aware of a Data Breach, we will promptly notify you and will periodically update you of developments relating to the Data Breach. We will use reasonable endeavors to mitigate and, where possible, to remedy the effects of, any Data Breach.
2.7 Data Transfers from the EEA and Switzerland. If you are a customer in the European Economic Area or Switzerland, you acknowledge that we may process your Service Data in countries outside of the European Economic Area and Switzerland to the extent: (i) necessary to store your Service Data in an international location you have chosen (which location you acknowledge may not have data protection laws that are equivalent to those in the European Economic Area or Switzerland); and (ii) you provide Service Data in connection with any request for support, in which case we may process it in international customer support facilities (and we will provide adequate protection for the Service Data in accordance with applicable European and/or Swiss data protection law(s)).
2.8 Deletion of Service Data. Following expiration of the Agreement, we will endeavor to delete your Service Data within a reasonable period of time, except to the extent we are required to retain any Service Data for compliance with applicable law. If we are unable to delete your Service Data for technical or other reasons, we will apply measures to ensure that your Service Data is blocked from any further Processing.
2.9 Third Party Requests for Service Data. If a third party raises a complaint about or requests access to Service Data, we will attempt to redirect the third party to you. If we are required to respond to a subpoena, court order, warrant, audit or agency action and that occurrence demands that we disclose Service Data, we will promptly notify and provide you with a copy of the demand unless legally prohibited from doing so.
2.10 Protected Health Information. You must not upload into the Service Offering nor include within Service Data any data which is regulated by the United States Health Insurance Portability and Accountability Act unless you have entered into a business associate agreement with Arc Compute.
3. Relationship Data.
3.1 We collect and Process Relationship Data for the following purposes: (i) to provide the Service Offering to you, to manage your account, and to send you notifications and marketing information (including about the availability of our other products and services); (ii) to bill you for purchased services and to provide support; (iii) to enforce compliance with this Privacy Addendum and the Agreement; and (iv) to comply with our contractual obligations and applicable law.
3.2 We are an independent Controller of the Relationship Data we Process. We will Process Relationship Data in compliance with applicable law. We may share Relationship Data with our affiliates and third party service providers that we use for these purposes or as otherwise required or permitted by applicable law.
4. Usage Data.
4.1 We collect and Process Usage Data: (i) to provide the Service Offering to you; (ii) to manage our infrastructure; (iii) to address technical issues with the Service Offering; (iv) to improve Arc Compute products and services; (v) to provide enhanced customer and technical support services; (vi) to personalize your experience and that of your Users; (vii) to provide recommendations on how you may enhance your experience of the Service Offering; (viii) to provide you with information you may use for your own benchmarking efforts; (ix) to provide you with information and recommendations on Arc Compute products and services and the services of our affiliates and our partners; and (x) as otherwise described in this Agreement.
4.2 We are an independent Controller of the Usage data we Process. We will Process Usage Data in compliance with applicable law. We may share Usage Data with our affiliates and third party service providers for these purposes or as otherwise required or permitted by applicable law.
5. Provisions for Specific Data Centers.
For Service Offering purchases where you choose a data center located in the countries listed below, the following provisions replace or supplement the referenced sections of this Privacy Addendum, as noted:
6. Personal Information.
This Part II (Specific Privacy Provisions) sets out additional provisions that apply to certain Service Offerings. These provisions will apply in addition to the general privacy provisions in Part I (General Privacy Provisions).
1. Specific Terms for Third Party Content. If you purchase or receive any Third Party Content in connection with your use of the Service Offering, then please note that Third Party Content will be subject to Third Party Terms that are not controlled or otherwise determined by Arc Compute.
2. Specific Terms for ArcHPC. If you purchase or receive any ArcHPC Service Offering, then the following provisions will apply:
(i) Additional Definitions: The term "Arc Compute Infrastructure" will mean: (a) the physical facilities; and (b) those servers, storage devices, networking equipment, and other hardware and software over which we have administrator access or control; in each case to the extent used to provide the Service Offering;
(ii) Interpretation: The term “Service Data” will mean “Your Content” as that term is defined in the ArcHPC Agreement.
(iii) Infrastructure Monitoring: We reserve the right to monitor and administer the Arc Compute Infrastructure so that we can (a) prevent or address service or technical problems; (b) provide customer support; (c) detect, prevent or address fraud, technology or security issues; (d) protect against harm to the rights, property or safety of us, our users or the public; and (e) perform or enforce contractual obligations, or comply with applicable law.
(iv) Deletion and retrieval of data : Before the effective date of the expiration of the Agreement, you should retrieve a copy of Service Data and, if you wish, delete Service Data from the Service Offering. If you do not delete Service Data before your Agreement expires, we will retain Service Data for a period of 90 days following the effective date of that expiration. During this 90-day period, you will not have access to our Service Offering but, on written request, we can either provide you with reasonable assistance (at your cost) to retrieve a copy of Service Data or delete Service Data for you. After this 90-day period, Service Data will be deleted.
(v) Usage Data: In addition to the definition of Usage Data in Part I above, in the context of customer experience in the ArcHPC Service Offering the term “Usage Data” also means any data relating to the consumption, configuration, performance or features of the Service Offering provided to you. Usage Data includes configuration settings, features accessed, and technical information relating to the use and consumption of the Service Offering (including IP addresses, usernames (typically any email address provided as a username), and other VMware-assigned identifiers), and performance metrics. Arc Compute Processes Usage Data for the purposes described in Section 4 of Part I of this Privacy Addendum.