EU Safe Harbor Policy
EU Safe Harbor Policy
MongoHQ is a full service cloud database hosting provider that focuses on simplicity, reliability, and security of customer data. Protecting consumer privacy is important to MongoHQ (hereinafter collectively referred to as the “Company,” “we,” “us” or “our”).
Accordingly, MongoHQ complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce (hereinafter collectively referred to as the “Safe Harbor Principles”, “Principles”) regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. MongoHQ has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view MongoHQ's certification, please visit http://www.export.gov/safeharbor/.
“Customers” refers to direct users of MonogHQ's services, who have signed up for a MongoHQ account, and allow MongoHQ to store their data.
“Personal Data” or “Information” means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; (4) can be linked to that individual; and (5) does not apply to information collected by MongoHQ directly about MongoHQ’s customers. For information regarding our use, disclosure and handling of information we collect directly from our customers located in the European Union, please see the MongoHQ Privacy Statement located at http://docs.mongohq.com/policies/privacy.html.
“Sensitive Personal Data” means personal data that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
“Safe Harbor Principles” or “Principles” means both the European Union Safe Harbor Framework and the U.S.-Swiss Safe Harbor Frameworks published by the U.S. Department of Commerce. For more information regarding the Safe Harbor Principles and the Directive, please visit http://www.export.gov/safeharbor/. ￼￼
The Safe Harbor Principles require that those who collect and determine the purposes and the means of the processing of Personal Data adhere to certain requirements related to compliance with the Directive. The specific functions of a Data Controller depend on the laws of each EU member state. However, since MongoHQ does not collect or determine the use of any Personal Data stored on its servers, and since it does not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such Personal Data, MongoHQ is not acting in the capacity of Data Controller and does not have the associated responsibilities under the Directive or the Safe Harbor Principles.
Customer Agreement and Security
MongoHQ and each Customer located in the European Union or Switzerland will enter into an agreement/contract that specifies each party’s role in complying with the Directive and the Safe Harbor Principles. Any such contract with an EUor Swiss Customer will also specify that the Customer is responsible for security measures with respect to its Personal Data stored on MongoHQ’s servers. Although MongoHQ has implemented commercially reasonable security measures to protect Personal Data stored on its servers, Customer is ultimately in control of whether the Personal Data is made available to third parties. MongoHQ will comply with Customer’s instructions with respect to the return, update or destruction of Personal Data stored on MongoHQ’s servers.
In its role as a processor of Personal Data on behalf of its Customers, MongoHQ is not able to or required to apply all of the Safe Harbor Principles to Personal Data subject to the Directive that is received for processing from Customers. Instead, MongoHQ’s role as a data processor is to assist the Customer, at the Customer’s request, in complying with its obligations under the Directive.
MongoHQ requires its Customers located in the European Union or Switzerland to comply with their obligations under the Directive prior to the transfer of any such Personal Data from the European Union or Switzerland to the United States, including, should the case arise, compliance with the obligations to provide notices and obtain consents of individuals about the purposes for which they collect and use Information, as required under the Directive with respect to Personal Data.
MongoHQ requires its EU Customers to provide individuals the opportunity to choose (opt out) whether their personal information will be (1) disclosed to a third party or (2) used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, affirmative or explicit (opt in) choice must be given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.
MongoHQ does not disclose any Personal Data to third parties that has been collected by its Customers, and provides an adequate level of privacy protection to prevent third party access to any such Information. MongoHQ also requires its Customers to disclose to individuals any such transfers of their own Personal Data to third parties, and allow the individual a choice (opt out) of such disclosure, as outlined in the Directive.
MongoHQ allows for its Customers to respond to an individual’s request to access to their Personal Data and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
The control, access, and security of the Personal Data stored on the MongoHQ servers is (1) in the direct and primary control of the Customer, and (2) subject to the security measures undertaken by the Customer. Subject to the foregoing, MongoHQ has in place information security procedures and commercially reasonable security measures designed to protect Personal Data stored on its servers from loss, misuse, unauthorized access, disclosure, alteration and destruction. Customers will be notified of any breach with respect to their stored Personal Data of security measures implemented by MongoHQ of which MongoHQ becomes aware.
Any compromise of security or potential compromise of security of which a Customer becomes aware and any inquiries concerning security should be reported promptly by such Customer to MongoHQ. Contact information is provided below.
Director of Customer Support, MongoHQ
MongoHQ is not authorized to access or manipulate Personal Data stored on its servers other than as necessary to provide services to a Customer or as otherwise permitted or directed by such Customer. MongoHQ takes reasonable steps to assure that Personal Data transferred from the European Union or Switzerland to the United States and stored on MongoHQ’s servers is maintained in a reliable, accurate and complete state, subject to any deficiencies in the state in which such Personal Data was received.
Federal Trade Commission
MongoHQ’s adherence to the Safe Harbor Principles is limited to the extent permitted or required by applicable United States laws, rules or regulations.