Services Privacy Policy Oracle
Oracle Services Privacy Policy
This Oracle Service Privacy Policy ("Service Privacy Policy") consists of three sections:
I. I. I. I. (Service Personal Information Data Processing Conditions) include Oracle Corporation and its subsidiaries (hereinafter referred to as "Oracle") in the Oracle customer (hereinafter referred to as "customer") in the process of ordering the service. Service personal information (defined below) to provide technical support, consulting, cloud or other services (including those provided through mobile applications) (hereinafter referred to as "services") Explains the practice of privacy and security used when handling.
Services Personal Information Data Processing Terms Quick Links
Purpose of Processing Services Personal Information
Customer instructions
Rights of individuals
Security and confidentiality
Incident Management and breach notification
Subprocessors
Cross-border data transfers
Audit rights
Deletion or return of Services Personal Information
Notifications to customers and users
Service personal information is the personal information provided by customers, placed on oracle, customer, or thir d-party systems and environments, and is treated by Oracle instead of customers to execute services. Service personal information includes information on family, lifestyle and social situation, information on employment, details on financials, online identifier, geographical position data, and first party online behavior. Data and interest data may be included. Service personal information may be related to customer agents and end users, such as customer employees, job seekers, contractors, partners, associate, suppliers, customers, clients, etc.
II. Section 2 (System Operation Data Processing Conditions) is used to monitor, maintain and provide services to our customers (hereinafter referred to as "users") in our services (hereinafter referred to as "users"). This section describes the privacy and security practices applied to personal information that may be included in the system operation data generated by the Oracle system and network.
System operation data may include log files, event files, other detection and diagnostic records, and statistical information and aggregation information related to the use and operation of the system and network operated by our services and our services. there is.
Systems Operations Data Processing Terms Quick Links
Responsibility and purposes for processing personal information
Security
Sharing personal information
User choices
Cross-border data transfers
Notifications to customers and users
III. The third section (contact and notification to customers and users) is applied to both the personal information of the service and the personal information included in the Systems Operations Data, and how to disclose the disclosure of Oracle. I will explain how to deal with it, and explain how to contact Oracle's Global Data Protection Officer or complaint to customers and users.
Systems Operations Data Processing Terms Quick Links
Legal requirements
Dispute resolution or filing a complaint
Global Data Protection Officer
For the definition of personal information services and system operation data, the user of the customer or the user of the customer or the user of the customer or the customer in the contract process or the user of the customer in the contract process, the user of the customer or the user of the customer. No information is included. The handling of this information by Oracle shall follow Oracle's general privacy policy clause.
I. SERVICES PERSONAL INFORMATION DATA PROCESSING TERMS
Oracle handles all personal information in accordance with the conditions of this policy section I and III, and the order of your service.
If there is a contradiction between the conditions of the Service Privacy Policy and the privacy conditions incorporated into your service order, including the Oracle data processing agreement, the related privacy conditions of your service order are prioritized. And
1. Purpose of Processing Services Personal Information
Oracle creates Oracle Service Accounts to access Oracle products and services, new versions or systems, updates, upgrades and updates tests and implementation, troubleshooting, and other issues reported to Oracle. Personal information may be processed for the necessary processing activities to execute the service.
2. Customer instructions
You will be an administrator of personal service information processed by Oracle to execute this service. Oracle complies with (i) the duty of the processor based on the Data Protection Law, or (II) the obligations of the administrator based on the Data Protection Law applied to the use of this service. We will handle your personal information as specified as the customer's order and additional documented instructions to support the customer to support the customer. Oracle will immediately notify the customer in our rational opinion if your teachings violate the Data Protection Law. You agree that Oracle is not responsible for the implementation of legal surveys and/ or legal advice. Additional charges may be applied. < SPAN> Definition of personal information services and system operation data includes customers or users of customers who are collected by the use of oracle's website by customers or interacting with our customers or users in contract processes. Not included the future and related information. The handling of this information by Oracle shall follow Oracle's general privacy policy clause.
3. Rights of individuals
Oracle handles all personal information in accordance with the conditions of this policy section I and III, and the order of your service.
If there is a contradiction between the conditions of the Service Privacy Policy and the privacy conditions incorporated into your service order, including the Oracle data processing agreement, the related privacy conditions of your service order are prioritized. And
4. Security and confidentiality
Oracle creates Oracle Service Accounts to access Oracle products and services, new versions or systems, updates, upgrades and updates tests and implementation, troubleshooting, and other issues reported to Oracle. Personal information may be processed for the necessary processing activities to execute the service.
You will be an administrator of personal service information processed by Oracle to execute this service. Oracle complies with (i) the duty of the processor based on the Data Protection Law, or (II) the obligations of the administrator based on the Data Protection Law applied to the use of this service. We will handle your personal information as specified as the customer's order and additional documented instructions to support the customer to support the customer. Oracle will immediately notify the customer in our rational opinion if your teachings violate the Data Protection Law. You agree that Oracle is not responsible for the implementation of legal surveys and/ or legal advice. Additional charges may be applied. For the definition of personal information services and system operation data, the user of the customer or the user of the customer or the user of the customer or the customer in the contract process or the user of the customer in the contract process, the user of the customer or the user of the customer. No information is included. The handling of this information by Oracle shall follow Oracle's general privacy policy clause.
Oracle handles all personal information in accordance with the conditions of this policy section I and III, and the order of your service.
5. Incident Management and data breach notification.
If there is a contradiction between the conditions of the Service Privacy Policy and the privacy conditions incorporated into your service order, including the Oracle data processing agreement, the related privacy conditions of your service order are prioritized. And
Oracle creates Oracle Service Accounts to access Oracle products and services, new versions or systems, updates, upgrades and updates tests and implementation, troubleshooting, and other issues reported to Oracle. Personal information may be processed for the necessary processing activities to execute the service.
You will be an administrator of personal service information processed by Oracle to execute this service. Oracle complies with (i) the duty of the processor based on the Data Protection Law, or (II) the obligations of the administrator based on the Data Protection Law applied to the use of this service. We will handle your personal information as specified as the customer's order and additional documented instructions to support the customer to support the customer. Oracle will immediately notify the customer in our rational opinion if your teachings violate the Data Protection Law. You agree that Oracle is not responsible for the implementation of legal surveys and/ or legal advice. Additional charges may be applied.
6. Subprocessors
End user access to personal information on this service shall be managed by the customer, and the end user shall make any requests related to the personal information on the Service. Unless such access is available, Oracle is opposed to access, deleting, deleting, deleting, restrictions, correction, transmission, and processing access to the personal information of Oracle's system on Oracle's system. We provide reasonable support for the requests of individuals seeking. Oracle will promptly transfer those requirements to the customer without answering the end users if they receive directly or questions from the end user of the customer who identified the customer as an administrator.
If you have any questions about the disclosure and use of the service provided to Oracle, please contact the organization that collected information.
7. Cross-border data transfers
Oracle shall implement and maintain the technical and organizational measures designed to prevent accidental or illegal destruction, loss, falsification, illegal disclosure, or access of personal service information. These measures are generally in line with ISO/IEC 27001: 2013, and the security applied to the Service, including physical access, system access, data access, transmission, import, security supervision, and implementation. Applies to all areas of.
Oracle employees are required to maintain the confidentiality of personal information. Employee obligations include written confidentiality contracts, regular information protection training, and the company policy on protection of confidential information.
For more information about the specific security measures applied to the Service, see the security practice (readable) of the Service, including data retention and deletion.
Oracle evaluates the incidents that are suspected of unauthorized access or unauthorized handling to personal service information and respond promptly. < SPAN> End user access to personal information on this service shall be managed by the customer, and the end user shall make any requests related to the personal information on the Service. Unless such access is available, Oracle is opposed to access, deleting, deleting, deleting, restrictions, correction, transmission, and processing access to the personal information of Oracle's system on Oracle's system. We provide reasonable support for the requests of individuals seeking. Oracle will promptly transfer those requirements to the customer without answering the end users if they receive directly or questions from the end user of the customer who identified the customer as an administrator.
If you have any questions about the disclosure and use of the service provided to Oracle, please contact the organization that collected information.
8. Audit rights
Oracle shall implement and maintain the technical and organizational measures designed to prevent accidental or illegal destruction, loss, falsification, illegal disclosure, or access of personal service information. These measures are generally in line with ISO/IEC 27001: 2013, and the security applied to the Service, including physical access, system access, data access, transmission, import, security supervision, and implementation. Applies to all areas of.
Oracle employees are required to maintain the confidentiality of personal information. Employee obligations include written confidentiality contracts, regular information protection training, and the company policy on protection of confidential information.
For more information about the specific security measures applied to the Service, see the security practice (readable) of the Service, including data retention and deletion.
9. Deletion or return of Services Personal Information
Oracle evaluates the incidents that are suspected of unauthorized access or unauthorized handling to personal service information and respond promptly. End user access to personal information on this service shall be managed by the customer, and the end user shall make any requests related to the personal information on the Service. Unless such access is available, Oracle is opposed to access, deleting, deleting, deleting, restrictions, correction, transmission, and processing access to the personal information of Oracle's system on Oracle's system. We provide reasonable support for the requests of individuals seeking. Oracle will promptly transfer those requirements to the customer without answering the end users if they receive directly or questions from the end user of the customer who identified the customer as an administrator.
II. SYSTEMS OPERATIONS DATA PROCESSING TERMS
1. Responsibility and purposes for processing personal information
If you have any questions about the disclosure and use of the service provided to Oracle, please contact the organization that collected information.
Oracle shall implement and maintain the technical and organizational measures designed to prevent accidental or illegal destruction, loss, falsification, illegal disclosure, or access of personal service information. These measures are generally in line with ISO/IEC 27001: 2013, and the security applied to the Service, including physical access, system access, data access, transmission, import, security supervision, and implementation. Applies to all areas of.
- Oracle employees are required to maintain the confidentiality of personal information. Employee obligations include written confidentiality contracts, regular information protection training, and the company policy on protection of confidential information.
- For more information about the specific security measures applied to the Service, see the security practice (readable) of the Service, including data retention and deletion.
- Oracle evaluates the incidents that are suspected of unauthorized access or unauthorized handling to personal service information and respond promptly.
- Oracle is fraudulently diversified personal information, or an incidentally processed by an incident related to personal information services, or to accidental or illegal destruction, loss, tampering, or unauthorized disclosure, or personal information. If you recognize that it corresponds to security infringement that brings access to. Regarding the Oracle system that infringes the security, confidentiality or completeness of personal information, Oracle reports such infringement without unreasonable delays.
- When information about violations is collected in oracle or Oracle is rationally available, and within the range permitted by law, Oracle is rational or obtained. We provide you with additional related information.
- For the purpose of supporting the provision of services, these sub domains are at the same level as the customer's service order conditions, as long as Oracle asks Oracle's affiliated companies and thir d-party sub domains to personal service information. Data protection and security. Oracle is responsible for the su b-processor to comply with the customer's service order.
Oracle manages the list of Oracle and su b-related companies that may process personal information. Additional information can be obtained through the Oracle My Oracle Support (https: // Support. Oracle. com) document ID 2121811. 1, or the other major support tools provided by the Service.
2. Sharing personal information
Oracle is a global company that operates in more than 80 countries, and personal information may be treated globally as needed according to this policy. If the personal information of this service is relocated to an Oracle recipient in a country that does not provide appropriate level of protection to personal information, the relocation of the EU model clause or related data protection. We will take appropriate measures designed to protect the personal information of this service, such as being subject to other appropriate relocation mechanisms requested by. < SPAN> Oracle is fraudulently diversion of personal information processed by incidents related to personal information services in other ways, or accidental or illegal or illegal, falsification, incorrect disclosure, or If you recognize that it is a security infringement that brings access to personal information and judges. Regarding the Oracle system that infringes the security, confidentiality or completeness of personal information, Oracle reports such infringement without unreasonable delays.
When information about violations is collected in oracle or Oracle is rationally available, and within the range permitted by law, Oracle is rational or obtained. We provide you with additional related information.
- For the purpose of supporting the provision of services, these sub domains are at the same level as the customer's service order conditions, as long as Oracle asks Oracle's affiliated companies and thir d-party sub domains to personal service information. Data protection and security. Oracle is responsible for the su b-processor to comply with the customer's service order.
- Oracle manages the list of Oracle and su b-related companies that may process personal information. Additional information can be obtained through the Oracle My Oracle Support (https: // Support. Oracle. com) document ID 2121811. 1, or the other major support tools provided by the Service.
- Oracle is a global company that operates in more than 80 countries, and personal information may be treated globally as needed according to this policy. If the personal information of this service is relocated to an Oracle recipient in a country that does not provide appropriate level of protection to personal information, the relocation of the EU model clause or related data protection. We will take appropriate measures designed to protect the personal information of this service, such as being subject to other appropriate relocation mechanisms requested by. Oracle is fraudulently diversified personal information, or an incidentally processed by an incident related to personal information services, or to accidental or illegal destruction, loss, tampering, or unauthorized disclosure, or personal information. If you recognize that it corresponds to security infringement that brings access to. Regarding the Oracle system that infringes the security, confidentiality or completeness of personal information, Oracle reports such infringement without unreasonable delays.
When information about violations is collected in oracle or Oracle is rationally available, and within the range permitted by law, Oracle is rational or obtained. We provide you with additional related information.
3. Cross-border data transfers
For the purpose of supporting the provision of services, these sub domains are at the same level as the customer's service order conditions, as long as Oracle asks Oracle's affiliated companies and thir d-party sub domains to personal service information. Data protection and security. Oracle is responsible for the su b-processor to comply with the customer's service order.
4. Security
Oracle manages the list of Oracle and su b-related companies that may process personal information. Additional information can be obtained through the Oracle My Oracle Support (https: // Support. Oracle. com) document ID 2121811. 1, or the other major support tools provided by the Service.
5. Individual Rights
Oracle is a global company that operates in more than 80 countries, and personal information may be treated globally as needed according to this policy. If the personal information of this service is relocated to an Oracle recipient in a country that does not provide appropriate level of protection to personal information, the relocation of the EU model clause or related data protection. We will take appropriate measures designed to protect the personal information of this service, such as being subject to other appropriate relocation mechanisms requested by.
If the service contract between the customer and Oracle mentions the Oracle Data Processing Agreement ("DPA") for Oracle Services, the details of the related data transfer mechanism applied to the order of the Oracle Service are obtained by the DPA. can. In particular, for service personal information relocated from the European Economic Area (EEA) or Switzerland, the relocation is subject to Oracle's Binding Corporate Rules for Processors (BCR-P) or EU Standard Contractual Rates. For service personal information relocated from the UK (UK), such relocation is subject to UK complements or other appropriate relocation mechanisms.
Oracle is also EU-U. S. Data Privacy Framework (EU-U. S. DPF), EU-U. Oracle, and EU-US Data Privacy Framework (EU-US DPF), EU- It complies with US DPF extensions and Switzerland-US data privacy frameworks (Switzerland-US DPF) (collective term "DPF"), EEA, UK (and Gibraltar), or from Switzerland If the customer and Oracle have agreed to relocate and process the relocation of the information according to the DPF applied to the related services. Later, Oracle shall be responsible for a third party who acts as a su b-processor on behalf of the Company. Oracle is responsible for DPF principles unless the su b-processor is treated in a way that is contrary to the DPF principles, unless he prove that Oracle is not responsible for the damages. And
- Oracle complies with DPF principles regarding the European Union, the UK (and Gibraltar), and/ or the personal service information (as described above), which is specified by the related contracts. Is proven to the US Ministry of Commerce. If there is a contradiction between the provisions of the Service Privacy Policy and the DPF principles, the DPF principle is applied. See the Data Privacy Framework website for details of the DPF program and the certification of Oracle.
- See the Data Privacy Framework website or a list of US entrepreneurs that is subject to Oracle's DPF sel f-certification. For personal service information received or relocated according to the DPF, Federal Trade Commission (Federal Transaction Committee) has jurisdiction over Oracle's DPF.
- To the extent provided in your order for the Services, you may, at your own expense, audit Oracle's compliance with the terms of this Services Privacy Policy by sending a written request with a detailed audit plan to Oracle at least six weeks prior to the proposed audit date. You and Oracle will work together to agree on a final audit plan.
- The audit will be conducted during normal business hours, in accordance with Oracle's on-site policies and regulations, not more than once every twelve months, and will not unreasonably disrupt business operations. If you wish to use a third party to conduct the audit, the third-party auditor must be mutually agreed upon by the parties and the third-party auditor must enter into a written confidentiality agreement acceptable to Oracle. After completion of the audit, you will provide Oracle with a copy of the audit report that is designated as confidential under the terms of your agreement with Oracle.
Oracle will contribute to these audits by providing you with the information and assistance reasonably necessary to conduct the audit, including relevant records of processing activities applicable to the Services. If the requested audit scope has been addressed in a SOC 1 or SOC 2, ISO, NIST, PCI DSS, HIPAA, or similar audit report issued by a qualified third-party auditor within the past 12 months, and Oracle provides Customer with this report confirming that there are no known material changes to the audited controls, Customer agrees to accept the findings presented in the third-party audit report in lieu of requesting an audit of the same controls covered by the report. Orders for Services may contain additional audit terms.
Except as otherwise set forth in a Services Order or required by law, upon termination of Services, Oracle will return or delete any remaining copies of Customer's production Customer Data, including personal service information, residing in Oracle Services systems or environments. Additional information regarding data deletion capabilities is provided in the applicable Services description.
Oracle Corporation and its related companies are responsible for handling personal information that may be included in system operation data according to this policy section II and III. See the list of the Oracle entity. If you select the region and the country, the registration address and contact information of the Oracle entity or entity located in each country will be displayed.
We may collect or create system operation data for the following purposes:
(a) To maintain the safety of our services, such as security monitoring and ID management;
III. COMMUNICATIONS AND NOTIFICATIONS TO CUSTOMERS AND USERS
1. Legal requirements.
(b) Investigating and preventing potential fraud or illegal acts involved in our systems and networks, including the prevention of cyber attacks and the detection of robots.
(C) To manage disaster recovery Continsie plan and policy.
2. Global Data Protection Officer
d) To confirm the license and other usage conditions (licensed monitoring).
e) For research and development purposes including analysis, development, improvement, and optimization of our services.
F) F) Complying on the applied laws and regulations, M & Amp; A, financial and accounting, filing and insurance, law and business advice, and the framework of dispute resolution, and disclosure, disclosure, and disclosure. Alternatively, operate our business, including the request of other legal procedures.
For personal information included in the system operation data collected within the EU area, our legitimate interests are to execute, maintain, ensure our products and services, and operate the business in an efficient and appropriate way. It is a legal basis for processing the information. Personal information may be processed based on our legitimate interests to comply with legal obligations or legal obligations.
The personal information included in the Systems Operations Data may be shared throughout the global organization of Oracle. The list of Oracle's entry is as described above.
In addition, we may share this personal information with the following third parties:
When a thir d-party service provider (IT service provider, lawyer, auditor, etc.) perform business functions on behalf of Oracle.
3. Filing a complaint
Related third parties in the case where Oracle's business, assets, or shares of all or partially or partially or partially reorganizes, selling, joint venture, transfer, relocation, or other disposal (including bankruptcy or similar procedures) ;
If the law is obliged by law, such as a summoning or other legal procedure, to protect the company's rights, to protect the safety or security of others, to investigate the wrongdoing, or////. Alternatively, if we believe in sincerity that disclosure is needed to meet the request of public organizations and government authorities other than the residence for the purpose of the law enforcement.
4. Changes to this Services Privacy Policy
If a third party can access personal information included in the system operation data, for example, in order to guarantee that personal information will be treated only as needed in accordance with this privacy policy, in accordance with the application method. We will take appropriate measures in the organization, technically, and organizational measures.