Domo commits to adhere to the EU-U.S. Privacy Shield Framework by adopting and implementing the EU-U.S. Privacy Shield Principles, which include a set of Supplemental Principles. Domo also commits to adhere to the Swiss-U.S. Privacy Shield Framework by adopting and implementing the Swiss Privacy Shield Principles. We will refer to the EU-U.S. and Swiss Privacy Shield Principles collectively as the “Principles.” Our certification can be found at www.privacyshield.gov/list.
1. How we obtain Personal Information
We obtain and process Personal Information in different capacities.
- As a data controller, we collect and process EEA and Swiss Personal Information directly from individuals, either via our publicly available websites, including www.domo.com, or in connection with our customer, partner, and vendor relationships.
- As a data processor, we process and store EEA and Swiss Personal Information obtained from our customers when providing the Domo Business Cloud and related services (“Services”). In that context, we only process Personal Information on behalf of and at the instructions of our customers, which are the data controllers.
Domo commits to subjecting to the Principles all Personal Information received from the EEA and Switzerland in reliance on the Privacy Shield (which includes both types of activities).
When using our Services, customers determine the categories of data they upload into our systems and the purposes for which the data is processed. Accordingly, customers are responsible for providing notice to the individuals from whom they have collected Personal Information.
3. Data Integrity and Purpose Limitation
When we process Personal Information in the context of our Services, we process and retain Personal Information only as necessary to provide our Services, or as required or permitted under applicable law.
4. Data Disclosures
In case of disclosure to an agent, we remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to that agent if it processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the inconsistent processing.
When we process Personal Information in the context of our Services, we disclose Personal Information as necessary to provide the Services and as authorized in our agreements with customers.
5. Data Security
We use reasonable and appropriate measures to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
6. Choice and Access
Where appropriate, Domo provides you with access to the Personal Information that we maintain about you and the ability to correct, amend or delete that information when it is inaccurate or has been processed in violation of the Principles by sending a written request as indicated in “Contact Information” below. We will review your request in accordance with the Principles, and may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles.
If we intend to use your Personal Information for a purpose that is materially different from the purposes listed in this policy or if we intend to disclose it to a third party acting as a controller not previously identified, we will offer you the opportunity to opt-out of such uses and disclosures where it involves non-sensitive information or opt-in where sensitive information is involved.
When we process Personal Information in the context of our Services, we only process and disclose the data as necessary to provide the Services. Our customers control how the information they upload to the Services is disclosed and used, and how it can be modified. Accordingly, if you wish to request access, to limit use, or to limit disclosure of Personal Information uploaded to the Services by our customer, please contact the customer who submitted your data to our Services. If you provide us with the name of our customer that is processing your Personal Information, we will refer your request to that customer, and will support the customer as needed in responding to your request.
7. Recourse and Enforcement
If you have any questions or concerns, we encourage you to write to us as indicated below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles. If an issue cannot be resolved our internal dispute resolution mechanism, individuals may contact or submit a complaint, at no cost, to the JAMS EU-U.S. Privacy Shield Program, which is based in the United States and which serves as our third-party alternative dispute resolution provider. We will cooperate with JAMS pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at http://www.jamsadr.com. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles.
Domo is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
9. Contact Information
If you have any questions, concerns or complaint regarding our privacy practices, or if you’d like to exercise your choices or rights, contact us via
- – E-mail at firstname.lastname@example.org; or
- – Mail at Domo, Inc., ATTN: Privacy Officer, 772 East Utah Valley Drive, American Fork, UT 84003