Last Updated: October 15, 2019
At Snowflake, data is our business. We understand that the security, privacy, integrity and availability of your data are your top priorities. They are ours as well. In today’s online, interconnected world, data increasingly includes personal information about an ever-growing number of individuals. Governments around the world are introducing laws to protect individuals’ personal information. At Snowflake, we comply with all privacy laws applicable to our service and monitor emerging legislation to ensure our ongoing compliance as we continually upgrade our data protection program and controls.
We also designed, developed and deployed the Snowflake service so that customers can use it in compliance with data privacy laws. With Snowflake, you can focus on being a data-driven company and unlocking value from your data while being assured our service enables you to comply with data privacy laws.
Beginning January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) governs how businesses process the personal information of California residents. It is intended to strengthen the privacy rights of individuals and includes requirements regarding the collection, use, disclosure, and “sale” of personal information.
Applicability
The CCPA applies to any for-profit entity doing business in California that collects and controls the processing of a California residents’ personal information and meets any of the following three thresholds:
• Has annual gross revenue exceeding $25 million;
• Obtains the personal information of 50,000 or more California residents, households, or devices annually, or;
• Derives 50% or more annual revenue from selling California residents’ personal information.
Rights Regarding Personal Information
The CCPA also gives California residents certain rights over their personal information, including the rights to:
• Know what personal information has been collected about them over the last 12 months, the sources from which it has been collected, and how it has been used;
• Know whether their personal information has been sold to or shared with other parties and the identities of those third parties;
• Access and/or delete their personal information;
• Opt-out of the sale of their personal information, and;
• Equal service and price, even if an individual has exercised their privacy rights under the CCPA.
Snowflake’s Compliance as a Business
Snowflake has implemented a comprehensive CCPA compliance program governing how it collects, uses and discloses personal information of California residents for its own business operations. Snowflake does not sell personal information to third parties. For more information about how we process personal information under the CCPA, see the CCPA Section of Snowflake’s Privacy Notice.
Snowflake’s Compliance as a Service Provider
For our customers who collect personal information from California residents, Snowflake acts as a “service provider” under the CCPA. This means that Snowflake only processes the customer data that our customers load onto our service, including any personal information of California residents, for the limited purpose of providing the Snowflake service. Snowflake’s Data Processing Addendum expressly commits that Snowflake shall only process customer data as a service provider as that term is defined within the CCPA.
While many aspects of CCPA compliance depend on your particular data and practices, you can rest assured that your relationship with Snowflake is CCPA compliant.