Notice of Self-Certification Under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework
Effective Date: October 25, 2021
Fastly, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Fastly is committed to subjecting all personal information received from European Union (“EU”) member countries, the United Kingdom and Switzerland, respectively, in reliance on each applicable Privacy Shield Framework to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.
Scope
Although the EU-US. Privacy Shield Framework has been ruled invalid, Fastly adheres to the Framework’s Principles with respect to personal information we receive from individuals or companies in the EU, the United Kingdom and Switzerland. Fastly is (a) an Internet intermediary and provider of edge cloud services that processes network requests according to standard protocols; (b) a provider of edge computing; and, (c) a provider of network security services (our “Services”) that permit subscribers to electronically submit (or cause to be submitted) data to the Services for associated processing. As the subscribers (or in some cases their end users) control the data to be processed, Fastly’s network, platform and services may be used as a conduit for information. As the Principles do not impose secondary liability, to the extent Fastly, on behalf of its subscriber, merely transmits, routes, switches or caches data, Fastly may rely on its subscribers to comply with legal requirements underlying the Principles with respect to such processing.
Types of personal information collected and data processed
Fastly processes data on behalf of our subscribers, which may include personal information, in accordance with our agreements with our subscribers and for the purpose of providing the Services. Fastly acts as a data processor with respect to data submitted to our Services. Fastly neither controls nor owns what our subscribers and their internet clients submit to the Services. Fastly also collects, uses and discloses personal information of individuals who visit our websites and applications (“Visitors”) and individual representatives of our subscribers, suppliers and business partners (“Business Contacts”). Personal information associated with Visitors and Business Contacts is collected, stored and processed in accordance with Fastly’s Privacy Policy.
We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.
Purposes of data processing
As a data processor, Fastly collects, caches, transmits, discloses and processes data submitted to our Services, which may include personal information about EU personnel received from its subscribers and their users, at the direction of its subscribers in accordance with our agreements. Fastly may access or process your data to provide the Services, to prevent or address technical or service problems, to follow the instructions of our customer who submitted the data, or in response to contractual or legal requirements. Fastly will not access personal information contained in the data submitted to the Services. Fastly may share personal information with its subsidiaries, contractors, or third parties if Fastly undergoes a business transaction, such as a merger, acquisition by another company or sale of all or a portion of its assets.
Type of third parties to which we disclose personal information
Fastly is responsible for the processing of personal information it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Fastly complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, the United Kingdom and Switzerland, including the onward transfer liability provisions.
Fastly may use from time to time third-party service providers, contractors and subprocessors to assist in providing the Services on our behalf. Fastly maintains contracts with these third parties restricting their access, use and disclosure of personal information in compliance with our Privacy Shield obligations, and Fastly may be liable if we fail to meet those obligations and we are responsible for the event giving rise to the damage.
Requirement to disclose
Fastly may be required in certain circumstances to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Right to access and to limit use
EU, United Kingdom and Swiss individuals have rights to access personal information about them, and to limit use and disclosure of their personal information, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in question, or where the rights of others would be violated. With our Privacy Shield certification, Fastly has committed to respect those rights. Because Fastly personnel have limited ability to access data our subscribers submit to our services, if you wish to request, access, to limit use, or to limit disclosure, please provide the name of the Fastly subscriber who submitted your data to our services. We will refer your request to that subscriber, and will support them as needed in responding to your request.
Enforcement
With respect to personal Information received or transferred pursuant to the Privacy Shield Framework, Fastly is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Inquiries and complaints
Inquiries and complaints relating to Fastly’s treatment of personal information and its compliance with the Principles may be directed to:
abuse@fastly.com
Or
Fastly, Inc. Attention:General Counsel
475 Brannan St., Suite 300
San Francisco, CA 94107
Fastly will respond to your inquiry or complaint within 45 days. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our designated U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Arbitration
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Other Covered Entities
Fastly’s U.S. Entities or Subsidiaries Adhering to the Privacy Shield Principles:
Fastly, Inc.
Signal Sciences, LLC (f/k/a Signal Sciences Corp.)