IBM Data Privacy Framework Policy for Certified IBM Cloud Services
This Policy is effective as of 18 April 2024.
IBM Privacy Statement
Privacy Page Leadspace 2800x1400

Policy

This IBM Data Privacy Framework Policy for Certified IBM Cloud Services (Policy) applies to certain designated IBM Infrastructure-as-a-Service, Platform-as-a-Service, Software-as-a-Service, and other hosted offerings that are Data Privacy Framework certified (Data Privacy Framework-Certified Cloud Services). A list of these offerings is provided in the Data Privacy Framework-Certified Cloud Services section. If an offering is not on this list, it is not covered by this Policy.

As the Data Privacy Framework applies to personal information that is transferred to the United States from those countries whose data protection laws recognize the Data Privacy Framework as a valid mechanism for such cross-border transfers, this Policy only applies to:

  1. Such personal information that is hosted in the United States through Data Privacy Framework-Certified Cloud Services; and
  2. Select offerings when the data is hosted outside the United States, but the Cloud Service processing is temporarily directed to a United States data center to enable continued availability and resiliency.

This Policy does not otherwise apply when clients choose to have their offering content hosted in other countries.

IBM’s Data Privacy Framework-Certified Cloud Services process content (which can include the personal information of individual users) on behalf of enterprise clients. In this scenario, IBM can direct inquiries from individual users to the enterprise client that oversees the use of their personal information.

IBM complies with the Principles of the (i) EU-US Data Privacy Framework, (ii) the UK Extension to the EU-US Data Privacy Framework, and (iii) the Swiss-US Data Privacy Framework (hereinafter collectively referred to as the Data Privacy Framework), as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information that is transferred to the United States from those countries whose data protection laws recognize the Data Privacy Framework as a valid mechanism for such cross-border transfers. IBM has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles with respect to such information. If there is any conflict between the terms in this Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles govern.

All personal information that is received from those countries whose data protection laws recognize the Data Privacy Framework as a valid mechanism for such cross-border transfers in connection with Data Privacy Framework-Certified Cloud Services is subject to the Data Privacy Framework Principles, which applies to all IBM affiliates that process personal information associated with Data Privacy Framework-Certified Cloud Services.

For more information about the Data Privacy Framework Program, or to view the certification applicable to certain IBM Cloud Services, see the Data Privacy Framework (DPF) Program.

Personal Information: Types and Purpose for Use

The types of personal information that Data Privacy Framework-Certified Cloud Services collect varies based on the type and nature of each offering and is described in its offering documentation or as otherwise provided by IBM. For more information, see IBM Terms. IBM uses such personal information as needed to deliver the Cloud Service, along with additional purposes that can be described in the corresponding Transactional Document (TD) or Attachment.

Use of Subprocessors

IBM can use processors and subprocessors (including personnel and resources) in locations worldwide to deliver the Cloud Services. A list of subprocessors is available upon request. If IBM subcontracts the performance of any of the Cloud Services pursuant to any Attachment or TD, IBM is liable to the client for the acts and omissions of IBM subcontractors as if they were the acts or omissions of IBM under the agreement governing the Cloud Services (subject to the limits and exclusions of liability).

Regulatory Authority and Disclosures

IBM is subject to investigatory and enforcement powers of the Federal Trade Commission in the United States in connection with its Data Privacy Framework program. IBM might also be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Additional Information for End Users

If users have any questions or complaints concerning IBM’s processing of personal information on behalf of an IBM enterprise client, they can contact the enterprise client directly, or by using the Contact IBM Privacy webform. Users who want to access the personal information that IBM hosts on behalf of an enterprise client, or to make choices concerning their information, must contact the enterprise client directly.

Dispute Resolution

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, contact our US-based third-party dispute resolution provider (free of charge) by using the TRUSTe Feedback and Resolution System. In addition, and as described in the Data Privacy Framework Principles, you also have the option of invoking binding arbitration after other dispute resolution procedures have been exhausted.

Account Data

Account data, for example all information about IBM’s clients or their users that is provided to or collected by IBM (including through tracking and other technologies, such as cookies), is covered by the IBM Privacy Statement.  

Data Privacy Framework-Certified Cloud Services

  • Enterprise Video Streaming
  • IBM AIOps Insights
  • IBM Analytics Engine (Also known as “IBM Analytics Engine -Serverless Spark”)
  • IBM API Connect for IBM Cloud
  • IBM App Connect Enterprise as a Service
  • IBM App Connect Professional on Cloud
  • IBM Aspera on Cloud
  • IBM Blueworks Live
  • IBM Business Automation Content Analyzer on Cloud (BACAoC)
  • IBM Business Automation Content Services on Cloud
  • IBM Business Automation Workflow on Cloud
  • IBM Business Process Manager Hybrid Entitlement
  • IBM Business Process Manager on Cloud
  • IBM Business Process Manager on Cloud Express
  • IBM Cloud Activity Tracker event routing
  • IBM Cloud App Configuration
  • IBM Cloud App ID
  • IBM Cloud Backup for VPC
  • IBM Cloud Bare Metal Servers for VPC
  • IBM Cloud Block Storage for Virtual Private Cloud (also known as “IBM Cloud Block Storage for VPC”)
  • IBM Cloud Block Storage Snapshots for VPC
  • IBM Cloud Code Engine
  • IBM Cloud Container Registry
  • IBM Cloud Continuous Delivery
  • IBM Cloud Data Engine (formerly known as "IBM Cloud SQL Query")
  • IBM Cloud Databases for DataStax
  • IBM Cloud Databases for Elasticsearch
  • IBM Cloud Databases for EnterpriseDB
  • IBM Cloud Databases for etcd
  • IBM Cloud Databases for MongoDB
  • IBM Cloud Databases for MySQL
  • IBM Cloud Databases for PostgreSQL
  • IBM Cloud Databases for Redis
  • IBM Cloud DNS Services (dns-svcs)
  • IBM Cloud Event Notifications
  • IBM Cloud File Storage for Virtual Private Cloud
  • IBM Cloud Flow Logs for VPC
  • IBM Cloud for VMware as a Service
  • IBM Cloud for VMware Solutions Shared
  • IBM Cloud for VMware Solutions
    • IBM Cloud for VMware Solutions specifically includes:
    • VMWare vSphere
    • VMware vCenter Server
    • VMWare Regulated Workloads
    • Cyber Recovery
    • Caveonix RiskForesight
    • FortiGate Virtual Appliance
    • KMIP for VMware
    • Juniper vSRX
    • F5 BIG-IP
    • HCX
    • Veeam
    • Primary IO Migrations
    • Zerto
    • Managed Disaster Recovery Service by Kyndryl
    • Dizzion
    • IBM Security Services for SAP
    • Red Hat OpenShift for VMWare
    • VMWare Aria Operations and
    • VMWare Aria Operations for Logs Enterprise Edition
  • IBM Cloud Functions
  • IBM Cloud Hyper Protect Crypto Services
  • IBM Cloud Hyper Protect Virtual Servers
  • IBM Cloud Infrastructure Services
    • IBM Cloud Infrastructure Services specifically includes:
    • IBM Cloud Bare Metal
    • IBM Cloud Virtual Servers
    • IBM Cloud Block Storage
    • IBM Cloud File Storage
    • IBM Content Delivery Network
    • IPSecVPN
    • IBM Cloud Load Balancer
  • IBM Cloud Internet Services
  • IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud
  • IBM Cloud Messages for RabbitMQ
  • IBM Cloud Metrics Routing
  • IBM Cloud Object Storage
  • IBM Cloud Object Storage (IaaS)
  • IBM Cloud Pak for Business Automation as a Service (formerly known as IBM Digital Business Automation on Cloud)
  • IBM Cloud Platform - Core Services (formerly known as “IBM Cloud Platform - Public”)
  • IBM Cloud Satellite
  • IBM Cloud Schematics
  • IBM Cloud Secrets Manager
  • IBM Cloud Security and Compliance Center
  • IBM Cloud Virtual Private Cloud (Gen2)
  • IBM Cloud Virtual Private Endpoint for VPC
  • IBM Cloud Virtual Server for VPC (Gen2)
  • IBM Cloudant Dedicated Cluster
  • IBM Cloudant for IBM Cloud
  • IBM Cognos Analytics on Cloud Hosted
  • IBM Cognos Analytics on Cloud
  • IBM Cognos Controller on Cloud
  • IBM Cognos Dashboard Embedded
  • IBM Comprehend Services
  • IBM Content Manager OnDemand on Cloud
  • IBM Datacap on Cloud
  • IBM DataStage
  • IBM Db2 on Cloud Paygo
  • IBM Db2 Warehouse on Cloud for AWS
  • IBM Db2 Warehouse on Cloud on IBM Cloud
  • IBM Db2 Warehouse on Cloud Paygo
  • IBM Document Conversion Service
  • IBM Engineering Lifecycle Management Base SaaS (previously known as “IBM Collaborative Lifecycle Management on Cloud”)
    • IBM Engineering Lifecycle Management Base SaaS specifically includes:
    • IBM Engineering Requirements Management DOORS Next SaaS (previously known as “IBM DOORS Next Generation on Cloud”)
    • IBM Engineering Test Management SaaS (previously known as “IBM Rational Quality Manager on Cloud”)
    • IBM Engineering Workflow Management SaaS (previously known as “IBM Team Concert on Cloud”)"
  • IBM Engineering Lifecycle Management Extended SaaS (previously known as “IBM IoT Continuous Engineering on Cloud”)
    • IBM Engineering Lifecycle Management Extended SaaS specifically includes:
    • IBM Engineering Requirements Management DOORS Next SaaS (previously known as “IBM DOORS Next Generation on Cloud”)
    • IBM Engineering Test Management SaaS (previously known as “IBM Rational Quality Manager on Cloud”)
    • IBM Engineering Workflow Management SaaS (previously known as “IBM Team Concert on Cloud”)
    • IBM Engineering Lifecycle Optimization – Engineering Insights SaaS (previously known as “IBM Engineering Lifecycle Manager on Cloud”)
    • IBM Engineering Systems Design Rhapsody – Model Manager SaaS (previously known as “IBM Rhapsody Design Manager on Cloud”)
  • IBM Event Streams for IBM Cloud (Enterprise)
  • IBM Event Streams for IBM Cloud (Standard)
  • IBM Facilities and Real Estate Management on Cloud (TRIRIGA)
  • IBM Hybrid Cloud Mesh
  • IBM ILOG CPLEX Optimization Studio Subscription
  • IBM Informix on Cloud
  • IBM IoT Connected Vehicle Insights (also known as “IBM IoT for Automotive”)
  • IBM Key Protect for IBM Cloud
  • IBM Knowledge Catalog (formerly known as “IBM Watson Knowledge Catalog Paygo”)
  • IBM MaaS360
    • IBM MaaS360 specifically includes:
    • IBM MaaS360 Content Service (SaaS)
    • IBM MaaS360 Content Suite (SaaS)
    • IBM MaaS360 Deluxe Suite (SaaS)
    • IBM MaaS360 Email Management (SaaS)
    • IBM MaaS360 Enterprise Suite (SaaS)
    • IBM MaaS360 Essentials Suite (SaaS)
    • IBM MaaS360 Gateway Suite (SaaS)
    • IBM MaaS360 Laptop Location (SaaS)
    • IBM MaaS360 Laptop Management (SaaS)
    • IBM MaaS360 Laptop Security and Compliance (SaaS)
    • IBM MaaS360 Management Suite (SaaS)
    • IBM MaaS360 Mobile Application Management (SaaS)
    • IBM MaaS360 Mobile Application Security (SaaS)
    • IBM MaaS360 Mobile Content Management (SaaS)
    • IBM MaaS360 Mobile Device Management (SaaS)
    • IBM MaaS360 Mobile Expense Management (SaaS)
    • IBM MaaS360 Mobile Threat Management (SaaS)
    • IBM MaaS360 Premier Suite (SaaS)
    • IBM MaaS360 Productivity Suite (SaaS)
    • IBM MaaS360 Professional (SaaS)
    • IBM MaaS360 Secure Mobile Browser (SaaS)
    • IBM MaaS360 Secure Mobile Mail (SaaS)
    • IBM MaaS360 VPN (SaaS)
  • IBM Master Data Management on Cloud
  • IBM Master Data Management on Cloud Managed Service
  • IBM Maximo Application Suite as a Service
  • IBM Maximo Application Suite Dedicated (also known as "IBM Maximo Application Suite Managed Service")
  • IBM Maximo EAM SaaS Flex [formerly known as "IBM Enterprise Asset Management on Cloud (Maximo)"]
  • IBM Maximo MRO Inventory Optimization
  • IBM MQ on Cloud (pre-pay)
  • IBM MQ on IBM Cloud (pay-as-you-go)
  • IBM MRO Inventory Optimization
  • IBM Netezza Performance Server for IBM Cloud Pak for Data as a Service on AWS
  • IBM Netezza Performance Server for IBM Cloud Pak for Data as a Service on Azure
  • IBM OpenPages as a Service
  • IBM OpenPages with Watson on Cloud (formerly known as “OpenPages GRC on Cloud”)
  • IBM Operational Decision Manager on Cloud
  • IBM Order Management (also known as “IBM Sterling Order Management”)
    • IBM Order Management specifically includes:
    • IBM Sterling Order Management
    • IBM Pricing Add-On
    • IBM Store Engagement Add-On
    • IBM Call Center Add-On
  • IBM Planning Analytics Cloud (formerly known as "IBM Planning Analytics")
  • IBM Process Mining as a Service
  • IBM QRadar on Cloud (also known as IBM Security QRadar on Cloud)
  • IBM Robotic Process Automation as a Service
  • IBM SaaS Connect (formerly known as “IBM Integration Services-Standard”)
  • IBM Security Verify (formerly known as "IBM Cloud Identity Connect" or "IBM Cloud Identity")
  • IBM SPSS Statistics Subscription
  • IBM Sterling B2B Integration SaaS (also known as IBM Supply Chain Business Network Standard and Premium Editions)
    • IBM Sterling B2B Integration SaaS specifically includes:
    • Sterling B2B Integration Value-Added Network
    • Essential Edition
    • Standard Edition
    • Premium Edition
  • IBM Sterling B2B Services – File Transfer Service
  • IBM Sterling Fulfillment Optimizer with Watson
  • IBM Storage Insights (also known as "IBM Storage Insights Multi-tenant")
  • IBM Supply Chain Intelligence Suite
  • IBM Support Insights
  • IBM TRIRIGA Application Suite Managed Service
  • IBM TRIRIGA Building Insights
  • IBM Trusteer Mobile SDK
  • IBM Trusteer Pinpoint Assure
  • IBM Trusteer Pinpoint
    • IBM Trusteer Pinpoint specifically includes: 
    • IBM Trusteer Pinpoint Detect
    • IBM Trusteer Pinpoint Criminal Detection
    • IBM Trusteer Pinpoint Malware Detection
  • IBM Trusteer Rapport (also known as "IBM Security Trusteer Rapport")
  • IBM Video Streaming
  • IBM Watson Assistant
  • IBM Watson Discovery
  • IBM Watson IoT Platform
  • IBM Watson Knowledge Studio
  • IBM Watson Language Translator
  • IBM Watson Machine Learning (Also known as "IBM Watson Machine Learning (SQO)")
  • IBM Watson Machine Learning Service (Also known as "Watson ML")
  • IBM Watson Natural Language Understanding
  • IBM Watson OpenScale
  • IBM Watson Speech to Text Service
  • IBM Watson Studio (Also known as "IBM Watson Studio Enterprise")
  • IBM Watson Studio Paygo (Also known as “IBM Watson Studio Paygo (Bluemix)”)
  • IBM Watson Text to Speech Service
  • IBM watsonx.data as a Service (on IBM Cloud)
  • IBM watsonx Orchestrate
  • IBM X-Force
    • IBM X-Force specifically includes:
    • IBM X-Force Exchange
    • IBM X-Force Threat Intelligence
  • Watson Query (formerly known as "Data Virtualization")