This IBM Data Privacy Framework Policy for Certified IBM Cloud Services (Policy) applies to certain designated IBM Infrastructure-as-a-Service, Platform-as-a-Service, Software-as-a-Service, and other hosted offerings that are Data Privacy Framework certified (Data Privacy Framework-Certified Cloud Services). A list of these offerings is provided in the Data Privacy Framework-Certified Cloud Services section. If an offering is not on this list, it is not covered by this Policy.

As the Data Privacy Framework applies to personal information that is transferred to the United States from those countries whose data protection laws recognize the Data Privacy Framework as a valid mechanism for such cross-border transfers, this Policy only applies to:

1. Such personal information that is hosted in the United States through Data Privacy Framework-Certified Cloud Services; and
2. Select offerings when the data is hosted outside the United States, but the Cloud Service processing is temporarily directed to a United States data center to enable continued availability and resiliency.

This Policy does not otherwise apply when clients choose to have their offering content hosted in other countries.

IBM’s Data Privacy Framework-Certified Cloud Services process content (which can include the personal information of individual users) on behalf of enterprise clients. In this scenario, IBM can direct inquiries from individual users to the enterprise client that oversees the use of their personal information.

IBM complies with the Principles of the (i) EU-US Data Privacy Framework, (ii) the UK Extension to the EU-US Data Privacy Framework, and (iii) the Swiss-US Data Privacy Framework (hereinafter collectively referred to as the Data Privacy Framework), as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information that is transferred to the United States from those countries whose data protection laws recognize the Data Privacy Framework as a valid mechanism for such cross-border transfers. IBM has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles with respect to such information. If there is any conflict between the terms in this Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles govern.

All personal information that is received from those countries whose data protection laws recognize the Data Privacy Framework as a valid mechanism for such cross-border transfers in connection with Data Privacy Framework-Certified Cloud Services is subject to the Data Privacy Framework Principles, which applies to all IBM affiliates that process personal information associated with Data Privacy Framework-Certified Cloud Services.

For more information about the Data Privacy Framework Program, or to view the certification applicable to certain IBM Cloud Services, see the Data Privacy Framework (DPF) Program.

The types of personal information that Data Privacy Framework-Certified Cloud Services collect varies based on the type and nature of each offering and is described in its offering documentation or as otherwise provided by IBM. For more information, see IBM Terms. IBM uses such personal information as needed to deliver the Cloud Service, along with additional purposes that can be described in the corresponding Transactional Document (TD) or Attachment.

IBM can use processors and subprocessors (including personnel and resources) in locations worldwide to deliver the Cloud Services. A list of subprocessors is available upon request. If IBM subcontracts the performance of any of the Cloud Services pursuant to any Attachment or TD, IBM is liable to the client for the acts and omissions of IBM subcontractors as if they were the acts or omissions of IBM under the agreement governing the Cloud Services (subject to the limits and exclusions of liability).

IBM is subject to investigatory and enforcement powers of the Federal Trade Commission in the United States in connection with its Data Privacy Framework program. IBM might also be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If users have any questions or complaints concerning IBM’s processing of personal information on behalf of an IBM enterprise client, they can contact the enterprise client directly, or by using the Contact IBM Privacy webform. Users who want to access the personal information that IBM hosts on behalf of an enterprise client, or to make choices concerning their information, must contact the enterprise client directly.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, contact our US-based third-party dispute resolution provider (free of charge) by using the TRUSTe Feedback and Resolution System. In addition, and as described in the Data Privacy Framework Principles, you also have the option of invoking binding arbitration after other dispute resolution procedures have been exhausted.

Account data, for example all information about IBM’s clients or their users that is provided to or collected by IBM (including through tracking and other technologies, such as cookies), is covered by the IBM Privacy Statement.  

• Enterprise Video Streaming
• IBM Analytics Engine (Also known as “IBM Analytics Engine -Serverless Spark”)
• IBM API Connect for IBM Cloud
• IBM App Connect Enterprise as a Service
• IBM App Connect Professional on Cloud
• IBM Aspera on Cloud
• IBM Blueworks Live
• IBM Business Automation Content Analyzer on Cloud (BACAoC)
• IBM Business Automation Content Services on Cloud
• IBM Business Automation Workflow on Cloud
• IBM Business Process Manager Hybrid Entitlement
• IBM Business Process Manager on Cloud
• IBM Business Process Manager on Cloud Express
• IBM Cloud Activity Tracker event routing
• IBM Cloud App Configuration
• IBM Cloud App ID
• IBM Cloud Backup for VPC
• IBM Cloud Bare Metal Servers for VPC
• IBM Cloud Block Storage for Virtual Private Cloud (also known as “IBM Cloud Block Storage for VPC”)
• IBM Cloud Block Storage Snapshots for VPC
• IBM Cloud Code Engine
• IBM Cloud Container Registry
• IBM Cloud Continuous Delivery
• IBM Cloud Data Engine (formerly known as "IBM Cloud SQL Query")
• IBM Cloud Databases for Elasticsearch
• IBM Cloud Databases for EnterpriseDB
• IBM Cloud Databases for etcd
• IBM Cloud Databases for MongoDB
• IBM Cloud Databases for MySQL
• IBM Cloud Databases for PostgreSQL
• IBM Cloud Databases for Redis
• IBM Cloud DNS Services (dns-svcs)
• IBM Cloud Event Notifications
• IBM Cloud File Storage for Virtual Private Cloud
• IBM Cloud Flow Logs for VPC
• IBM Cloud for VMware Cloud Foundation as a Service (also known as "IBM Cloud for VMware as a Service")
• IBM Cloud for VMware Solutions Shared
• IBM Cloud for VMware Solutions
  • This offering specifically includes:
  • VMWare vSphere
  • VMware vCenter Server
  • VMWare Regulated Workloads
  • Cyber Recovery
  • Caveonix RiskForesight
  • FortiGate Virtual Appliance
  • KMIP for VMware
  • Juniper vSRX
  • F5 BIG-IP
  • HCX
  • Veeam
  • Primary IO Migrations
  • Zerto
  • Managed Disaster Recovery Service by Kyndryl
  • Dizzion
  • IBM Security Services for SAP
  • Red Hat OpenShift for VMWare
  • VMWare Aria Operations
  • VMWare Aria Operations for Logs Enterprise Edition
• IBM Cloud Functions
• IBM Cloud Hyper Protect Crypto Services
• IBM Cloud Hyper Protect Virtual Servers
• IBM Cloud Infrastructure Services
  • This offering specifically includes:
  • IBM Cloud Bare Metal
  • IBM Cloud Virtual Servers
  • IBM Cloud Block Storage
  • IBM Cloud File Storage
  • IBM Content Delivery Network
  • IPSec VPN
  • IBM Cloud Load Balancer
• IBM Cloud Internet Services
• IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud
• IBM Cloud Messages for RabbitMQ
• IBM Cloud Metrics Routing
• IBM Cloud Object Storage
• IBM Cloud Object Storage (IaaS)
• IBM Cloud Pak for Business Automation as a Service (formerly known as “IBM Digital Business Automation on Cloud”)
• IBM Cloud Platform - Core Services (formerly known as "IBM Cloud Platform - Public")
• IBM Cloud Satellite
• IBM Cloud Schematics
• IBM Cloud Secrets Manager
• IBM Cloud Security and Compliance Center
• IBM Cloud Virtual Private Cloud (Gen2) 
• IBM Cloud Virtual Private Endpoint for VPC
• IBM Cloud Virtual Servers for VPC (Gen2)
• IBM Cloudant Dedicated Cluster
• IBM Cloudant for IBM Cloud
• IBM Cognos Analytics on Cloud
• IBM Cognos Analytics on Cloud Hosted
• IBM Cognos Controller on Cloud
• IBM Comprehend Services
• IBM Content Manager OnDemand on Cloud
• IBM Datacap on Cloud
• IBM DataStage
• IBM Db2 on Cloud Paygo
• IBM Db2 Warehouse on Cloud for AWS 
• IBM Db2 Warehouse on Cloud on IBM Cloud
• IBM Db2 Warehouse on Cloud Paygo
• IBM Engineering Lifecycle Management Base SaaS (previously known as "IBM Collaborative Lifecycle Management on Cloud") 
  • This offering specifically includes:
  • IBM Engineering Requirements Management DOORS Next SaaS (previously known as “IBM DOORS Next Generation on Cloud”)
  • IBM Engineering Test Management SaaS (previously known as “IBM Rational Quality Manager on Cloud”)
  • IBM Engineering Workflow Management SaaS (previously known as “IBM Team Concert on Cloud”)
• IBM Engineering Lifecycle Management Extended SaaS (previously known as “IBM IoT Continuous Engineering on Cloud”)
  • This offering specifically includes:
  • IBM Engineering Requirements Management DOORS Next SaaS (previously known as “IBM DOORS Next Generation on Cloud”)
  • IBM Engineering Test Management SaaS (previously known as “IBM Rational Quality Manager on Cloud”)
  • IBM Engineering Workflow Management SaaS (previously known as “IBM Team Concert on Cloud”)
  • IBM Engineering Lifecycle Optimization – Engineering Insights SaaS (previously known as “IBM Engineering Lifecycle Manager on Cloud”)
  • IBM Engineering Systems Design Rhapsody – Model Manager SaaS (previously known as “IBM Rhapsody Design Manager on Cloud”)
• IBM Event Streams for IBM Cloud (Enterprise) 
• IBM Event Streams for IBM Cloud (Standard)
• IBM Facilities and Real Estate Management on Cloud (TRIRIGA)
• IBM Hybrid Cloud Mesh
• IBM ILOG CPLEX Optimization Studio Subscription
• IBM IoT Connected Vehicle Insights (also known as "IBM IoT for Automotive")
• IBM Key Protect for IBM Cloud
• IBM Knowledge Catalog (formerly known as "IBM Watson Knowledge Catalog Paygo")
• IBM MaaS360
  • This offering specifically includes:
  • IBM MaaS360 Content Service (SaaS)
  • IBM MaaS360 Content Suite (SaaS)
  • IBM MaaS360 Deluxe Suite (SaaS)
  • IBM MaaS360 Email Management (SaaS)
  • IBM MaaS360 Enterprise Suite (SaaS)
  • IBM MaaS360 Essentials Suite (SaaS)
  • IBM MaaS360 Gateway Suite (SaaS)
  • IBM MaaS360 Management Suite (SaaS)
  • IBM MaaS360 Mobile Application Management (SaaS)
  • IBM MaaS360 Mobile Application Security (SaaS)
  • IBM MaaS360 Mobile Content Management (SaaS)
  • IBM MaaS360 Mobile Device Management (SaaS)
  • IBM MaaS360 Mobile Expense Management (SaaS)
  • IBM MaaS360 Mobile Threat Management (SaaS)
  • IBM MaaS360 Premier Suite (SaaS)
  • IBM MaaS360 Productivity Suite (SaaS)
  • IBM MaaS360 Professional (SaaS)
  • IBM MaaS360 Secure Mobile Browser (SaaS)
  • IBM MaaS360 Secure Mobile Mail (SaaS)
  • IBM MaaS360 VPN (SaaS)
• IBM Master Data Management on Cloud
• IBM Master Data Management on Cloud Managed Service
• IBM Maximo Application Suite as a Service
• IBM Maximo Application Suite Dedicated (also known as "IBM Maximo Application Suite Managed Service")
• IBM Maximo EAM SaaS Flex
• IBM Maximo MRO Inventory Optimization
• IBM MQ on Cloud (pre-pay)
• IBM MQ on IBM Cloud (pay-as-you-go)
• IBM Netezza Performance Server for IBM Cloud Pak for Data as a Service on AWS
• IBM Netezza Performance Server for IBM Cloud Pak for Data as a Service on Azure
• IBM OpenPages as a Service
• IBM OpenPages with Watson on Cloud (also known as “IBM OpenPages on Cloud”)
• IBM Operational Decision Manager on Cloud
• IBM Order Management (also known as “IBM Sterling Order Management”)
  • This offering specifically includes:
  • IBM Sterling Order Management
  • IBM Pricing Add-On
  • IBM Store Engagement Add-On
  • IBM Call Center Add-On
• IBM Planning Analytics Cloud (formerly known as "IBM Planning Analytics")
• IBM Process Mining as a Service
• IBM QRadar on Cloud  (also known as  IBM Security QRadar on Cloud)
• IBM Robotic Process Automation as a Service
• IBM SaaS Connect (formerly known as “IBM Integration Services-Standard”)
• IBM Security Verify (formerly known as "IBM Cloud Identity Connect" or "IBM Cloud Identity")
• IBM SPSS Statistics Subscription
• IBM Sterling B2B Integration SaaS (also known as IBM Supply Chain Business Network Standard and Premium Editions)
  • This offering specifically includes:
  • Sterling B2B Integration Value-Added Network
  • Essential Edition
  • Standard Edition
  • Premium Edition
• IBM Sterling B2B Services – File Transfer Service
• IBM Storage Insights (also known as "IBM Storage Insights Multi-tenant")
• IBM Supply Chain Intelligence Suite
• IBM Support Insights
• IBM TRIRIGA Building Insights
• IBM Trusteer Mobile SDK
• IBM Trusteer Pinpoint
  • This offering specifically includes: 
  • IBM Trusteer Pinpoint Detect
  • IBM Trusteer Pinpoint Criminal Detection
  • IBM Trusteer Pinpoint Malware Detection
• IBM Trusteer Pinpoint Assure
• IBM Trusteer Rapport (also known as "IBM Security Trusteer Rapport")
• IBM Video Streaming 
• IBM Watson Assistant
• IBM Watson Discovery
• IBM Watson IoT Platform
• IBM Watson Knowledge Studio
• IBM Watson Natural Language Understanding
• IBM Watson OpenScale
• IBM Watson Speech to Text Service
• IBM Watson Text to Speech Service
• IBM watsonx Orchestrate
• IBM watsonx Orchestrate for IBM Cloud
• IBM watsonx.ai Runtime as a Service (previously known as "IBM Watson Machine Learning Service")
• IBM watsonx.ai Studio as a Service (previously known as "IBM Watson Studio Paygo”)
• IBM watsonx.data as a Service (on IBM Cloud)
• IBM watsonx.data as a Service on Multicloud
• IBM watsonx.governance as a Service
• IBM X-Force
  • This offering specifically includes:
  • IBM X-Force Exchange (0000-0000)
  • IBM X-Force Threat Intelligence (5737-A31, 5900-A3J)
• Watson Query (formerly known as "Data Virtualization")