MongoDB, Inc., ObjectLabs, Inc. and TightDB, Inc. and their affiliates and subsidiaries (“MongoDB”, “we”, “our” or “us”) have self-certified to comply with the EU-US Data Privacy Framework (“EU-US DPF”), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (collectively “DPF Principles”) as set forth by the US Department of Commerce.
If there is any conflict between the terms in this Data Privacy Framework Statement and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF Principles and to view MongoDB’s certification, please visit https://www.dataprivacyframework.gov/.
MongoDB provides database solutions and associated services to businesses all over the world, acting as a data processor on behalf of those businesses. MongoDB’s certifications to the DPF Principles apply to the personal data that these businesses transfer to us from the European Economic Area ("EEA"), the UK, or Switzerland for the provision of our services, except where any of our agreements with those businesses stipulate a different transfer mechanism recognized by the relevant authority (e.g. standard contractual clauses). The personal data types that our customers put into our services is at their discretion (subject to any limitations in our contracts) and we only process it in accordance with their instructions (as set forth in those contracts, including the applicable Data Processing Addendum, the current version of which is available at https://www.mongodb.com/legal/dpa).
MongoDB uses third party subprocessors to help us provide our services and those subprocessors may process personal data. MongoDB remains responsible and liable under the DPF Principles for our third party subprocessors, unless MongoDB proves that it is not responsible for the event giving rise to the damage.
If you have any questions about this Data Privacy Framework Statement or wish to make a complaint relating to our obligations under the DPF Principles, we encourage you to contact us at privacy@mongodb.com.
MongoDB commits to refer unresolved complaints concerning our handling of personal data received in reliance on the DPF Principles to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
The Federal Trade Commission has jurisdiction over MongoDB’s compliance with the DPF Principles. Individuals may have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms above. For more information, please see Annex I of the DPF Principles.
Should you wish for MongoDB to limit the use or disclosure of your data, or delete your data from our systems, you may make such request by completing the form located at https://www.mongodb.com/legal/privacy-policy/request-for-deletion, or by contacting our Privacy team at privacy-team@mongodb.com.
Under certain circumstances, MongoDB may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.