What are the key data protection laws?
Modern data protection laws regulate how businesses can collect, use, and store personal data. The General Data Protection Regulation (GDPR) in Europe set a global standard. Similar comprehensive laws now exist worldwide, including the UK’s Data Protection Act, the Swiss FADP, and the California Consumer Privacy Act (CCPA) as amended by the CPRA. These laws require businesses to be transparent and accountable for their data processing activities and grant individuals rights over their personal information.
Who do these laws apply to?
The specific scope varies by law. For example, the GDPR applies to the processing of personal data of individuals in the European Union , while the CCPA applies to the personal information of California consumers. These laws often have a broad definition of what constitutes personal data or personal information. Any company handling such data, regardless of where the company is based, may be subject to these regulations.
How do these laws impact MariaDB and its customers?
MariaDB has two primary roles under these laws:
- When MariaDB processes business contact information to manage its own customer relationships, it acts as the “controller” or “business.”
- When a customer uses MariaDB services like MariaDB Cloud, CloudDBA, MMD, or Remote DBA to process their own data, the customer is the “controller” or “business”. In this capacity, MariaDB acts as the “processor” or “service provider,” processing data only on the customer’s behalf.
How does MariaDB help my organization comply?
MariaDB is committed to helping customers meet their compliance obligations.
- Our Data Processing Addendum (DPA) is designed to meet the requirements for processors and service providers under major privacy laws.
- We support lawful international data transfers by incorporating recognized mechanisms like the Standard Contractual Clauses into our DPA.
- Our agreements with our own sub-processors require them to meet equivalent data protection standards.
Does MariaDB have a Data Processing Addendum (DPA) for customers?
Yes. MariaDB offers a DPA that addresses the requirements of GDPR, CCPA, and other applicable data protection laws to help customers meet their compliance needs.
What commitments does MariaDB make as a processor?
Our DPA and service terms reflect the stringent requirements for data processors and service providers. For example, the DPA is designed to meet the high standards required by Article 28 of the GDPR, ensuring we process data securely and only according to our customers’ instructions.
Does MariaDB have an overview of its security measures?
Yes. Details of our technical and organizational security measures are available on our Trust Center and are described in Annex B of our Data Processing Addendum.
Who are MariaDB’s sub-processors?
A current list of MariaDB’s sub-processors is available at the MariaDB Trust Center. We provide customers with notice of any new sub-processors and an opportunity to object.
How does MariaDB support international data transfers?
Privacy laws restrict data transfers to countries without an “adequate” level of data protection. MariaDB enables lawful transfers of personal data from jurisdictions like the EEA, UK, and Switzerland by using recognized transfer mechanisms, including the EU Standard Contractual Clauses (SCCs), the UK Addendum, and, where applicable, the Data Privacy Framework.
Where can I get more information?
Customers can request more information by contacting privacy@mariadb.com.
This page is for informational purposes only. It is not legal advice. Each customer is responsible for evaluating its use of MariaDB’s services to support its own compliance obligations.