MicroStrategy Cloud™ Safe Harbor Privacy Statement

Introduction
The cloud data center environment for the MicroStrategy Cloud service (“MicroStrategy Cloud”) managed by MicroStrategy Incorporated and its U.S. subsidiaries (“MicroStrategy,” “we,” “us,” “our”) adheres to the Safe Harbor Privacy Principles as set forth by the U.S. Department of Commerce regarding the collection, storage, use, transfer and other processing of Personal Information transferred from the European Economic Area (“EEA”) or Switzerland to the United States. We have prepared this Safe Harbor Privacy Statement to describe how we meet the relevant privacy principles of the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks, which we describe in the “Compliance” section below.

Definitions

  • Data Controller – means controller as such term is defined by the European Union Directive 95/46/EC.
  • Data Processor – means processor as such term is defined by the European Union Directive 95/46/EC.
  • Customer – means any entity that has the contractual right to use MicroStrategy Cloud to store data.
  • Data Subject – means any natural person who is located in the EEA or Switzerland.
  • Personal Information – means any information, including Sensitive Personal Information, that relates to an identified or identifiable Data Subject and can be linked to that Data Subject, and is uploaded by a Customer to (i) MicroStrategy Cloud in the United States or (ii) MicroStrategy Cloud in the United Kingdom and may be accessed by us from the United States.
  • Sensitive Personal Information – means Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

 

Scope of this Safe Harbor Privacy Statement
This Safe Harbor Privacy Statement applies only to Personal Information stored in MicroStrategy Cloud in the United States or in the United Kingdom and accessed from the United States within MicroStrategy Cloud. MicroStrategy acts as a Data Processor for Personal Information stored in MicroStrategy Cloud and acts pursuant to the Customer’s instructions with respect to such information. The applicable Customer is the Data Controller for such data. We may access or obtain Personal Information on behalf of a Customer for the purpose of providing technical support, maintenance and consulting services in connection with MicroStrategy Cloud or as otherwise directed by such Customer.

Compliance
MicroStrategy Cloud complies with the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks, and processes Personal Information according to the following Safe Harbor Privacy Principles:


Notice
This Safe Harbor Privacy Statement serves as our notice regarding the purposes for which we collect and use Personal Information in connection with MicroStrategy Cloud. MicroStrategy acts as a service provider for Customers and only maintains Personal Information that Customers have asked us to process. It is a Customer’s responsibility to ensure that Personal Information is legally collected from Data Subjects. Further, a Customer is responsible for notifying Data Subjects about how their Personal Information may be collected and used, informing Data Subjects that their Personal Information may be transferred outside of the countries in which their Personal Information was collected, and obtaining any requisite consents from Data Subjects.


Choice
Customers are responsible for providing choices to Data Subjects with respect to the collection, storage, use, transfer and other processing of such Data Subjects’ Personal Information, as applicable.

We may disclose Personal Information without offering an opportunity to Data Subjects to opt out of such disclosures (i) to service providers MicroStrategy has retained to perform services on its behalf, (ii) if MicroStrategy is required to do so by law or legal process, (iii) to law enforcement or other government authorities, or (iv) when MicroStrategy believes disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity. MicroStrategy also reserves the right to transfer Personal Information to a purchaser of all or a portion of its business or assets in the event it sells or transfers all or a portion of its business or assets (including in the event of a reorganization, dissolution or liquidation).


Onward Transfer
MicroStrategy may disclose Personal Information to third parties as indicated in the "Choice” section above. Except as permitted or required by applicable law, MicroStrategy Cloud requires third parties to whom it discloses Personal Information (other than pursuant to the Customer’s instructions) and who are not subject to the European Union Data Protection Directive 95/46/EC or an adequacy finding to either (i) subscribe to the relevant Safe Harbor principles or (ii) contractually agree to provide at least the same level of protection for Personal Information as is required by the relevant Safe Harbor principles.


Security
We maintain reasonable and appropriate technical, organizational and security measures designed to protect Personal Information from loss, misuse or unauthorized access, disclosure, alteration or destruction.


Data Integrity
Customers are responsible for ensuring that the Personal Information is reliable for its intended use, accurate, complete and current.


Access
Customers are responsible for processing all requests from Data Subjects to access their Personal Information, and amending, correcting or deleting such Data Subjects’ Personal Information upon request, as needed. If a Data Subject is unable to contact the appropriate Customer, or does not obtain a response from the Customer, and if such Data Subject contacts MicroStrategy and asks for assistance, MicroStrategy will provide reasonable assistance in forwarding the Data Subject’s request to the Customer.


Enforcement
We have established procedures for periodically verifying implementation of and compliance with the Safe Harbor principles for MicroStrategy Cloud. We conduct an annual self-assessment of our Personal Information practices to verify that the attestations and assertions about our MicroStrategy Cloud privacy practices are accurate and that our privacy practices with respect to MicroStrategy Cloud have been implemented as represented in this Safe Harbor Privacy Statement.

We are committed to resolving any questions or complaints that you may have about the processing of Personal Information by us in connection with MicroStrategy Cloud. If a Data Subject complaint cannot be resolved through our internal processes, we agree to cooperate with AAA (www.adr.org) dispute resolution program to resolve a complaint if necessary. Any questions, comments or complaints about a Customer’s information practices should be addressed to such Customer.

To learn more about the Safe Harbor program, please visit www.export.gov/safeharbor/.  MicroStrategy Cloud’s Safe Harbor certification can be found at https://safeharbor.export.gov/list.aspx.



How to Contact Us
You may address all communications to:

Office of the General Counsel
MicroStrategy Incorporated
1850 Towers Crescent Plaza
Tysons Corner, Virginia 22182
United States of America

Email: info-safeharbor@microstrategy.com

Please include your name, mailing address and/or e-mail address in all communications and provide an explanation of your request.

Date Last Modified: July 3, 2014