Privacy Notice

Last Updated: May 27, 2020
MemSQL, Inc. and its subsidiaries and affiliates (collectively “MemSQL,” “our,” “we” or “us”) are committed to respecting your privacy. This Privacy Notice (“Notice”) describes how we collect, use, disclose, store and otherwise process information through www.memsql.com and its affiliated websites and other products and services in the United States. In addition, this notice states how you can control the collection, correction and/or deletion of information. We will not use or share your information with anyone except as described in this Privacy Notice.
MemSQL, Inc. is located in the United States and is certified with the EU-U.S. and Swiss-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal information from the EU and Switzerland and the United States.
We urge you to read this Privacy Notice so that you understand our commitment to you and your privacy, and how you can participate in that commitment.

Scope

This Privacy Notice covers only data collected through the site and our products and services where there is a direct link to this notice, not any other data collection or processing, including, without limitation, data collection practices of webpages to which the site links, or data that we or our affiliates collect offline or through webpages that do not display a direct link to this Notice.

Types of Data and Collection Methods

Personal information means information that identifies you or allows us to contact you, like your name or email address. The personal information that we may collect about you broadly falls into the following categories:
  • Information that you provide voluntarily
    Certain parts of our Website may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details in order to create an account, subscribe to marketing communications from us, and/or to submit inquiries to us. We may also ask you to provide feedback or a testimonial which we may display on our website or in other promotional materials, with your agreement. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information. You may provide this information to us via phone calls, chats, emails, web forms, surveys, social media, and other methods of communication.
  • Information that we collect automatically
    When you visit our Website, we may collect certain information automatically from your device. In some countries, including countries in the European Union and/or European Economic Area (“EU/EEA”), this information may be considered personal information under applicable data protection laws.
    Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g., country or city-level location), and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.
    Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.
    Some of this information may be collected using cookies and similar tracking technology, as explained further in our Cookie Statement.
  • Information that we obtain from third party sources
    From time to time, we may receive personal information about you from third party sources (including from companies that provide marketing lead information), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
    The types of information we collect from third parties include your name and contact information and we use the information we receive from these third parties to provide you with information regarding our products and services, our industry insights and other direct marketing purposes.

Collection Purposes, Use of Data

We collect personal information for the purposes of operating, maintaining, protecting and improving our site, products, and services and to better understand the preferences of our site visitors and to personalize your experience on our site. We also use your personal information to communicate with you via technical notices, updates, security alerts and support and administrative messages so as to support our business functions, such as customer support, fraud prevention, marketing, industry benchmarking and analysis consistent with our legitimate business purpose, and legal and/or regulatory functions. To do this, we may combine personal and non-personal information, collected online and offline, including information from third party sources.

Sharing and Disclosures of Personal Information

MemSQL will not rent or sell your personal information to others, but may disclose personal information with third party vendors and service providers that work with us, and as described in this Privacy Notice. For example, we may share personal information about you including as follows:
  • Vendors, Consultants and Other Service Providers. We may share your information with third party vendors, consultants and other service providers who provide information systems or who are working on our behalf and require access to your information to carry out that work, such as to provide customer support, quality assurance, etc. These service providers are authorized to use your personal information only to the extent necessary to assist MemSQL in providing MemSQL products or services.
  • Third Party Applications & Services. MemSQL products and services may connect you to third party applications or services. If you choose to use any such third party applications or services, we may share information about you including your username and/or email address and such third parties may contact you directly as necessary. This Privacy Notice does not apply to your use of any such third party applications and services, and we are not responsible for how those third parties collect, use and disclose your information. We encourage you to review the privacy policies of those third parties before connecting to or using their applications or services to learn more about their information and privacy practices.
  • Compliance with Laws. MemSQL may be required to disclose personal information to authorities, law enforcement agencies, government agencies, or legal entities. We may disclose information by law, litigation, or as a matter of national security to:
    a) comply with valid legal process, including subpoenas, court orders or search warrants, or as otherwise authorized or required by law;
    b) in the event of an emergency that threatens an individual's life, health, or security; or
    c) to the extent permitted by applicable law in special cases in which we believe it is reasonably necessary to investigate, identify, or take preventive measures or bring legal action against someone who may commit or cause harm, fraud, abuse, or illegal conduct, such as a threat of harm to you or anyone else, interference with our rights or property, or interference with U.S. homeland or national security or public safety anywhere in the world.
  • Business Transfers. MemSQL may share or transfer your information in connection with, or during negotiations of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Aggregated or Anonymized Data. We may also share aggregated or anonymized information that does not directly identify you with third parties.

International Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you live. These countries may have data protection laws that are different to the laws of your country. Specifically, while our Website servers are located in the United States, and our affiliated companies and third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of these countries.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice.
If we transmit personal information across national boundaries, we make reasonable efforts do so in compliance with any national laws that govern the cross-border transfer of information. If you require more information, please contact us using the contact details below.

EU-US Privacy Shield & Swiss-US Privacy Shield

MemSQL complies with the EU-US and the Swiss-US Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information from EU member countries. MemSQL certifies that it adheres to the Privacy Shield principles on Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, access, and recourse, enforcement and liability. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov/list
MemSQL’s responsibility for data it receives pursuant to the Privacy Shield and subsequent transfers of that data to third parties is detailed in the Privacy Shield Principles. MemSQL complies with the Privacy Shield Principles for all onward transfers from the EU and Switzerland, including the onward transfer liability provisions. MemSQL remains responsible under the Privacy Shield Principles for third-party agents processing personal data on its behalf.
With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
MemSQL commits to resolving complaints about your privacy and our collection and use of your personal information within 45 days of receiving your complaint. Individuals with questions or complaints regarding this Privacy Policy should first submit inquiries via e-mail to privacy@memsql.com. For any unresolved privacy complaints under the Privacy Shield Principles, please contact MemSQL’s independent dispute resolution body JAMS. Under limited circumstances, binding arbitration may be a dispute resolution mechanism if your complaint is not resolved through these channels. Please visit the Privacy Shield website for additional information about the arbitration process at www.privacyshield.gov.

Data Retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so or to comply with applicable legal requirements.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Opt-Out; Notice to California Residents

MemSQL allows you to opt-out of receiving advertisements based on your interests. If you opt-out of Internet-based advertising, you will still receive advertisements, but they will not be tailored to your interests. However, you may still receive advertisements based on the content of the web page you are visiting. Similarly, California Civil Code Section 1798.83 permits users of our site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, or to opt out of such advertisements or third party disclosures, please send an email to info@memsql.com.

Your Rights and Choices

Depending on where you reside, you may have the following privacy rights:
  • If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “Contact Us” heading below.
  • In addition, if you are a resident of the European Union, you can object to processing of your personal information, ask us to restrict processing of your personal information orrequest portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contact Us” heading below.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Contact Us” heading below.
  • Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Security

Security of all information is of the utmost importance for MemSQL. We use technical and physical safeguards, including industry-standard encryption technology, to protect the security of your personal information from unauthorized disclosure. We also take reasonable efforts to ensure that only necessary people and third parties have access to personal information. Nevertheless, no service is completely secure and security measures cannot prevent all loss, misuse or alteration of personal information; we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of personal information that may affect you so that you can take the appropriate actions for the protection of your rights. MemSQL also reviews its security procedures periodically to consider appropriate new technology and updated methods.
We also require that our third party service providers and channel partners agree to keep all information we share with them confidential, and to use the information only to perform their obligations pursuant to the agreements we have in place with them. These third party service providers and channel partners are expected to maintain privacy and security protections that are consistent with MemSQL’s privacy and information security policies. While we provide these third parties with no more information than is necessary to perform the function for which we engaged them, any information that you provide to these third parties independently of MemSQL is subject to their respective privacy policies and practices.

Legal Basis for Processing (EEA visitors only)

If you are a visitor from the EU/EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Us” heading below.

Changes to This Notice

MemSQL may change this Privacy Notice from time to time. If we make any changes, we will notify you by revising the "Last Updated" date at the top of this Privacy Notice and, in some cases, we may provide you with additional notice (such as adding a Notice to our homepage or sending you an email notification). If there are material changes to this Privacy Notice, we will notify you more directly by email or means of a notice on the home page prior to the change becoming effective. We encourage you to review our Privacy Notice whenever you access any MemSQL products or services to stay informed about our information practices and the ways you can help protect your privacy.
If you disagree with any changes to this Privacy Notice and do not wish your information to be subject to the revised Privacy Notice, you will need to deactivate your accounts with us and stop using this site and/or the MemSQL products and services. Your use of any of the MemSQL site, products or services after the posting of such changes shall constitute your consent to such changes.

Contact Us

Please feel free to contact us with any comments, questions, complaints or suggestions you might have regarding the information practices described in this Notice. You may send us an email at privacy@memsql.com or write to us
MemSQL, Inc.,
534 Fourth Street,
San Francisco, California 94107
telephone: +1 855 463-6775.

CA ADDENDUM

Privacy Notice for California Residents

Effective Date: January 2020
Last Reviewed: May 2020
This Privacy Notice for California Residents supplements the information contained in our privacy policy above and applies solely to all visitors, users, and others who reside in the State of California (”consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (”personal information”). In particular, our website has collected the following categories of personal information from its consumers within the last twelve (12) months: business contact information including name, organization, phone numbers and email addresses.
Use of Personal Information
We may use, or disclose the personal information we collect for one or more of the following business purposes:
  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns (Legitimate Business Purpose).
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses (Explicit/Implied Consent).
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations (Legal Basis).
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA (Regulatory Requirement).
  • We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice (Explicit Consent).
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, MemSQL has not disclosed personal information for a business purpose.
Sales of Personal Information
In the preceding twelve (12) months, MemSQL had not sold personal information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights. Wider privacy requirement, including GDPR and general privacy legislation are covered in the rest of this document.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions, by emailing us at info@memsql.com. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
  • We are unable, for technical reasons, to do so; in which case we will provide additional controls, including pseudo-anonymization, to protect your data.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us a message to security@memsql.com. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic-mail communication.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
While MemSQL does not sell any personal information, you have the right, if you are 16 years of age or older, to direct us to not sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by sending us a message to security@memsql.com.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by visiting our website and sending us a message. We will only use personal information provided in an opt-out request to review and comply with the request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us an email to security@memsql.com.