Over the past several years, numerous laws and frameworks have emerged globally that govern the handling of personal information, including the following:
Although the requirements of these laws and frameworks vary greatly,some common themes have emerged, such as notice, choice, access, and security.
Are organizations that handle personal information required to protect suchinformation using administrative, technical, and physical safeguards?
Salesforce.com's customers solely determine what data is submitted to the salesforce.comservice as customer data. With respect to such data, salesforce.com acts as a data processor.In our role as a processor of customer data, salesforce.com addresses the generalprivacy principles described above in the following ways:
Notice, Choice & Access: Salesforce.com generally does not have a direct relationship withindividuals whose personal data is submitted by customers to the salesforce.com service ascustomer data. Salesforce.com does not collect personal information on behalf of ourcustomers, and salesforce.com does not determine how our customers use suchdata. Additionally, salesforce.com's customer contracts generallyprohibit salesforce.com from accessing customer data except under limited circumstances.Compliance with the Notice, Choice, and Access principles is based on cooperation betweensalesforce.com and our customers. For example, salesforce.com's contracts with our customersstate that customers are responsible for the accuracy, quality, integrity, reliability, andappropriateness of data submitted to the salesforce.com service and that customers must complywith applicable laws in using the salesforce.com service.
Security: Salesforce.com maintains appropriate administrative, physical, and technicalsafeguards to help protect the security, confidentiality, and integrity of data our customers submitto the salesforce.com service as customer data. Salesforce.com's customers are responsible forensuring the security of their customer data in their use of the service.