IBM Cloud Docs
Data privacy and governance

Data privacy and governance

As a pioneer in the provision of a fully managed and globally distributable Database-as-a-Service, IBM® Cloudant® for IBM Cloud® allows customers to locate data in any global IBM Cloud® or AWS region. By providing customers with such high levels of data mobility to serve the local needs of customers, IBM®, and IBM Cloudant take data privacy and governance seriously.

IBM Cloud data privacy processing processes and procedures are documented within the IBM Cloud DPA. This Data Processing Addendum (DPA) and its applicable DPA Exhibits apply to the Processing of Personal Data by IBM Cloud on behalf of Client (Client Personal Data). The processing of Personal Data is subject to the General Data Protection Regulation 2016/679 (GDPR). It is also subject to any other data protection laws that are identified at Data Protection Laws in order to provide services (Services) according to the Agreement between Client and IBM Cloud. The IBM Cloud DPA can be found at Data Processing Addendum.

In addition to the DPA, the cloud services contain DPA exhibits that detail the types of data that is processed by this service. Cloud services also contain the relevant processing locations (including hosting locations) where client PI is processed. The relevant DPA exhibit for IBM Cloudant can be found on the IBM Cloud Terms site.

IBM Cloud relies on Standard Contractual Clauses (as our primary data transfer mechanism) in our customer contracts. IBM Cloud also relies on numerous supplementary measures to help clients ensure an adequate level of protection when they transfer personal data outside of the EU/EEA. For more information, see EU Standard Contractual Clauses that are signed by all IBM Cloud Data Importers, if applicable.

IBM Cloudant does not move your data without notification. IBM Cloudant relies on centralized components for aspects of the service. Of particular interest for data residency are logs that contain URLs. These logs are sent out of region-specific infrastructure, to centralized logging components. For any data where residency is a concern, avoid its inclusion within URLs such as in the path or query string. IBM Cloudant documentation describes how this task can be achieved for various areas of our API. For more information, see Multi-query a MapReduce view for an example of how to use POST for view queries rather than GET.

For the position of IBM Cloud on trust and transparency, in relation to customer data, see Trust principles.

If more questions that are associated with the privacy principles of IBM Cloud arise, email DPA.Help.project@uk.ibm.com. For more information, see Compliance about the overall standards for compliance of IBM Cloudant.