California Privacy Notice
California Privacy Notice
OVHcloud US Privacy Notice for California Residents
Effective: February 14, 2022
This Privacy Notice for California Residents ("Privacy Notice") supplements the information contained in the OVHcloud US ("OVHcloud") Privacy Policy and applies solely to visitors, users, and others who reside in the State of California ("Consumers," "you," or "your"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 ("CCPA") and other applicable California privacy laws. Any terms defined in our Privacy Policy or in the text of the CCPA have the same meaning when used in this Privacy Notice.
Information We Obtain
Our Site collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("Personal Data"). In particular, we have collected the following categories of Personal Data from Consumers within the last twelve (12) months.
Category | Examples | Purpose |
Identifiers | A real name; alias; postal address; address; telephone number; email address; account name; social media handle; other similar identifiers | To provide you with information about the OVHcloud Services that you request from us; to provision and deliver the OVHcloud Services; to prevent fraudulent transactions and to maintain the security of the OVHcloud Services and our infrastructure |
Commercial information | Products or services purchased, obtained, or considered; other purchasing or consuming histories or tendencies | To analyze the way in which Consumers are accessing and using the OVHcloud Services so that we can perform necessary marketing activities; to further improve the Site and the OVHcloud Services |
Internet or other similar network activity | Browsing history; search history; unique personal identifier; online identifier; Internet Protocol address; information on a consumer’s interaction with a website, application, or advertisement | To analyze how you are accessing and using our Site and the OVHcloud Services so that we can further develop and improve our Site and the OVHcloud Services |
Geolocation data | Physical location or movements | To ensure the proper Site experience is delivered; to analyze web traffic so as to conduct marketing activities |
Personal Data does not include:
- Publicly available information from government records.
- Deidentified or aggregated information.
- Information excluded from the scope of the CCPA, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal Data covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
We obtain the Personal Data listed above from the following categories of sources:
- Directly from you. For example, from the information you disclose when you create an account in the OVHcloud Control Panel; when you purchase the OVHcloud Services; when you subscribe to our mailing list; or when you engage our customer support team.
- Indirectly from you. For example, from observing your actions on our Site.
Use of Personal Data
In addition to the purposes stated above, we may use or disclose Personal Data obtained from you for one or more of the following business purposes:
- To fulfill or meet the reason you provided the Personal Data, For example, if you share your name and email address to receive information about OVHcloud Services, we will use that Personal Data to respond to your inquiry. If you provide your Personal Data to purchase OVHcloud Services, we will use that information to process your payment and provision the applicable OVHcloud Services that you purchased.
- To provide, support, personalize, improve, and develop our Site, your interaction with our Site, and the OVHcloud Services.
- To provide you with the information that you request from us.
- To create, maintain, customize, and secure your OVHcloud Control Panel account.
- To prevent transactional fraud.
- As necessary or appropriate to protect the rights, property, or safety of us, our customers, or others.
- To provide you with support and to respond to your inquiries, including investigating and addressing your concerns and monitoring and improving our responses.
- To deliver targeted content and relevant offerings, including event registrations, alerts, offers, and ads delivered through our Site and via email (with your consent, where required by law).
- For testing, research, and analysis of our Site and the OVHcloud Services.
- To respond to valid law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your Personal Data or as otherwise set forth in the CCPA.
Disclosure Personal Data
We may disclose each category of your Personal Data identified in the above table to another entity for a business purpose. When we disclose Personal Data for a business purpose, we enter into a written agreement with that other entity that describes the purpose of the Personal Data disclosure. Amongst other things, the agreement imposes strict duties of confidentiality in regard to the handling of the Personal Data and mandates that the Personal Data not be used for any purpose except in strict performance of the services rendered under the applicable agreement.
We do not sell Personal Data, including the Personal Data of minors under 16.
Your Rights and Choices
The CCPA provides Consumers with specific rights regarding their Personal Data. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that OVHcloud disclose certain information to you about our collection and use of your Personal Data over the past twelve (12) months. Once we receive and confirm that you have made a valid Consumer request (see "Exercising Access, Data Portability, and Deletion Rights" below), we will disclose to you:
- Right to access Personal Data: You may request access to the categories and specific pieces of your Personal Data that we have collected in the prior twelve (12) month period;
- Right to data portability: You may request to receive your Personal Data, when provided electronically, in a readily-useable format;
- Right to disclosure: You may request additional information regarding the sources from which we collect information, the purposes for which we obtain, collect, and share Personal Data, the Personal Data of yours we hold, and the categories of parties with whom we share your Personal Data;
- Right to opt out of sales: We do not sell Personal Data and therefore there is no need for you to opt out of sales of your Personal Data.
Deletion Request Rights
You have the right to request that we delete any of your Personal Data that we have obtained or collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable Consumer request (see "Exercising Access, Data Portability, and Deletion Rights"), we will delete (and direct our service providers to delete, if applicable) your Personal Data from our records, unless an exception applies.
We may deny your deletion request if retaining the Personal Data is necessary for us or our service provider(s) to
- Complete the transaction for which we collected the Personal Data, provide the OVHcloud Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- To debug affected OVHcloud Services and/or to identify and repair errors to the OVHcloud Services that impair existing intended functionality;
- Exercise free speech, ensure the right of another individual to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the Personal Data deletion may likely render impossible or seriously impair the achievement of that research, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with your expectations based upon our business relationship;
- Comply with a valid legal obligation; or,
- Make other internal and lawful uses of that Personal Data that are compatible with the context in which you provided it.
Non Discrimination
- You may freely exercise these rights without fear of being denied the OVHcloud Services. We may, however, provide a different level of service or charge a different rate reasonably relating to the value of your Personal Data. If you are a California resident and would like to exercise one of your rights, please contact us at privacy@corp.ovh.us.
Exercising Your Rights
To exercise any of your available rights, please submit a request to us by
- Visiting our Exercise Your Privacy Rights page
- Emailing privacy@corp.ovh.us
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your Personal Data. You may also make a verifiable Consumer request on behalf of your minor child. If you are submitting a request through an authorized agent, such authorized agent must be registered with the California Secretary of State and must provide us with your signed written permission stating that the agent is authorized to make the request on your behalf. We may also request that any authorized agents verify their identity and may reach out to you directly to confirm that you have provided the agent with your permission to submit the request on your behalf. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.
You may only make a verifiable Consumer request for access or data portability twice within a twelve (12) month period. The verifiable Consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We may need to obtain additional information from you in order to verify or otherwise fulfill your request. For example, we may ask you to confirm data points we already have about you. We will only use personal information provided in a consumer request to verify or otherwise fulfill that request. We cannot provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable Consumer request does not require you to create an account with us. We will only use Personal Data provided in a verifiable Consumer request to verify the requestor's identity or authority to make the request.
Request Timing and Format
We endeavor to respond to a verifiable Consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us associated with a valid e-mail address, we will e-mail our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable Consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
Security
We maintain reasonable security measures designed to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in light of the risks inherent in processing this information. However, the Internet cannot be guaranteed to be fully secure and we cannot ensure or warrant the security of any information you provide to us. Please keep this in mind when providing us with your Personal Data.
Changes to Our Privacy Notice
We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email, through a notice on our Site, or any other method required by applicable law.
Contact Us
If you have any questions or comments about this Privacy Notice or wish to exercise your rights under California law, please do not hesitate to contact us at:
Website: https://us.ovhcloud.com
Email: privacy@corp.ovh.us
Postal Address:
OVH US LLC
11950 Democracy Drive
Suite 300
Reston, VA 20191