Last modified: March 5th, 2020
Subject to applicable law requirements, ScyllaDB Ltd ( “Company” or “we” or “us”) will provide individuals with the opportunity to exercise their rights regarding their Personal Data.
ACCESS TO SPECIFIC INFORMATION AND DATA PORTABILITY RIGHTS
You have a right to request us to confirm whether we process certain Personal Data related you, as well as a right to obtain a copy of such Personal Data, with additional information regarding how and why we use this Personal Data. The GDPR and CCPA provide different protections, the GDPR enables access to all Personal Data processed by the controller, however the CCPA “Access Right” applies only to Personal Information collected in the 12 months prior to the request. After we receive such request, we will analyze and determine the veracity and appropriateness of the access request and provide you with the applicable confirmation of processing, the copy of the Personal Data or a description of the Personal Data and categories of data processed, the purpose for which such data is being held and processed, and details about the source of the Personal Data that was not provided by you. Our response detailed above will be provided within the period required by law (please see additional information under “Response Timing and Format” below).
DELETION REQUEST RIGHTS
The Company is legally obligated to comply with a request to delete Personal Data if:
The right to erasure is not absolute. Even if a data subject falls into one of the categories described above, the Company is entitled to reject the data subject’s request and continue processing data subject to applicable law, if such processing is:
RIGHT TO OBJECT/RIGHT TO OPT OUT
Under the lawful basis of our legitimate interests and with regards to Personal Data processed by us (such as direct marketing), you may object to our processing on such grounds. However, even if we receive your objection, we will be permitted to continue processing the Personal Data in the event that (subject to applicable laws and regulations):
YOUR RIGHT TO BE INFORMED
THE RIGHT OF RECTIFICATION
The Company must ensure that all Personal Data that it holds and uses about a data subject is correct. If such data is not accurate, a data subject has the right to require that the Company updates such data so it is accurate. In addition, if the Company has passed on incorrect information about a data subject to a third party, the data subject also has a right to oblige the Company to inform those third parties that this information should be updated.
If Personal Data held by us is not accurate, you may require us to update such data so it is accurate. Further, in the event we have passed on incorrect information about you to a third party, you also have a right to oblige us to inform those third parties that the applicable information should be updated.
THE RIGHT OF RESTRICTION
A data subject may limit the purposes for which the Company may process its Personal Data. The Company’s processing activities may be restricted if: the accuracy of the data is contested; processing is unlawful and data subject requests restriction instead of erasure; the Company no longer needs the data for its original purpose, but the data is still required to establish, exercise or defend legal rights; or consideration of overriding grounds in the context of an erasure request.
You may request us to send or “port” your Personal Data held by us to a third-party entity, however note, the GDPR and CCPA apply differently to this right, thus, we will handle this according to the jurisdiction you are subject to.
Under the CCPA, you must not be discriminated for exercising any of your rights, including by denied goods or services, charging you with different fees for goods or services, including through the use of discounts or other benefits or imposing penalties; suggested you will receive a different price or rate for goods or services.
Notwithstanding the above it is allowed to set up schemes for providing financial incentives and you can opt-in to become part of them.
RESPONSE TIMING AND FORMAT
We endeavor to respond to a verifiable consumer request with undue delay and in any event within 30 days from the receipt of the request subject to GDPR and between 10-45 days from receipt of a request subject to CCPA. If we require more time, we will inform you of the reason and extension period in writing. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
Further, note, under the CCPA your rights only apply to the Personal Information collected 12 months prior to the request and you are not entitled to submit more than 2 requests in a 12 months period.
This Policy applies solely to your rights concerning Personal Data / Personal Information (as defined under the applicable law) processed by us.