Government Data Request Policy
This Policy sets out DataRobot, Inc.’s (“we,” “us” or “our”) policy for responding to a request received from a government or law enforcement agency (“Requesting Authority”) to disclose customer data that a customer has provided to us (a “Request”). This Policy does not cover requests for information from our customers, users, or other third parties.
We do not disclose customer data in response to a Request unless the following circumstances apply:
- The disclosure is expressly permitted by the customer; or
- We determine in our sole discretion that there is an emergency involving imminent risk of death or serious harm to any person, or serious harm to an organization, or governmental entity, taking into account the nature, context, purposes, scope and urgency of the Request and the privacy rights and freedoms of any affected individuals; or
- We are legally obliged to make the disclosure.
Requests must be sent to firstname.lastname@example.org or mailed to DataRobot at 225 Franklin Street, Floor 13, Boston Massachusetts 02110 USA ATTN: Legal.
All Requests will be narrowly construed by DataRobot. Where appropriate, we will seek to narrow any Request to only the specific data that is required to respond.
Consultation of Data Protection Authorities
If the Requesting Authority is in a country that does not provide an adequate level of protection for personal data in accordance with applicable data protection laws, and it is reasonably likely that the customer data includes significant amounts of personal data, we may consult with competent data protection authorities prior to disclosing any customer data, unless legally prohibited or where an imminent risk of death or serious harm exists.
Notice to Customer
We will notify customers of any Request before disclosing their customer data so that the customer may seek legal remedies, unless prohibited by applicable law or there is imminent risk of death or serious harm. If DataRobot is legally prohibited from notifying the customer prior to disclosure, DataRobot will take reasonable steps to notify the customer of the Request after the nondisclosure requirement expires. If DataRobot receives a Request that is subject to an indefinite nondisclosure requirement, DataRobot may challenge the non-disclosure requirement in court.
We will provide a semi-annual transparency statement or report which will give details of the type and number of Requests we have received for the preceding six months, as well as how many were fulfilled. The report will be made available at https://www.datarobot.com/trustcenter/privacy-and-personal-data/