Last updated on April 23, 2024
To see update history, click here.
This Data Processing Agreement for TiDB Cloud Services (“DPA”) forms an integral part of the TiDB Cloud Services Agreement (“CSA”). This DPA sets out data protection requirements regarding the Processing of CSA Personal Data for the purpose of providing TiDB Cloud Services. All capitalized terms not defined in this DPA shall have the meaning set forth in the CSA.
1. Definitions
1.1. “CSA Personal Data” means any Personal Data Processed by PingCAP in connection with the provision of the TiDB Cloud Services or performance of its other obligations set out in the TiDB Cloud Services Agreement (CSA);
1.2. “Data Protection Laws” means, in respect of a party, all data protection and privacy laws applicable to that party in exercising its rights or fulfilling its obligations under this Agreement or the Purchase Agreement, including the General Data Protection Regulation 2016/679 (“GDPR”), and the UK GDPR;
1.3. “Controller,” “Data Subject,” “Personal Data,” “Process/Processing/Processed,” “Processor,” “Personal Data Breach” and “Supervisory Authority” shall have the same meaning given to them or correlative terms under applicable Data Protection Laws; and
Any other terms within this DPA with the initial letter capitalized shall have the same meaning as given to such terms in the CSA unless and to the extent that any such term is expressly defined in this DPA.
2. Roles and Scope of Processing
PingCAP shall perform the TiDB Cloud Services in accordance with the terms of the CSA. In relation to the Processing of the CSA Personal Data, as more particularly described in Sections 3 to 5 below, the parties acknowledge that, where PingCAP provides the TiDB Cloud Services, you shall be the Controller and PingCAP shall be the Processor.
3. Your Processing of CSA Personal Data
You shall ensure that you have, and will maintain in place, all consents, registrations and authorizations as may be required to enable PingCAP to process the CSA Personal Data.
4. PingCAP’s Processing of CSA Personal Data
4.1. PingCAP will comply with all Data Protection Laws relating to its Processing of any CSA Personal Data.
4.2. PingCAP will only Process the CSA Personal Data:
- 4.2.1. as required to meet your documented instructions (which shall, unless otherwise agreed, be to Process Personal Data as necessary to provide the TiDB Cloud Services under this CSA); or
- 4.2.2. as required to comply with any Data Protection Law to which PingCAP is subject, in which case PingCAP shall (to the extent permitted by law) inform you of that legal requirement before Processing the CSA Personal Data.
4.3. PingCAP will inform you if it becomes aware of an instruction from you that, in PingCAP’s reasonable opinion, infringes Data Protection Laws.
4.4. PingCAP will implement appropriate technical and organisational measures in relation to the Processing of CSA Personal Data:
- 4.4.1. such that the Processing will meet the requirements of Data Protection Laws and ensure the protection of the rights of Data Subjects; and
- 4.4.2. so as to ensure a level of security in respect to the CSA Personal Data Processed by it appropriate to the risks that are presented by the Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, CSA Personal Data transmitted, stored or otherwise Processed, having regard to the nature of the CSA Personal Data and the state of technological development and the cost of implementing any measures;
4.5. Without undue delay after becoming aware of a Personal Data Breach affecting the CSA Personal Data, PingCAP will notify you in accordance with the level of detail for you to fulfil any reporting or other requirements imposed on you under Data Protection Laws;
4.6. Where and in so far as it is not possible to provide all of the information set out in Section 4.5 as part of the initial notification of the Personal Data Breach, PingCAP will provide this information in phases as soon as the same is reasonably available;
4.7. Without prejudice to its obligations under Section 4.4.2, PingCAP will provide reasonable assistance, information and cooperation to you in responding to any request from a Data Subject and to ensure compliance with your obligations under Data Protection Laws with respect to:
- 4.7.1. the security of the Processing;
- 4.7.2. notification by you of Personal Data Breaches to Supervisory Authorities or Data Subjects;
- 4.7.3. the carrying out of data protection impact assessments in relation to the Processing of such Personal Data; and
- 4.7.4. prior consultation with a Supervisory Authority regarding high risk Processing;
4.8. PingCAP will ensure that all of PingCAP’s personnel authorised to Process the CSA Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, and are suitably trained to ensure compliance with Data Protection Laws;
4.9. At your request, PingCAP will either delete or return the CSA Personal Data to you after the end of the provision of the TiDB Cloud Services or as necessary to comply with a verifiable consumer request in accordance with clause 5.5 of the CSA, save that PingCAP shall be entitled to retain copies of the CSA Personal Data to the extent it is required to do so under applicable law provided it shall promptly:
- 4.9.1. inform the Recipient, in writing, of what CSA Personal Data is to be retained; and
- 4.9.2. inform the Recipient of the reason it must be retained under such applicable law, and
4.10. PingCAP will notify you as soon as is reasonably practicable if PingCAP receives any complaint, notice or communication (whether from a Supervisory Authority or Data Subject or otherwise) which relates directly or indirectly to the Processing of CSA Personal Data, or the exercise of any rights of the Data Subject in respect of CSA Personal Data.
5. Details of Processing
5.1. Subject Matter of the Processing PingCAP has agreed to provide the TiDB Cloud Services under the CSA, possibly involving the Processing of the CSA Personal Data.
5.2. Duration Notwithstanding expiry or termination of the CSA, this DPA and Standard Contractual Clauses (if applicable) set forth in the Schedule will remain in effect until deletion of all CSA Personal Data as described hereinunder.
5.3. Nature and purpose of the Processing The nature and purpose of the Processing are to provide the TiDB Cloud Services.
5.4. Types of Personal Data Processed PingCAP will possibly Process the following types of Personal Data determined and controlled by you during the course of the provision of the TiDB Cloud Services:
-
5.4.1. Identification, biographical and contact data (such as name, birthday, education, address, phone number, email account, and other contact details);
-
5.4.2. Financial data (such as payment information, transaction information, account details);
-
5.4.3. Employment data (such as employer, employee, title, office information, responsibility);
-
5.4.4. Technical data (such as IP address, operational data, geographic location, cookie data, device and browser information); and/or
-
5.4.5. Special Categories of Personal Data (if applicable): Subject to any applicable restrictions and/or conditions in the CSA, you may include “special categories of personal data” or similarly sensitive personal data (as described or defined in Data Protection Laws) in CSA Personal Data, the extent of which is determined and controlled by you in your sole discretion.
5.5. Categories of Data Subjects
The categories of Data Subjects are determined and controlled by you and may include, but not limited, to:
-
5.5.1 Your business partners, customers, potential customers (who are natural persons);
-
5.5.2 Your employees, workers, vendors, independent contractors (who are natural persons); and/or
-
5.5.3 Employees and/or contact persons of your vendors, independent contractors, business partners, customers and/or potential customers.
6. Sub-Processing
You shall provide a general authorization for PingCAP to appoint sub-Processors to assist it with the provision of the Services, provided that PingCAP:
6.1 ensures that the terms on which it appoints such sub-Processors comply with applicable Data Protection Laws and are consistent with the obligations imposed on PingCAP in this DPA; and
6.2 gives you reasonable prior notice to the email account registered by you in TiDB Cloud by directing you to the updated list of sub-Processors available on PingCAP’s website of any intended changes concerning the addition or the replacement of any such sub-Processors. If within ten (10) days of receipt of such notice, you notify PingCAP in writing of any objections (on reasonable grounds associated with data protection considerations) to the proposed appointment, (a) PingCAP shall use reasonable efforts to make available a commercially reasonable change in the provision of the TiDB Cloud Services which avoids the use of that proposed sub-Processor, and (b) where no commercially reasonable change is available, either party may by written notice to the other party with immediate effect terminate the CSA to the extent that it relates to the affected TiDB Cloud Services. In the absence of any written notification from you in relation to the proposed appointment, such appointment would be deemed agreed by you.
For the avoidance of doubt, Section 6.1 constitutes your general consent for PingCAP’s engagement of onward sub-Processors under the Standard Contractual Clauses set forth in the Schedule.
7. Data Transfer
PingCAP complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. PingCAP has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of CSA Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. PingCAP has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this DPA and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
PingCAP is responsible for the processing of CSA Personal Data it receives by you, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF and may subsequently transfer to a third party acting as an agent on its behalf if instructed by you. PingCAP complies with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all onward transfers of CSA Personal Data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over PingCAP’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, PingCAP may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, PingCAP commits to refer unresolved complaints concerning our handling of CSA Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
For any transfer by you of CSA Personal Data from the United Kingdom, Switzerland and/or the European Economic Area (collectively, “Restricted Counties”) to PingCAP in a country which does not ensure an adequate level of protection (within the meaning of and to the extent governed by the Data Protection Laws of the Restricted Countries) as required to perform the TiDB Cloud Services, such transfer shall be governed by the Standard Contractual Clauses set forth in the Schedule.
PingCAP agrees to abide by, and Process CSA Personal Data from the Restricted Counties in compliance with the Standard Contractual Clauses set forth in the Schedule which are incorporated into this DPA, and for these purposes PingCAP shall be the “data importer” and you are the “data exporter” under the Standard Contractual Clauses set forth in the Schedule (notwithstanding that you may be an entity located outside of the Restricted Countries).
8. Your Audit Rights
No more than on one (1) occasion in any calendar year, on prior written reasonable notice, PingCAP shall make available to you all necessary information to demonstrate PingCAP’s compliance with its obligations under this DPA, and allow for audits, including inspections, by you (or another auditor mandated by you, provided that such auditor enters into a non-disclosure agreement with PingCAP on terms acceptable to PingCAP) for this purpose, provided that any such audit takes place during normal business hours and does not result in interference with (a) PingCAP’s operations and services, and (b) with the confidentiality or security of the data of PingCAP’s other customers. For the avoidance of doubt, the exercise of audit rights under the Standard Contractual Clauses set forth in the Schedule shall be as described in this Section 8.
Schedule
Standard Contractual Clauses
1. Definitions
1.1. “Standard Contractual Clauses” means, as the circumstances may require, either one of the following:
- a. EU Standard Contractual Clauses; or
- b. UK Standard Contractual Clauses.
1.2. “EU Standard Contractual Clauses” means the standard contractual clauses for the transfer of personal data to third countries approved pursuant to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 available at here.
1.3. “UK Standard Contractual Clauses” means the standard contractual clauses for the transfer of personal data to processors established in third countries approved pursuant to the Commission Decision 2010/87/EU of 5 February 2010 available at here.
2. EU Standard Contractual Clauses
For transfer of CSA Personal Data out of the European Economic Area or Switzerland subject to Section 7 of the DPA, the EU Standard Contractual Clauses are incorporated into this DPA by reference in the following manner:
2.1. Module Two (Controller to Processor) shall apply to the extent you are a Controller and Module Three (Processor to Processor) shall apply to the extent you are a Processor;
2.2. The optional Clause 7 is excluded;
2.3. For the Clause 9(a), Option 2 (General Written Authorisation) is selected, and the time period for prior notice of sub-Processor changes is set forth in Section 6.2 of the DPA;
2.4. For the Clause 11(a), the option paragraph is excluded;
2.5. For the Clause 17, Option 1 is selected, and the EU Standard Contractual Clauses shall be governed by the law of Netherlands;
2.6. For the Clause 18, the dispute shall be resolved before the courts of Netherlands;
2.7. For Part A of Annex I, the following shall apply:
-
2.7.1. Data exporter: The entity identified as “you” in the CSA;
Contact information: the email address associated with your current account;
Role: As outlined in Section 2 of the DPA; and
Signature & Date: The date when you check a box confirming that you agree with the terms of the CSA and click an “I agree to the TiDB Cloud Services Agreement” or similar button or, if earlier, when you create any TiDB Cloud Services cluster. -
2.7.2. Data importer: PingCAP (as defined in the CSA);
Contact information: legal@pingcap.com;
Role: As outlined in Section 2 of the DPA; and
Signature & Date: The date when you check a box confirming that you agree with the terms of the CSA and click an “I agree to the TiDB Cloud Services Agreement” or similar button or, if earlier, when you create any TiDB Cloud Services cluster.
2.8. For Part B of Annex I, the description of the transfer is as described in Section 5 of the DPA (Details of Processing);
2.9. For Part C of Annex I, the competent supervisory authority/ies shall be determined according to the GDPR and Clause 13 of the EU Standard Contractual Clauses;
2.10. For Annex II, Section 4.4 of the DPA states the technical and organizational security measures implemented by the data importer; and
2.11. For Annex III, the Controller has authorized the use of the sub-Processor(s) listed here.
3. UK Standard Contractual Clauses
For transfer of CSA Personal Data out of the United Kingdom subject to Section 7 of the DPA, the UK Standard Contractual Clauses are incorporated into this DPA with the following appendixes.
3.1. Appendix 1 to the UK Standard Contractual Clauses
Data exporter: The data exporter is the entity identified as “you” in the CSA and the DPA in place between data exporter and data importer and to which the UK Standard Contractual Clauses are appended.
Data importer: The data importer is PingCAP (as defined in the CSA), to the extent based in a country which does not ensure an adequate level of protection (within the meaning of and to the extent governed by Data Protection Laws).
Data subjects: The personal data transferred concern the categories of data subjects stated in Section 5.5 of the DPA.
Categories of data: The personal data transferred concern the categories of data stated in Section 5.4 of the DPA.
Special categories of data (if applicable): The personal data transferred concern the special categories of data stated in Section 5.4.5 of the DPA.
Processing operations: The personal data transferred will be subject to the basic processing activities stated in Sections 3 to 5 of the DPA.
3.2. Appendix 2 to the UK Standard Contractual Clauses
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) are stated in Section 4.4 of the DPA.
3.3. Appendix 3 to the UK Standard Contractual Clauses
-
3.3.1. The data importer undertakes to adopt supplementary measures to protect the personal data received under the EU standard contractual clauses from the data exporter (“SCC Personal Data”) in accordance with the requirements of the EU General Data Protection Regulation 2016/679, including by implementing appropriate technical and organizational safeguards, such as encryption or similar technologies, access controls or other compensating controls, to protect SCC Personal Data against any interference that goes beyond what is necessary in a democratic society to safeguard national security, defense and public security.
-
3.3.2. In the event that the data importer receives a legally binding request for access to the SCC Personal Data by a public authority, it will promptly notify the data exporter of such request to enable the data exporter to intervene and seek relief from such disclosure, unless the data importer is otherwise prohibited from providing such notice, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation. If the data importer is so prohibited:
-
3.3.2.1. It will use its best efforts to obtain the right to waive this prohibition in order to communicate as much information as it can and as soon as possible and be able to demonstrate that it did so.
-
3.3.2.2. In the event that, despite having used its reasonable best efforts, the data importer is not permitted to notify the data exporter, it will make available on an annual basis general information on the requests it received to the data exporter and/or the competent supervisory authority of the data exporter.
-
3.3.2.3. Oppose any such request for access and contest its legal validity to the extent legally permitted under applicable law.
-
-
3.3.3. In the event of any request for access to the SCC Personal Data by a public authority, the data importer will not make any disclosures of the SCC Personal Data to any public authority that are determined to be massive, disproportionate and indiscriminate in a manner that it would go beyond what is necessary in a democratic society.
-
3.3.4. In the event of any conflict between the provisions of this Appendix 3 and the UK Standard Contractual Clauses, the UK Standard Contractual Clauses shall prevail.
4. Mutual Understanding regarding Standard Contractual Clauses
Both you and PingCAP agree each of the following forms an integral part of the Standard Contractual Clauses and set out the mutual understanding of their respective obligations under the Standard Contractual Clauses.
4.1. For Clause 8.9 of the EU Standard Contractual Clauses and Clause 5(f) of the UK Standard Contractual Clauses, you acknowledge and agree to exercise your audit right under the respective clause according to Section 8 of the DPA;
4.2. For Clause 9(c) of the EU Standard Contractual Clauses and Clause 5(j) of the UK Standard Contractual Clauses, you acknowledge and agree that PingCAP may be restricted from providing sub-processor agreement(s) due to confidentiality obligation; and
4.3. For Clause 12 of the EU Standard Contractual Clauses and Clause 6 of the UK Standard Contractual Clauses, you acknowledge and agree that any liability and claims arising from the Standard Contractual Clauses shall be to the limitation set forth in Section 10 of the CSA.