Effective date: July 22, 2020
GitHub provides the same high standard of privacy protection—as described in GitHub’s Privacy Statement—to all our users and customers around the world, regardless of their country of origin or location, and GitHub is proud of the level of notice, choice, accountability, security, data integrity, access, and recourse we provide.
GitHub also complies with certain legal frameworks relating to the transfer of data from the European Economic Area, the United Kingdom, and Switzerland (collectively, “EU”) to the United States. When GitHub engages in such transfers, GitHub relies on Standard Contractual Clauses as the legal mechanism to help ensure your rights and protections travel with your personal information. In addition, GitHub is certified to the EU-US and Swiss-US Privacy Shield Frameworks. To learn more about the European Commission’s decisions on international data transfer, see this article on the European Commission website.
GitHub relies on the European Commission-approved Standard Contractual Clauses (“SCCs”) as a legal mechanism for data transfers from the EU. SCCs are contractual commitments between companies transferring personal data, binding them to protect the privacy and security of such data. GitHub adopted SCCs so that the necessary data flows can be protected when transferred outside the EU to countries which have not been deemed by the European Commission to adequately protect personal data, including protecting data transfers to the United States.
To learn more about SCCs, see this article on the European Commission website.
GitHub is certified to the EU-US and Swiss-US Privacy Shield Frameworks and the commitments they entail, although GitHub does not rely on the EU-US Privacy Shield Framework as a legal basis for transfers of personal information in light of the judgment of the Court of Justice of the EU in Case C-311/18.
The EU-US and Swiss-US Privacy Shield Frameworks are set forth by the US Department of Commerce regarding the collection, use, and retention of User Personal Information transferred from the European Union, the UK, and Switzerland to the United States. GitHub 已通过美国商务部遵守隐私盾原则的认证。 If our vendors or affiliates process User Personal Information on our behalf in a manner inconsistent with the principles of either Privacy Shield Framework, GitHub remains liable unless we prove we are not responsible for the event giving rise to the damage.
For purposes of our certifications under the Privacy Shield Frameworks, if there is any conflict between the terms in these Global Privacy Practices and the Privacy Shield Principles, the Privacy Shield Principles shall govern. 要详细了解隐私盾原则和查看我们的认证，请访问隐私盾网站。
The Privacy Shield Frameworks are based on seven principles, and GitHub adheres to them in the following ways:
- 我们让您选择如何处理您的数据。 将数据用于超出您许可范围的用途之前，我们会告诉您并征得您的同意。
- 我们将您的信息转移给替我们处理数据的第三方时，该第三方必须与我们签订合同，按照我们的隐私声明保护这些数据。 我们根据隐私盾原则将您的数据转移给供应商后，我们仍对这些数据负责。
- 您始终可以在用户个人资料中访问您提供的数据。 您可以在那里访问、更新、更改或删除您的信息。
As further explained in the Resolving Complaints section of our Privacy Statement, we encourage you to contact us should you have a Privacy Shield-related (or general privacy-related) complaint. For any complaints that cannot be resolved with GitHub directly, we have selected to cooperate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals, and with the Swiss Federal Data Protection and Information Commissioner (FDPIC) for resolving disputes with Swiss individuals. 如果您需要适用的数据保护当局联系人的信息，请联系我们。
在某些有限的情况下，如果所有其他形式的争议解决均未成功，作为最后手段，欧盟、欧洲经济区 (EEA)、瑞士和英国人士可以诉诸具有约束力的隐私盾仲裁。 要详细了解这种解决方法及其适用性，请认真阅读隐私盾。 仲裁不是强制性的；它是您可以选择使用的工具。
We are subject to the jurisdiction of the US Federal Trade Commission (FTC).