For those located in the European Union, we comply with the EU–US Privacy Shield Framework and the Swiss-US Privacy Shield. In addition, we are committed to subject any Personal Information we receive from the EU, EEA, Switzerland, and the United Kingdom to the Privacy Shield Principles. You may view our EU-US and Swiss certifications entry on the Privacy Shield List.
The Privacy Shield Framework is based on seven principles, and GitHub complies with them in the following ways:
- We let you know when we're collecting your personal information.
- We let you know, in our Privacy Statement, what purposes we have for collecting and using your information, who we share that information with and under what restrictions, and what access you have to your data.
- We let you know that we're participating in the Privacy Shield framework, and what that means to you.
- We have a Privacy contact form where you can contact us with questions about your privacy.
- We let you know about your right to invoke binding arbitration, provided at no cost to you, in the unlikely event of a dispute.
- We let you know that we are subject to the jurisdiction of the Federal Trade Commission.
- We let you choose what happens to your data. Before we use your data for a purpose other than the one for which you gave it to us, we will let you know and get your permission.
- We will provide you with reasonable mechanisms to make your choices.
- Accountability for Onward Transfer
- When we transfer your information to third party vendors that are processing it on our behalf, we are only sending your data to third parties, under contract with us, that will safeguard it consistently with our Privacy Statement. When we transfer your data to our vendors under Privacy Shield, we remain responsible for it.
- We share only the amount of data with our third party vendors as is necessary to complete their transaction.
- We will protect your personal information with all reasonable and appropriate security measures.
- Data Integrity and Purpose Limitation
- We only collect your data for the purposes relevant for providing our services to you.
- We collect as little information about you as we can, unless you choose to give us more.
- We take reasonable steps to ensure that the data we have about you is accurate, current, and reliable for its intended use.
- You are always able to access the data we have about you in your user profile. You may access, update, alter, or delete your information there.
- Recourse, Enforcement and Liability
- If you have questions about our privacy practices, you can reach us with our Privacy contact form and we will respond within 45 days at the latest.
- In the unlikely event of a dispute that we cannot resolve, you have access to binding arbitration at no cost to you. Please see our Privacy Statement for more information.
- We will conduct regular audits of our relevant privacy practices to verify compliance with the promises we have made.
- We require our employees to respect our privacy promises, and violation of our privacy policies is subject to disciplinary action up to and including termination of employment.
Please see our Privacy Statement for more information.