New Relic’s Notice of Certification Under the Privacy Shield Framework

Updated July 29th, 2020

On July 16th 2020, the Court of Justice of the European Union (CJEU) invalidated Privacy Shield. However, the US Department of Commerce will continue to administer the Privacy Shield program and the CJEU decision does not relieve organizations such as New Relic of their Privacy Shield obligations. New Relic must therefore remain certified under Privacy Shield. Customers may download New Relic pre-signed DPA and consult the Data Processing Addendum FAQ.

At New Relic, we are committed to protecting your privacy. This Notice sets out the privacy principles we follow with respect to transfers of personal data from the European Economic Area (“EEA”), the United Kingdom and Switzerland to the United States, including personal data we receive from individuals residing in the EEA, the United Kingdom and Switzerland who visit our web [and mobile sites or apps] and/or who use any of our services or otherwise interact with us (“you”).

We comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal data transferred from the EU, the United Kingdom and Switzerland to the United States in reliance on Privacy Shield. New Relic, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles in respect of all personal data received from the EEA, the United Kingdom and Switzerland in reliance on the Shield.

The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.

For more information about the Privacy Shield generally, and to view our certification online, please visit: https://www.privacyshield.gov

If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Types of personal data we collect and use

The types of personal data we may receive in the United States, as well as the purposes for which we collect and use it, are set out in our Privacy Notice.

We will only process personal data in ways that are compatible with the purposes we collected it for, or purposes you later authorize. Before we use your personal data for a materially different purpose, we will provide you with the opportunity to opt-out.  

Transfers to third parties

Information about the types of third parties to which we disclose personal data and the purposes for which we do so is described in our our Privacy Notice.

If we have received your personal data in the United States and subsequently transfer that data to a third party acting as an agent, and such third-party agent processes your personal data in a manner inconsistent with the Privacy Shield Principles, we will remain responsible unless we can prove we are not responsible for the event giving rise to the damage.  

Disclosures for national security law or enforcement

Please note that under certain circumstances, New Relic may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Your right to access, limit use, and limit disclosure.

You may have the right to access personal data that we hold about you and request that we correct, amend, or delete if it is inaccurate or processed in violation of the Privacy Shield.  These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of a third party. If you would like to request access to, correction, amendment, or deletion of your personal data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity.

Your rights

To find out more about the choices and means available to you for limiting the use and disclosure of your personal data, please see the section entitled EEA Data Subject Rights and the section entitled Your Choices Regarding Your Personal Data in our our Privacy Notice.

Inquiries and complaints. If you believe New Relic maintains your personal data within the scope of our Privacy Shield certification, you may direct any inquiries or complaints concerning our Privacy Shield compliance to:

New Relic will respond within forty-five (45) days of receipt.

If we fail to respond within that time or if our response does not address your concern, you may contact JAMS, which provides an independent third-party dispute resolution body based in the United States by visiting this site: https://www.jamsadr.com/eu-us-privacy-shield JAMS has committed to respond to complaints to provide recourse at no cost to you.

You may have the possibility to engage in binding arbitration through the Privacy Shield Panel under certain circumstances. To find out more about the Privacy Shield’s binding arbitration scheme see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Changes to this notice

We reserve the right to Amend this Notice from time to time consistent with the Privacy Shield’s requirements.