Professional Documents
Culture Documents
Sprinklr Data Protection Compl
Sprinklr Data Protection Compl
• How the Sprinklr platform processes personal data We view emerging data protection laws, such as GDPR and CCPA, as an
opportunity for Sprinklr to strengthen our long-standing commitment to data
• Sprinklr’s approach to data protection
protection principles and practices.
• How we facilitate our customer’s data protection compliance. As a service provider and data processor for our customers, Sprinklr is committed
to supporting customers in their compliance with data protection requirements,
Sprinklr recognizes the importance of safeguarding the personal data we handle
including GDPR and CCPA.
on behalf of our customers. Data protection and information security are part of
the culture, values and everyday conduct at Sprinklr, and key to our strong and long-
lasting customer relationships.
Social Media Data – Content, including public posts and private messages to
the customer, that social media users send via customer’s social media profiles
(e.g., Facebook page) connected to the Sprinklr platform, and information that
users make publicly accessible on social media networks, which we collect
based on search queries defined by the customer.
More information is available in our Website Privacy Policy and the Sprinklr Social
Media Management Privacy.
With the caveat that Sprinklr is not a law firm and may not provide individual legal
advice to our customers, here’s how we view social media listening:
UNDER GDPR:
When media sources make user information publicly available, and available to
our customers – as they do in their terms – these media sources are responsible
for establishing a legal basis for publicizing and otherwise disclosing user
information.
Given media sources’ permission to access user data, our customers may rely
on their own “legitimate interest” to collect that user information via Sprinklr.
UNDER CCPA:
When media sources make user information publicly available, and available to our
customers – as they do in their terms – these media sources that are responsible
for providing notice and relevant choices to California users, including notice
of disclosure of their data to third parties (such as the public, our customers and
Sprinklr), and any applicable choice to limit such disclosure.
Customers can access and use the Sprinklr Privacy Center via the platform user
interface or an API.
The data subject rights Sprinklr supports reflect our role as a service provider/
processor – Sprinklr does not facilitate an opt-out of “sale” functionality because
we do not sell personal data.
Privacy-By-Design (PbD)
Cross-Border Data Transfer
To address PbD, Sprinklr considers privacy and information security when
Sprinklr is based in the U.S., and has operations in European Economic Area, UK,
developing and updating products and services that involve the processing
Australia, Brazil, Canada, India, Japan, and UAE.
of personal data.
We use Amazon Web Services (AWS) and Microsoft Azure servers located in the U.S.
We have implemented PbD throughout the development and engineering process,
and Europe to host the Sprinklr platform and to process and store customer data.
and made Sprinklr’s data protection team a key stakeholder in this process.
We offer customers the ability to host data at AWS and Azure in Europe
Employee Training
For transfers of data from the EU/EEA including for support and/or hosting, we:
Sprinklr makes every employee aware of their data protection and confidentiality
obligations. • explain in the DPA the privacy and information security protections we have
put in place
Every employee participates in mandatory data protection and information
security trainings and is formally obliged to data secrecy. • Use EU Standard Contractual Clauses as part of our DPA for transfers of
personal data
Further, we remain certified under EU-US Privacy Shield and the US Swiss Privacy
Shield frameworks.
Sprinklr’s information security controls are consistent with the types of personal
data that our platform processes – generally, consumer marketing and
engagement data such as email lists, social media posts, and publicly available
information. The platform is not intended for processing users’ government ID
information or sensitive personal data.