Oracle Facilities and Physical Security Privacy Policy

1. Introduction

This Oracle Facilities and Physical Security Privacy Policy (also referred to as the “Privacy Policy”) provides information on the collection, use, and sharing (collectively referred to as “processing” or “process”) of personal information by Oracle Corporation and its affiliates (“Oracle”, “we” or “us”) through the use of Facial Recognition technology (“FR technology”) as part of our safety and security measures in select Oracle campuses and facilities in the United States.

This Privacy Policy was last updated on February 21, 2025. However, the Privacy Policy can change over time, for example to comply with legal requirements or to meet changing business, safety, and security needs. The most up-to-date version can be found on this website. In case there is an important change that we want to highlight to you, we will also inform you in another appropriate way (for example via a statement of changes on our website).

As used in this Privacy Policy, “personal information” or “personal data” means information that relates to an identified individual or to an identifiable individual. Personal information is also referred to as “information about you.” For more detail about the types of information about you that we may process, please refer to Section 3 below.

2. Scope

This Privacy Policy applies to the processing of personal information about you collected through FR technology as you enter and pass through select Oracle campuses and facilities in the United States. When such FR technology is in use, Oracle will post notices notifying visitors with a link to this Privacy Policy at the entrances to these campuses and facilities. As of the date of this Privacy Policy, above, the FR technology in scope is only being used in such campuses and facilities in the following state(s): California.

3. Which categories and specific pieces of personal information do we process?

The FR technology creates a mapping of various points on an individual’s face and converts that information into a numeric representation (a “template”). For certain individuals (e.g., Oracle employees or contractors who work in an in scope building; known unauthorized persons) a stored template may be created from a photo (e.g., a photo taken to specifically enroll someone in the FR technology system or a security badge photo) (“stored templates”). Additionally, live video feeds from security cameras are sent to FR technology to create templates (“live templates”), which are compared against stored templates in real time to determine if unauthorized individuals are detected.

Specific pieces of information about you that Oracle may collect and process, include:

  • Records of facial templates created from photos, video footage from closed circuit television (“CCTV”) cameras, or other footage; and
  • Images and video footage captured in relation to security and safety incidents.

4. Why and how do we use your personal information?

We may use personal information for the following business purposes:

  • To manage and maintain the security and operation of our campuses and facilities;
  • To restrict access to authorized individuals to certain areas;
  • To investigate security incidents; and
  • To comply with applicable laws and regulations and to operate our business.

5. For what period do we retain personal information?

Oracle maintains personal information for the following retention periods:

  • A live template generated from security camera footage for matching purposes is deleted in near real-time once the matching analysis is completed; and
  • Images and video footage captured in relation to security and safety incidents are retained for a period of 90 days or as long as the investigation related to the incident remains open.

6. When and how can we disclose your personal information?

We may disclose personal information with the following third parties for a business purpose:

  • Third-party service providers (for example, information technology and related infrastructure provision, auditing, security, and other similar service providers) in order for those service providers to perform business functions on behalf of Oracle;
  • Relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings); and
  • As required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.

When third parties are given access to personal information, we will take appropriate contractual, technical and organizational measures designed to ensure that personal information is processed only to the extent that such processing is necessary, consistent with this Privacy Policy, and in accordance with applicable law.

We do not sell or share any personal information described in this Privacy Policy.

7. How is your personal information secured?

Oracle has implemented appropriate technical, physical and organizational measures designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing.

8. What are your privacy rights?

You can exercise your privacy rights in accordance with applicable laws by filling out our inquiry form. Under the California Consumer Privacy Act (CCPA), as amended, California residents may request that we:

  • 1. disclose to you the following information:
    • the categories and specific pieces of personal information we collected about you and the categories of personal information we sold (see Section 3);
    • the categories of sources from which we collected such personal information (see Section 3);
    • the business or commercial purpose for collecting or selling personal information about you (see Section 4); and
    • the categories of third parties to whom we sold or otherwise disclosed personal information (see Section 6).
  • 2. delete personal information we collected from you or correct inaccurate personal information about you (see Section 8); or
  • 3. opt-out of any future sale of personal information about you (see Section 8).

We will respond to your request consistent with applicable law and related exceptions. If you are an authorized agent making an access or deletion request on behalf of a Californian resident, please reach out to us via the inquiry form and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a Californian resident.

If you are a California resident, you may obtain information about exercising your rights, as described above, by contacting us at 1-800-633-0748. For information on the CCPA requests Oracle received, complied with, or denied for the previous calendar year, please visit Oracle’s Annual Consumer Privacy Reporting page, available here.

9. Filing a complaint

If you have any complaints regarding our compliance with this Privacy Policy, please contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Privacy Policy and in accordance with applicable law.

10. Oracle Corporate Headquarters

Oracle’s corporate headquarters are located at:
2300 Oracle Way
Austin, TX 78741
USA
Tel: +1.737.867.1000

Get started

Privacy Inquiries

Contact Oracle's Privacy Team regarding a marketing privacy-related question, comment, or issue.