This Oracle Customer Data Research and Development Privacy Policy (also referred to as the ‘Privacy Policy’ or ‘policy’) informs data subjects (‘you’) on the collection and use (collectively referred to as ‘processing’ or ‘process’) of your personal information in connection with Oracle‘s artificial intelligence and machine learning (“AI/ML”) activities in order to analyze, develop, and improve Oracle products and services, and for security and compliance purposes. This Privacy Policy also explains your privacy rights in relation to these processing activities.
This Privacy Policy was created on May 5, 2022. However, the Privacy Policy can change over time, for example to comply with legal requirements or to meet changing business needs. The most up-to-date version can be found on this site. In case there is an important change that we want to highlight to you, we will also inform you in another appropriate way (for example, via a pop-up notice or statement of changes on our website).
As used in this Privacy Policy, ‘personal information’ means information that relates to an identified individual or to an identifiable individual. For example, this could include among other things your name, address, email address, or information about your use of Oracle products and services, or your interactions with Oracle. Personal information about you that Oracle may process is also referred to as ‘information about you.’ For more detail about the types of information about you that Oracle may process, please refer to section 4 below.
Find out what categories of personal information Oracle processes.
Find out how Oracle obtains your personal information.
Find out how Oracle uses personal information.
Find out how Oracle discloses personal information within Oracle and with third parties.
Exercise your privacy rights (opt-out, deletion, correction, or access) by filling out our inquiry form.
Contact the Global Data Protection Officer with any questions or concerns.
This Privacy Policy applies to Oracle’s processing of personal information that Oracle has obtained from an Oracle customer when agreed to by contract with that customer to use such information for AI/ML processing for the purposes specified in this Privacy Policy. The following Oracle lines of business may process personal information under this policy: NetSuite.
Oracle America, Inc., having its registered address at 2300 Oracle Way, Austin, TX, 78741, USA, is responsible for processing your personal information in scope of this Privacy Policy.
For personal information sourced in the EU/EEA, Oracle America, Inc.’s EU representative is Oracle EMEA Limited, having its registered address at East Point Business Park, Fairview, Dublin 3, Ireland.
For personal information sourced in the UK, Oracle America, Inc.’s UK representative is Oracle Corporation UK Ltd, having its registered address at Oracle Parkway, Thames Valley Park (TVP), Reading, Berkshire, RG6 1RA, UK.
Personal information that can directly or indirectly identify you may include, for example:
Oracle may also collect customer and systems operations data, which may incidentally contain personal information:
In cases where the processing of personal information is not central to the purposes of processing for the below AI/ML activities, Oracle will limit the use of personal information when technically possible or feasible. ‘Dataset’ refers to a set of data that may contain this limited personal information.
We use personal information for the following business purposes:
These purposes are described below in further detail.
Oracle will use these datasets for internal research for technological development and demonstration and to improve, upgrade, or enhance Oracle products and services to provide more intelligent, automated and predictive functionalities.
Example: Oracle provides our eCommerce platform customers with flagging functionality that enables customers to see that inventory is low for a certain good in the customer’s product catalog. Using AI/ML processing under this Privacy Policy, Oracle can now help predict when the inventory may be low in the near future so the customer can take action before the inventory becomes low.
Oracle processes datasets to detect, prevent, or predict malicious, deceptive, fraudulent, or illegal activity on Oracle sites, networks, and systems, as well as on Oracle products and services used by our customers. AI/ML activities, subject to this policy, allow Oracle to provide more intelligent and predictive functionalities to investigate, prevent, or predict malicious activity, fraud, or bad actors.
In some cases, we may process personal information to comply with applicable laws and regulations. For example, to respond to a request from a regulator or to defend a legal claim. We may also process personal information in the operation of our business.
Example: Oracle may process the datasets to conduct audits and investigations, for finance and accounting, archiving and insurance purposes, or to process individual rights requests.
Personal information subject to this Privacy Policy is provided to Oracle from Oracle customers when agreed to by contract with the customer.
Oracle will process information about you as may be necessary for internal research for technological development and demonstration and to improve, upgrade, or enhance Oracle products and services based on our legitimate interests when such processing has a limited privacy impact on the individual.
Oracle will process information about you as may be necessary to detect, prevent, or predict malicious, deceptive, fraudulent, or illegal activity on Oracle sites, networks, and systems based on our legitimate interests in order for Oracle to safeguard such systems.
Oracle may also process personal information as necessary for compliance with our legal obligations.
Oracle maintains personal information provided by Oracle customers for processing to achieve the intended purposes described in this Privacy Policy for only as long as necessary, which is approximately 3 months but no longer than 12 months. Oracle will maintain evidence of access, opt-out, or deletion requests as long as necessary to document Oracle’s compliance with such requirements.
As a global organization, information about you can be shared with other Oracle entities globally throughout Oracle’s worldwide organization as needed for the purposes of processing.
Oracle employees are authorized to access personal information only to the extent necessary to serve the applicable purpose(s) and to perform their job functions.
We do not share or sell personal information subject to this Privacy Policy with third parties for any commercial purposes.
We may also share such personal information with the following third parties for a business purpose:
Oracle is a global corporation with operations in over 80 countries and personal information is processed globally as necessary in accordance with this policy. If personal information is transferred to an Oracle recipient in a country that does not provide an adequate level of protection for personal information under applicable data protection law in the country where such information was collected, Oracle will take adequate measures designed to protect the personal information, such as ensuring that such transfers are subject to EU Model Clauses or other adequate transfer mechanism as required under relevant data protection laws.
Oracle has implemented appropriate technical, physical and organizational measures designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing.
Pursuant to the E.U. General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Brazilian General Data Protection Law (LGPD) and other applicable laws and regulations, individuals in certain jurisdictions may have data subject rights enabling them to opt-out of third party sharing or selling, delete or remove, or request to access and receive a copy of their personal information in Oracle’s possession or for which Oracle is otherwise responsible. Please see the Privacy Choices page for more information.
Oracle provides rights to individuals to access, amend, correct, or delete data for personal information that directly identifies such individuals, such as their name or email address.
We will respond to your request consistent with applicable law. Oracle will not discriminate against consumers who have exercised the deletion, opt-out, or access rights provided to them in this Privacy Policy.
If you are a California resident, you may request that we:
1. disclose to you the following information:
2. delete personal information we collected under this Privacy Policy (see section 12); or
3. opt-out of any future sale of personal information about you, if applicable (see section 12).
We will respond to your request consistent with applicable law. If you are an authorized agent making an access or deletion request on behalf of a Californian resident, please reach out to us via the inquiry form and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a Californian resident.
If you are a California resident, you may obtain information about exercising your rights, as described above, by contacting us at 1-800-633-0748. For information on the CCPA requests Oracle received, complied with, or denied for the previous calendar year, please visit Oracle’s Annual Consumer Privacy Reporting page, available here.
We do not knowingly process personal information of children under 16 years of age or personal information that is sensitive or “special” under applicable data protection laws.
Oracle will not use the personal information processed under this policy to make decisions related to an individual’s eligibility for employment, credit, healthcare, or insurance purposes or to make decisions solely by automatic means where the decision has a legal or significant effect on the individual, or in any way that may or does discriminate against any person or promote bigotry, racism or harm.
Oracle has appointed a Global Data Protection Officer. If you believe your personal information has been used in a way that is not consistent with the Privacy Policy or your choices, or if you have further questions, comments or suggestions related to this Privacy Policy, or if you wish to exercise your right to access to your offline personal information as described in this Privacy Policy, please contact the Global Data Protection Officer by filling out an inquiry form.
Written inquiries to the Global Data Protection Officer may be addressed to:
Oracle Corporation
Global Data Protection Officer
Willis Tower
233 South Wacker Drive
45th Floor
Chicago, IL 60606
U.S.A.
If you have any complaints regarding our compliance with this Privacy Policy, please contact us by filling out an inquiry form. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Privacy Policy and in accordance with applicable law. You also have the right to file a complaint with a competent data protection authority if you are a resident of a European Union member state.
Oracle’s corporate headquarters are located at:
2300 Oracle Way
Austin, TX 78741
USA
Tel: +1.737.867.1000
Previous version: 01/14/22
Contact Oracle's Privacy Team regarding a marketing privacy-related question, comment, or issue.