Privacy at Docker
Docker is subject to various privacy laws and regulations protecting our worldwide customer base. By complying with leading privacy laws and regulations, our mission is to create and maintain a safe, protective environment for developers to build and share applications.
Everyone has a right to privacy
Docker’s privacy program includes comprehensive policies and procedures related to data privacy and protecting personal data – personally identifiable information (PII). To keep your data safe, Docker complies with the leading privacy regulations such as the GDPR, CCPA, CPA, CTDPA, VCDPA, UCPA, and the APEC Privacy Framework.
Your data deserves protection
Building trust with our customers and developers is Docker’s top priority. Privacy is important for everyone. Docker has implemented safeguards to protect the data that we have been trusted by customers and developers to protect.
Customers have the option to sign Docker’s DPA Agreement. Customers and prospective customers may also check out Docker’s Whistic Profile, which has security and compliance documentation outlining and demonstrating Docker’s security and privacy posture.
Privacy FAQs
Is Docker GDPR compliant?
Is Docker CCPA-CPRA compliant? What about other state privacy regulations?
Does Docker have policies specific to Privacy?
Does Docker provide data privacy impact assessments (DPIAs) or transfer impact assessments (TIAs) for its products?
How does Docker evaluate sub-processors?
Data Processing Agreement FAQ
Does Docker make its DPA available to Customers?
What is the scope of Docker's DPA?
What Customers can be party to the DPA?
What is Docker's role as defined by our DPA?
As pursuant to Docker’s SSA, customers may not and may not allow any third party to upload, post, transmit or otherwise make available through images any Personally Identifiable Information (PII), trade secrets or sensitive or confidential information in violation of contractual, profession or other similar obligations.
However, in certain circumstances, Docker acts as a controller of personal data (e.g. for billing processes, to comply with applicable laws, to ensure the security of our Cloud Products etc.). Please refer to Section 2.2 as well as Exhibit A, Annex 1(B), Parts A and B of the DPA for further information.
Under the CCPA, Docker predominately acts as a service provider of personal information on behalf of our Customers in connection with the provision of our Cloud Products. Please refer to Section 2.5(b) of the DPA for further information.
Purposes for which we collect Personal Data
- to provide our websites and social media branded pages;
- to display personalized advertisements and content;
- to manage event registrations and attendance (including ensuring the health and safety of our visitors and employees);
- to send communications;
- to handle contact and user support requests;
- to provide and optimize the performance of our services;
- to bill for our services and manage our accounts (including usage and licensing compliance);
- to maintain the security of Salesforce and its services;
- to administer surveys and conduct research; and
- to comply with our legal obligations.
- For the list of purposes for which we Process your Personal Data, please see the full Privacy Statement
We only collect and process your Personal Data to the extent it is necessary for fulfilling these purposes and where we can rely on a legal basis for such processing as set out in our full Privacy Statement. Where required, we will ask you for your prior consent to processing.
Please review the “What Personal Data do we collect?” and “Purposes for which we process Personal Data and the legal bases on which we rely” sections in our full Privacy Statement for further details. Also, please review the “How long do we keep your Personal Data?” section to learn how long we store your Personal Data.
International Transfers of Personal Data
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates and third parties (as disclosed in the full Privacy Statement).
Does Docker utilize sub-processors?
Yes. Docker maintains a current list of sub-processors. Docker provides 30 days notice when a new sub-processor will be added.
Where is Customer Data stored?
What technical and organizational measures are in place to protect Customer Data?
Docker’s Compliance website details our compliance posture.
How does Docker handle requests from Data Subjects?
Docker provides a Privacy Request Form for all other Data Subject Requests.