Esri values the privacy of our customers, distributors, and business partners, as it is a principal component of establishing trust. Esri has created a general company Privacy Statement and a separate supplement to ensure our customers receive the level of privacy they deserve and expect. The privacy statements describe how Esri collects data and uses information you provide to us and are independently validated.
Recent privacy advancements
Esri works diligently to ensure we provide a trustworthy environment for our customers; therefore, we are continuously making new privacy advancements to ensure we meet evolving requirements around the world including:
- Data Processing Addendum (DPA) updated to include Supplementary Measures
- ArcGIS Online HIPAA Eligable Services
- Expansion of Trust Center Privacy—Separate pages for GDPR, CCPA, and HIPAA
Esri has decided to withdraw from the Privacy Shield Framework following the decision by the Court of Justice of the European Union invalidating it. To continue compliance with European and Swiss Privacy regulations, Esri will rely on Standard Contractual Clauses and supplementary measures as part of its Data Processing Addendum to protect transferred Personal Data from the European Economic Area, the United Kingdom and Switzerland to the United States. Esri continues engaging trusted third parties to validate our adherence to privacy principles.
Esri privacy statement
Esri provides a baseline of privacy assurance within the general Esri Privacy Statement. Esri's marketing sites and other public websites are governed by the general Esri Privacy Statement. The Privacy Statement answers the following questions:
- What personal information does Esri collect and receive?
- Why is Esri collecting my personal information?
- With whom does Esri share my personal information?
- Is my personal information secured?
- What are my privacy choices?
- Can I access and update my personal information?
- Will Esri modify its Privacy Statement?
- How can I contact Esri regarding the Privacy Statement?
To learn more about our company's general privacy assurance please review the Esri Privacy Statement
Esri products and services privacy statement supplement
Esri's supplement clarifies that the use of information to which it may be provided access in order to deliver product and services, is more limited than the use of information covered by the general Esri Privacy Statement.
Key offerings that fall within the scope of products and services include ArcGIS Online, Esri Managed Cloud Services, Customer Support, and Professional Service engagements. Customers who utilize organization (cost based) accounts, of products and services such as ArcGIS Online, expect a higher level of privacy assurance which is reflected in the Products & Services Privacy Statement Supplement, whereas consumers of public accounts are provided the privacy assurance level of the Esri Privacy Statement.
The Products & Services Privacy Statement Supplement provides clarity concerning:
- Customer Data is owned by the customer and is treated as confidential
- Collection and handling of Support Data when engaging with Esri support
- Not storing credit card payment instrument number information within Esri systems
- Non-anonymous products frequently require necessary cookies
- Ability to configure on-premises products to not collect or transmit data to Esri
- Constraints in place for limiting disclosure of data
- Data provided to Esri in connection with products & services are controlled by the more restrictive terms of the Products & Services Privacy Statement Supplement
ArcGIS Online privacy assurance
ArcGIS Online privacy assurance is boosted by the Products & Services Privacy Statement Supplement as well as the following additional items:
- Our cloud infrastructure providers are ISO 27018 (Cloud Privacy) compliant and Esri has executed EU Model Clause addendums with them
- Security and privacy assurance of FedRAMP third-party validation and mapping to ISO27k
- Customers maintain full ownership of their customer content
- Customer may choose not to store personal information in ArcGIS Online
- Customers can choose to limit storage of personal information to their own infrastructure with a hybrid deployment model
- Esri collects minimal personal information in order for customers to use ArcGIS Online
ArcGIS Online utilizes the cloud infrastructure of Microsoft Azure and Amazon Web Services (AWS); therefore, customer data may flow through these systems or be stored within them. Applicable privacy policies are provided below for your ease of reference:
