Privacy Notice

Last Updated: November 1, 2018

This Privacy Notice describes how we collect and use your personal information in relation to AWS websites, applications, products, services, events, and experiences that reference this Privacy Notice (together, “AWS Offerings”).

This Privacy Notice does not apply to the “content” processed, stored, or hosted by our customers using AWS Offerings in connection with an AWS account. See the agreement governing your access to your AWS account and the AWS Data Privacy FAQ for more information about how we handle content and how our customers can control their content through AWS Offerings. This Privacy Notice also does not apply to any products, services, websites, or content that are offered by third parties or have their own privacy notice.

Personal Information We Collect

We collect your personal information in the course of providing AWS Offerings to you.

Here are the types of information we gather:

  • Information You Give Us: We collect any information you provide in relation to AWS Offerings. Click here to see examples of information you give us.
  • Automatic Information: We automatically collect certain types of information when you interact with AWS Offerings. Click here to see examples of information we collect automatically.
  • Information from Other Sources: We might collect information about you from other sources, including service providers, partners, and publicly available sources. Click here to see examples of information we collect from other sources.

How We Use Personal Information

We use your personal information to operate, provide, and improve AWS Offerings. Our purposes for using personal information include:

  • Provide AWS Offerings: We use your personal information to provide and deliver AWS Offerings and process transactions related to AWS Offerings, including registrations, subscriptions, purchases, and payments.
  • Measure, Support, and Improve AWS Offerings: We use your personal information to measure use of, analyze performance of, fix errors in, provide support for, improve, and develop AWS Offerings.
  • Recommendations and Personalization: We use your personal information to recommend AWS Offerings that might be of interest to you, identify your preferences, and personalize your experience with AWS Offerings.
  • Comply with Legal Obligations: In certain cases, we have a legal obligation to collect, use, or retain your personal information. For example, we collect bank account information from AWS Marketplace sellers for identity verification.
  • Communicate with You: We use your personal information to communicate with you in relation to AWS Offerings via different channels (e.g., by phone, email, chat) and to respond to your requests.
  • Marketing: We use your personal information to market and promote AWS Offerings. We might display interest-based ads for AWS Offerings. To learn more, please read our Interest-Based Ads notice
  • Fraud and Abuse Prevention and Credit Risks: We use your personal information to prevent and detect fraud and abuse in order to protect the security of our customers, AWS, and others. We may also use scoring methods to assess and manage credit risks.
  • Purposes for Which We Seek Your Consent: We may also ask for your consent to use your personal information for a specific purpose that we communicate to you.

Cookies

To enable our systems to recognize your browser or device and to provide AWS Offerings to you, we use cookies. For more information about cookies and how we use them, please read our Cookies Notice.

How We Share Personal Information

Information about our customers is an important part of our business and we are not in the business of selling our customers’ personal information to others. We share personal information only as described below and with Amazon.com, Inc. and the subsidiaries that Amazon.com, Inc. controls that are either subject to this Privacy Notice or follow practices at least as protective as those described in this Privacy Notice.

  • Transactions Involving Third Parties: We make available to you services, software, and content provided by third parties for use on or through AWS Offerings. You can tell when a third party is involved in your transactions, and we share information related to those transactions with that third party. For example, you can order services, software, and content from sellers using the AWS Marketplace and we provide those sellers information to facilitate your subscription, purchases, or support.
  • Third-Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include: delivering AWS hardware, sending communications, processing payments, assessing credit and compliance risks, analyzing data, providing marketing and sales assistance (including advertising and event management), conducting customer relationship management, and providing training. These third party service providers have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process that information in accordance with this Privacy Notice and as permitted by applicable data protection law.
  • Business Transfers: As we continue to develop our business, we might sell or buy businesses or services. In such transactions, personal information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the individual consents otherwise). Also, in the unlikely event that AWS or substantially all of its assets are acquired, your information will of course be one of the transferred assets.
  • Protection of Us and Others: We release account and other personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and other agreements, or protect the rights, property, or security of AWS, our customers, or others. This includes exchanging information with other companies and organizations for fraud prevention and detection and credit risk reduction.
  • At Your Option: Other than as set out above, you will receive notice when personal information about you might be shared with third parties, and you will have an opportunity to choose not to share the information.

Location of Personal Information

Amazon Web Services, Inc. is located in the United States, and our affiliated companies are located throughout the world. Depending on the scope of your interactions with AWS Offerings, your personal information may be stored in or accessed from multiple countries, including the United States. Whenever we transfer personal information to other jurisdictions, we will ensure that the information is transferred in accordance with this Privacy Notice and as permitted by applicable data protection laws.

How We Secure Information

At AWS, security is our highest priority. We design our systems with your security and privacy in mind.

  • We maintain a wide variety of compliance programs that validate our security controls. Click here to learn more about our compliance programs.
  • We protect the security of your information during transmission to or from AWS websites, applications, products, or services by using encryption protocols and software.
  • We follow the Payment Card Industry Data Security Standard (PCI DSS) when handling credit card data.
  • We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information. Our security procedures mean that we may request proof of identity before we disclose personal information to you.

Internet Advertising and Third Parties

AWS Offerings may include third-party advertising and links to other websites and applications. Third party advertising partners may collect information about you when you interact with their content, advertising, or services. For more information about third-party advertising, including interest-based ads, please read our Interest-Based Ads notice.

Access and Choice

You can view, update, and delete certain information about your account and your interactions with AWS Offerings. Click here for a list of examples of information that you can access. If you cannot access or update your information yourself, you can always contact us for assistance.

You have choices about the collection and use of your personal information. Many AWS Offerings include settings that provide you with options as to how your information is being used. You can choose not to provide certain information, but then you might not be able to take advantage of certain AWS Offerings.

  • Account Information: If you want to add, update, or delete information related to your account, please go to the AWS Management Console. When you update or delete any information, we usually keep a copy of the prior version for our records.
  • Communications: If you do not want to receive promotional messages from us, please unsubscribe or adjust your communication preferences in the AWS Management Console or the AWS Email Preference Center. If you do not want to receive in-app notifications from us, please adjust your notification settings in the app or your device.
  • Advertising: If you don’t want to see interest-based ads, please adjust your Advertising Preferences.
  • Browser and Devices: The Help feature on most browsers and devices will tell you how to prevent your browser or device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
  • Sellers and Amazon Partners: Sellers and Amazon Partner Network members can add, update, or delete information in the AWS Marketplace and APN Partner Central, respectively.

Children’s Personal Information

We don’t provide AWS Offerings for purchase by children. If you’re under 18, you may use AWS Offerings only with the involvement of a parent or guardian.

Retention of Personal Information

We keep your personal information to enable your continued use of AWS Offerings, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice, as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you. How long we retain specific personal information varies depending on the purpose for its use, and we will delete your personal information in accordance with applicable law.

Contacts, Notices, and Revisions

If you have any concern about privacy at AWS or want to contact one of our data controllers, please contact us with a thorough description, and we will try to resolve it. You may also contact us at the addresses below:

  • For any prospective or current customers of Amazon Web Services, Inc., our mailing address is: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, ATTN: AWS Legal
  • For any prospective or current customers of Amazon Web Services EMEA SARL, our mailing address is: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg, ATTN: AWS EMEA Legal
  • For any prospective or current customers of Amazon Internet Services Private Limited, our mailing address is: Amazon Internet Services Private Limited, Ground Floor, Eros Corporate Towers, Nehru Place, New Delhi, 110 019, India, ATTN: AISPL Legal

If you interact with AWS Offerings on behalf of or through your organization, then your personal information may also be subject to your organization’s privacy practices, and you should direct privacy inquiries to your organization.

Our business changes constantly, and our Privacy Notice may also change. You should check our website frequently to see recent changes. You can see the date on which the latest version of this Privacy Notice was posted. Unless stated otherwise, our current Privacy Notice applies to all personal information we have about you and your account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of personal information collected in the past without informing affected customers and giving them a choice.

EU-US and Swiss-US Privacy Shield

Amazon Web Services, Inc. participates in the EU-US and Swiss-US Privacy Shield frameworks. Click here to learn more.

Additional Information for Certain Jurisdictions

We provide additional information about the privacy, collection, and use of personal information of prospective and current customers of AWS Offerings located in certain jurisdictions.

  • Cananda

    For any prospective or current customers of AWS Offerings in Canada:

    Your Rights. Subject to applicable law, you have the right to:

    • ask whether we hold personal information about you and request copies of such personal information and information about how it is processed;
    • request that inaccurate personal information is corrected;
    • request deletion of personal information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements; and
    • lodge a complaint with us regarding our practices related to your personal information.

    You can exercise your rights of access, rectification, erasure, restriction, or complaint by contacting us. If you wish to do any of these things and you are an AWS customer, please contact us. If you are not an AWS customer, please contact us at the address stated under Notice and Revisions above.

  • European Economic Area

    For any prospective or current customers of AWS Offerings in the European Economic Area (EEA):

    Controller of Personal Information. Amazon Web Services EMEA SARL, 5 rue Plaetis, L-2338 Luxembourg, is the data controller of personal information collected or processed through AWS Offerings. Amazon Web Services EMEA SARL, is the authorized representative of Amazon Web Services, Inc. in the EEA.

    Processing. We process your personal information on one or more of the following legal bases:

    • as necessary to enter into a contract with you or a legal entity you represent, to perform our contractual obligations, to provide AWS Offerings, to respond to requests from you, or to provide customer support;
    • where we have a legitimate interest, as described in this Privacy Notice (see How We Use Personal Information above);
      as necessary to comply with relevant law and legal obligations, including to
    • respond to lawful requests and orders; or
    • with your consent.

    Your Rights. Subject to applicable law, you have the right to:

    • ask whether we hold personal information about you and request copies of such personal information and information about how it is processed;
    • request that inaccurate personal information is corrected;
    • request deletion of personal information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements;
    • request us to restrict the processing of personal information where the processing is inappropriate;
    • object to the processing of personal data;
      request portability of personal information that you have provided to us (which does not include information derived from the collected information), where the processing of such personal information is based on consent or a contract with you and is carried out by automated means; and 
    • lodge a complaint with our principal supervisory authority, the Commission Nationale pour la Protection des Données in Luxembourg www.cnpd.lu, or with a local authority.

    You can exercise your rights of access, rectification, erasure, restriction, objection, and data portability by contacting us. If you wish to do any of these things and you are an AWS customer, please contact us. If you are not an AWS customer, please contact us at the address under Notice and Revisions above.

    When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.

    Cookies. Please refer to our Cookies Notice.

    Transfers outside of the EEA. When we transfer your personal information outside the EEA we do so in accordance with the terms of this Privacy Notice and applicable data protection law. This may include the transfer of data in accordance with the EU-US and Swiss-US Privacy Shield frameworks (for transfers to the US) or pursuant to data transfer agreements that incorporate the Standard Contractual Clauses approved by the EU Commission.

  • Japan

    For any prospective or current customers of AWS Offerings in Japan:

    Any personal information provided to or gathered by Amazon Web Services Japan K.K. is controlled primarily by Amazon Web Services Japan K.K. Any personal information collected by Amazon Web Services, Inc. is controlled primarily by Amazon Web Services, Inc. We use information in accordance with this Privacy Notice jointly with our domestic and foreign subsidiaries of Amazon.com, Inc., including Amazon Web Services, Inc., Amazon Web Services Japan K.K., Amazon Web Services EMEA SARL, and other global entities. Amazon Web Services Japan K.K. is the business operator primarily responsible for managing jointly used information. We might create de-identified information using your email address, name, address, customer ID, order ID, session ID, and other information.

  • South Korea

    For any prospective or current customers of AWS Offerings in South Korea:

    AWS has contracts in place with the following third party service provider(s) to perform functions on behalf of AWS in Korea, and they may have access to your personal information as needed to perform their functions described below:

    Name of Party 

    Description of Function

    Marketo

    Customer communications

    Salesforce

    Customer relationship management

    PaymentTech

    Payment instrument processing

    When deleting personal information, AWS will take standard commercially reasonable measures to make the personal information practically irrecoverable or irreproducible. The specific manner of deletion will depend on the information being deleted, how the information was collected and stored, and your interactions with us. Electronic documents or files containing personal information will be deleted using a technical method that makes recovery or retrieval of such information practically impossible or renders the data no longer personally identifiable. Non-electronic documents or files containing personal information will be shredded, incinerated, or both.

    If you have any privacy questions or requests please contact:

    AWS Korea Privacy
    Email: aws-korea-privacy@amazon.com

Examples of Information Collected

Information You Give Us

You provide information to us when you:

  • search for, subscribe to, or purchase AWS Offerings;
  • create or administer your AWS account (and you might have more than one account if you have used more than one email address when using AWS Offerings);
  • configure your settings for, provide data access permissions for, or otherwise interact with AWS Offerings; 
  • register for or attend an AWS event;
  • purchase or use content, products, or services from third-party providers through the AWS Marketplace (or other similar venues operated or provided by us);
  • offer your content, products, or services on or through AWS Offerings or the AWS Marketplace (or other similar venues operated or provided by us);
  • communicate with us by phone, email, or otherwise; 
  • complete a questionnaire, a support ticket, or other information request forms; 
  • post on AWS websites or participate in community features; and
  • employ notification services.

Depending on your use of AWS Offerings, you might supply us with such information as:

  • your name, email address, physical address, phone number, and other similar contact information;
  • payment information, including credit card and bank account information;
  • information about your location;
  • information about your organization and your contacts, such as colleagues or people within your organization;
  • usernames, aliases, roles, and other authentication and security credential information;
  • content of feedback, testimonials, inquiries, support tickets, and any phone conversations, chat sessions and emails with or to us; 
  • your image (still, video, and in some cases 3-D), voice, and other identifiers that are personal to you when you attend an AWS event or use certain AWS Offerings;
  • information regarding identity, including government-issued identification information; 
  • corporate and financial information; and
  • VAT numbers and other tax identifiers.
Automatic Information

We collect information automatically when you:

  • visit, interact with, or use AWS Offerings (including when you use your computer or other device to interact with AWS Offerings); 
  • download content from us;
  • open emails or click on links in emails from us; and
  • interact or communicate with us (such as when you attend an AWS event or when you request customer support).

Examples of the information we automatically collect include:

  • network and connection information, such as the Internet protocol (IP) address used to connect your computer or other device to the Internet and information about your Internet service provider; 
  • computer and device information, such as device, application, or browser type and version, browser plug-in type and version, operating system, or time zone setting; 
  • the location of your device or computer;
  • authentication and security credential information;
  • content interaction information, such as content downloads, streams, and playback details, including duration and number of simultaneous streams and downloads; 
  • AWS Offerings metrics, such as offering usage, occurrences of technical errors, diagnostic reports, your settings preferences, backup information, API calls, and other logs; 
  • the full Uniform Resource Locators (URL) clickstream to, through, and from our website (including date and time) and AWS Offerings, content you viewed or searched for, page response times, download errors, and page interaction information (such as scrolling, clicks, and mouse-overs);
  • email addresses and phone numbers used to contact us; and
  • identifiers and information contained in cookies (see our Cookies Notice).  
Information from Other Sources

Examples of information we receive from other sources include:

  • marketing, sales generation, and recruitment information, including your name, email address, physical address, phone number, and other similar contact information; 
  • subscription, purchase, support, or other information about your interactions with products and services offered by us, our affiliates (such as AWS training courses), or third parties (such as products offered through the AWS Marketplace) in relation to AWS Offerings; 
  • search results and links, including paid listings (such as Sponsored Links); and 
  • credit history information from credit bureaus.
Information You Can Access

Examples of information you can access through AWS Offerings include:

  • your name, email address, physical address, phone number, and other similar contact information; 
  • usernames, aliases, roles, and other authentication and security credential information;
  • your subscription, purchase, usage, billing, and payment history; 
  • payment settings, such as payment instrument information and billing preferences;
  • tax information; 
  • email communication and notification settings; and 
  • if you participate in the AWS Marketplace or Amazon Partner Network (or other similar venues operated or provided by us), your account, your status, subscriptions, and other information.

Customers can access the information above through AWS Offerings, such as the AWS Management Console (including the My Account, Billing Dashboard, Bills, Payment Methods, Payment History, Preferences and Tax Settings pages), the AWS Email Preference Center, AWS Marketplace, and APN Partner Central.