MathWorks Data Privacy FAQ
1. Does MathWorks publicly disclose its data privacy practices?
2. What data does MathWorks collect and use about me?
3. Does MathWorks ever sell or rent my personal data?
4. Does MathWorks store personal data in connection with use of its products?
It depends on how you have purchased MathWorks products, your license option, and whether you have an online MathWorks Account. For most customers and end users, MathWorks has your name and email address. If you’ve provided additional contact information, such as your mailing address and phone number, MathWorks stores that too. For license management purposes, MathWorks may store information about your computer, such as your computer host name. For end users who access the products through their organization with a license option that does not require a named account, MathWorks may not have any personal data.
5. Does MathWorks collect information about my web browser or network?
Like most software and online services, MathWorks’ website and products collect usage and device information. This information tells, for example, which web browsers people are using when they access the website. This information also helps to identify and correct problems in MathWorks software.
6. Does MathWorks store my code or models in connection with use of its products?
MathWorks does not store your MATLAB code, Simulink models, or other files unless you choose to use MathWorks cloud file storage.
7. Who can access my files in MathWorks cloud file storage?
Your files can be accessed only by you, unless you choose to share them. Even if you have an account through an organization, such as a company or university, others in your organization can see your files only if you choose to share them. Select MathWorks employees serving in certain information technology roles have access limited to deployment, backup, and recovery operations. These employees have signed confidentiality agreements.
8. Who can access my personal data?
If you are part of an organization that has a MathWorks license or subscription, your license administrator or faculty supervisor can access some of your data. This data includes the name and email address that you use for your MathWorks Account and relevant usage information. For license administrators, relevant usage information is related to license use and management, such as which MathWorks products you use and how often you access them. For faculty supervisors using MATLAB Grader and other online learning products and services, relevant usage information is related to learning for enrolled students, such as whether students have completed assignments. Your contact and account information can be accessed by employees at MathWorks who need access due to the nature of their work. All MathWorks employees are subject to company-wide policies about confidentiality and protection of personal information.
9. What measures does MathWorks use to protect my data?
MathWorks uses physical, technical, and administrative safeguards to protect customer data. These safeguards include data encryption, access-controlled facilities and systems, regular scanning and monitoring of networks and servers, and controls for data authentication and integrity. MathWorks has a dedicated security team that manages and implements these safeguards. All MathWorks employees are subject to company-wide policies about confidentiality and protection of personal information. For more information, see the MathWorks Trust Center.
10. In which countries does MathWorks store my data?
MathWorks maintains key business systems to support its ability to provide software and services, including systems for licensing, customer support, and billing. Structured customer data collected through such systems is stored in the United States and Ireland. Customer data collected by MathWorks in the context of a technical services and support engagement may be stored in the United States and Ireland as well as in the country where the MathWorks technical services and support personnel are located.
11. Does MathWorks train its staff on data protection?
Yes. MathWorks staff members are required to complete data privacy and security training annually.
12. Does MathWorks have an incident response plan?
Yes. MathWorks maintains a program for managing security incidents that includes documented roles and responsibilities, response procedures, reporting requirements, and a root cause analysis process. MathWorks conducts tabletop exercises to practice its response to information security incidents on a regular basis.
13. How does MathWorks handle data subject requests?
MathWorks uses a data subject request process that allows individuals to make requests about their personal data, including data deletion, correction, access, and portability. You may exercise these rights by submitting a Customer Support privacy request or contacting us at firstname.lastname@example.org. MathWorks responds to these requests within thirty days to either confirm that the request was fulfilled, or explain why and in what ways the request could not be fulfilled.
14. What does MathWorks do to comply with GDPR, CCPA/CPRA, and other data privacy laws?
MathWorks has a privacy compliance program for protection of data and adherence to fair information principles including lawfulness, fairness, transparency, purpose limitation, data minimization, storage limitation, accountability for onward transfer, security, data integrity, confidentiality, recourse, enforcement and liability. Some of the specific measures MathWorks has taken include becoming part of the Better Business Bureau’s program to provide an independent recourse mechanism for customers to address any complaints or issues about their data; entering into data protection contracts for compliance with GDPR and other applicable laws; reviewing and documenting data usage and workflows; and regularly assessing data protection practices.
15. What does MathWorks do to help customers comply with HIPAA, PCI-DSS, and other industry-specific laws and standards?
MathWorks provides data security and privacy safeguards, as described above, but customers are responsible for their compliance with laws and standards that apply to them. If you have specific statutory or regulatory requirements for data storage, MathWorks suggests using your own storage rather than the online storage that MathWorks provides.
16. What legal mechanisms does MathWorks use for cross-border data transfer?
MathWorks uses a combination of contractual clauses detailing the transfer; standard clauses required by law, such as the EU Standard Contractual Clauses (SCCs); risk assessments; and technical and organizational data protection safeguards.
17. Where can I find additional information about transfers of data to third parties?
MathWorks remains certified under the EU-US and Swiss-US Privacy Shield Frameworks because the U.S. Department of Commerce continues to administer and enforce the Privacy Shield program. This certification requires that we include Privacy Shield information in our PrivacyPolicy. We continue to use appropriate safeguards under both Privacy Shield and GDPR with respect to EEA personal data.
MathWorks does not rely on Privacy Shield as a legal basis for transfers of data under GDPR. For transfers of such data outside the EU, we typically rely on the EU SCCs.
19. How does MathWorks comply with the requirements of the Schrems II decision of the Court of Justice of the European Union (CJEU)?
The Schrems II decision, and the associated guidance from the European Data Protection Board, indicates that transfers of personal data from the EU to third countries require both a valid transfer mechanism (as described above), and a risk assessment including any supplementary measures needed to provide an adequate level of data protection for the transfer. In the US, the CJEU in Schrems II identified two laws, FISA Section 702 (50 U.S.C. 1881a) and Executive Order 12333, as potentially requiring disclosures of personal data that would be incompatible with the level of data protection required by the European Union.
Neither FISA 702 nor EO 12333 is directly applicable to MathWorks, and MathWorks has no reason to believe that these laws would be interpreted or applied to cover its transfers of personal data. The nature of the personal data transferred (primarily contact information and business information) and the nature of the processing (facilitating access to technical computing software) make it unlikely that any such personal data would be requested or would be useful for surveillance purposes.