Other Covered Entities

CrowdStrike, Inc.


  • Information and Communications Technology
  • Cybersecurity


UK Extension to the EU-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 10/5/2023
Next Certification Due Date: 10/9/2024
Data Collected: HR, NON-HR

EU-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 10/28/2016
Next Certification Due Date: 10/9/2024
Data Collected: HR, NON-HR

Swiss-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 10/24/2017
Next Certification Due Date: 10/9/2024
Data Collected: HR, NON-HR

Purpose of Data Collection

CrowdStrike processes HR Data received in reliance on the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF for the following purposes: administration of the employment relationship, providing payments and benefits, managing daily job activities, compliance with laws and regulations (including health and safety obligations) and CrowdStrike policies and procedures, monitoring job performance, security and fraud prevention, compliance with corporate responsibilities, audit requirements, cost and budgeting analysis and controls. CrowdStrike processes the following HR Data: name, other identification data, bank account details, information related to the job, health-related information, salary and benefits, equity compensation and information related to use of company equipment and resources, communications, performance, and any disciplinary actions. CrowdStrike discloses HR Data to group companies, service providers, business partners, customers, government agencies and regulators (e.g., tax authorities), social insurance carriers, courts, and government authorities, and to external advisors acting as controllers (e.g., lawyers, accountants, auditors etc.), including in connection with a change in ownership or control of CrowdStrike. CrowdStrike processes personal data as both a Data Controller and as a Data Processor. As a Controller, CrowdStrike processes business contact information, audio, electronic & visual information, or other personal data provided to CrowdStrike when an individual visits our Websites or Web Portals. CrowdStrike processes this personal data for business & operational purposes, marketing & commercial purposes, security purposes, and legal and compliance purposes. As a Processor, to the extent CrowdStrike processes personal data via our Offerings, this is generally done under the authority and direction of customers and done in order to provide the Offering. Further information is available in Section 2 of the Privacy Notice. CrowdStrike's Privacy Notice is available at: https://www.crowdstrike.com/privacy-notice/

Privacy Policy

HR Data


This Policy describes how CrowdStrike complies with DPF for Employee Personal Data.

Effective Date: 10/10/2023

Non-HR Data

Document: Privacy Notice

CrowdStrike's non-HR data privacy notice

Effective Date: 10/10/2023

Verification Method

TRUSTe Dispute Resolution

Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact CrowdStrike Holdings, Inc. at:

Drew Bagley
VP & Counsel, Privacy & Cyber Policy
CrowdStrike Holdings, Inc.
2450 Crystal Dr Suite 1015, Arlington, VA 22227
150 Mathilda Pl Ste 300
Sunnyvale, California 94086-6012

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from CrowdStrike Holdings, Inc. to your question or complaint, please contact the independent recourse mechanism listed below


Appropriate statutory body with jurisdiction to investigate any claims against CrowdStrike Holdings, Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission