EU data protection & GDPR
When you use our services you entrust us with your valuable information. We have made it a priority to protect your data and to provide you with choices about controlling it. We understand that there are particular concerns from companies in the EU about how we use and protect your data, so we put this page together as a guide to answer some of the most common questions you may have.
Data Processing Agreement
We offer a data processing agreement (DPA) for our customers that operate in the EU. Our DPA offers contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our clients. To ensure no inconsistent or additional terms are imposed on us beyond that reflected in our standard DPA and model clauses, we cannot agree to sign customers’ DPAs. As a small team we also can’t make individual changes to our DPA since we don’t have a legal team on staff. Any changes to the standard DPA would require legal counsel and a lot of back and forth discussion that would be cost prohibitive for our team. Our Data Processing Addendum (DPA) is available here.
Standard Contractual Clauses & Privacy Shield
On July 16, 2020, the Court of Justice for the European Union ruling on the “Schrems II” case invalidated the Privacy Shield as an accepted measure for transferring personal data between the EU and the US. As a result, we have incorporated the Standard Contractual Clauses (SCCs) into our DPA to provide an additional safeguard for your personal data. In addition, we continue to comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework with respect to the transfer of personal data from the EEA or Switzerland, to our servers which are located In the US. These frameworks were designed to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the EEA and Switzerland to the United States. You can view our Privacy Shield Policy here.
We engage with sub-processors to process personal data for the permitted purpose of providing the SimpleMDM service. Below is a listing of the sub-processors we utilize and the purpose for each engagement.
Amazon Web Services: Cloud infrastructure
BunnyCDN: Cloud infrastructure
Cloudflare: Cloud infrastructure
Datadog: Cloud infrastructure
Google Analytics / Adwords: Analytics, metrics, and marketing
Google Cloud: Cloud infrastructure
Google GSuite: Email
HubSpot: Customer support
Microsoft Office 365: Email
NewRelic: Service performance monitoring
ProfitWell: Financial analytics
Sentry: Cloud infrastructure
Stripe: Payment processing
Twilio: Cloud infrastructure
UserVoice: Customer support
ZenDesk: Customer support
If you have questions about your business and the GDPR, we highly encourage you to seek legal counsel. However, if there’s a SimpleMDM-specific GDPR question or request, please contact us by email at email@example.com.