The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that went into effect on May 25, 2018, designed to give EU citizens more control over their data and to unify data privacy regulations within the EU. It sets forth requirements on how companies collect, store, delete, update or otherwise process personal data of individuals living within the European Union and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. Additional information about the GDPR can be found at the European Commission Website.
Membean has reviewed and closely analyzed the requirements of the GDPR and continues to monitor new guidance on best practices for its implementation. We are updating our services, contracts and policies to ensure that we are in compliance with the GDPR that went into effect on May 25, 2018.
The following resources may be helpful in further understanding our commitment to the GDPR:
A sub-processor is a third-party data processor retained by Membean, who has or potentially will have access to Service Data (which may contain Personal Data), while providing products or services on our behalf.
We use a commercially reasonable selection process to evaluate the security, privacy and confidentiality practices of such sub-processors. Additionally, Membean ensures that its sub-processors satisfy contractual obligations as those required by Membean (as a Data Collector or Data Processor) through requisite Data Processing Agreements (DPA).
The following is a list of subprocessors to help you stay informed about the scope of subprocessing associated with our services.
We provide our services through systems installed in several co-location facilities in the United States. This infrastructure is owned or controlled by Membean and access to service data is permitted only to legally retained employees, vendors or contractors. Membean also utilizes the entities described below to host or process service data.
|Amazon Web Services, Inc.||Cloud Services Provider||United States|
|Digital Ocean LLC||Cloud Hosting Provider||United States|
We may use content delivery networks (CDNs) for security purposes as well as to optimize content delivery and speed up data transmission. CDNs do not have access to service data, but may use personal data such as IP address, telecommunication provider, device information or geographic location to utilize the appropriate origin server and content format.
|Amazon Web Services, Inc.||Public content stored with and transmitted by Amazon Web Services, Inc., to expedite transmission.||Global|
|Cloudflare, Inc.||Public website content served to website visitors may be stored with and transmitted by Cloudflare to expedite transmission.||Global|
|StackPath, LLC||Public website elements served to website visitors stored with and transmitted by MaxCDN to expedite transmission.||Global|
We utilize third parties to provide specific functionality to facilitate the service. These providers may have access to service data necessary to carry out relevant functions as outlined below.
|Amazon Web Services, Inc.||Delivery of Service notifications by email, with access to email addresses.||United States|
|Cloudflare, Inc.||Secure and manage traffic to the Services, with access to URL interactions and IP addresses.||United States|
|Freshworks, Inc.||Customer support, with access to name, email, role and contact information.||United States|
|FullStory, Inc||Analytics with access to IP address, device and interaction data.||Global|
|Analytics with access to IP address, device and interaction data.||United States|
|Intercom R&D Unlimited Company||Customer interactions, with access to name, email, IP address and interaction data.||Ireland|
|MailChimp||Email list sign-ups and content delivery, with access to emails and names.||United States|
|Salesforce.com, Inc.||Customer relationship management, with access to name, email, role and affiliation.||United States|
|Survey Monkey, Inc.||Customer surveys, with access to name, email and survey data.||United States|
|Zapier, Inc.||Interconnection of customer name, email and contact information.||United States|
We look forward to working together with our customers and partners in further strengthening privacy and data protection with the GDPR. Please reach out If you wish to be notified of changes, or have any questions by sending us an email at firstname.lastname@example.org.