Privacy, Safe Harbour and Timely (No longer applicable)
The policies discussed in this guide will be annulled and replaced by EU GDPR (General Data Protection Regulation) on the 25th May, 2018.
While the below information will still apply, there will be additional measures taken to comply with these new regulations.
You can find out more about Privacy at Timely, here:
- Privacy at Timely (GDPR)
- How to record marketing consent in Timely
- How to manage personal information requests (GDPR)
- Getting ready for GDPR (Blog post)
What is Safe Harbour?
The Safe Harbour Privacy Principles pact was an international data transfer agreement that allowed American companies to move personal data between the European Union and the US, in line with European privacy laws.
In essence, the Safe Harbour agreement was a promise made by the US government to protect EU citizens’ data when it is transferred by American companies (from the EU) to the US.
What has changed?
In October 2015, the European Court of Justice ruled that the Safe Harbo(u)r Framework no longer meets the EU's requirements for transferring personal data of European and Swiss residents, to the United States.
This was due to a complaint by a customer that Facebook data was insufficiently protected, alongside information brought to light (by the likes of Edward Snowden), which demonstrated the level of unprecedented access US spy agencies have to personal data held in American companies’ servers.
A big part of this decision was the notion that the U.S. prizes national security over an individual’s right to privacy. This opposes European beliefs and directly violates European citizens right to the privacy of personal data.
What does this mean?
In light of that decision, all Timely customers that are located in the EEA must request and complete an additional data processing agreement, which incorporates the Standard Contractual Clauses (for the purposes of Article 26(2) of Directive 95/46/EC). This protects both your data, and the privacy of your customer’s data and meets all requirements of the European Union Data Protection Directive.
Please get in touch with us via firstname.lastname@example.org to sign the agreement.
We also utilise storage and processing services from the following US based subcontractors:
- Microsoft Corporation
- Amazon.com, Inc
- Google Inc.
- HelpScout, Inc.
- Hubspot, Inc
- MailChimp (The Rocket Science Group, LLC)
- Intercom, Inc