Endringer i databehandleravtalen

23.11.2021

Vi har gjort endringer i databehandleravtalen vår i forbindelse med at vi har begynt å bruke en ny underdatabehandler. Vi prøver å holde det juridiske arbeidet vårt på et minimum, og følgende forklaring av endringene er derfor på engelsk.

Vi har kunder i hele Skandinavia, Tyskland og England, og databehandleravtalen er derfor også endret til å kun være på engelsk. Der håper vi du har forståelse for.

Legal stuff about data processing and GDPR is important and can be complicated. For the sake of simplicity we’re publishing this message in English for all of our customers to read across all the countries we sell Smartplan.

I hope you bear with me that this message isn’t in Danish, German, Swedish, Norwegian etc.

For legal and simplistic reasons we’re also changing our DPA to only be published in English.

Why are you using a sub-processor in the US?

With the Schrems II verdict, we moved our sub-processors to the EU. Our main data processing were already in the EU, but email sending and SMS sending was handled by sub-processors in the US.

This move has only caused us frustration as our email provider doesn’t live up to our level of quality. The result is delayed emails and emails not being delivered.

As the EU has worked out a way for us to now use a sub-processor in the US without losing our GDPR compliance, we are now announcing that we will be starting to use Postmark as our sub-processor for email sending.

We’re only doing this, because we feel just as safe with this specific company located in Chicago. This isn’t another Silicon Valley company harvesting your privacy to sell or profit from ads. This is a company much like us. People first with a focus to enhance peoples lives not harvest them.

Not only do we trust them, we also know they take data privacy seriously. Please read on.

Postmark has implemented SCC’s to comply with the EU laws on GDPR.

A few touchpoints that we have emphasized during our assessment of why we trust them:

• Postmark has implemented Standard Contractual Clauses to comply with the requirements of Regulation (EU) 2016/679 of the European Parliament. This will ensure that the data transfer mechanisms are in place as well as a legal basis to do the international transfer.

• Postmark states the following: “Data transferred from our customers to our servers is encrypted via SSL that is configured to meet or exceed all industry standards. Cold data at rest is encrypted with 2048-bit RSA.

  Even though Postmark itself has not undergone a SOC audit, our data center has. We can provide a copy of the SOC report for the data center after completing an NDA.”

• Postmark states: “The data centers we use demonstrate ongoing compliance with rigorous international standards, such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2, and SOC 3, PCI DSS Level 1, and more”

These are just a few. You can read about Postmarks security in more detail here.

Postmark will be replacing Sendinblue as our sub-processor for transactional emails. (Email notifications from Smartplan).

We have published a new version of our DPA on your account.

You can go to “Settings” and to the bottom of the page to download. We have also published it publicly on our website here.