The European Commission’s Standard Contractual Clauses are legal contracts entered into between parties that are transferring EU personal data outside of the EU. The standard
contractual clauses were drafted and approved by the European Commission in 2010. Task Analytics has included the mutual acceptance of these the Standard Contractual Clauses as legal basis for the transfer of EU personal data to Task Analytics services as part of the Task Analytics Data Processing Agreement.
Does Task Analytics have subprocessor agreements in place which cause personal information to be transferred to the United States or other third countries? If so, what types of personal information is affected?
Task Analytics uses Heroku (Salesforce) and ArangoDB, both of which are US companies. The personal data transferred may include Task Analytics customer name, email, and application login password (stored securely in hashed form), device data (computer model name and version, web browser name and version) and geolocation data (IP address). The risk of transferring this level of personal data is low, and Task Analytics has conversations in place with both providers to understand their technical and organizational security measures in place against exposure for purposes outside of the service agreement.
Below are some of the resources provided by the subprocessors in regards to EU data transfer, and specifically in regards to US government requests for personal data.
Task Analytics uses Salesforce service Heroku to build the client application which is part of the Task Analytics service.
Salesforce has documented a set of principles in place should the company receive a government request for customer data, and employs a set of subprocessor Binding Corporate Rules that are focused on GDPR compliance, transparency, and mitigating risk of infringing on customers personal data.
- International Transfers of EU Personal Data to Salesforce's Services: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/EU-Data-Transfer-Mechanisms-FAQ.pdf (July 2020)
- Salesforce’s Principles for Government Requests for Customer Data: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/salesforces-principles-for-government-requests-for-customer-data.pdf (July 2020)
- Salesforce Binding Corporate Rules: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf (Feb 2021)