Adjustment of the data processing agreement
After publishing new terms in February, we have received some questions and comments about the data processing agreement. Thanks for the feedback - we are happy to have the opportunity to make this even better! We have now published an update of the terms, where the data processing agreement has been slightly adjusted. 👇
Updated and better description of sub-data processors
We have updated the paragraph about the sub-data processors in the data processing agreement, and have now described better what we use the various services for, and what transfer basis we use. If you want to compare, you can find the former description here.
The service Fathom Analytics we have removed from the list of sub-processors; we do not use this to store data for customers, and then it should not be included here.
We have also removed the American service Calendly, which we have used for meeting booking on our website, from the list of sub-data processors. We have stopped using these, in order to limit what is stored outside the EU/EEA as much as possible.
Sub-data processors outside the EU/EEA
We have been asked to clarify information about sub-processors outside the EU/EEA. Briefly summarized here - read more in the data processing agreement:
Brightbox, with which we store most, is located in the UK. The UK is covered by European Commission’s adequacy decision of 28 June 2021, which ensures a similar level of protection as within the EU/EEA. Read more about Brightbox in the data processing agreement.
Stripe, which we use for card payments, stores data in the USA. They have good documentation, and a number of organizational and technical security measures, which we consider to be very good. Customers who do not want to use Stripe can choose another form of payment than card payment. Read more about Stripe in the data processor agreement.
Microsoft Azure, which we use to store images, videos, screen backgrounds, logotypes, etc. states that they can exceptionally process data outside the EU. Read more about Microsoft Azure in the data processor agreement.
Quality assured regarding the Personal Data Law
The requirements for what a data processing agreement must contain are described in Article 28 in the Personal Data Law. The law firm CLP, who has also assisted us in this revision, has carefully reviewed our data processing agreement to ensure that it meets the requirements set out in Article 28.
The transition to updated terms and what you need to do
The update of the terms with the adjusted data processor agreement will be published today, March 22, 2022, and is valid from the same day for new customers. For existing customers, the new terms will take effect after 2 weeks, i.e. 5 April 2022.
It is your responsibility as a user and customer to keep up to date with changes to the terms, and we therefore ask you to read and familiarize yourself with the new terms before they come into force. We also point out that your continued use of or access to PinToMind, after we have now announced these changes, is considered acceptance of the new agreement.
Possibility to download signed data processing agreement
It is possible to download a signed PDF version of the data processing agreement, for those who want to save these signed. Download the agreement, fill in and sign, and return to firstname.lastname@example.org. You can find a link to download at the bottom of the data processing agreement.
For those who do not download, the same data processing agreement also applies, which is part of our terms. Feel free to resend if you have submitted a signed data processor agreement before, so that it is the current agreement we have saved signed.
Feel free to ask us!
We hope you like the changes we have made. Do not hesitate to contact us if you have questions! 😊