GDPR Compliancy Update

Om je snel en accuraat te informeren, vind je onderstaand artikel in het Engels. Mocht je vragen hebben, neem dan contact op met security@goodhabitz.com.

NEWS GDPR@2X

On 16 July 2020, the European Court of Justice invalidated the Privacy Shield. As a result, there no longer is a legal basis for exchanging data with American parties. Each organisation using (sub)processors in the United States will have to conclude a Standard Contractual Clause (SCC) with each of these parties. GoodHabitz is no exception. The next step is to prove that the level of protection offered by these SCCs meets the requirements of the GDPR.

What does this mean for students?

Your privacy is our biggest priority, which is why we want to show you the steps we’re taking in order to comply with the GDPR, with regard to our subprocessors. Our goal, of course, is to demonstrably safeguard the protection of your personal data.

What does this mean for our clients?

The data processing agreement concluded will remain in force. That said, the list of subprocessors mentioned in the agreement must be updated. It’s our duty as a processor to inform clients of any subprocessor changes.

Bouncer

New subprocessor for email address verification.

GoodHabitz could no longer guarantee GDPR compliance for Kickbox, our former US-based subprocessor for email address verification. That’s why we've decided to switch to a provider within the EEA, named Bouncer. We have thoroughly screened and tested the services of this Polish supplier. The security screening showed that all necessary technical and organisational measures have been taken by Bouncer to fully comply with the GDRP. Only email addresses are shared with this provider. Bouncer safely stores and processes those email addresses in a European Union based cloud infrastructure, a hybrid solution of AWS cloud (Frankfurt region) and OVH cloud (France). No data is being transferred outside the EEA and Bouncer will erase all personal data from the system after 60 days. We are no longer using the services of Kickbox.

Copernica (SMTPeter)

New subprocessor for sending transactional emails

Despite the many mitigated measures taken by our former US-based supplier Mailchimp/Mandrill after the Privacy Shield invalidation, we've decided to switch to a provider within the EEA. We have been screening and testing the tool SMTPeter, which offers a cloud-based SMTP server for fast and secure email delivery. SMTPeter is provided by Copernica. Copernica is a Dutch supplier of marketing automation software, located in Amsterdam. All data is stored in Dutch data centres. Both the security screening and the technical demo-test have been successfully completed. At the beginning of December, the GoodHabitz Security team informed all customers about our planned switch. Since 10 December, we have fully switched to the services of SMTPeter.

Salesforce

Subprocessor for providing a Sales CRM and a ticket system for customer support purposes

GoodHabitz has concluded an SCC with Salesforce. In addition, Salesforce has Binding Corporate Rules (BCR) in place, which are in accordance with the GDPR. Despite these appropriate measures, an external party is currently carrying out a DPIA of Salesforce on behalf of GoodHabitz, in order to guarantee demonstrable GDPR compliance. 

If you have any questions, please don’t hesitate to contact security@goodhabitz.com, and our security team will answer them accordingly. 

We’ll keep you posted on these developments, so watch this space!

Ons laatste nieuws
direct in jouw mailbox?

Dat kan! Schrijf je in voor de nieuwsbrief en ontvang maandelijks de laatste nieuwsartikelen.