Introduction
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that went into effect on May 25, 2018, designed to give EU citizens more control over their data and to unify data privacy regulations within the EU. It sets forth requirements on how companies collect, store, delete, update or otherwise process personal data of individuals living within the European Union and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. Additional information about the GDPR can be found at the European Commission Website
The UK equivalent is the Data Protection Act of 2018, which incorporated the GDPR as the UK GDPR. Additional information can be found on the UK Legislative site.
The following refers to the GDPR and the UK GDPR collectively as the “GDPR”
Membean has reviewed and closely analyzed the requirements of the GDPR and continues to monitor new guidance on best practices for its implementation. We are updating our services, contracts and policies to ensure that we are in compliance with the GDPR
The following resources may be helpful in further understanding our commitment to the GDPR:
Subprocessors
We make use of selected sub-processors to assist in providing our services as defined in our terms of service while ensuring privacy and security as described in our privacy policy.
A sub-processor is a third-party data processor retained by Membean, who has or potentially will have access to Service Data (which may contain Personal Data), while providing products or services on our behalf.
We use a commercially reasonable selection process to evaluate the security, privacy and confidentiality practices of such sub-processors. Additionally, Membean ensures that its sub-processors satisfy contractual obligations as those required by Membean (as a Data Collector or Data Processor) through requisite Data Processing Agreements (DPA).
The following is a list of subprocessors to help you stay informed about the scope of subprocessing associated with our services.
Infrastructure
We provide our services through systems installed in several co-location facilities in the United States. This infrastructure is owned or controlled by Membean and access to service data is permitted only to legally retained employees, vendors or contractors. Membean also utilizes the entities described below to host or process service data.
| Entity | Description | Location |
|---|---|---|
| Amazon Web Services, Inc. | Cloud Services Provider | United States |
Content Delivery
We may use content delivery networks (CDNs) for security purposes as well as to optimize content delivery and speed up data transmission. CDNs do not have access to service data, but may use personal data such as IP address, telecommunication provider, device information or geographic location to utilize the appropriate origin server and content format.
| Entity | Description | Location |
|---|---|---|
| Amazon Web Services, Inc. | Public content stored with and transmitted by Amazon Web Services, Inc., to expedite transmission. | Global |
| Cloudflare, Inc. | Public website content served to website visitors may be stored with and transmitted by Cloudflare to expedite transmission. | Global |
| StackPath, LLC | Public website elements served to website visitors stored with and transmitted by MaxCDN to expedite transmission. | Global |
Service Providers
We utilize third parties to provide specific functionality to facilitate the service. These providers may have access to service data necessary to carry out relevant functions as outlined below.
| Entity | Description | Location |
|---|---|---|
| Amazon Web Services, Inc. | Delivery of Service notifications by email, with access to email addresses. | United States |
| Cloudflare, Inc. | Secure and manage traffic to the Services, with access to URL interactions and IP addresses. | United States |
| Freshworks, Inc. | Customer support, with access to name, email, role and contact information. | United States |
| FullStory, Inc | Analytics with access to IP address, device and interaction data. | Global |
| Analytics with access to IP address, device and interaction data. | United States | |
| Intercom R&D Unlimited Company | Customer interactions, with access to name, email, IP address and interaction data. | Ireland |
| MailChimp | Email list sign-ups and content delivery, with access to emails and names. | United States |
| Salesforce.com, Inc. | Customer relationship management, with access to name, email, role and affiliation. | United States |
| Survey Monkey, Inc. | Customer surveys, with access to name, email and survey data. | United States |
| Zapier, Inc. | Interconnection of customer name, email and contact information. | United States |
We look forward to working together with our customers and partners in further strengthening privacy and data protection with the GDPR. Please reach out If you wish to be notified of changes, or have any questions by sending us an email at privacy@membean.com.