General Data Protection Regulation

Membean is committed to complying with the requirements of the GDPR.

Introduction

The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that went into effect on May 25, 2018, designed to give EU citizens more control over their data and to unify data privacy regulations within the EU. It sets forth requirements on how companies collect, store, delete, update or otherwise process personal data of individuals living within the European Union and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. Additional information about the GDPR can be found at the European Commission Website

The UK equivalent is the Data Protection Act of 2018, which incorporated the GDPR as the UK GDPR. Additional information can be found on the UK Legislative site.

The following refers to the GDPR and the UK GDPR collectively as the “GDPR

Membean has reviewed and closely analyzed the requirements of the GDPR and continues to monitor new guidance on best practices for its implementation. We are updating our services, contracts and policies to ensure that we are in compliance with the GDPR

The following resources may be helpful in further understanding our commitment to the GDPR:

Subprocessors

We make use of selected sub-processors to assist in providing our services as defined in our terms of service while ensuring privacy and security as described in our privacy policy.

A sub-processor is a third-party data processor retained by Membean, who has or potentially will have access to Service Data (which may contain Personal Data), while providing products or services on our behalf.

We use a commercially reasonable selection process to evaluate the security, privacy and confidentiality practices of such sub-processors. Additionally, Membean ensures that its sub-processors satisfy contractual obligations as those required by Membean (as a Data Collector or Data Processor) through requisite Data Processing Agreements (DPA).

The following is a list of subprocessors to help you stay informed about the scope of subprocessing associated with our services.

Infrastructure

We provide our services through systems installed in several co-location facilities in the United States. This infrastructure is owned or controlled by Membean and access to service data is permitted only to legally retained employees, vendors or contractors. Membean also utilizes the entities described below to host or process service data.

Entity Description Location
Amazon Web Services, Inc. Cloud Services Provider United States

Content Delivery

We may use content delivery networks (CDNs) for security purposes as well as to optimize content delivery and speed up data transmission. CDNs do not have access to service data, but may use personal data such as IP address, telecommunication provider, device information or geographic location to utilize the appropriate origin server and content format.

Entity Description Location
Amazon Web Services, Inc. Public content stored with and transmitted by Amazon Web Services, Inc., to expedite transmission. Global
Cloudflare, Inc. Public website content served to website visitors may be stored with and transmitted by Cloudflare to expedite transmission. Global
StackPath, LLC Public website elements served to website visitors stored with and transmitted by MaxCDN to expedite transmission. Global

Service Providers

We utilize third parties to provide specific functionality to facilitate the service. These providers may have access to service data necessary to carry out relevant functions as outlined below.

Entity Description Location
Amazon Web Services, Inc. Delivery of Service notifications by email, with access to email addresses. United States
Cloudflare, Inc. Secure and manage traffic to the Services, with access to URL interactions and IP addresses. United States
Freshworks, Inc. Customer support, with access to name, email, role and contact information. United States
FullStory, Inc Analytics with access to IP address, device and interaction data. Global
Google Analytics with access to IP address, device and interaction data. United States
Intercom R&D Unlimited Company Customer interactions, with access to name, email, IP address and interaction data. Ireland
MailChimp Email list sign-ups and content delivery, with access to emails and names. United States
Salesforce.com, Inc. Customer relationship management, with access to name, email, role and affiliation. United States
Survey Monkey, Inc. Customer surveys, with access to name, email and survey data. United States
Zapier, Inc. Interconnection of customer name, email and contact information. United States

We look forward to working together with our customers and partners in further strengthening privacy and data protection with the GDPR. Please reach out If you wish to be notified of changes, or have any questions by sending us an email at privacy@membean.com.

Differentiated vocabulary for your students is just a click away.