Miscellaneous
      Back to home
      1. Grip Knowledge Base
      2. Miscellaneous
      3. Miscellaneous

      Grip Data Processing Subcontractors and Privacy Assurance

       

      Data Processing Sub Contractors

      These are the systems we use that we share data with as sub processors in order to provide a hollistic user experience. We have DPOs in place with all our sub processors.

       

      Cookies and Tracking

      In order to provide a seamless user experience Grip works with a number of systems that rely on Cookies and Tracking to provide a consistent user experience. All are either part of the EU-US Privacy Shield or are based in the European Union.

      General Note: All third parties that Grip shares data with are either based in the EU or in case personal data is transmitted to third countries outside the EU, such as the US, which do not provide the same level of data protection as the EU, safeguards have been put in place, in particular standard contractual clauses, to protect the data so transferred. We will implement supplementary measures for the international data transfer, where necessary after the annulment of the EU-US Privacy Shield to which several companies continue to adhere to as part of their self-commitment.

      Amazon Web Services 

      One Burlington Plaza, Burlington Road, Dublin 4, Ireland

      Type: Sub Processor
      Information Shared: Database Storage
      Service: Web Hosting
      DPA: Yes

      Mailgun Technologies

      112 E Pecan #1135, San Antonio, Texas, 78205, USA

      Type: Sub Processor
      Information Shared: Email, Name, Job title, Badge ID
      Service: Email Service Provider
      Data Processing Agreement: Yes with reference to the Standard Contractual Clauses (SCCs).

      We are migrating all data and processing to the European (Ireland) data centers of Mailgun Technologies. Meaning no data will leave the EU by 1st of January 2022.

      One Signal

      2850 S Delaware St #201, San Mateo, California 94403, USA 

      Type: Sub Processor
      Information Shared: Device Type, Device OS, Email, Name
      Service: Notification Provider

      Type: Cookies
      Service: IP Address for tracking Click Through Rates
      Cookie Storage Length: 12 Months
      Data Processing Agreement: Yes with reference to the Standard Contractual Clauses (SCCs).

      Branch.io

      1400 Seaport Blvd, Building B, 2nd Floor , Redwood City, CA 94063 USA 

      Type: Cookies
      Service: IP Address, Browser for Deep linking and link tracking.
      Cookie Storage Length: 12 Months
      Data Processing Agreement: Yes with reference to the Standard Contractual Clauses (SCCs).

      While the Personal Identifiable Information we share with Branch.io is limited to the IP Address of the browser we still strive to make sure that Branch.io is covered by the SCCs which is currently not the case.

      Google Analytics

      1600 Amphitheatre Parkway, Mountain View, CA 94043, United States 

      Type: Cookies
      Service: IP Address, Browser for Behaviour Analytics
      Cookie Storage Length: 12 Months
      Data Processing Agreement: Yes, and part of the EU-US Privacy Shield, we are assessing the inclusion of the SCCs in our DPA with Google. If not feasible, we'll be moving away from Google Analytics by 1st of January 2021.

       

      While the Personal Identifiable Information we share with Google Analytics is limited to the IP Address of the browser we still strive to make sure that Google Analytics is covered by the SCCs which is currently not the case.

      Sentry

      132 Hawthorne Street, San Francisco, CA 94107, United States 

      Type: Cookies
      Service: IP Address, Browser for Bug tracking
      Cookie Storage Length: 12 Months
      Data Processing Agreement: Yes with reference to the Standard Contractual Clauses (SCCs).

      While the Personal Identifiable Information we share with Sentry is limited to the IP Address of the browser we still strive to make sure that Sentry is covered by the SCCs which is currently not the case.

      WhereBy

      Myntgata 2 0151 Oslo, Norway

      Type: Cookies
      Service: IP Address, Browser, Name for Video Conferencing
      Cookie Storage Length: 3 Months
      Data Processing Agreement: Yes

       

      Why does Grip share its information with WhereBy for their Virtual Meetings?

      WhereBy stores the IP Address and Name of the Event Participant so that when they have multiple calls they only have to enter their name once. It also means the user only has to allow access to their microphone and camera only once.

      How do Grip and WhereBy guarantee the privacy of Event Participants?

      Both Grip and WhereBy take privacy very serious. More information about how WhereBy takes your privacy serious can be found here.

       

      General FAQ

      Now that the EU/US Privacy Shield no longer applies how do we guarantee the security of client data with our US Sub processors?

      The reason the CJEU has invalidated the EU/US Privacy Shield as explained in 'The Decision' point 5 in this article it is because it cannot be guaranteed that the US Government is not gaining access to data for National Security Reasons. Now transferring data to the US for subprocessing of for example the delivery of push notifications falls back on Directive 95/46/EC which means Grip is putting in place as part of its contracts with Sub Processors so-called "Standard Contractual Clauses" which protect the data of our Clients and individual Event Participants. If any of our sub processors is unable to adhere to the SCCs they are legally required to notify Grip as a Client and we'll stop using their services.