Data Processing Sub Contractors
These are the systems we use that we share data with as sub processors in order to provide a hollistic user experience. We have DPOs in place with all our sub processors.
Cookies and Tracking
In order to provide a seamless user experience Grip works with a number of systems that rely on Cookies and Tracking to provide a consistent user experience. All are either part of the EU-US Privacy Shield or are based in the European Union.
General Note: All third parties that Grip shares data with are either based in the EU or in case personal data is transmitted to third countries outside the EU, such as the US, which do not provide the same level of data protection as the EU, safeguards have been put in place, in particular standard contractual clauses, to protect the data so transferred. We will implement supplementary measures for the international data transfer, where necessary after the annulment of the EU-US Privacy Shield to which several companies continue to adhere to as part of their self-commitment.
Amazon Web Services
One Burlington Plaza, Burlington Road, Dublin 4, Ireland
Type: Sub Processor
Information Shared: Database Storage
Service: Web Hosting
DPA: Yes
Mailgun Technologies
112 E Pecan #1135, San Antonio, Texas, 78205, USA
Type: Sub Processor
Information Shared: Email, Name, Job title, Badge ID
Service: Email Service Provider
Data Processing Agreement: Yes with reference to the Standard Contractual Clauses (SCCs).
We are migrating all data and processing to the European (Ireland) data centers of Mailgun Technologies. Meaning no data will leave the EU by 1st of January 2022.
One Signal
2850 S Delaware St #201, San Mateo, California 94403, USA
Type: Sub Processor
Information Shared: Device Type, Device OS, Email, Name
Service: Notification Provider
Type: Cookies
Service: IP Address for tracking Click Through Rates
Cookie Storage Length: 12 Months
Data Processing Agreement: Yes with reference to the Standard Contractual Clauses (SCCs).
Branch.io
1400 Seaport Blvd, Building B, 2nd Floor , Redwood City, CA 94063 USA
Type: Cookies
Service: IP Address, Browser for Deep linking and link tracking.
Cookie Storage Length: 12 Months
Data Processing Agreement: Yes with reference to the Standard Contractual Clauses (SCCs).
While the Personal Identifiable Information we share with Branch.io is limited to the IP Address of the browser we still strive to make sure that Branch.io is covered by the SCCs which is currently not the case.
Google Analytics
1600 Amphitheatre Parkway, Mountain View, CA 94043, United States
Type: Cookies
Service: IP Address, Browser for Behaviour Analytics
Cookie Storage Length: 12 Months
Data Processing Agreement: Yes, and part of the EU-US Privacy Shield, we are assessing the inclusion of the SCCs in our DPA with Google. If not feasible, we'll be moving away from Google Analytics by 1st of January 2021.
While the Personal Identifiable Information we share with Google Analytics is limited to the IP Address of the browser we still strive to make sure that Google Analytics is covered by the SCCs which is currently not the case.
Sentry
132 Hawthorne Street, San Francisco, CA 94107, United States
Type: Cookies
Service: IP Address, Browser for Bug tracking
Cookie Storage Length: 12 Months
Data Processing Agreement: Yes with reference to the Standard Contractual Clauses (SCCs).
While the Personal Identifiable Information we share with Sentry is limited to the IP Address of the browser we still strive to make sure that Sentry is covered by the SCCs which is currently not the case.
WhereBy
Myntgata 2 0151 Oslo, Norway
Type: Cookies
Service: IP Address, Browser, Name for Video Conferencing
Cookie Storage Length: 3 Months
Data Processing Agreement: Yes
Why does Grip share its information with WhereBy for their Virtual Meetings?
WhereBy stores the IP Address and Name of the Event Participant so that when they have multiple calls they only have to enter their name once. It also means the user only has to allow access to their microphone and camera only once.
How do Grip and WhereBy guarantee the privacy of Event Participants?Both Grip and WhereBy take privacy very serious. More information about how WhereBy takes your privacy serious can be found here.
General FAQ
Now that the EU/US Privacy Shield no longer applies how do we guarantee the security of client data with our US Sub processors?The reason the CJEU has invalidated the EU/US Privacy Shield as explained in 'The Decision' point 5 in this article it is because it cannot be guaranteed that the US Government is not gaining access to data for National Security Reasons. Now transferring data to the US for subprocessing of for example the delivery of push notifications falls back on Directive 95/46/EC which means Grip is putting in place as part of its contracts with Sub Processors so-called "Standard Contractual Clauses" which protect the data of our Clients and individual Event Participants. If any of our sub processors is unable to adhere to the SCCs they are legally required to notify Grip as a Client and we'll stop using their services.