What is GDPR?
The GDPR, or General Data Protection Regulation, is a European privacy law that went into effect in May of 2018. It regulates how personal data of individuals in the EU can be collected, used, and processed by businesses. The law impacts both European companies and businesses with European contacts.
What is Notejoy’s role in GDPR compliance?
Notejoy provides full compliance with GDPR. Notejoy acts as both a Data Controller as well as a Data Processor within the realm of GDPR compliance.
As a Data Controller, Notejoy is responsible for safeguarding the data of our customers as they interact directly with Notejoy. Our Privacy Policy governs how we collect, use, and process customer data.
As a Data Processor, Notejoy is responsible for safeguarding the data of our partners' and customers' users as it flows through our system. Notejoy offers a Data Processing Addendum for those using Notejoy as a Data Processor.
Does GDPR affect you?
If you are based in the EU or do business in the EU, then GDPR does affect you. GDPR has a long reach. If you have any EU personal data in your Notejoy account, such as names, addresses, emails, or anything personally identifiable, GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third-party vendors you rely on, including Notejoy. These agreements are commonly called a Data Processing Addendum, or DPA.
Does Notejoy offer a Data Processing Addendum?
Processing EU personal data must be governed by a contract. We provide a standard Data Processing Addendum (DPA) to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed.
The following DPA has been pre-signed on behalf of Notejoy. The Standard Contractual Clauses in Exhibit B have been pre-signed by Notejoy as the data importer.
To complete this DPA, you must:
- Complete the information in the signature box and sign on Pages 7, 10, and 17
- Complete the information as the data exporter on Pages 10 and 19
- Send the completed and signed DPA to Notejoy by email, indicating the customer email address associated with the account, to support@notejoy.com. Upon receipt of the validly completed DPA by Notejoy at this email address, this Addendum will become legally binding.
Download Notejoy's Data Processing Addendum
What Sub-Processors does Notejoy use?
Notejoy uses the following third-party Sub-Processors to provide our services. Each of our Sub-Processors has an executed DPA to ensure compliance under the EU GDPR requirements.
- Amazon Web Services - cloud services
- Google Cloud Platform - cloud services
- Elastic - search cloud services
- Github - source control cloud services
- Google G Suite - email and document collaboration
- Slack - group messaging
- Asana - project management
- Drift - customer service
- Zoom - video conferencing
- MailChimp - email marketing
- SendGrid - transactional emails
- Google Analytics - user analytics
- Sentry - error reporting
- Stripe - payment processing
Any other questions?
For any GDPR or privacy-related questions, please feel free to contact us.