International data transfers Schrems II European Court of Justice

  • john bossink
    Asked on August 5, 2020 at 3:57 AM

    Dear sir, madam,



    As you will be aware the recent European Court of Justice Ruling in the Schrems II case declared the Privacy Shield invalid, which means that international datatransfer from EU to

    the USA cannot be based anymore on the Privacyshield effective immediately.  


    The EU Standard Contractual Clauses can only be used if the local public law of the data importer ensures adequate protection and/or if no conflicting local laws are in place.


    To ensure protection of personal data to EU GDPR standards, we request you, and the subprocessor you use in providing your services to us, to advise us and confirm:


    - Can you provide the services directly from the EU (via EU based companies and using EU based hosting locations only)


    - And ensure that personal data can not be accessed from the US and/or any other third country outside of EER, and that sufficient “Chinese walls” are in place. 



    In case you are not able to provide this EU based option, we need to urgently discuss and arrange to migrate your services to Fiom to a European provider.


    The European Data Protection Board will follow with more guidance on this subject, advising on implementing addional measurements for the use of EU Standard Contractual Clauses. For your reference please find attached the FAQ of the European Data Protection Board.


    Please advise also if your company is willing to agree the Standard Contractual Clauses (processors), and implement addtional measurements to fullfill compliance with GDPR and the ruling of the Court in Schrems II. If this is the case, which additional measures can you implement, and what is your assesment as data-importer on this matter? Please find attached the Standard Contractual Clauses, for your signature.      


    Please contact us if you have further questions.


    Please send us your reply the latest within 72 hours of receipt of this letter.


    Thank you for your cooperation.



    Sincerely.


  • Patrick_R
    Replied on August 5, 2020 at 6:42 AM

    Hello John! Customers who have chosen to keep their data on the EU servers have their data stored in our servers in Germany completely. Here is our official blog post about this: https://www.jotform.com/blog/eu-safe-harbor/

    You may also want to check Jotform Subprocessors and Jotform GDPR pages.

    This will answer all of your questions. If you have any further queries, feel free to write back to us.

    Thank you!