Where does Snov.io transfer your personal data?
How does Snov.io transfer personal data?
Snov.io transfers your personal data only to the trusted partners and suppliers to provide you with a range of services that may not be ensured solely by Snov.io. In particular, Snovio transfers personal data to a few contractors based in the US.
We have established the Supplier Assessment Procedure under which we evaluate whether it is safe to transfer personal data and implemented sufficient technical measures to ensure the safety of your personal data while transferring. Such technical measures include encryption, anonymisation, and pseudonymisation of data.
When choosing partners and contractors to which we transfer your personal data, we do our best to engage the partners and contractors who have implemented the requirements of the SOC 2 or ISO 27001 security protocols, still we cannot ensure for 100% the absence of non-compliance issues from the partners’/contractors’ side in future.
How does Snov.io store personal data?
We use the services of cloud-based data storage service providers, namely Amazon, MongoDB and Hetzner, to store personal data.
Most personal data is stored on the Amazon servers. Data provided by the web extensions used by our clients is stored on MongoDB.
Does Snov.io sell personal data?
Snovio does not sell your personal data to any third parties.
How does Snov.io secure the personal data transfers?
Snov.io concluded Data Processing Agreements (DPA) with every partner to whom we transfer personal data. These agreements are based on the Standard Contractual Clauses adopted by the European Commission and are considered as appropriate safeguards under the GDPR.
Some of the DPAs are publicly available, e.g. the DPA of Google is available via this link.
The requirements established by DPAs are legally binding for both Snov.io and our partners or contractors.
DPAs include the following requirements to the partners and contractors:
- to process personal data only on documented instructions from the controller (Snov.io or our clients)
- to ensure that persons authorised to process personal data will not breach the confidentiality of such personal data
- to take all security measures required in Article 32 of the GDPR, e.g. pseudonymisation and encryption of personal data, the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, etc.
- to delete or return at the choice of Snov.io or its clients all the personal data after the end of the provision of services, unless the applicable laws provide otherwise
- to make available to Snov.io or our clients all information necessary to demonstrate compliance with the GDPR obligations
- to allow for and contribute to audits, including inspections, conducted by Snov.io or another auditor mandated by Snov.io
Snov.io also encrypts all personal data before its transfer, so that such personal data goes to the third parties, including those based in the US, already encrypted.
These measures allow Snov.io to secure the integrity and confidentiality of your personal data while transferring it to our trusted partners and contractors.
If you have any other questions about Snov.io, don’t hesitate to contact us at firstname.lastname@example.org or via live chat.