Hello,
We have a few question on GDPR and DPA (Data processing agreement). The US-EU privacy shield has been invalidated recently by the EU court of justice. Unfortunately, in your DPA you are still referring to this shield… but even more than this, in its decision, the European court of justice imposes the Data processors to indicate which supplementary measures are taken to ensure a good level of data protection next to the SCC. We tried to contact your DPO at privacy@miro.com to discuss this as it’s not mentioned in your online documentations but we still have no reply so far. Could someone support us here as it’s important to be GDPR compliant. Many thanks for your support!
Hello!
I am Kate, Miro legal counsel. Regarding Privacy and GDPR:
Miro fully complies with the EU GDPR, CCPA and the UK GDPR; the operation of the services as well as our customers’ use of Miro in accordance with the Terms of Service complies in all respects with these laws. In order to provide the services to our customers, and in compliance with these data privacy regulations, we regularly transfer personal data to our global offices (including US-based locations) and to our subprocessors located throughout the world. In the absence of an adequacy decision by the EC, we utilize the Standard Contractual Clauses as the approved data transfer mechanism for such transfers (see Articles 45(3) and 46, GDPR).
Please also see our Terms of Service located at https://miro.com/legal/terms-of-service/, as well as our DPA (https://miro.com/static/legal/Miro-Data-Processing-Addendum.pdf) for further details on our transfers of personal data and compliance with these data privacy laws.
Best,
Kate
View original