Answered

Location Server

  • 25 March 2020
  • 17 replies
  • 12291 views

Hey guys, can somebody tell me in which country the data input of miro will be saved?

we Need this Information for our security policies.

I would be glad to receive your feedback.

 

best regards

 

Wiebke

icon

Best answer by Marina 29 March 2020, 14:31

View original

17 replies

Userlevel 7
Badge +9

Hallo Wiebke,

der Hintergrund ist wahrscheinlich die DSGVO - man hatte mir gesagt, dass miro DSGVO Konform ist und mich auf diese Seite verwiesen:

https://miro.com/legal/privacy-policy/

Weiter unten findest Du den Part für uns Europäer:

European Union Model Clauses

… 


Ich glaube das reicht aus, habe mich aber mit dem Thema noch nicht so befasst, dass ich das rechtlich wasserdicht habe.

Viele Grüße

Michael

Userlevel 7
Badge +5

Also, you will find the Security FAQ here - https://miro.com/security/

Userlevel 7
Badge +9

So when i got both informations right:

The server is located in Ireland
And ther person who is responsible for 
Data protection (for the Europeans) is located in Den Haag

Is this right?

Regards
Michael
 

Userlevel 7
Badge +5

Right!

Miro maintains its Data Protection Officer within the Netherlands for all European Union activities as required under the General Data Protection Regulation (GDPR). Additionally, Miro operates with all Data Authorities within member states it operates in, such as Ireland.

Hello Marina,

I was wondering about the data processing agreement that seems to be needed for gdpr conformity in Germany and Miro support told me it is not available below enterprise accounts. Could you guys clarify this policy? And also how Miro is gdpr / dgsvo usable with clients in the european union without this?

Userlevel 7
Badge +5

Hi David,

We have used our DPA for German companies in the past. If you need any specific changes and/or edits to our DPA, it is only available on the Enterprise Plan. For more information on the topic, please reach out to our Legal Team at privacy@miro.com.

Also, just in case, here is the link to our Privacy Policy.

Right!

Miro maintains its Data Protection Officer within the Netherlands for all European Union activities as required under the General Data Protection Regulation (GDPR). Additionally, Miro operates with all Data Authorities within member states it operates in, such as Ireland.


Hi Marina,

we were told that even though the server is located in Ireland, all Miro data is backed up to data centers in the US. This would be in violation to GDPR-compliance from our perspective because US authorities could access Miro data without our knowledge.

We love Miro and would like to keep using it. Any chance our information is wrong?

Best regards
Andreas

Userlevel 7
Badge +5

Hi @AndSiem,

Here’s the reply from the Trust Team:

This information is correct - however we do offer terms within our enterprise level for this data to be moved. There is no other workaround for this - though Miro assuredly does conform to legal requirements.

Hello, is this as well possible with a concultant plan?

Hi @AndSiem,

Here’s the reply from the Trust Team:

This information is correct - however we do offer terms within our enterprise level for this data to be moved. There is no other workaround for this - though Miro assuredly does conform to legal requirements.

Hello, is this as well possible with a concultant plan?

Seriously, your Backend Devs and Trust Team should work on this backup thing.

The GDPR is a tough read, dozens of experts have at least dozens+1 differing opinions of what ‘complies to GDPR’ really means and of course every provider of a SaaS offering says that their solution does comply.

Yet, by far the most people I’ve talked to about GDPR have a quite simple heuristic for a minimum requirement of GDPR-compliance: “Data that’s generated in Europe or belongs to a European account, must stay in Europe.”

Once you comply to that, you may even run a marketing campaign around a variation of that heuristic to win new customers. Unless you don’t, I assume, and evidence suggests its true, Miro will not even make it to the short-list in many companies, not to mention government agencies - at least in Germany.

Can’t stress Bruno’s comment enough. I and my team love Miro, we would like to use it, but my company (like many other) will not allow this if there is even the slightest doubt about complicance with GDPR. This could expand your customer base in the EU so much!

Userlevel 7
Badge +9

@All:

To get an update on this - results till today 08.07.2021 - still not satisfying for us European users

https://community.miro.com/ask-the-community-45/privacy-and-gdpr-2142

Hopefully miro is moving forward - The solution is as simple as this graphic shows for us European users:

 

We European users aren’t allowed to use miro in it’s full potential without breaking European law - We cannot collaborate with others on a miro-board as long as data leaves European ground!

 

Michael

Userlevel 2

Yes, very sad, that we as a German Software Company also cant use it because the date is not saved in Euro. Really should change!

Hi,

wouldn’t GDPR be followed with the possibility as European to have the backup in Frankfurt as stated in the Miro Terms?

Where does your data live?

https://miro.com/trust/privacy-and-governance/

Close icon

You have the ability to store customer-related data within geographical locations as one of our tier options. Otherwise, data is normally segmented with production in Ireland, EU and a backup in Virginia, US. You have the option to segment your data with a backup in Frankfurt, EU. Contact your sales team for more info on your options

Does any European Company, Government here have done this?

Please answer here or send PM through LinkedIn. Thanks!

Greetings, Martijn

Userlevel 7
Badge +9

Hi 

the Data still is on servers in the US:

https://miro.com/legal/privacy-policy/

nothing had changed.

So I left miro and working with a competitior tool that has got its servers in Swizzerland and in Germany. 

Michael 

 

Userlevel 7
Badge +9

If every data of my customers stays in Frankfurt why they're saying that my data will be transfered to the US in the Link obove. 

In GDPR it is not only about files. 

Talk with a GDPR specialized lawyer. 

I've talked with two of them.

Michael 

 

Reply