GDPR has many provisions designed to ensure that data subjects retain their rights and the transparency of data processing regardless of who is processing it and where the processing occurs. Particularly where data transfers are to entities operating outside the EU, it’s important that the adequacy of protections is assessed and appropriate guarantees are made via a Data Protection Agreement (“DPA“) with an approved transfer mechanism.
GDPR does not prevent data from being transferred from the EU to the US or other third countries. It does require that the data is protected and processed in ways that meet EU standards and adds a burden of proof to that requirement. Delivra’s DPA contains information our customers need to know about how we comply with GDPR, including when we transfer data to third countries in order to provide our services.
Delivra will ensure GDPR standards are met wherever customer data is processed, regardless of geographic location, by providing appropriate safeguards for that data and ensuring that the data subject rights laid out in the regulation are preserved. Our DPA includes the controller-to-processor Standard Contractual Clauses approved by the European Commission and found here.
Delivra processes personal data in the United States.
Customer data will be shared with our sub-processors who are engaged by us to provide certain features/functionalities embedded with the Services. This data is not shared with third parties for their own use, and all transfers of personal data to our sub-processors and other vendors are governed by agreements which guarantee appropriate safeguards for that data.
We have undertaken the task of ensuring security, privacy, and data subject rights throughout our product’s sub-processors in two parts:
GDPR, CCPA, and other global privacy laws give individuals defined rights to protect their privacy. While the nature of these rights may vary from law to law, they are based on fundamentally similar concepts, including the right of the individual to control their personal data. The broadening intersection of private life and data processing activities now demands more attention to maintain these rights while still allowing for secure and respectful data flows.
Please review the information found here to learn more about the measures Delivra put in place to assist our customers with individual privacy rights requests.
Simply put, no. Data controllers are responsible for carrying out requests related to the rights of any data subjects about whom they store personal data. In order to fully complete a data subject’s request for retrieval or deletion, all processors acting on behalf of the controller must be notified. Only the data controller would have complete knowledge of how the processing activities are carried out, including any transfers of data to 3rd parties.