Last Modified: May 2, 2018
What is GDPR?
GDPR stands for General Data Protection Regulation (“GDPR”). GDPR unifies all European Union (“EU”) Member State data privacy laws and applies to all companies that either (i) have a corporate presence in the EU or (ii) offer goods or services to EU residents or customers located there, and in connection with such activities process personal data.
GDPR replaces the Data Protection Directive 95/94/EC which was put in place in 1995.
Does GDPR apply to Salsify?
Yes. While we do not currently have employees in the EU, we do process and hold personal data of data subjects residing in the EU, specifically for marketing and customer service purposes.
GDPR compliance is a requirement of our international customers with European affiliates and we need to ensure that we are following the requirements set forth by GDPR.
Key Components of Our Compliance Efforts
We understand that trust is a key component in all partnerships. We respect customers’ data and the need for keeping it protected and secure. We see our compliance efforts as an opportunity to strengthen our relationships as we continue to work with our customers to ensure the protection of their organizational and personal data. We take our commitment to this initiative seriously and we dedicated resources to closely analyze the requirements of GDPR. We have deployed enhancements to our products and website, completed a data inventory, instituted a privacy impact assessment process, and updated marketing processes to support compliance with GDPR.
Personal data requests can be submitted by using this form.
For purposes of transferring personal data from the EU in compliance with GDPR, Salsify's Privacy Shield self-certification was finalized by the U.S. Department of Commerce’s International Trade Administration (ITA) effective as of April 27, 2018.
In December of 2017, we obtained our SOC 2 Type 1 certification and are actively working towards our SOC 2 Type 2. Current customers may request a letter of attestation of our SOC 2 Type 1 report.
Our employees are trained on processes for data handling, privacy by design and privacy impact assessments.
We work with our 3rd party service providers to ensure that data protection processes, such as data subject access requests, and agreements covering our vendors, are in place.
We offer all of our customers a data processing agreement. This permits customers to continue to transfer data to Salsify without interruption. For more information about this agreement, please reach out to your Account Manager.
We are working successfully with numerous global and European companies, and are happy to discuss further.
How long is the Privacy Shield certification valid for?
Salsify will renew the Privacy Shield certification annually and compliance will be audited on a regular basis.