Frequently Asked Questions about GDPR

Last Modified: May 2, 2018

What is GDPR?

GDPR stands for General Data Protection Regulation (“GDPR”). GDPR unifies all European Union (“EU”) Member State data privacy laws and applies to all companies that either (i) have a corporate presence in the EU or (ii) offer goods or services to EU residents or customers located there, and in connection with such activities process personal data.

GDPR replaces the Data Protection Directive 95/94/EC which was put in place in 1995.

Does GDPR apply to Salsify?

"Yes. We have an office in Portugal with EU employees.  We process and hold personal data of data subjects residing in the EU, specifically for marketing and customer service purposes.

GDPR compliance is a requirement of our international customers with European affiliates and we ensure that we are following the requirements set forth by GDPR."
 

Key Components of Our Compliance Efforts

We understand that trust is a key component in all partnerships. We respect customers’ data and the need for keeping it protected and secure. We see our compliance efforts as an opportunity to strengthen our relationships as we continue to work with our customers to ensure the protection of their organizational and personal data. We take our commitment to this initiative seriously and we dedicated resources to closely analyze the requirements of GDPR. We have deployed enhancements to our products and website, completed a data inventory, instituted a privacy impact assessment process, and updated marketing processes to support compliance with GDPR.

Our privacy policy has also been updated, please see this page https://www.salsify.com/privacy-policy.  

Personal data requests can be submitted by using this form.

For purposes of transferring personal data from the EU in compliance with GDPR, we transfer any EU-origin personal data on the basis of the Standard Contractual Clauses, as amended by the Commission of the European Union, and we employ appropriate technical, contractual, and organizational supplementary measures.

In December of 2017, we obtained our SOC 2 Type 1 certification, and in November of 2018 obtained our SOC 2 Type 2 certification. Current customers who have signed a NDA may request an Executive Summary report of our SOC 2 Type 2 report.

Our employees are trained on processes for data handling, privacy by design and privacy impact assessments.

We work with our 3rd party service providers to ensure that data protection processes, such as data subject access requests, and agreements covering our vendors, are in place.

We offer all of our customers a data processing agreement. This permits customers to continue to transfer data to Salsify without interruption. For more information about this agreement, please reach out to your Account Manager.

We are working successfully with numerous global and European companies, and are happy to discuss further.