Last updated on: 8 August 2022
In 2012, the European Commission began a process to reform Europe’s existing data protection laws by proposing a new data protection regulation to replace the current Data Protection Directive. GDPR was agreed and adopted in 2016 and came into effect on 25 May 2018.
Conjointly takes our GDPR responsibilities seriously and on this page provides answers to commonly asked questions.
Where does Conjointly store customer data?
Similar to many SaaS providers, we use a top-tier, third-party data hosting provider (Amazon Web Services) with servers located in the U.S., to host our online and mobile services. For more information about AWS’s approach to compliance with the GDPR, see https://aws.amazon.com/compliance/gdpr-center/.
Will Conjointly be storing EU customer data in the EU?
Conjointly has no short-term plans to store data in the EU, and this isn’t required under GDPR. Instead, GDPR requires companies to implement appropriate safeguards when they export personal data out of the EU.
Conjointly makes sure that it complies with EU data export restrictions when it exports data outside of the EU.
How does Conjointly comply with EU data export restrictions?
When personal data is hosted or processed outside of the European Economic Area by Conjointly, GDPR requires that it remains protected by appropriate safeguards in line with EU law. There are a few ways that Conjointly achieves this.
Some of our EU customers’ data is processed in Australia (where our Headquarters are located). When we process EU customer data in other territories, like the United States of America or New Zealand, we ensure “appropriate safeguards” are in place that are prescribed by GDPR – i.e., by entering into the European Commission’s Standard Contractual Clauses with the entity the data is transferred to, or by ensuring the entity is Privacy Shield certified (for transfers to US based entities).
Why isn’t Conjointly signed up to Privacy Shield?
Conjointly is an Australian company, with team members all over the globe – we are not a US-headquartered company. Privacy Shield is only one of a few available mechanisms to transfer data outside of the EU, and certification against the Privacy Shield is not a legal requirement. We rely on a combination of measures to ensure compliance with EU data export rules, including Model Clauses.
Do you have a GDPR compliant Data Processing Agreement/Addendum for us to sign?
Who are Conjointly’s subprocessors?
A full list of Conjointly’s subprocessors is available on our subprocessors page.