GDPR - processor identification

[ghost]

@cyberswat commented on May 22, 2018, 1:59 PM UTC:

What happened (or feature request):

The GDPR invokes the concepts of processors and controllers. We need to identify each third-party we work with and identify if they are a processor or a controller.

What you expected to happen:

Please evaluate the following list and add vendors that we have not added yet. At this juncture, we only need to identify them. Additional work will happen at a later stage to identify them as a processor or a controller. When you have added what you can to the list please unassign yourself.

• Google is available at https://privacy.google.com/businesses/processorterms/ and is now part of their Terms of Service. No additional DPA is required, but Google needs to be listed in our Sub Processor List

• Amazon is available at https://aws.amazon.com/service-terms/ and is now part of their Terms of Service. No additional DPA is required, but Amazon needs to be listed in our Sub Processor List

• Salesforce DPA is available, pre signed at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf. We need to download and sign and return the document and include Salesforce in our Sub Processor List

• Freshworks current state is outlined at https://www.freshworks.com/privacy/gdpr/. The DPA is not yet available, but we need to include them in our Sub Processor List

• Slack needs research to determine where their DPA exists. They need to be on our sub processor list

• Github has been determined to be a Data Controller, not a sub processor. They are responsible for providing DPA agreements directly to github users

• Identify other potential sub processors. Defined as a third party where Drud passes through or the company has access to personally identifiable information.

This issue was moved by cyberswat from drud/general/issues/167.

[ghost]

@cyberswat commented on May 22, 2018, 2:29 PM UTC:

LogDNA https://logdna.com/gdpr-compliance

[ghost]

@dclear commented on May 22, 2018, 2:30 PM UTC:

Slack's DPA is here: https://a.slack-edge.com/6a098/marketing/downloads/legal/slack-data-processing-addendum.pdf. Their GDPR plan is here: https://slack.com/gdpr

[ghost]

@cyberswat commented on May 22, 2018, 2:31 PM UTC:

circleci https://circleci.com/privacy/

[ghost]

@cyberswat commented on May 22, 2018, 2:33 PM UTC:

CLA assistant is a service we use to manage agreements for people that contribute code to oour repositories https://cla-assistant.io/

[ghost]

@cyberswat commented on May 22, 2018, 2:35 PM UTC:

Read the docs https://docs.readthedocs.io/en/latest/privacy-policy.html

[ghost]

@dclear commented on May 22, 2018, 2:36 PM UTC:

Easecentral (benefits enrollment / admin) https://www.easecentral.com/privacy/

[ghost]

@cyberswat commented on May 22, 2018, 2:37 PM UTC:

Dockerhub https://www.docker.com/docker-privacy-policy

[ghost]

@dclear commented on May 22, 2018, 2:41 PM UTC:

Panda Doc https://www.pandadoc.com/gdpr and DPA

[ghost]

@dclear commented on May 22, 2018, 2:43 PM UTC:

Zoom https://support.zoom.us/hc/en-us/articles/360000126326-Official-Statement-EU-GDPR-Compliance and DPA

[ghost]

@cyberswat commented on May 22, 2018, 2:45 PM UTC:

Mailchimp https://mailchimp.com/legal/privacy/

[ghost]

@cyberswat commented on May 22, 2018, 2:46 PM UTC:

hotjar https://www.hotjar.com/legal/compliance/gdpr-commitment

[ghost]

@cyberswat commented on May 22, 2018, 2:59 PM UTC:

statuspage https://www.atlassian.com/legal/privacy-policy

[ghost]

@sgrandchamp commented on May 24, 2018, 12:28 AM UTC:

dclear cyberswat Incredible work guys ! Thank you so much, this will speed up the process a ton! Much, much appreciated

[ghost]

@dclear commented on May 24, 2018, 12:34 AM UTC:

You're welcome, sgrandchamp - one more (if we have a company account)

https://1password.com/legal/privacy/ & https://1password.com/legal/gdpr/

[ghost]

@sgrandchamp commented on May 24, 2018, 12:36 AM UTC:

dclear which we do ! It will be interesting to determine if they qualify as a sub processor for our customers, but better safe than sorry on this list

[ghost]

@sgrandchamp commented on May 24, 2018, 5:16 PM UTC:

/move to drud/ddevcom

[ghost]

@sgrandchamp commented on May 24, 2018, 7:51 PM UTC:

/move to ddevcom

[ghost]

@sgrandchamp commented on May 24, 2018, 7:52 PM UTC:

/move to /ddevcom

[ghost]

@rfay commented on May 24, 2018, 7:57 PM UTC:

So I think your problem moving this is you have to give the user/repo, so something like /move to drud/ddevcom. Or if ddevcom is a user, then /move to ddevcom/somerepo

[ghost]

@sgrandchamp commented on May 24, 2018, 7:59 PM UTC:

rfay thanks. I just decided to link them for now :-)