Home Heroku Data Processing Agreement

Heroku Data Processing Agreement

by Renkema

Under EU data protection legislation, organisations that process personal data are divided into `controllers` or `controllers` and `transformers`, companies that only process personal data on the instruction of processors. The RGPD applies to both controllers and processors. Apart from that, we act as a data processor when customers use our service to process personal data from people in the EU. Our customers decide what personal data (if any) will be sent through our services. To avoid doubts, the 84codes do not physically host any of the servers provided for the service. Instead, data centers are used by external cloud platforms that the data manager selects to use the service itself. These cloud platforms are listed as subprocessors in Schedule 3. All data can be encrypted during transmission and in standby mode for extra security. In addition, 84codes is not aware of the type of data processed by the data manager while using the service.

84Codes employees do not look at the data manager`s data or copy the data on any server other than the one chosen by the data manager. All data stored in the service is stored until the data manager deletes the data either manually or by guidelines. Backups (if any) are deleted after 30 days. Stored data can be encrypted by customer applications to meet data security requirements. Customers can implement data storage, key management and data storage requirements when developing their application. Please note that the data center is selected on behalf of the data manager. As a result, not all data centers listed as subprocessors have access to the data manager`s data. Only the data center of the choice of the data manager has access to the data and is considered a subprocessing in the means of this DPA. Heroku has published a privacy policy that clearly defines what data is collected and how it is used. Heroku and salesforce.com are committed to customer privacy and transparency. For more technical information, see: devcenter.heroku.com/articles/dyno-isolation At Salesforce, trust is our #1 value and protecting our customers` data is paramount.

We know that many organizations have questions about the RGPD and the new commitments made under the PMPR. We`ve created this document to help you on your compliance travel journey. In our role as data manager, we can collect and store contact information when customers connect to our services or seek help. The information we store includes data such as our customers` email addresses and physical addresses for billing purposes. We may also collect other customer credentials, such as IP address, PayPal ID, public SSH key or Oauth tokens for external services. The law regulates how companies collect, use and transmit personal data about people in the EU. It requires, among other things, companies to treat a person`s personal data fairly and legitimately and to allow individuals to exercise their rights with respect to their data. For example, to access, correct or delete their personal data. The law also ensures that appropriate security protection is in place to protect personal data processed.

Heroku uses iso 27001 and FISMA certified data centers managed by Amazon. Amazon has a long history of designing, creating and operating large data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centres are housed in non-descriptible facilities, and critical facilities have significant setbacks and perimeter perimeter and military perimeters, as well as q