Update: Please note on July 16, 2020, the European Court of Justice ruled that the US-EU Privacy Shield is no longer a valid cross-border data transfer mechanism. However, the same ruling upheld Standard Contractual Clauses as a valid cross-border data transfer mechanism. Customers aren’t required to do anything in order to be covered by the Standard Contractual Clauses as they are already part of the Data Protection Addendum which covers all SendGrid and Twilio services by default. Please see our blog post if you’d like to learn more.
SendGrid is pleased to announce we received approval from the U.S. Department of Commerce for its EU-U.S. and Swiss-U.S. Privacy Shield certifications (“Privacy Shield”). These certifications demonstrate SendGrid’s commitment to data privacy, security, and transparency. SendGrid’s participation in Privacy Shield is applicable to all EU and Swiss personal data that is subject to SendGrid’s Privacy Policies and thus no action is required by a customer or visitor to SendGrid’s website to benefit from its protections.
Designed by the U.S. Department of Commerce, the European Commission and Swiss Administration, Privacy Shield provides companies on both sides of the Atlantic with a mechanism for complying with the EU’s data protection requirements when transferring personal data from the EU and Switzerland to the United States.
To participate in Privacy Shield, a company must commit to a range of data protection principles that are consistent with the core requirements of EU and Swiss law, including that they will:
- Provide transparent information to individuals about what personal information is collected, how it is used, and the types of third parties with whom it is shared, along with a number of other important disclosures such as:
- Maintain data integrity and purpose limitation
- Ensure accountability for data that is onward transferred to third parties by requiring such third parties to agree to strict contractual terms for the same level of privacy protection as Privacy Shield
- Implement reasonable and appropriate security measures to protect personal data
- Provide access, rectification, and deletion rights to EU and Swiss individuals
- Provide a comprehensive and independent complaints-handling process for privacy-related complaints
- Review, assess, and certify on an annual basis that all Privacy Shield requirements are met
Because security and privacy of data is one of our highest priorities, SendGrid also obtained a SSAE-16 SOC2 Type II report, a global standard for data privacy and security. For more information, please see this previous blog post.
SendGrid will work hard to maintain its Privacy Shield commitments and looks forward to the success of the program. We support Privacy Shield as an important way to protect the privacy of individuals and promote trust, while enabling the transatlantic flow of data that is essential to our global economy.
For more details about Privacy Shield, the certification process, or to view our certification, visit www.privacyshield.gov.
More information about Privacy at SendGrid and a link to our Privacy Shield Notice can be found at: https://sendgrid.com/policies/privacy/. Any questions about SendGrid’s Privacy Shield certification can be sent to firstname.lastname@example.org.