At Frame.io, we are GDPR and Privacy Shield compliant. We maintain full transparency about how we use data.
The EU General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that came into effect on May 25, 2018. It replaced the existing EU Data Protection law to strengthen the protection of “personal data” and the individual's rights. It is a single set of rules which govern the processing and monitoring of EU data.
What’s Privacy Shield?
Privacy Shield is an agreement between the EU and the US, allowing for transferring personal data from the EU to the US. To be assured of Privacy Shield benefits, an organization must self-certify annually to the Department of Commerce that it agrees to adhere to the Privacy Shield Principles, a detailed set of requirements based on privacy principles such as notice, choice, access, and accountability for onward transfer.
Why does Frame.io need Privacy Shield certification?
The importance of Privacy Shield cannot be overstated. In a time of increasing global data transfers, it important to have the ability to share data between the US and EU. This could be simply for processing or because a company has data centers located in the US only.
Frame.io is a web-based platform accessible globally. We have many self-serve as well as enterprise customers located in the EU. To continue working with them and storing their data locally in the US, we will need to comply with GDPR. Privacy Shield helps us fulfill the EU requirements. Without Privacy Shield, Frame.io would find itself transferring data illegally and leaves itself open to lawsuits from data subjects.
How would Frame.io customers benefit from the Privacy Shield certification?
Frame.io is a data processor for our customers. Our customers, both in the EU and USA, have to make sure that we do everything at our end to collect limited PII and keep the data secure & private. Some of our customers are in regulated industries, and they can only work with GDPR/Privacy Shield certified customers. This also means that we provide proper ways for our customers to get their data deleted when requested.
Does it affect me?
If you hold or process any person's data in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
How Frame.io prepared for GDPR
Our teams worked to define our GDPR roadmap. This was a huge overhaul of processes and data models to ensure we met our legal obligations and did the best thing for our customers.
Inquire about Privacy Management to request your information or to request to be deleted.
We updated our Data Processing Agreements (DPAs)
Strong data protection commitments are a key part of GDPR’s requirements. Our updated data processing agreement shares our privacy commitments and sets out the terms for Frame.io and our customers to meet GDPR requirements. This is available for Enterprise customers to sign upon request.
We appointed a Data Protection Officer
We have a dedicated Data Protection Officer to oversee and advise on our data management.
We coordinated with our vendors
We reviewed all our vendors, finding out about their GDPR position, and arranged similar GDPR-ready data processing agreements with them.
We took new security measures
Security is a priority for us. We’ve built a robust security framework, achieving International Compliance standards SOC2 Type 1 and SOC2 Type 2. We reviewed our internal access design to ensure the right people can access the right level of customer data. More details are available on our Security page.
Subscribe to Vendor Updates
To subscribe to changes about the subcontractors we use, please click this link and fill in your email address, and we will notify you within 10 days once this list changes.
Feel free to reach out to us using the in-app chat if you have any questions about GDPR or Privacy Shield.
More information can be found on https://frame.io/privacy/