The European Union’s General Data Protection Regulation, or GDPR, enhances the existing framework for companies that process the personal data of EU-based residents. It comes into effect on May 25, 2018, bringing with it a host of new obligations for those companies, and new privacy rights for their end users.
Processing data can mean many things, from collecting data to storing and using it. Organizations large and small that process the personal data of EU-based individuals are now preparing for the new regulation, and Evernote is no exception.
In our compliance efforts, Evernote actively collaborated with privacy experts from the Center for Democracy and Technology (CDT) and the Future of Privacy Forum (FPF). Evernote continues to be EU-US Privacy Shield and Swiss-US Privacy Shield certified.
For customers looking for a data protection agreement should contact their customer success agent, or email email@example.com for more information.
Both. Depending on the circumstance. We've outlined details about Evernote's role in each of these designations below.
Data processor: Evernote acts as a data processor on behalf of our Evernote Business customers.
Evernote uses third party vendors to help provide the Evernote services to our customers. Before onboarding new vendors, Evernote conducts a a privacy and security review. Any vendors which handle personal data must sign a data processing agreement with Evernote. To view an updated list of the third party vendors we visit https://evernote.com/privacy/vendors
GDPR is important to us and we welcome this opportunity to help our users understand our compliance. For Evernote users interested in learning more about GDPR and how we adopted these principles, please contact us by email at firstname.lastname@example.org.
In the event of a conflict, the English language version shall govern.