Our GDPR Commitment

What is GDPR?

The European Union’s General Data Protection Regulation, or GDPR, enhances the existing framework for companies that process the personal data of EU-based residents. It comes into effect on May 25, 2018, bringing with it a host of new obligations for those companies, and new privacy rights for their end users.

Processing data can mean many things, from collecting data to storing and using it. Organizations large and small that process the personal data of EU-based individuals are now preparing for the new regulation, and Evernote is no exception.

What is Evernote doing for GDPR?

As we make clear in our Three Laws of Data Protection, Evernote is committed to protecting the privacy and security of our users’ data. We believe that GDPR complements our existing data protection policies and processes, giving us a solid foundation and helping us maintain a strong commitment to data privacy. In addition to the updates to our Privacy Policy that reflect our new obligations, we implemented a process in place to support users seeking to export or access their personal data in a seamless way, and trained our staff on how build and design privacy-conscious products.

In our compliance efforts, Evernote actively collaborated with privacy experts from the Center for Democracy and Technology (CDT) and the Future of Privacy Forum (FPF). Evernote continues to be EU-US Privacy Shield and Swiss-US Privacy Shield certified. 

How do I get a Data Processing Agreement?

For customers looking for a data protection agreement should contact their customer success agent, or email privacy@evernote.com for more information.

Does Evernote view itself as a data controller or data processor?

Both. Depending on the circumstance. We've outlined details about Evernote's role in each of these designations below.

  • Data controller: For our individual users, Evernote will act as a data controller. When Evernote is the data controller, we handle personal data as described in our Privacy Policy. We've updated our terms to align with the updated GDPR requirements.

  • Data processor: Evernote acts as a data processor on behalf of our Evernote Business customers. 

What Evernote is doing to support its users in meeting the requirements of GDPR?

We are happy to support our users in meeting the requirements of GDPR. In addition to the updates to our Privacy Policy to reflect our new obligations, we implemented a process in place to support users seeking to export or access their personal data in a seamless way, and trained our staff on how build and design privacy-conscious products.

Where can I learn more about my rights under GDPR?

For more information on EU users rights under GDPR, you can view them in our Privacy Policy (under “How can I manage my information stored in Evernote?”) https://evernote.com/privacy/policy-5-25-2018 

What third parties does Evernote work with to process customer data?

Evernote uses third party vendors to help provide the Evernote services to our customers. Before onboarding new vendors, Evernote conducts a a privacy and security review. Any vendors which handle personal data must sign a data processing agreement with Evernote. To view an updated list of the third party vendors we visit https://evernote.com/privacy/vendors

How can I learn more about GDPR?

GDPR is important to us and we welcome this opportunity to help our users understand our compliance. For Evernote users interested in learning more about GDPR and how we adopted these principles, please contact us by email at privacy@evernote.com.

In the event of a conflict, the English language version shall govern.