Article 28 of the GDPR requires data controllers to have a written document detailing the obligations with respect to the processing of personal data. Typically, this takes the form of a Data Processing Addendum (“DPA”). We modified our Terms of Use to incorporate a GDPR compliant DPA. This DPA better describe our privacy commitments to customers and helps facilitate our customers’ GDPR readiness.

For our customers that purchased a subscription directly from our website or otherwise are governed by our Terms of Use, the GDPR DPA is already a part your contract, and describes Intempt’s security and privacy obligations. As related to the GDPR and data from the European Economic Area or Switzerland, this includes:

• Processing In Accordance With Customer Instructions – Intempt will only process data in accordance with the customer’s instructions, as described our current Terms of Use and DPA.
• Assistance with Data Subject Requests – to the extent our customers cannot delete or retrieve data processed by Intempt on their own, we will assist customers with the data subject requests they receive.
• Notification of Data Incidents – Intempt will notify customers without undue delay if there are any accidental, unauthorised or unlawful destruction, loss, alteration, or disclosure of, or access to the personal data. We will assist our customers in their obligations under Articles 32-36 of the GDPR.
• Confidentiality Commitments of Personnel – All Intempt employees are required to sign a confidentiality agreement prior to employment and adhere to other internal policies.

The GDPR allows for several ways to facilitate transfers of personal data outside of the EU. One valid mechanism for transfer of personal data outside of the EU is transfer of data under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

As obligations to protect data transfers from the EU continue to develop, we’re committed to maintaining a valid mechanism to facilitate transfers of personal data outside of the EU.