Last updated August 4, 2021
SaladBowl is committed to protecting and honoring your privacy rights. In light of a number of jurisdictions having enacted laws that affect how companies handle personal information, we wanted to take a moment to share what measures SaladBowl has put into place to comply with two significant data protection laws: the General Data Protection Regulation and the California Consumer Privacy Act.
The GDPR is a European law establishing protections for the personal data of EU residents that came into force on May 25, 2018. Under the GDPR, organizations that collect, maintain, use, or otherwise process EU residents’ personal data (regardless of the organization’s location) must implement certain privacy and security safeguards for that data. SaladBowl has established a comprehensive GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts. Some significant steps SaladBowl has taken to align its practices with the GDPR include:
Below, we provide additional details about the core areas of SaladBowl’s GDPR compliance program and how customers can use SaladBowl to support their own GDPR compliance initiatives.
Under the GDPR, “data controllers” (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (called “data processors”).
EU data protection laws require organizations to use a recognized legal mechanism to transfer data from the EU to countries that do not have a similar data protection framework, including the United States.
Although we cannot rely on Privacy Shield to transfer EEA and Swiss data, SaladBowl has decided to keep its Privacy Shield certification to continue to safeguard the data already transferred under Privacy Shield and as a commitment to its data protection safeguards.
The regulatory guidance in this area continues to evolve, and we are tracking additional guidance from data protection authorities closely. SaladBowl remains committed to the privacy of our customers and will continue to work to make sure we comply with data protection laws.
The GDPR requires organizations to use appropriate technical and organizational measures to protect the security, confidentiality, and integrity of personal data. Security continues to be a priority for SaladBowl, and we have successfully completed our SOC 2 (Type I) and (Type II) audits for controls relevant to security, availability, and confidentiality. This means that an independent third party has both validated our processes and practices with respect to these three trust services criteria and confirmed our ability to maintain compliance with the controls we have implemented. We have likewise implemented a variety of safeguards to protect the security of our platform, including encrypting web connections to protect data transmissions, replicating our databases to support reliability of the platform, and controlling access to our facilities and office network.
If you would like to exercise your rights under the GDPR, please submit your request by contacting us at firstname.lastname@example.org.
The CCPA, which comes into force on January 1, 2020, is a law that provides California consumers certain rights with respect to their personal information. Specifically, the law requires that businesses subject to the statute grant consumers the ability to request access to and deletion of their data, and the ability to opt out of “sales” of their personal information. The law also restricts how service providers that process personal information on behalf of a business may use that information.
SaladBowl does not sell its customers’ or users’ personal information. Where a business subject to the CCPA has entered into a services or subscription agreement with SaladBowl, SaladBowl will also act as a service provider to that business. Specifically, SaladBowl will process such customers’ personal information only for the purposes set forth in the applicable agreement, and will cooperate with customers to fulfill deletion or access requests.
If you would like to exercise any of your rights under California law with respect to your personal information, please submit your request by contacting us at email@example.com.
Both the GDPR and CCPA’s requirements are comprehensive, but the law and regulatory guidance continues to evolve when it comes to privacy and data protection – and not just in the EU or the United States. As data protection authorities and regulators interpret and issue guidance on the GDPR, CCPA, and other currently existing data protection laws around the world and as countries pass new data protection laws, we will continue to follow these developments closely and evaluate our program for any changes or enhancements as needed.
Finally, we value communication with our customers. If you have any questions about our data protection practices, please contact us at firstname.lastname@example.org.