Data security and trust are integral to JumpCloud\u2019s Directory-as-a-Service\u00ae<\/a> platform. This webpage is a broad overview of JumpCloud\u2019s compliance with the EU General Data Protection Regulation (GDPR)<\/a> and is informational in nature. The content of this webpage is not a legally binding document and should not be considered a substitute for legal advice. JumpCloud\u2019s Data Processing Addendum (DPA) is incorporated into the Directory-as-a-Service Agreement (DAASA)<\/a> that JumpCloud enters with its customers. A copy of JumpCloud\u2019s DPA<\/a> is available here for your review.<\/p>\n\n\n\n
The GDPR is a data privacy and protection regulation that is applicable to organizations processing personal data from data subjects in the EU, EEA, Switzerland, and the United Kingdom. The GDPR protects data subjects\u2019 personal data and requires controllers and processors to take certain measures to safeguard personal data. Additionally, the GDPR provides data subjects the ability to request review and deletion of their personal data.<\/p>\n\n\n\n
The GDPR defines Personal Data as \u201cany information relating to an identified or identifiable natural person\u201d and includes personal identifiers such as names, email addresses, identification numbers, location data, and other online identifiers. The \u201cidentified or identifiable natural person\u201d is called the Data Subject under the GDPR.<\/p>\n\n\n\n
There are two types of organizations that process a Data Subject\u2019s Personal Data: Controllers and Processors. Controllers determine the reason for processing a Data Subject\u2019s Personal Data. Processors process Personal Data based on the instructions from the relevant Controller. The GDPR requires Controllers and Processors to take care of Personal Data by using strong controls and security measures. JumpCloud monitors and will continue to monitor and evaluate any changes to the GDPR. JumpCloud has adopted the Standard Contractual Clauses in its DPA as the basis for the transfer of personal data from the EU, EEA, Switzerland, and the United Kingdom to the United States. The Standard Contractual Clauses are standard terms provided by the European Commission that JumpCloud uses for a compliant transfer of personal data from the EU. The Standard Contractual Clauses are expressly incorporated into JumpCloud\u2019s DPA.<\/p>\n\n\n\n
Privacy by design and protective security measures are critical elements of GDPR compliance. JumpCloud takes security of its systems and all customer Personal Data extremely seriously. JumpCloud safeguards Personal Data in many ways, including but not limited to encrypting all data at rest and in transit, training employees in security awareness and performing appropriate background checks, maintaining access controls, active software monitoring of JumpCloud user logins and privileged commands, and log monitoring. In addition, JumpCloud\u2019s ongoing security processes include penetration testing, vulnerability scanning, patching, and other activities. Further details on JumpCloud\u2019s robust security activities are available in our online documents<\/a> as well as via our SOC 2 Type II attestation. The results of JumpCloud\u2019s SOC 2, Type II examination are available to customers upon request by emailing accounts@jumpcloud.com<\/a>.<\/p>\n\n\n\n
As a Controller, JumpCloud collects Personal Data in compliance with all applicable data protection laws and regulations. Please see our privacy policy<\/a> for more information regarding the data JumpCloud collects as a Controller.<\/p>\n\n\n\n
As a Processor, JumpCloud will retain your data for as long as your account is active, whether under our paid or free plans.<\/p>\n\n\n\n
If you are the administrator of your company\u2019s JumpCloud account or tenant, you can delete, or request the deletion of, your tenant (and all data). Please note that upon deletion of your data, the JumpCloud platform will not function for you. You may send any requests for information or deletion to dpo@jumpcloud.com<\/a>.<\/p>\n\n\n\n
Individuals that have provided personal information through email, marketing, and sales tools, may unsubscribe to marketing communications as described in the communication and in our privacy policy<\/a><\/strong> and may also request the deletion of personal data that JumpCloud has collected by emailing dpo@jumpcloud.com<\/a>.<\/p>\n\n\n\n
If you have further questions about GDPR and how JumpCloud can either help you become GDPR-compliant or how JumpCloud, itself, is compliant, please don\u2019t hesitate to contact us at sales@jumpcloud.com<\/a>.<\/p>\n\n\n\n
As described in the JumpCloud Terms of Service<\/a>, JumpCloud\u2019s third-party sub-processors include:<\/p>\n\n\n\n
Sub-Processor<\/strong><\/td> | Principal Office Location \/ Processing Country (\u201cPC\u201d)<\/strong><\/td> | Subject Matter of the Processing<\/strong><\/td><\/tr> |
AWS (Amazon Web Services, Inc.)<\/td> | PC: USA, Germany and Japan<\/td> | \u00b7 Cloud hosting and infrastructure provider \u00b7 Firewall web application services<\/td><\/tr> |
Salesforce.com, Inc.<\/td> | PC: USA<\/td> | \u00b7 Customer relationship management activities and support<\/td><\/tr> |
Fivetran, Inc.<\/td> | PC: USA<\/td> | \u00b7 Data integrations, normalization, and management services \u00b7 Fivetran processes personal data in order to facilitate migration of data from data sources into a data warehouse.<\/td><\/tr> |
Snowflake Inc.<\/td> | PC: USA<\/td> | \u00b7 Data warehousing, hosting and storage services<\/td><\/tr> |
Segment.io, Inc.<\/td> | PC: USA<\/td> | \u00b7 Customer data platform services (analytics, data-driven decision making)<\/td><\/tr> |
SendGrid, Inc.<\/td> | PC: USA<\/td> | \u00b7 Email platform<\/td><\/tr> |
DataDog, Inc.<\/td> | PC: USA, Germany and Japan<\/td> | \u00b7 \u00a0 Business analytics<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Subscribe to this RSS feed<\/a> to be alerted when our GDPR policies and sub-processors change.<\/p>\n\n\n\n UPDATED: December 23, 2024<\/p>\n","protected":false},"excerpt":{"rendered":" |