Using EU based servers for GDPR compliance
Tangiblee is fully compliant with GDPR. Here are the steps we take to ensure our compliance:
- For our EU clients, we use EEA (European Economic Area) based servers to process user pictures for Virtual Try-On. This not only guarantees that user pictures never leave the EEA, but also ensures that the processing of user data is done within the boundaries of the European Union.
- We rely on Google Analytics 4 (GA4) to track usage metrics. GA4 collects data from users in the EEA and sends it to an EEA based server, where the IP address of the user is anonymized. After this anonymization process, the data is then transmitted to the final destination where it is securely aggregated into the relevant web property.
- A significant development took place in July 2023 when the European Commission ratified the new EU-U.S. Data Privacy Framework. This framework confirmed that the United States provides an equivalent level of protection for personal data transferred from the E.U. as it is supplied within the Union. This confirmation solidifies the fact that GA4 can be utilized as a sub-processor for EEA clients, thereby allowing for the safe transfer of personally identifiable information (PII) to GA4 servers, which are situated in the United States.
- In addition to the aforementioned measures, we have the capability to offer a comprehensive Data Processing Agreement (DPA) addendum to clients. This addendum is an essential part of the contract signing process and further ensures that all necessary safeguards and provisions are in place to protect the privacy and security of client data.