This article explains in detail where Awesome Table's data is stored and how our processing complies with GDPR. It also explains our compliance with GDPR’s International Data Transfer clause.
2
Legitimacy of our data processing operations
Data Storage
We store and process your user and usage data in Firebase, the Google cloud-hosted database (refer to article: [DATA STORAGE] What data are stored by Awesome Table and how are they used?).
Firebase is managed by Google and its servers are located primarily in the United States (refer to Firebase’s Privacy Policy for more information).
The physical storage of Awesome Table data and processing is protected under Data Processing and Security Terms of Google Cloud Platform.
Data Processing
Awesome Table is GDPR compliant as we don't store or transfer any personal data.
Does Awesome Table execute international transfer of personal data?
We never process international data transfer in any way. Neither do we use in-house script nor perform file transfers.
We will never transfer, sell, make copies, or share any of your data stored by Awesome Table to third party services or companies.
Which Data Transfer mechanisms does Awesome Table rely on: Standard Clauses or Privacy Shield?
Upon completion of the Data Processing Agreement (DPA), it is stipulated that the application of lawful data transfer mechanisms for our customers who wish to transfer personal data to a third country (outside the EEA) in accordance with Article 45 or 46 of the GDPR, relies on entering into Standard Contractual Clauses or offer any alternative transfer solution if requested (for example, the EU-U.S. Privacy Shield).
On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.
However, Awesome Gapps does not depend on the Privacy Shield mechanism. Rather, Awesome Gapps relies on the Standard Contractual Clauses to transfer all of its users’ EEA personal data in compliance with the GDPR. The Court confirmed that such Standard Contractual Clauses remain a valid data export mechanism. The Standard Contractual Clauses are referenced in and automatically apply through Awesome Gapps' Data Processing Addendum, which you can find here.
This means that our users can take comfort that their EEA personal data continues to be protected to European standards in compliance with applicable data protection laws including GDPR.
HIPAA and BAA
If you intend to use the Service for any purpose or in any manner involving Protected Health Information, as defined in the Health Insurance Portability and Accountability Act (“HIPAA”), it is your responsibility to (a) execute a Business Associate Agreement with Google related to your HIPAA data stored in your Google Drive, and (b) execute a Business Associate Agreement with us related to your HIPAA data stored by you on the Service. Learn more about what data the Service stores: What data is stored by Awesome Table and how is it used?. To request a BAA to us, fill in this Google Form and you will automatically receive our standard BAA to sign.