<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=348068&amp;fmt=gif">

GDPR and Movebot


In 2012, the European Commission began a process to reform Europe's existing data protection laws by proposing a new data protection regulation to replace the current Data Protection Directive. GDPR was agreed and adopted in 2016 and came into effect on 25 May 2018.

 

GDPR aims to make data protection regulations: more Relevant, Comprehensive and Unified.

 

GDPR is a significant change but opens the opportunity for companies and organisations to audit their current data processing and storage actions and to ensure their customers are adequately protected.

 

For the benefit of the customer it shows, demonstrated compliance, enhanced rights and privacy of data by design. One major enhanced right is the right to obtain and reuse personal data across multiple services, as well as the right of deletion of personal data.



How does Movebot align with GDPR?

As Movebot handles sensitive, personal and company data, Movebot and the team take GDPR and other security compliance and processes seriously. Movebot understands that the sensitive nature of data, its transfer and storage rely on maintain relevancy in both security principles and governance, but also to building trust with its customers to ensure a peace of mind.

Movebot has ensured the following is in place to align the company and its processes with GDPR;

  • Updated Privacy Notice and Terms and Conditions to be GDPR compliant, as well as more concise and transparent about how we process personal data.
  • Staff Education on the Movebot infrastructure and processes to ensure all staff understand GDPR and are compliant and can raise risk and concern should an area of concern be identified.
  • Data Breach Alerting, Movebot is armed with a rapid response email and announcement to fall in line with GDPR, so that on a rare chance a breach is noted, communications can be sent out in a quick manner.
  • Infrastructure and internal processes now fall in line with GDPR.
  • The way Movebot handles and stores data falls in line with GDPR and Safe Harbour data protection means.

Just because Movebot has done the above, does not mean it will stop there. The team at Movebot will continue to modify, update you and remain relevant across the security governance spectrum to continue to meet yours, and the wider worlds needs.

Frequently Asked Questions

How does Movebot process customers data?

As Movebot is a SaaS provider, Movebot uses Amazon Web Services and Digital Ocean as it’s compute engine. Should you choose a third-party cloud storage provider, Movebot does not maintain or hold GDPR responsibility for data stored here. For more information on AWS’s approach to GDPR, see https://aws.amazon.com/compliance/gdpr-center/
When transferring data with a Movebot service all data is processed in memory and overwritten at regular intervals as new data is processed. Additionally there are no shared resources across migration jobs. On intiating a migration Movebot stands up dedicated compute resources to conduct the transfer, on completion the compute node is torn down and destroyed. No data processed by Movebot is physically stored and the only remaining evidence is metadata that can be located within the audit log of your admin.movebot.io portal.

Will Movebot be storing EU customer data in the EU?

As previously discussed, Movebot does not store data. If migrating within the EU region, Movebot offers the ability to select a geographical region of choice to process data. At this time these regions are Frankfurt and Amsterdam. Other regions can be available on request.
Movebot ensures that it complies with EU data export restrictions when it exports data outside of the EU.
It is worth noting that all data is processed in the region of your choice and all metadata, logs and audit transactions are stored within Movebot's encrypted database. The database that stores long term logs and metadata is located in the USA. For further clarifcation or questions please contact Movebot support.

How will Movebot comply with EU data export restrictions?

When personal data is hosted or processed outside of the European Union Area by Movebot, GDPR requires that it remains protected by appropriate safeguards in line with EU law.
Our EU customers' data can be processed in the EU. Although it is also worth noting the United States is recognized by the EU as an 'adequate' country (i.e. safe country) to receive and process EU personal data, pursuant to European Commission Decision 2013/65/EU. Movebot additional ensures "appropriate safeguards" are in place that are prescribed by GDPR – i.e., by entering the European Commission’s Standard Contractual Clauses with the entity the data is transferred to, or by ensuring the entity is Privacy Shield certified (for transfers to US based entities).

Is Movebot signed up to Privacy Shield?

Movebot is a New Zealand-headquartered company, with an infrastructure presence globally (primarily United States of America) – we are not a US-headquartered company. Privacy Shield is only one of a few available mechanisms to transfer data outside of the EU, and certification against the Privacy Shield is not a legal requirement. We otherwise rely on a combination of options to ensure that Movebot and data maintains compliance with EU data export rules.

Do you have a GDPR compliant Data Processing Agreement/Addendum for us to sign?

The Movebot Data Processing Addendum is found at https://movebot.io/gdpr. You don't need to sign it - it automatically applies as part of the Movebot Terms and Conditions whenever it is relevant to your use Movebot’s services and solutions.

Movebot Third Parties

Movebot uses a range of third parties to help us provide you with a great service and to assist us with communication, infrastructure and understanding your needs better. See below for a list of third parties that Couchdrop uses.
Product
Purpose
Location
Amazon Web Services
Cloud Infrastructure Service Provider
United States
Digital Ocean
Cloud Infrastructure Service Provider
United States
Wasabi
Cloud Storage Service Provider
United States
Stripe
Billing and Payment provider
United States
Mailchimp
Electronic Direct Mail and Campaign manager
United States
HubSpot
CRM
United States
Google Analytics
SEO and Web analyzing and data reporting tool
United States
Zendesk
Ticket and Incident Management tool
United States
Zapier
Third party integrator tool for business processes
United States
Cluvio
Third party Analytics and Reporting
United States