[GDPR] PerformFlow’s Data Storage, Processing & International Data Transfer

This article explains in detail where PerformFlow’s data is stored and how our processing complies with GDPR. It also explains our compliance with GDPR’s International Data Transfer clause.

Content:
  • Legitimacy of our data processing operations
  • Do we do international transfer of personal data?
  • Which Data Transfer mechanisms does PerformFlow rely on? Standard Clauses or Privacy Shield?

Legitimacy of our data processing operations
Data Storage

We store and process your user and usage data (refer to article: What data stored by PerformFlow & how is it used?) in Firebase, the Google cloud-hosted database.

Firebase is managed by Google and its servers are located primarily in the United States (refer to the Firebase’s privacy policy for more information).

The physical storage of PerformFlow data and processing is protected under Data Processing and Security Terms of Google Cloud Platform.

Data Processing

PerformFlow is GDPR compliant as we do not transfer any personal data. We never save your content or data of your google form or the documents generated out of your google form submission, in our database.

If an approval workflow is setup, we do store the specific configuration data and the generated file information in Google Firebase. This data is absolutely essential for PerformFlow’s web app to trigger email notification and updation of the approval information in the Form responses spreadsheet whenever there is an approval action on the document flow.

If you require a Data Processing Agreement (DPA), please send your request at [email protected]

Do we do international transfer of personal data?
No. We never process international data transfer in any way. Neither do we use in-house script nor perform file transfers.

We will never transfer, sell, make copies, or share any of your data stored by PerformFlow to third party services or companies.


Which Data Transfer mechanisms does PerformFlow rely on? Standard Clauses or Privacy Shield?

Upon completion of the DPA, it is stipulated that: The application of lawful data transfer mechanisms for our customers who wish to transfer personal data to a third country (outside the EEA) in accordance with Article 45 or 46 of the GDPR, relies on entering into Standard Contractual Clauses or offer any alternative transfer solution if requested (for example, the EU-U.S. Privacy Shield).

Comments are closed.