In October 2015, the EU/US Safe Harbor provisions that many companies relied upon for the transfer of digital information between the US and Europe were ruled to be invalid by the European Court of Justice. SharpSpring takes the data security of our customers very seriously, with this article detailing how we protect the information of our EU customers in lieu of this ruling.
The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is a European Union directive adopted in 1995 which regulates the processing of personal data within the European Union. Under this directive, personal data may only be transferred to countries outside the EU if that counterparty provides an adequate level of protection.
For European customers, SharpSpring does transfer data outside of the EU. Data is mainly stored in U.S. data centers, and could be accessed by both U.S. and international resources working for SharpSpring during the course of the customer relationship. Each of these SharpSpring subsidiaries supporting our global customer base have entered into Standard Contractual Clause agreements with the EU subsidiary, which allows for the transfer of data to these counterparties under the Data Protection Directive.