Until July 16, 2020 when the Court of Justice of the European Union issued the Schrems II decision invalidating the Privacy Shield as a mechanism for transfer of data from the EU to the U.S., NationBuilder relied on the EU-US Privacy Shield Framework. As described in our Privacy Shield certificate, NationBuilder collected, used, and retained, personal information from data subjects residing in European Union member countries, based on the Privacy Shield Principles.
In its Schrems II ruling, CJEU upheld the Standard Contractual Clauses as a valid mechanism for transfer along with supplemental measures. On November 13, 2020, the European Data Privacy Board issued recommendations on measures that businesses can adopt to supplement transfer tools. These measures were subject to a comment period ending on November 30, 2020, and final recommendations will be issued thereafter. Since the GDPR went into effect, NationBuilder has included the SCCs as part of its Data Processing Addendum, which in turn forms part of the Master Terms of Service, and does not require a separate signature or click to accept. We recognize that customers may need to implement supplementary measures to ensure compliance with the level of data protection required under the GDPR, and NationBuilder stands ready to work with our customers on such measures.
NationBuilder will continue to comply with its Privacy Shield certification as an added measure of data protection.