1. the nature and purpose of the treatment. Twilio processes personal data to the extent necessary to provide services under the agreement. Twilio does not sell the customer`s personal data or personal data and does not transmit the information of these end-users to third parties for compensation or for their own business interests. Basic subprocessors integrated with Dixa`s services that must process customer data to enable the customer to use and use Dixa services. For SendGrid services, the provision of products and services to send and transmit electronic communications on behalf of the data exporter to its recipients. Twilio will also provide the data exporter with analytical reports on electronic communications that it sends on behalf of the data exporter. 17. Sensitive data. The customer is required to ensure that appropriate security measures are in place before sensitive service data is transferred or processed or before end-users are allowed to transmit or process sensitive data through the services.
In addition, the RGPD also requires companies to document their processing activities and demonstrate compliance with the above principles. In addition, the requirement that companies apply data protection by design and default to the design and design of processes, products and systems is codified. UPDATE: Please note that, on 16 July 2020, the European Court of Justice ruled that the US-EU data protection shield is no longer a mechanism for cross-border data transmission. However, the same judgment confirmed the standard contractual clauses as a mechanism for cross-border data transfer in force. Customers are not required to do anything to be covered by standard contractual clauses, as they are already part of the data protection addendum, which covers all SendGrid and Twilio services by default. Please check out our blog if you would like to know more. Twilio manages an updated list of the names and locations of all subprocessors. This list is below, or you can get a copy in email@example.com. The definition of personal data, as set out in the RGPD, includes what we generally consider to be personally identifiable information (name, passport number, date of birth, etc.) but also data that we might consider non-PII, such as addresses or device IDs. Depending on the nature of your business and your handling of personal data, there are various other RGPD obligations that may apply. You should contact a qualified data protection expert to understand how the RGPD applies to your business. 9.
Impact analysis and consultation. Twilio will provide the client with appropriate cooperation in a data protection impact analysis (twilio, only at the customer`s expense, if such appropriate cooperation is necessary, for significant resources to be allocated to this burden) or consultations with regulatory authorities that may be required in accordance with applicable data protection law.