We're committed to protecting all our customers’ data, including those in the European Union.
When you use our services you entrust us with your valuable information. We have made it a priority to protect your data and to provide you with choices about controlling it. We understand that there are particular concerns from companies in the EU about how we use and protect your data, so we put this page together as a guide to answer some of the most common questions you may have.
PagerTree’s primary data and servers are hosted at Amazon Web Services (AWS) (us-west-2 & us-east-1 regions). We currently don’t have plans to add servers in the EU (GDPR does not require physical servers in the EU).
The Amazon Web Services infrastructure puts strong safeguards in place to help protect customer privacy. All data is stored in highly secure AWS data centers. For a detailed overview of all security and privacy measures, see the AWS Cloud Security page. For a list of all current security accreditations, see the AWS Compliance Programs page.
As described on our pricing page, PagerTree collects and retains content and metadata for up to 1 year to give customers the ability to access their full alert and notification history during that time. After 1 year, alert and notification data is removed from our system.
EU General Data Protection Regulation (GDPR)
In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and replaces the existing legal framework (the Data Protection Directive and the various member state laws). It came into effect on May 25, 2018.
GDPR adds some new requirements regarding how companies should protect individuals’ data that they process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breaches.
We have implemented changes and our commitment to your privacy continues Our compliance, data protection, and information security teams work hard to align our services with GDPR. In our role as the Data Processor of your customer and end user information, we have provided a Data Processing Agreement, meeting with the requirements of GDPR. You can find it here.
We have worked hard to meet our obligations as a processor under Article 28 of GDPR. To this end:
As guidance about specific aspects of GDPR continues to be published, we will also continue our efforts to fine-tune and improve our compliance.
Like the Data Protection Directive that preceded it, GDPR includes provisions on international data transfer mechanisms. In order to comply with these provisions, we have worked with legal counsel to create a standard Data Processing Addendum (DPA), which meets with GDPR requirements for agreements between Data Controllers (you) and Data Processors (us).
Our DPA includes the Standard Contractual Clauses (SCC) for cross border transfers. It also outlines in detail our current security practices. To receive and sign a copy of our DPA, please visit the Data Processing Addendum section on this page.
No. Under GDPR a company is allowed to transfer personal data outside of the EU provided that it puts in place a mechanism, approved under GDPR, to make sure that personal data is adequately protected even when it is transferred outside of the EU. We offer a Data Processing Addendum (DPA) with Standard Contractual Clauses (SCC) to all customers.
As of now, our intention is to service DSR requests (such as delete and export) manually. If you have an account with us, you may access, correct, or request that we delete your personal data by contacting us at firstname.lastname@example.org.
This request can include personal data of other individuals, like your employees or customers that you have provided to us and who have requested this of you. We will respond to these requests within 14 days or less, which is well within the GDPR requirement of 30 days.
We are happy to answer any questions and address any concerns regarding how we protect your personal data in general, as well as specifically under GDPR. If you have any questions, please don’t hesitate to contact us at email@example.com.
We offer data processing addendums (DPAs) for our customers that operate in the EU. Our DPA offers contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our clients.
To ensure no inconsistent or additional terms are imposed on us beyond that reflected in our standard DPA and model clauses, we cannot agree to sign customers’ DPAs. As a small team we also can’t make individual changes to our DPA since we don’t have a legal team on staff. Any changes to the standard DPA would require legal counsel and a lot of back and forth discussion that would be cost prohibitive for our team.
To request a DPA, please send an email to firstname.lastname@example.org with the following information:
Once completed, the addendum will be signed electronically by both parties, and become legally binding. A copy of the signed addendum will be emailed to you.
We share certain information with companies that may be considered our “sub-processors” under GDPR. This information is limited to the following:
We use the following sub-processors to provide our services. These companies host the data on physical and cloud servers that we pay for. For more information about our security practices as it relates to our data centers. Below is a full list of our sub-processors.
|Amazon Web Services||Cloud infrastructure hosting|
|Digital Ocean||Cloud infrastructure hosting|
|Twilio||SMS and Voice Notifications|
|Plivo||SMS and Voice Notifications|
|Nexmo||SMS and Voice Notifications|
|MongoDB Atlas||Database Hosting|
|Pusher||Web Realtime Websockets|
Updated: March 11th, 2021