Privacy at Bambuser
General Data Protection Regulation
Privacy concerns has been justified with the processing and collection of Personal Identifiable Information (PII) being done in compliance to General Data Protection Regulation (GDPR). Bambuser is deeply committed to upholding the principles of the GDPR in all our endeavors. We prioritize the privacy and rights of our users, ensuring transparency, accountability, and security in every aspect of our operations.
Data subject requests
Bambuser fulfills data subject requests for access, correction, deletion, and portability in accordance with applicable laws where our users are based. Data subject requests may be submitted by contacting firstname.lastname@example.org.
Record of Processing Activities (ROPA)
Bambuser has carried out data mapping assessments and keeps a log of processing activities, enabling us to gain a deeper understanding of and effectively manage the personal data under our control or processing. However, as a data processor, we do not maintain records of the specific personal data that our customers may store on the Bambuser platform. We advise our customers to maintain their own records of processing activities related to their utilization of our products and services.
Data Processing Addendum (DPA)
Bambuser assists our customers in meeting their privacy obligations by providing a Data Processing Agreement (DPA). This agreement outlines the terms governing the processing of customer personal data by Bambuser, including the security measures in place to safeguard such data. Our DPA helps customers ensure that Bambuser’s handling of their personal data complies with relevant privacy laws and respects individuals' privacy rights. For our enterprise customers, we also offer the possibility of adding individual privacy demands.
Cross-Border Data Transfers
Bambuser places utmost importance on cross-border data transfers. Furthermore, we prioritize our customers' choices and always provide options to utilize our products without necessitating any cross-border transfers of Personal Identifiable Information (PII). We diligently ensure that any companies involved in any transfers of PII are certified under the EU-U.S Data Privacy Framework, Swiss-U.S. Data Privacy Framework and UK Extension to the EU-U.S Data Privacy Framework. This commitment guarantees that all data transfers are conducted with the highest level of security and in compliance with international standards.
Bambuser employs sub-processors to deliver essential infrastructure and additional services. Before enlisting any sub-processors, Bambuser performs a risk assessment based on privacy, security, and confidentiality practices. We also establish an agreement that enforces relevant privacy and security obligations, including the use of suitable data transfer mechanisms when necessary. We will not introduce any new sub-processors without prior notification to our customers. For further details and a list of our sub-processors, please see Bambuser sub-processors.
Bambuser employs industry-leading practices in both technical and organizational measures to ensure the security and protection of customer personal data. Our commitment to data privacy and security is paramount, and we have implemented robust safeguards to maintain the confidentiality, integrity, and availability of the data entrusted to us by our customers. For more information about our security measures, please see Security at Bambuser.