Global Data Privacy
GDPR & CCPA
As your trusted partner, Airship is committed to meeting the standards that our customers have come to expect from us. That means not just providing amazing products that scale to sending billions of messages each day, but also ensuring that the Airship platform and the Apptimize platform support your compliance needs, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Airship welcomes the GDPR and the CCPA as opportunities to demonstrate our commitment to data protection and privacy rights.
What is the General Data Protection Regulation (GDPR)?
The GDPR is a comprehensive data protection law that regulates the processing of personal data of individuals in the European Union (EU). This new law takes effect on May 25, 2018. GDPR aims to protect the privacy of EU individuals through tighter limits on personal data processing, increased transparency into the nature, purpose and use of personal data, and expansion of each individual’s rights over their data. The GDPR presents an opportunity for your business to strengthen its brand loyalty by building trust through responsible use of personal data.
What is the California Consumer Privacy Act (CCPA)?
The CCPA is a new California privacy regulation that goes into effect on January 1, 2020 that creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. Similar to the GDPR, the CCPA will require businesses to provide increased transparency and intention regarding its collection and processing of personal information of California consumers and households. For businesses that underwent GDPR compliance work, many of those processes, policies and features will help guide their CCPA compliance work. For all businesses, whether also covered under the GDPR, the CCPA presents an opportunity to strengthen its brand loyalty with not only California consumers but all of its customers by building trust through responsible and transparent use of personal information.
How We Address Global Data Privacy Expectations
Privacy by Design
We have a core team comprised of senior members of the Engineering, Operations, Security, Product Development and Legal teams that meet regularly to proactively apply the Privacy by Design and Data Protection by Default principles to our product enhancement, development and operations. These data privacy standards, controls and features are available to all Airship customers. This means that as other countries implement GDPR-inspired privacy regulations and other states in the United States implement CCPA-like privacy regulations, you will be well positioned for future privacy compliance efforts in other parts of the U.S. and the world.
Product Level Enhancements
To help our customers comply with applicable data privacy laws, including the GDPR and the CCPA, we’ve made and continue to make enhancements to the Airship platform and the Apptimize platform to provide controls and features. These product level controls and features include APIs for the Airship platform to support our customers responding to data subject requests as described in Airship’s documentation. Additionally, we have implemented a data retention schedule for the Airship platform and the Apptimize platform so that personal data isn’t retained any longer than necessary. We continue to listen to our customers and explore ways to simplify and further automate our product and service offerings to better support you in your compliance with applicable data privacy laws.
We’ve implemented a set of security processes and controls to help protect your data entrusted to us through your use of the Airship platform and the Apptimize platform. We provide you with information about these security processes and controls in our Security Measures document. The Airship platform security measures are audited annually, and the Apptimize platform security measures will be audited annually starting early 2020, by an independent third party against the SSAE 18 SOC2 standards.
Privacy Shield & DPA
Airship and Apptimize are certified compliance with the EU-US Privacy Shield Framework and the EU-Swiss Privacy Shield Framework. Our updated Privacy Statement and updated Data Processing Addendum incorporates the Privacy Shield certification information to assist you with your GDPR compliance.
Third Party Vendor Review
To ensure that your data is protected to the subprocessor level, we have included relevant data privacy and protection terms in place with subprocessors for the Airship platform and the Apptimize platform.
FAQ About GDPR & Airship
We also understand that data privacy and compliance with the GDPR is a shared responsibility between Airship and you, as our customer. To support your GDPR compliance, we have outlined the most common questions asked about the GDPR and your use of the Airship platform in the Airship GDPR FAQ as an additional resource.