Is Reclaim certified in under the Data Privacy Framework (DPF)?
Reclaim complies with the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework and the UK extension to the EU-US Data Privacy Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal data transferred from European Economic Area (“EEA”) member countries, the United Kingdom (“UK”)and Switzerland. Eventbrite has certified that it adheres to and will abide by the Data Privacy Framework Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
For purposes of enforcing compliance with the Data Privacy Framework, Reclaim is subject to the investigatory and enforcement authority of the US Federal Trade Commission.
For more information about the Data Privacy Framework, see the US Department of Commerce’s Data Privacy Framework website located at: https://www.dataprivacyframework.gov.
To review our certification on the Data Privacy Framework list, see the US Department of Commerce’s Data Privacy Framework’s self-certification list located at: https://www.dataprivacyframework.gov/s/participant-search.
How does Reclaim handle the invalidation of the Privacy Shield under Schrems II?
In regards to EU-US and Swiss-US international data transfers, following i) invalidation of the EU-US Privacy Shield Framework in case C-311/18 by the Court of Justice of the European Union and ii) the opinion of the Swiss Federal Data Protection and Information Commissioner (FDPIC) of 8 September, 2020, Reclaim no longer relies on i) the EU-US Privacy Shield and ii) the Swiss-US Privacy Shield Frameworks as mechanisms for international data transfer, until further notice.
However, Reclaim remains committed to maintaining certifications under the EU-US Privacy Shield and the Swiss-US Privacy Shield Frameworks and complying with Privacy Shield Principles as an additional way of protecting our users’ privacy.
Will you offer Standard Contractual Clauses (SCCs)?
Yes, Reclaim uses Standard Contractual Clauses (Controller-to-Processor) as set forth in the Annex to European Commission Implementing Decision (EU) 2021/914 of June 4, 2021, as the legal mechanism for data transfers from the EU and EEA to the United States.
The SCCs are contractual terms that allow companies to transfer and process data outside the EU and UK in compliance with the GDPR. They were approved by the European Commission and are the primary mechanism for data transfers. You will find the SCCs in our Data Processing Agreement found here: https://reclaim.ai/dpa.