Effective as of February 10, 2020
Nextup's commitment the protection of your data.
We’re committed to helping Nextup customers and users understand, and where applicable, comply with the General Data Protection Regulation (GDPR).
Besides strengthening and standardizing user data privacy across the EU nations, it introduces new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations are located. On this page, we explain how we help our customers comply with the GDPR.
GDPR Compliance
The GDPR’s updated requirements are significant and our team has adapted Nextup’s product offerings, operations and contractual commitments to help our customer comply with the regulation. Measures Nextup has implemented include:
- Investments in our security infrastructure and certifications
- Updates to relevant contractual terms
- Support for international data transfers by executing Standard Contractual Clauses through our updated Data Processing Addendum, which is available to all customers.
- Self Hosting. Complete control of your data with our self hosted enterprise offering with docker.
- Data Deletion Process. Customers can respond to user requests to delete personal information, such as names and email addresses, from a Nextup account by contacting us at privacy@nextup.ai
- Data Residency for Nextup. Data residency for Nextup allows global teams to choose the region where certain types of data at rest are stored (available to Enterprise customers).
We also monitor the guidance around GDPR compliance from privacy-related regulatory bodies, and update our product features and contractual commitments accordingly. We’ll provide you with regular updates so that you’re always current.
Our Security Infrastructure and Certifications
Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company we’ve set high standards for security. We’ve received security certifications from the American Institute of Certified Public Accountants such as SOC 2 and can be configured for HIPAA compliance.
Nextup has invested in building a robust security team, one that can handle a variety of issues — everything from threat detection to building new tools. In accordance with GDPR requirements around security incident notifications, Nextup will continue to meet its obligations and offer contractual assurances.
If you’d like to learn more about Nextup’s security policies and procedures, please see our security page. It provides detailed information on how we approach security, and includes information on how Nextup ensures user data security in particular, including our technical and organizational measures (TOMs) as well as our encryption standards.
If you would like a copy of our security reports or penetration tests we are happy to provide the details for your teams review.
International Data Transfers
To comply with European Union data protection laws around international data transfer mechanisms, we offer European Union Model Clauses, also known as Standard Contractual Clauses, to meet adequacy and security requirements for our customers who operate in the European Union and the United Kingdom. More information on our standard data processing addendum, incorporating Model Clauses, is available here.
While Nextup remains self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, we aren’t currently relying on these frameworks for the transfer of personal data.
Updates
At Nextup, we are committed to the security and privacy of your data. So we’re glad to comply and help you comply with the GDPR. If you have any questions about your rights under the GDPR as a user or how Slack can help you with compliance as a Customer, we hope you’ll reach out to us at privacy@nextup.ai.
Please also visit our Trust Center to learn more about our privacy, security and compliance programs.