Trust Center

GDPR Compliance

BranchUp and the General Data Protection Regulation (GDPR)

The European data protection law called the General Data Protection Regulation (GDPR) became effective on May 25, 2018 and affects all companies who process personal data of individuals in the EU.

BranchUp understands that data protection is important to its users. As a Canadian company, BranchUp is already subject to data protection laws that provide for similar standards as existing European laws. Although we have very few users in Europe, BranchUp is well aware of the need to provide its EU users with services and solutions that will help them meet the EU’s new data protection requirements.

BranchUp fully welcomes the GDPR and is here to help our users address the GDPR through our robust privacy and security protections. We appreciate that the GDPR requires our users, as data controllers, to engage data processors that deploy appropriate safeguards. BranchUp has been  heavily engaged in preparing for the GDPR. We fully appreciate and recognise the importance of GDPR to our users in the delivery of our services to them.

What is the GDPR?

The GDPR is a new European data protection law which sets out various requirements that became effective on May 25, 2018. It replaces the existing data protection regime for the EU under Directive 95/46/EC, and is intended to harmonise data protection laws throughout the EU by applying a single data protection law that is binding throughout all Member States. Countries outside of the EU, including countries in Asia, are also implementing laws that align with the GDPR.

Who does the GDPR apply to?

The GDPR applies to virtually all organisations that process the “personal data” of EU residents as a result of services offered to them or which monitor them, regardless of whether the organisation physically resides in the EU. Personal data is any information relating to an identified or identifiable natural person. 

How does the GDPR apply to BranchUp and its users?

BranchUp offers social media tools that enables its users to bring together their social networks and integrate with business applications that they already use, all in one place. Because the content on social media is user-generated, it may at any time contain personal data if users of social media decide to share such information. As a result, the GDPR will apply to both BranchUp and its users, but in different ways.

The GDPR distinguishes between organisations that are “data controllers” and those that are “data processors”. As explained in our Privacy Notice, BranchUp is a data processor of content generated, requested or published via its supported social networks. As such, BranchUp only processes content in accordance with the instructions our users give us through our services. Because our users control how their content is collected and used by them, our users are, in legal terms, the data controllers of the content that they process through our platform. BranchUp is its users’ data processor of that content. 

For more information on the types and categories of data we and our users collect and process, please see our Privacy Notice.

What has BranchUp done to prepare for the GDPR?

BranchUp welcomes the GDPR and is committed to strengthening the robust organisational and technical safeguards it already makes available to users. BranchUp appreciates that the GDPR requires a partnership between BranchUp and its users in their use of our services. We can confirm that BranchUp has been heavily engaged in preparing for the GDPR and recognises the importance of GDPR to our users in the delivery of our service to them. 

BranchUp has carried out an in-depth GDPR readiness project across our entire organisation. As part of this project, we analyzed each of our product offerings and our internal policies with a view to becoming GDPR ready. These steps included:

  • dedicating resources to privacy, data protection and the GDPR;
  • retaining external experts from established consulting firms to assist with BranchUp’s GDPR readiness efforts;
  • conducting an organisation-wide review of all personal data processing activities within BranchUp to ensure alignment with GDPR requirements; 

Is BranchUp GDPR Ready?

Yes, as of Jan 14, 2020 all BranchUp products and services are GDPR ready. In addition to our own compliance with GDPR principles, we are committed to helping our users in their own compliance with the GDPR in connection with their use of our services. As such, we are making a Data Processing Addendum (DPA) available for all users to sign. Please refer to the DPA section below on how to enter into a DPA with BranchUp. 

Can I enter into a Data Processing Addendum (DPA) with BranchUp? 

BranchUp makes available a Data Processing Addendum (DPA) for GDPR. The GDPR DPA and some FAQs are available to all of our users.  If you would like to incorporate the GDPR DPA into your existing agreement with BranchUp, please email us and we will promptly send you BranchUp’s Data Processing Addendum for you to complete, sign and return to us.

How is BranchUp different than other social media management services?

BranchUp is a Canadian company with its head-office located in Vancouver, British Columbia. For the purposes of EU data protection law, Canada is considered a country which provides adequate protections for personal data, as confirmed by the European Commission in Commission Decision 2002/2/EC. Accordingly, unlike some other companies operating in the social media space, BranchUp already resides in a country with strong data protection laws. In this way, the GDPR is more of an evolution than a revolution for BranchUp. 

What organisational and technical safeguards does BranchUp already provide to help its users comply with the GDPR?

BranchUp maintains a continuous high bar for security and compliance.  Information regarding BranchUp’s security practices is available here.