Branch's GDPR Commitment

Last updated October 20, 2017

Branch is deeply committed to helping our Customers and Customers' end-users prepare for the onset of the 2018 General Data Protection Regulation (GDPR). Beyond strengthening and standardizing user data privacy across the EU nations, GDPR imposes new obligations on all organizations that handle EU citizens’ personal data—regardless of company headquarters.

Please use this page and associated links to understand Branch’s plans to achieve GDPR-compliance.

Preparing for the GDPR

The GDPR’s requirements are non-trivial and our team is working diligently to update Branch’s services and disclosures so Customers can prepare themselves before May 25, 2018. Towards this end, Branch is:

  • Continuing to invest in security infrastructure
  • Confirming the use of appropriate contractual terms
  • Supporting international data transfers by maintaining Privacy Shield self-certifications, and by executing Model Clauses through our updated Data Processing Addendum
  • Revising our policies and offerings to provide new tools for data portability and management

Branch will also continue to monitor and adhere to ongoing guidance regarding GDPR compliance from privacy-related regulatory bodies.

Branch Security Infrastructure

Protecting our Customer’s information and their end-users’ privacy remains paramount. Branch has invested and continues to invest in building a robust security system, one that can handle a variety of issues. Per GDPR requirements regarding security incident notifications, Branch will continue to meet its obligations and offer contractual assurances.

If you’d like to learn more about Branch’s security policies and procedures, please see our security page.

International Data Transfers: Privacy Shield and Contractual Terms

To comply with E.U. data protection laws covering international data transfer mechanisms, Branch has self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.

Branch further offers European Union Model Clauses, also known as Standard Contractual Clauses, to achieve security requirements for our Customers operating in the E.U.

Data Portability Solutions and Data Management Tools

Branch is building tools to Customers comply with the GDPR. Information about these features will be shared as it becomes available. Compliance controls will include the following:

  • Customer Data portability: Branch will expand customers’ ability to export their Customer Data
  • Standardized Processes: Branch will share policies around who can request what data and how Branch will handle inbound data export requests

Additionally, we do have existing tools for data exports. Read more about them in our Data Export Guide.

Stay Updated

Branch is happy to help Customers prepare for GDPR. This page will be updated to reflect GDPR progress. If you have any questions about how Branch can help you with compliance, we encourage you to reach out to us directly at privacy@branch.io.