Рейтинг: 0  
Новая
Предложил Пользователь 1259305 24.06.2021 15:07:38

EU–US Privacy Shield в privacy Битрикса и GDRP

EU–US Privacy Shield на данный момент не играет никакой роли у битрикса же на всех европейских страницах в разделах privacy только он и упоминается.
У нас, особенно у тех кто хочет использовать энтерпрайз версию продукта, возникают большие сложности с имплементацией данного продукта, так как не один внутренний отдел отвечающий за GDPR или же, что еще хуже, внешние специалисты, не позволят его использовать на боевых серверах.
Особенно это касается чувствительных данных, таких как пациенты, больницы итд.
Всегда готов к обсуждению этого вопроса, очень важно что бы он был кратковременно решен.
 
Рейтинг: 0  
Ответил Ежков Антон 29.06.2021 15:22:20

Dear user Sergey Vlassov

Thanks for your suggestions. Please find the reply from our DPO:

First of all I suggest you to double check Bitrix24 GDPR section which includes the Data Processing Agreement available in English:

https://www.bitrix24.com/upload/DPA/BitrixDPA.pdf

and German:

https://www.bitrix24.de/upload/DPA/BitrixDPA_DE.pdf

that never states that personal data is being processed in third countries subject to EU-US Privacy Shield scheme. It states the following:

11.1 Data storage geography depending on Bitrix24 domain zone is described in the

Bitrix24 Infrastructure, Sub-processors and joint controllers section.

Personal Data obtained via Bitrix24.eu, Bitrix24.de, Bitrix.it, Bitrix24.pl and Bitrix24.fr

domain zones is processed by BITRIX24 LIMITED registered on Republic of Cyprus inside

the European Union Economic Area and stored inside the European Union in Frankfurt,

Germany by Amazon Web Services data centers, which are fully GDPR compliant .

11.2 For more information about data processing activities related to Users registered

through the domain names Bitrix24.com, Bitrix24.in, Bitrix24.tr, Bitrix24.cn, please contact

our helpdesk services for more information for data processing locations

https://helpdesk.bitrix24.com/ticket.php

11.3 International transfers. Bitrix24 may process User Personal Data in the United States

of America and in Russian Federation subject to appropriate safeguards under article 46

GDPR (see schedule 11.3.2).

11.3.2 The security of data and the data subject rights under GDPR for the data

processing activities in Russian Federation and United States are protected by appropriate

safeguards under article 46 GDPR, specifically by the standard data protection clauses

adopted by the European Commission in accordance with the examination procedure.

European Commission decided that standard contractual clauses offer sufficient

safeguards on data protection for the data to be transferred internationally.

Secondly, it states that

Secondly, I'd like to clarify the current EU-US Privacy Shield scheme status. It is not obsolete, more information here:

https://www.privacyshield.gov/welcome

The decision of the ECJ of 16 July 2020 (case C311/18) http://curia.europa.eu/juris/document/document.jsf?docid=228677
HYPERLINK
"http://curia.europa.eu/juris/document/document.jsf?docid=228677&doclang=en"&
HYPERLINK
"http://curia.europa.eu/juris/document/document.jsf?docid=228677&doclang=en"doclang=en

invalidated the EU-US Privacy Shield as the appropriate safeguard mechanism for personal data transfer to US under art 46 GDPR, but not invalidated the scheme itself and Bitrix24 has certain obligations meanwhile it continues participating in the scheme, one of them is not to withdraw the EU-US commitments from its privacy policy.

Information available at Bitrix24 external documents only mentions that Bitrix24 participates in the EU -US Privacy Shield but neverv mentions it as the Eappropriate third countries transfer mechanism.

In general, as mentioned earlier and explained in detail in Bitrix24 GDPR section avaliable here: https://www.bitrix24.eu/gdpr/

the data processing in the United States only applies for the following situations:

a) when you register your Bitrix24 account via the following domains: Bitrix24.com, Bitrix24.in, Bitrix24.tr, Bitrix24.cn

b) when you are using Voximplant telephony

In none of a or b applies to your client the data will not be processed in US.