1. Support Center
  2. Data Protection and Security

Schrems II ruling

All you need to know about SwipedOn and the Schrems II ruling

In July 2020, The Court of Justice of the European Union (ECJ) published the Schrems II ruling, declaring the EU-US Privacy Shield decision invalid because US law doesn't provide adequate protection, and the only way to continue to export data to the US is to rely on supplementary measures.

In June 2021, the ECJ released it's final recommendations for the supplementary measures that data controllers or processors relying on SCCs are obligated to adopt in order to assist in the assessment of third countries and the measures that can be taken to safeguard the transfer of personal data. 

Based on this updated guidance, SwipedOn revised the SCCs we offer to companies located within the EU to ensure we're still providing, where necessary, the additional safeguards. 

All our sub-processor agreements include standard contractual clauses, so we are confident that SwipedOn still has adequate GDPR controls and processes in place. All SwipedOn data is currently hosted by AWS in the region selected by a customer at the time their account was created. These regions can be one of the following: United States of America (Ohio); Great Britain (London); Singapore; Australia (Sydney); Canada; or the EU (Frankfurt).

We have a Data Processing Addendum especially for companies within the EU to opt into. This is pre-signed and can be downloaded and returned to privacy@swipedon.com.

If you should have any further questions around the Schrems II ruling and data security please contact us at privacy@swipedon.com.