At Turnkey Estate Planning, we see data protection and privacy as a fundamental part of who we are. To help our customers succeed, data protection is built into our software and our culture from the ground up.
Thousands of small businesses depend on us to keep their data secure and to enable their compliance with a variety of data protection laws around the world. Our comprehensive data protection program is designed to help you meet the challenges of a tough, complex regulatory environment.
Scroll down to read more about our comprehensive data protection program.
EU-U.S. AND SWISS-U.S. PRIVACY SHIELD FRAMEWORKS
Turnkey Estate Planning recognizes that our customers located in the European Economic Area and Switzerland operate under strict local privacy laws. These laws prevent EEA/Swiss businesses from making available any data that can be used to identify a specific, individual person (also known as “PII” or “personal data”) to companies that are not subject to such strict privacy laws. However, U.S. businesses such as Turnkey Estate Planning have the option to participate in a U.S. government-sponsored program that entitles us to an exception from this export ban, so that European customers can lawfully use Turnkey Estate Planning; but in exchange for this privilege, Turnkey Estate Planning must protect the PII to a similar standard as that required by European law.
This voluntary-to-join program was formerly known as the U.S.-EU Safe Harbor Program. In October 2015, a European court decided that the U.S.-EU Safe Harbor Program wasn’t robust enough to protect PII transferred to the United States.
In 2016 the European Commission approved a replacement transatlantic data protection framework. The new framework is known as the EU-U.S. Privacy Shield Framework. In 2017, Switzerland followed suit, and approved the new Swiss-U.S. Privacy Shield Framework. As of the date of this article, Infusionsoft is working diligently to verify our compliance with, and certify our adherence to the new frameworks. We recognize how important this initiative is to our customers in the EEA and Switzerland.
In the meantime, EEA and Swiss businesses can continue to lawfully use Infusionsoft by executing our Data Processing Addendum. The Addendum includes the EU Model Contract Clauses (for more details, refer to the section “European Privacy Laws” below).
U.S.-EU SAFE HARBOR FRAMEWORK AND U.S.-SWISS SAFE HARBOR FRAMEWORK
Turnkey Estate Planning remains committed to complying with the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks, although their legal recognition in various non-U.S. countries is in doubt.
Our EEA/CH Safe Harbor Notice describes our continued commitment to comply with the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks.
The Notice is available here: https://veps.online/safe-harbor
EUROPEAN PRIVACY LAWS
Turnkey Estate Planning complies with the European Union’s current comprehensive privacy law: the Directive on Data Protection (Directive 95/46/EC). Note that in 2018, the current Directive on Data Protection will be replaced by a new privacy law, known as the General Data Protection Regulation.
By way of demonstrating the maturity of our data protection program, and to help enable our European customers’ continued, lawful use of Turnkey Estate Planning , we pledge to comply with current and future comprehensive European privacy laws and agree to be regulated by the European data protection authorities.
To that end, Turnkey Estate Planning offers our European customers a Data Processing Addendum, which is a specialized legal instrument designed to enable their lawful use of Turnkey Estate Planning across European borders. The Addendum incorporates the European Union’s “Model Contract Clauses” (also known as “Standard Contractual Clauses”) and enables the lawful exportation of PII by European entities to service providers outside of the EEA (e.g., Turnkey Estate Planning ), on the basis of European Commission Decision 2010/87/EU. Every customer wishing to take advantage of the Addendum’s benefits must sign it in accordance with the instructions here: https://veps.online/dpa
DATA SECURITY STATEMENT
The Turnkey Estate Planning Data Security Statement goes well beyond the customary confidentiality clauses found in the business terms of many SaaS providers. The Statement describes some of the specific data security controls that Turnkey Estate Planning has implemented and, by publishing the information, legally obligates us to maintain the high standard of data security that’s described in the Statement.
The Data Security Statement can be found here: https://veps.online/data-security
PCI DSS (THE PAYMENT CARD INDUSTRY DATA SECURITY STANDARD)
Turnkey Estate Planning adheres to, and is audited annually for compliance with, the Payment Card Industry Data Security Standard, which is a rigorous data protection framework oriented towards the protection of payment card data.
Our most recent PCI DSS audit documentation is available upon request.
Data Protection Officer: Turnkey Estate Planning has appointed an independent Data Protection Officer to provide oversight for our data protection program. You may contact our DPO with any data protection questions or concerns.
Contact the DPO: firstname.lastname@example.org