Privacy FAQ
Preamble
If you’re a customer and you would like to learn more about privacy at Frontify, this section is for you!
Here you’ll find the most common questions regarding privacy, security, and compliance at Frontify. Just read through to get a better understanding about how we handle privacy and ensure compliance with the law any time we process personal data.
In case you need more details, don’t forget to check our DPA, Privacy Policy, Cookie Policy, and the Security Controls.
1. Privacy
1.1 Does Frontify process personal data of its customers?
Yes, Frontify processes personal data of its customers in the course of providing its services under the main agreement. Any processing activity of personal data is performed in accordance with the terms of the Frontify DPA.
If you need further information about the processing activities, you can find it in Exhibit A of our DPA.
1.2 Which categories of personal data does Frontify process?
1.3 Does Frontify process any sensitive data?
1.4 For which purposes does Frontify process personal data?
1.5 Where does Frontify store personal data?
1.6 What is the nature of the processing activities performed by Frontify?
1.7 Does Frontify sell personal data to third parties?
1.8 Does Frontify perform international transfers of data?
1.9 How does Frontify manage data subjects' access requests?
1.10 Does Frontify engage sub-processors?
1.11 What happens to the personal data after the termination of the main agreement?
2. Compliance
2.1 How does Frontify ensure compliance with the EU GDPR and the requirements of the Schrems II decision?
Frontify cooperates with trusted sub-processors that guarantee full compliance with the EU-GDPR. We have signed DPAs with all our sub-processors to ensure that personal data is treated with the greatest care. For sub-processors located in a country for which the European Commission has not issued an adequacy decision within the meaning of Art. 45(1) of the EU-GDPR, we additionally executed the Standard Contractual Clauses of 2021 (Processor to Processor).
Furthermore, all our sub-processors located in a third country have recently undergone our Transfer Impact Assessment (TIA) with a positive outcome.
For more information, please refer to clauses 6 and 10 of our DPA.
2.2 How does Frontify ensure compliance with the UK Data Protection Act and the UK-GDPR in relation to data transfers to third countries?
2.3 How does Frontify ensure compliance with the Swiss FADP in relation to data transfer to sub-processors located in third countries?
2.4 Is Frontify or any of its sub-processors subject to Section 702 of the Foreign Intelligence Surveillance Act ("FISA 702") and/or Executive Order 12333 ("EO 12333")?
2.5 Can customers download and sign the Frontify Data Processing Agreement? And are the Standard Contractual Clauses part of Frontify’s DPA?
3. Security
3.1 Does Frontify hold any security certifications?
Frontify’s information security program is designed in accordance with best practice industry standards such as ISO 27001. Frontify has been officially ISO 27001 certified since 2021. In line with the ISO 27001 certification, we perform annual internal and external audits.
For more information regarding the Frontify security standards, we refer to Frontify’s Security Controls.
3.2 Which Technical and Organizational Measures (TOMs) has Frontify implemented?
3.3 Does Frontify encrypt customer data?
3.4 Does Frontify pseudonymize or anonymize customer data?
3.5 Does Frontify create a backup of the customer data?
3.6 How does Frontify handle security incidents?
3.7 Who will get access to personal data during the term of the contract?
3.8 How does Frontify ensure that its employees know the legal and contractual obligations regarding data protection?
3.9 Does Frontify have a dedicated email contact for all questions regarding privacy?