Privacy FAQ

Frontify AG, Version: January 2025

1. Introduction

Frontify is on a mission to empower brand builders with a dynamic workspace where they can collaborate to create, organize, and deploy magnetic brands. In doing that, we are committed to safeguarding users’ privacy and ensuring transparency of information at all times.

These Privacy FAQ are intended to provide our customers and platform users with relevant information about how Frontify handles their personal data and which steps we take to ensure ongoing compliance with data privacy laws and regulations.

For further details, we recommend checking the following sections: Legal and Privacy, and Security.

2. Data Processing

2.1 Does Frontify process any personal data?
2.2 Which categories of platform users' personal data does Frontify process as a data processor?
2.3 Does Frontify process any sensitive personal data of platform users?
2.4 For which purposes does Frontify process platform users’ personal data?
2.5 Where does Frontify store customers’ data?
2.6 From which countries does Frontify provide support services?
2.7 Does Frontify carry out any automated processing, including profiling, that affects the rights of data subjects?
2.8 Does Frontify consider itself a data controller in relation to any processing activity involving platform users’ personal data?
2.9 Does Frontify sell customers' personal data to third parties?
2.10 Does Frontify use any sub-processor?
2.11 Which are Frontify’s current sub-processors?
2.12 Are there any optional services among those provided by sub-processors?
2.13 How does Frontify assess sub-processors' security and privacy compliance?
2.14 How does Frontify ensure that the data protection obligations imposed on sub-processors are equivalent to those that bind Frontify to its customers?
2.15 How does Frontify ensure that sub-processors comply with the terms of the applicable DPA at any time?
2.16 How does Frontify notify its customers of any change to the sub-processors list?
2.17 Can customers object to the use of a new sub-processor?
2.18 Does Frontify carry out any cross-border transfer of customers’personal data?
2.19 How long does Frontify retain customers’ personal data?
2.20 Can customers delete their data using the functionalities of the service?
2.21 Can platform users adjust and delete their data using the functionalities of the service?

3. Compliance

3.1 How does Frontify ensure ongoing compliance with privacy laws and regulations?
3.2 How does Frontify ensure compliance with the EU GDPR for transfers of data outside of the EEA?
3.3 How does Frontify ensure compliance with the Swiss data protection laws for transfers outside of Switzerland?
3.4 How does Frontify ensure compliance with the UK data protection laws for transfers outside of UK?
3.5 Has Frontify conducted a Transfer Impact Assessment (TIA) for transfers of data to third countries?
3.6 How does Frontify ensure compliance with the California Consumer Privacy Act (CCPA)?
3.7 Does Frontify comply with other state privacy laws?
3.8 How does Frontify assist customers in handling requests from data subjects?
3.9 Is Frontify or any of its sub-processors subject to Section 702 of the Foreign Intelligence Surveillance Act ("FISA 702") and/or Executive Order 12333 ("EO 12333")?
3.10 Does Frontify provide customers with the Frontify Data Processing Agreement?
3.11 Does the Frontify DPA include the Standard Contractual Clauses?
3.12 How does Frontify manage customers’ requests for an audit?
3.13 Does Frontify use cookies on its platform?
3.14 Does Frontify offer the possibility to enable cookie consent on the platform?
3.15 Does Frontify offer solutions to link the customer’s privacy policy?

4. Data security

4.1 How does Frontify implement “data protection by design and by default” in the development and maintenance of its services?
4.2 Have roles and responsibilities relating to privacy management and IT security been assigned?
4.3 How does Frontify monitor personal data flows across tools and geographical locations?
4.4 Does Frontify hold any security certifications?
4.5 Which Technical and Organizational Measures (TOMs) has Frontify implemented?
4.6 Does Frontify encrypt customer data?
4.7 Does Frontify pseudonymize or anonymize customer data?
4.8 Does Frontify create backups of the customer data?
4.9 How does Frontify manage security incidents?
4.10 Who accesses customers’ personal data during the term of the contract?
4.11 How does Frontify ensure that its employees know the legal and contractual obligations regarding data protection?
4.12 Does Frontify have a dedicated email contact for all questions regarding privacy?

Privacy FAQ

1. Introduction

2. Data Processing

2.1 Does Frontify process any personal data?

2.2 Which categories of platform users' personal data does Frontify process as a data processor?

2.3 Does Frontify process any sensitive personal data of platform users?

2.4 For which purposes does Frontify process platform users’ personal data?

2.5 Where does Frontify store customers’ data?

2.6 From which countries does Frontify provide support services?

2.7 Does Frontify carry out any automated processing, including profiling, that affects the rights of data subjects?

2.8 Does Frontify consider itself a data controller in relation to any processing activity involving platform users’ personal data?

2.9 Does Frontify sell customers' personal data to third parties?

2.10 Does Frontify use any sub-processor?

2.11 Which are Frontify’s current sub-processors?

2.12 Are there any optional services among those provided by sub-processors?

2.13 How does Frontify assess sub-processors' security and privacy compliance?

2.14 How does Frontify ensure that the data protection obligations imposed on sub-processors are equivalent to those that bind Frontify to its customers?

2.15 How does Frontify ensure that sub-processors comply with the terms of the applicable DPA at any time?

2.16 How does Frontify notify its customers of any change to the sub-processors list?

2.17 Can customers object to the use of a new sub-processor?

2.18 Does Frontify carry out any cross-border transfer of customers’personal data?

2.19 How long does Frontify retain customers’ personal data?

2.20 Can customers delete their data using the functionalities of the service?

2.21 Can platform users adjust and delete their data using the functionalities of the service?

3. Compliance

3.1 How does Frontify ensure ongoing compliance with privacy laws and regulations?

3.2 How does Frontify ensure compliance with the EU GDPR for transfers of data outside of the EEA?

3.3 How does Frontify ensure compliance with the Swiss data protection laws for transfers outside of Switzerland?

3.4 How does Frontify ensure compliance with the UK data protection laws for transfers outside of UK?

3.5 Has Frontify conducted a Transfer Impact Assessment (TIA) for transfers of data to third countries?

3.6 How does Frontify ensure compliance with the California Consumer Privacy Act (CCPA)?

3.7 Does Frontify comply with other state privacy laws?

3.8 How does Frontify assist customers in handling requests from data subjects?

3.9 Is Frontify or any of its sub-processors subject to Section 702 of the Foreign Intelligence Surveillance Act ("FISA 702") and/or Executive Order 12333 ("EO 12333")?

3.10 Does Frontify provide customers with the Frontify Data Processing Agreement?

3.11 Does the Frontify DPA include the Standard Contractual Clauses?

3.12 How does Frontify manage customers’ requests for an audit?

3.13 Does Frontify use cookies on its platform?

3.14 Does Frontify offer the possibility to enable cookie consent on the platform?

3.15 Does Frontify offer solutions to link the customer’s privacy policy?

4. Data security

4.1 How does Frontify implement “data protection by design and by default” in the development and maintenance of its services?

4.2 Have roles and responsibilities relating to privacy management and IT security been assigned?

4.3 How does Frontify monitor personal data flows across tools and geographical locations?

4.4 Does Frontify hold any security certifications?

4.5 Which Technical and Organizational Measures (TOMs) has Frontify implemented?

4.6 Does Frontify encrypt customer data?

4.7 Does Frontify pseudonymize or anonymize customer data?

4.8 Does Frontify create backups of the customer data?

4.9 How does Frontify manage security incidents?

4.10 Who accesses customers’ personal data during the term of the contract?

4.11 How does Frontify ensure that its employees know the legal and contractual obligations regarding data protection?

4.12 Does Frontify have a dedicated email contact for all questions regarding privacy?