Our GDPR Commitment
Remember The Milk is committed to compliance with the General Data Protection Regulation (GDPR), a new EU data privacy regulation that will go into effect on May 25, 2018. The regulation is designed to give EU citizens more control over their data, and to unify a number of existing privacy and security laws under one comprehensive law.
As part of our commitment to GDPR compliance, we’ve updated our Privacy Policy and Terms of Use. We’ve made our Privacy Policy easier to understand: we describe what personal data we collect about you, why we collect it, how we use and share it, how we store it, and how we protect it. We’ve also included information about your privacy rights and how to exercise them. Nothing about the way we collect and handle your data has changed, we’ve just added even more clarity about our processes.
Remember The Milk is also Privacy Shield certified, which means that we’re committed to having the appropriate data transfer mechanisms in place when transferring data outside of the EU.
FAQ
Does Remember The Milk process personal data?
Yes. We process personal data to provide our products and services and for other purposes as outlined in our Privacy Policy.
Where does Remember The Milk store and process my data?
Today, we store data in data centers located in the U.S. In the future, we may store data in additional countries to achieve optimal performance based on where users are located. In this case, we will only store data in countries that the European Commission has determined offer an adequate level of data protection.
As a provider of a global service, we may allow employees and contractors located outside the U.S. (e.g., in the EU and Australia) to access certain data for product development, customer, and technical support purposes.
Can you guarantee that my data will stay in a certain location (e.g., Europe)?
Our service requires that data be transferred to the U.S. Data storage restricted to a particular location (e.g., Europe) isn’t required under the GDPR. In all cases where data is transferred outside of the EU, Remember The Milk commits to ensuring such transfers are compliant with applicable data transfer laws, including the GDPR.
How does Remember The Milk handle onward transfers of data outside of the EU?
Remember The Milk is responsible for your personal data when you use our services. When you use our services from Europe, your data is stored in data centers located in the U.S. To safeguard your data when it leaves the European Economic Area, we and our affiliates commit to uphold, and are certified under, the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. This means that when we access or store your data in the U.S., we only access, use, store or share your personal data in accordance with the Privacy Shield Principles.
We use third party service providers to help us operate Remember The Milk. The third party service providers that we use help run the business, so your data will pass through them, but we don’t provide your data for intentional access (like for marketing list purposes, for example) to anyone. The third party service providers we currently use help us with data services, payment processing, disaster recovery, information technology, content delivery, email services, customer support and communication, and DNS services. For the third parties that we utilize who also process your personal data, we have appropriate security and contractual measures (like encryption and data processing agreements) to ensure that your personal data always gets treated in compliance with the Privacy Shield Principles and the information we provide to you in our Privacy Policy.
For more information on how we transfer and process personal data, please see our Privacy Policy.
What is Privacy Shield and is Remember The Milk certified?
In order to legally transfer data outside of the EU, the GDPR requires such data be transferred in accordance with an "adequate transfer mechanism". The Privacy Shield Program is a framework agreed to by the U.S. Department of Commerce and the European Commission that provides an "adequate transfer mechanism" for participating companies. Companies certifying to the Privacy Shield framework agree to apply specific privacy and security protections to personal data when it is transferred from the EU to the U.S. We know that the protection of personal data is important to our customers, which is why we decided to participate in Privacy Shield as a way for us to demonstrate our commitment to global privacy standards and requirements.
Remember The Milk is Privacy Shield certified (under both the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield), meaning we have promised to follow transfer rules and practices as further described in the Privacy Shield framework.
How does Remember The Milk secure my data?
We employ organizational and technical security measures to protect your personal data, such as limiting access to your personal data, secured networks, and encryption. We also use secure physical and digital systems to store your personal data. We utilize practices that are consistent with standards in the industry to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal data on the Internet. For more information, please see our Privacy Policy and our Security Practices page.
Can I download a copy of my personal data?
Yes. You can export your data via the export function of Remember The Milk.
Are third-party apps using the Remember The Milk API covered by Remember The Milk’s Privacy Policy?
Third-party app policies and procedures aren’t controlled by Remember The Milk, and our Privacy Policy doesn’t cover how third-party apps use your information. We encourage you to review the privacy policies of third parties before connecting to or using their applications or services.
Who can I contact with questions regarding GDPR?
We’ve included GDPR compliance information in our updated Privacy Policy, and have included answers to frequently asked questions on this page. Please review these first, and if you still have questions, feel free to email us at [email protected]