The EU General Data Protection Regulation (GDPR) came into effect on May 25, 2018. Courier is compliant.
If you're based in the EU or do business in the EU, yeah! GDPR has a long reach. If you have any EU personal data in your Courier account, such as names, email addresses, ID numbers, or anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including Courier. These agreements are commonly called a Data Processing Addendum, or DPA.
Contracts required! Processing EU personal data must be governed by a GDPR-compliant contract. We provide a standard Data Processing Addendum (DPA) to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed – contact us for more information.
Courier participates in the EU-US and Swiss-US Privacy Shield Framework to safeguard the transfer of personal data to the US, meeting the GDPR requirement for adequate data protection laws.
Courier uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. List of Courier subprocessors.