Safe Software and the GDPR

Safe Software takes its responsibilities under privacy laws very seriously. As a Canadian company that is governed by Canada’s Personal Information Protection & Electronic Documents Act (PIPEDA) and Canada’s Anti-Spam Legislation (CASL), we believe that there is already significant alignment between these laws and the EU’s privacy laws, including the GDPR. Where there are differences between these laws, Safe Software is taking active steps to ensure we meet the unique requirements of the GDPR for our EU customers. Our Privacy Policy contains more specific information.

The European Commission has found Canada to be among the countries providing adequate data protection for EU citizens. As a result of this decision, personal data can flow from the EU to Canada without any further safeguards, such as Privacy Shield certification, being necessary. In other words, data transfers to Canada can be treated as the same as intra-EU data transmissions.

Safe Software acts as both a data controller and a data processor. Safe Software is a data controller when we collect and process your information to set up your account, process your orders, or respond to your requests for technical support. Safe Software acts as a data processor when you use FME Cloud to process personal data. We expect that most customers are not using FME Cloud to process personal data, but if you are and you require a Data Processing Addendum (DPA) then you can download, sign and return our standard DPA.


Sub-Processors

For our FME Cloud platform, we use the following sub-processors:

Third Party Service Country Purpose Data Shared
Braintree USA Payment Service First and last name, billing address, credit card, transactions
Google USA Authentication Provider Email (for 2FA)
Postmark USA Email Service First and last name, email address, information related to account (account name, instance name, credits, members of account), billing address and account usage (because of invoices)
Librato USA Instance Monitoring Metrics from instance (network usage, disk space, CPU usage, response time), Alerts (account name, instance id, alert id, alert trigger conditions)
MaxMind USA GeoIP Lookup User IP address
AWS Amazon USA Hosting & Data Storage Everything, except Credit Card.
AWS Amazon USA, Ireland, Germany, Canada, Australia Customer Instances Customer instances and data stored on location of customer’s choosing.
Slack USA ChatOps First and last name, email address, account name and id
PagerDuty USA Ops Account name and id, instance name and id
Airbrake USA Error Tracking User id, account name and id, instance name and id
Datadog USA Centralized Logging User id, user ip, usage pattern

Notification Services (opt-in)

PagerDuty USA Alerting Account charges (billing alerts), account name, instance name, first name, last name (instances alerts).
Slack USA Alerting
Postmark USA Alerting