As a user of the Salesforce platform we would like to inform you about the decision of the European Court of Justice on the 6th of October concerning the privacy of EU data. The court ruled that US companies can not save privacy data of European citizens in the United States.
Salesforce is currently investigating the impact of the ruling. Connexys is in direct contact with Salesforce and we guarantee you that trust is our #1 value and nothing is more important than the succes of our customers and the privacy of our customers’ data.
New information will be added to this article. To receive these updates, please click on the Follow button (you need to be logged in for this). You will then receive an email whenever this article is updated. It is also possible to follow the entire Announcements section, to receive updates about releases, changes and product notifications.
Update October 12th:
This update is to inform you that we are still working on a resolution with Salesforce Partner Management and Salesforce Legal. Salesforce already delivered a solution for their direct customers. We strive for a similar solution for their indirect customers (Connexys customers). This is taking much longer then expected. Please know that this subject has our highest attention.
Update October 15th:
Today we have received an extensive document form Salesforce. This document is an 'AMENDMENT TO ADD THE MODEL CLAUSES DATA PROCESSING ADDENDUM' and Salesforce states that 'this DPA contemplates our relationship with Connexys as our reseller, and reflects a set of back to back model clauses provisions that are intended to enable the reseller to in turn make commitments to their customers'. This document is to be added to our existing contract with Salesforce.
We will read this document and update you on the outcomes soon.
Update October 20th:
We expect a reaction from our legal counsel on the DPA today or tomorrow.
Update November 3rd:
Last week there seemed te be some progress on a transfer data pact: http://www.wsj.com/articles/eu-u-s-agree-in-principle-on-data-pact-1445889819
Since this is only an agreement in principal the DPA still needs the proper attention. Last friday we received a first reaction from our legal counsel. It needs further clarification and then we will send it to Salesforce. We aim to this by the end of the week.
Update November 4th:
The detailed reaction of our legal counsel is in and has been forwarded to Salesforce. We have asked Salesforce to reply within 2 days. Of course we will update this article as soon as possible.
Update November 10th:
Tomorrow there will be a call between our legal counsel and the Salesforce legal people. All are aiming to resolve the current situation. This call will take place at the end of day (18.30). We will update this article very soon.
Update November 26th:
A lot of legal e-mails have been sent between Salesforce and Connexys since the last update. Since the last call we have had with Salesforce two planned meetings that were postponed. Once by us and once by Salesforce.
On the 24th we would have had a meeting. This was postponed by Salesforce with one week, but with a promise that in a week's time they would come with a satisfying solution.
Update December 11th:
On the 10th of December Salesforce announced that it has successfully entered into a Binding Corporate Rules agreement with European Data Processing Authorities.
This is major brake through and is, we think, a much better setup then the model clauses.
The BCR allows for a lawful transfer of personal data from Europe to the US.
The list of BCR comapnies can be found on this site: http://ec.europa.eu/justice/data-protection/international-transfers/binding-corporate-rules/bcr_cooperation/index_en.htm
We are in close contact with Salesforce to figure out what this means contract-wise and if customers of Connexys need to sign and get an amendment or not. We are also making sure whether or not Connexys needs to apply for a permit with the Dutch DPA.
Update April 28th:
Salesforce received a permit from the Dutch authorities based on the BCR agreement for the transfer of personal data to Countries outside the EU. This opens up the next and final step for us. We will now request a permit with the Dutch authorities on behalf of our customers. Together with our legal partner we will draw up the necessary consent forms for our current customers and file for a permit with the Dutch authorities.