Last Updated: May 1, 2023
MoveData takes the protection of our customers’ information seriously and is committed to complying with applicable data privacy laws, including GDPR and UK GDPR, when providing services to our customers. Data privacy is a collaborative effort, and MoveData is committed to ensuring that you can use MoveData services while complying with your obligations under applicable data privacy laws.
This page is designed to help you with your data privacy obligations by providing information about MoveData’s data protection practices and the choices you have regarding the data processed by MoveData when you use our services.
Privacy Compliance at MoveData
MoveData has ongoing processes to protect your data and privacy rights:
| Internal Data Audits | MoveData periodically reviews the types of data that it collects, the reasons for collecting that data, and when MoveData personnel might need to access it |
| Vendor Audits | MoveData audits its vendors both at the time of onboarding and thereafter to ensure that they adhere to data privacy laws and regulations |
| Communications | MoveData documents pertinent changes in its privacy compliance practices. Customer and partner notification occurs via email, this webpage, and the MoveData blog. MoveData also maintains an FAQ below that may be useful to review. |
| Ongoing Process Changes | MoveData continues to refine processes for how it performs customer support, builds services, and handles data. This includes internal documentation, training, and other processes. |
For Customer Content (content transferred in and out of integrations or other MoveData services), you, the customer, are considered the “data controller” of that data from a privacy perspective. In turn, MoveData is the “data processor” responsible for safeguarding Customer Content as it flows through MoveData’s systems.
As data controller, you are responsible for safeguarding Customer Content as you interact directly with services integrated with MoveData. You should configure your integrations to not trigger or work with other users’ data without proper consent.
Data Privacy FAQ
MoveData maintains an FAQ below that may be useful to review:
| Where does MoveData store data? | MoveData hosts data in AWS servers located in Australia, including customers’ personal data and the data that is processed on behalf of customers |
| Why is data stored in my MoveData account for up to 90 days? | MoveData needs to store data to successfully process information, and to reprocess information should an error occur under the original processing. The default period for data retention is defined in Data Retention and Deletion where notifications are automatically deleted at 90 days from their created date and system log data is held for up to 7 days. Customers can contact MoveData to set a custom data retention period for data held in their MoveData account. |
| Is there an option to have my data stored only within the EU or UK? | No |
| Has MoveData ever had to disclose data to authorities? | MoveData has not received any request to disclose data to authorities. If such a request were received, MoveData will use reasonable efforts: (1) to have the governmental authority request such data directly from you; and (2) to notify you of the request promptly, unless prohibited under the applicable law of the requesting government authority or MoveData. If prohibited from notifying you, MoveData will use reasonable efforts to obtain the right to waive the prohibition to communicate as much information to you as possible. |
| Does MoveData sell or market the data to third parties in any way? Will you share my data without my consent? | No, MoveData does not sell or market your data to third parties |
| Does MoveData have a vetting process for its subprocessors? | Yes, all of MoveData’s subprocessors have undergone an internal review to assess how customer information is protected, from both privacy and security perspectives |
| Will MoveData sign my company’s DPA? | MoveData can’t sign DPAs from other organisations. However, MoveData’s Data Processing Addendum should be sufficient in any customer relationship with MoveData. |