GDPR Contract Update
Both MaritzCX (processor) and its customers (controllers) are jointly and separately responsible for certain actions under GDPR. Therefore, the GDPR requires shared responsibility to protect an individual’s privacy rights. GDPR Article 28 requires that a contract be in place between a controller and a processor. For years, the MaritzCX [Terms of Service and Master Services Agreement] has provided the fundamental legal requirements and obligations regarding data ownership, confidentiality, processing responsibilities, security of data, breach notification, and more.
Sub-processors and MaritzCX: As an Enterprise solution, the MaritzCX team provides a comprehensive suite of services. While we have long-standing relationships with established suppliers, the majority of work is performed in-house. With only a few exceptions, customer data provided to MaritzCX as part of your program efforts is maintained solely by the MaritzCX team.
However, if a MaritzCX customer desires to update their agreement with MaritzCX with a GDPR-specific language, please email MaritzCX at email@example.com.
EU-U.S. Privacy Shield. MaritzCX is certified under the Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use, processing, and cross-border transfer of personal data from the EU to the United States. MaritzCX is committed to managing all personal data received from European Union EU member countries, in compliance with the requirements of the EU-U.S. Privacy Shield Frameworks. Under this Privacy Shield Framework, MaritzCX is responsible for the processing of personal data it receives and subsequently transfers to a third party. MaritzCX complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. To learn more about these Privacy Shield Frameworks and to view the Maritz certification, please visit https://www.privacyshield.gov/welcome and search for the Maritz subsidiary or division.