Showpad Privacy Principles

These Privacy Principles apply to the Showpad Products and Services (“Showpad Content” as well as “Showpad Training & Coaching”, see showpad.com/platform), being made available under a Software as a Services model, for the benefit of and on behalf of the Showpad Customers (hereafter referred to as the “Services”), including the use You make of them as well as the interactions You have therewith.




A. Privacy in general



1. What is GDPR?

“GDPR” or “General Data Protection Regulation“ (EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC), is the current privacy legislation in effect in the European Economic area (“EEA”).

The GDPR came into effect on 25 May 2018 and introduces a whole new set of rules in respect of the processing of information which relates to You (as being an identified or identifiable natural person) (“Personal Data”). It aims to harmonise data privacy legislation throughout the EEA with the intention to i) increase the general awareness on data privacy, ii) allow individuals to take control over their privacy and their fundamental rights, and, iii) to strengthen security requirements throughout companies and organisations.

Seeing the wide scope pf applicability, the GDPR serves as the basis for the worldwide Showpad privacy program.

(Last update 21 December 2018)

2. When does GDPR apply?

The GDPR applies to i) all organisations established in the European Economic area (“EEA”) and ii) to organisations, whether or not established in the EEA, that process Personal Data in connection with either the offering of goods or services to Data Subjects (i.e. identified or identifiable individuals) in the EEA or the monitoring of their behaviour that takes place within the EEA.

As a consequence, from the moment there is an element of processing Personal Data in the EEA or from the moment a Data Subject located in the EEA is targeted, GDPR will apply, also to organisation not located in the EEA.

(Last update 21 December 2018)

3. Showpad and GDPR

Showpad NV, with address Moutstraat 62, 9000 Gent (Belgium) with company ID 0836.159.992, by itself or through its affiliates (including Showpad Inc., with address 1 N State Street 11th Floor Chicago, IL 60603 United States) (“Showpad”), has developed, exploits and maintains certain Services.

The Services are provided by Showpad under contract as concluded with the organisation who purchased the Services for its collaborators’ use (“Showpad Customer”).

Showpad embraces the opportunities GDPR brings and ensures putting in place such measures in order to allow for the Showpad Customers to make use of the Services in a compliant way.

As GDPR is the most comprehensive and fully integrated legislation on data privacy, and as the applicability of the GDPR does not stop at the borders of the EEA, Showpad uses GDPR as a standard against which its worldwide program is benchmarked.

(Last update 21 December 2018)

B. Privacy Principles



1. When do these Showpad Privacy Principles apply?

These Showpad Privacy principles apply whenever a person makes use of, or is interacting with the Services under any form of a user account, or, as a Third-Party Data Subject (see explanation on “roles” below) being allowed (limited) access by you and an owner of a user account to such Services (“You” or “Your”).

These Privacy Principles equally apply to the products (including front-end clients (e.g. the Showpad mobile application), Web-Interface (e.g. plugins) and/or Connectors to third-party applications) interacting with such Services.

Be informed that if You make use of the Services as part of an entity or organisation that has an agreement with Showpad (like Your employer), the terms of that organisation’s agreement may provide for different or additional terms. Please contact Your organisation for further details.

(Last update 21 December 2018)

2. What is the relationship between these Privacy Principles and a Customer Privacy Policy?

These Showpad Privacy Principles are provided for convenience reasons only and want to try to provide You with as much information as Showpad is able to provide under sections 13 and 14 GDPR.

You however, need to bear in mind that Showpad is only acting as data processor and not as data controller, which means that any Privacy Policy of the Showpad Customer (“Customer Privacy Policy”) shall have priority over these Showpad Privacy Principles. These Showpad Privacy Principles under no way shall mean that Showpad is taking up a role as data controller. The publication of the Customer Privacy Policy (or absence thereof) does not occur under the responsibility of Showpad.

Where You already have accepted a Customer Privacy Policy which applies to Your use of the Showpad Customer instance on the Services, or where such (updated) Customer Privacy Policy becomes applicable to Your interaction therewith, the Customer Privacy Policy shall apply and replace these Privacy Principles.

(Last update 21 December 2018)

3. Is Showpad acting as Data "Processor" or Data "Controller" in respect of the Services?

It is the Showpad Customer who grants access and manages the user accounts to the Services (e.g. password reset, access rights, third-party integrations, suspending accounts, grouping users, assigning channels, …), as well as which Third-Party Data Subjects to interact with through the Services (and thus whose Personal Data are to be processed). It is the Showpad Customer that may communicate with You or the Third-Party Data Subject through the Services. It is therefore the Showpad Customer who legally is acting as the so-called “Controller”.

Inquiries by You or any other Data Subject in respect of processing by the Services of one’s Personal Data therefore needs to be addressed to the Showpad Customer, not Showpad.

Showpad is only offering the means allowing the Showpad Customer to interact with their respective Users and third parties through the Services. This means that Showpad is only processing the Personal Data for and on behalf of the Showpad Customer as a “Processor”, in line with the instructions given by the Showpad Customer.

Showpad is only acting as Controller (in a limited way) in respect of certain interactions of or with the Administrator (see Showpad Privacy Policy).

(Last update 21 December 2018)

4. Does Showpad export Personal Data outside of the EEA?

Showpad only exports Personal Data outside of the European Economic area (“EEA”) if and when required by:

  • It and its affiliates’ employees and collaborators;
  • Third-party technology and service providers as used for the purposes described in these Privacy Principles;
  • Third-Party maintenance & support recipients (including related service/technology providers);
  • Other third parties to the extent Showpad has good faith belief that such disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request from a public or law enforcement authority; (b) national security; (c) protect the safety of any person from death or serious bodily injury; (d) prevent fraud or abuse; (e) as necessary to protect or enforce our legal rights & those of our collaborators as well as the integrity of our Services.

Such disclosures shall always be limited to the Personal Data as required for the specific purpose of the recipient while taking into account the necessary provisions on confidentiality, integrity, availability and security of the data involved.

In case of Feature Dependent Subprocessors, the Showpad Customer has a choice not to enable that specific service.

In the current set-up of the Services, such export of personal data shall occur and is required in order for the Services to meet the contractual warranties and services levels.

Where such export occurs, Showpad ensures that such transfer occurs under the necessary legal provisions as required by the applicable legislation in order to provide for an adequate level of protection of Your Personal Data (e.g. adequacy decision of the EU commission (e.g. EU-US Privacy Shield), binding corporate rules, EU standard contractual clauses, …).

(Last update 21 December 2018)

5. What is Showpad doing in order to help its Customers comply with GDPR?

Showpad has a good number of initiatives in that regard:

  • EU Data centres / US CDN opt out
    • Showpad’s principle hosting infrastructure is located within the EU at a first-class world-renowned hosting partner (AWS – 2 separate EU regions). CDN (Content delivery network) towards the Showpad US data centres can be switched off (AWS – US East region).
  • Dedicated privacy website
    • Making available a dedicated privacy page in respect of the Showpad privacy program on showpad.com/gdpr.
  • Showpad data protection officer
    • The Showpad data protection officer supervises the entire data privacy program at Showpad and works in close conjunction with the Showpad Information Security Manager.
  • Vetting by Showpad of its subprocessors
    • Each subprocessor of Showpad is vetted by Legal, Infosec and the Showpad data protection officer in the areas of security, contractual terms, data processing agreements, and, EU standard contractual clauses / Privacy Shield.
  • Contractual documents / privacy policies
    • Our contractual documents are state-of–the-art and contain the necessary provisions, including in respect of data processing agreements, end-to-end confidentiality, and privacy policies (meeting all necessary legal requirements).
  • Product engineering
    • All new product capabilities that are to be introduced within the Service, follow three key cornerstones: (i) the GDPR principles of “privacy by design” and “privacy by default”, (ii) giving flexibility to both EU customers and non-EU customers within the GDPR guidelines – while (iii) keeping all changes as simple as possible.
  • Privacy Shield for Showpad Inc.
    • Showpad Inc. adheres to the EU-US Privacy shield, in order to facilitate and safeguard transfer of Personal Data to the US.

(Last update 21 December 2018)

6. Does Showpad have a Data Processing Agreement available?

To the extent processing of Personal Data within Your organisation falls within the material scope and territorial scope of GDPR (articles 2 and 3 GDPR), the GDPR requires that the processing occurs under a Data Processing Agreement that requires certain minimum criteria to be met (article 28,3 GDPR).

Showpad therefore has created a so-called “Data Processing Agreement” or “DPA” that includes all the required GDPR terms.

Showpad’s DPA reflects the unique aspects of the Services, as well as processing activities, and modifies Your agreement for the Services to bring it into GDPR compliance.

You can find and execute the Showpad Data Processing Agreement here.

(Last update 21 December 2018)

7. What rights do data subjects have?

As an EEA citizen (and potentially other applicable data privacy laws), data subjects whose Personal Data is being processed have the right to:

  • obtain access to one’s Personal Data as processed by Showpad;
  • request rectification, erasure or restriction of processing of one’s Personal Data;
  • object to the processing of one’s Personal Data where processing is based on the legal ground of “consent”;
  • request to receive one’s Personal Data in a format at the discretion of the Controller (e.g. excel, .CSV file, …), that allows for the data portability of such data to a similar service;
  • where Personal Data is processed based on the legal ground of “consent”, withdraw one’s consent for processing one’s Personal Data at any time.

Such rights need to be exercised towards the Showpad Customer. In order to exercise such rights, the individual in question shall have to provide proof of one’s identity by providing an official document (e.g. ID Card, driver’s license, …).

(Last update 21 December 2018)

8. Where to log a complaint?

Under these privacy principles, Showpad is acting as Processor under instruction and on behalf of the Showpad Customer. As a result, in case You have a complaint about the processing of Your Personal Data, You should address Your complaint towards the respective Showpad Customer as being the controller of Your Personal Data.

Notwithstanding the above, You can always contact us directly at privacy@showpad.com and we will listen to Your complaint and see if we can help You to resolve this. In any case, Showpad will provide You with a response within one month of receipt. Where necessary or where legally required, Showpad will forward Your request to the respective Showpad Customer who will take this up further with You.

However, if You, as an EEA citizen, have an unresolved complaint, You always have the right to log a complaint with the competent “data protection authority”. Information on the competent data protection authority and the way of logging a complaint can be found here (or the URL as updated by the European Commission).

(Last update 21 December 2018)

9. Who can I contact if I require more information?

Showpad has appointed a data protection officer for the whole Showpad Group who can be contacted at Office of the Data Protection Officer – Showpad NV – Moutstraat 62 – 9000 Gent (Belgium) or  privacy@showpad.com.

(Last update 21 December 2018)

C. Privacy in the Showpad Services



1. What do the Showpad Services consist of?

Showpad is offering Services that measure and report on the engagement of individuals with content being made available to them. It involves providing businesses with the information, content, insights, analytics and tools that help them to streamline and improve interactions by and between internal collaborators (e.g. sales teams, marketing teams, …)  and/or third parties (e.g. potential buyers). This may occur through the current Services offerings (see www.showpad.com/platform).

To the extent the individual in question is connecting to and interacting with the Services, the Services measure the engagement of such individual in respect of content shared, analyse such individual’s behaviour therewith, as well as measure the attractiveness of the content shared.

The Services are offered as a “Software as a Service” model, which is a software licensing and delivery model in which software is centrally hosted and made available to multiple users over a network, including through interacting products (including front-end clients, apps, Web-Interface, plugins, or connectors to third-party applications).

The Personal Data is not processed for any other purpose than allowing the Services to take place for the benefit and under the control of the Showpad Customer.

Where Your Administrator/Privileged User/organisation chooses to i) add new functionality or change the behaviour of the Services (outside of what the Services offer as native functionality or behaviour) by integrating/combining third-party applications (e.g. Salesforce, Slack, BI tools, SSO, etc.) or ii) is making content available through an iFrame, linking to third-party URL’s or similar technology, this may lead to the fact that such third-party applications receive access to certain Personal Data or content either directly from You or through the Services. This activation, implementation, combination and/or content offering occurs solely under the responsibility of Your organisation/third-party application provider and their respective policies, not Showpad’s. Consequently, Showpad does not take any responsibility for this.

(Last update 21 December 2018)

2. What roles / interactions exist within the Showpad Services, and what do they mean?

You can interact with or through the Services through the following roles:

  • Administrator”: someone managing User accounts, having privileges for making content available for use by the User through the Services, as well as being able to (generally) monitor usage statistics;
  • Privileged User”: someone having privileges for making content available for use by the User through the Services, as well as being able to (generally) monitor usage statistics;
  • User”: someone who through the Services is i) interacting with the content being made available to him by the Administrator/Privileged User, ii) making Content available to a Third-Party Data Subject , and/or iii) monitoring that Third-Party Data Subject’s engagement with such content as well as its usage statistics;
  • Third-Party Data Subject” someone (usually the prospect / potential buyer) receiving specific information from the User through the Services in respect of a potential business transaction to be negotiated/concluded with the User.

Each of these roles will generate their specific analytics as to the way how they interact with the content being made available through the Services.

Except where tracking is disabled, Third-Party Data Subject personal data will be visible:

  • to Users and Administrators/Privileged Users; and
  • to other Third-Party Data Subjects (in respect of collaborative functionalities of the Services (e.g. Shared Spaces) or where invitations are being sent through the platform).

Except where tracking is disabled, User personal data will be visible:

  • to Administrators/Privileged Users; and
  • to other Users/Third-Party Data Subjects (in respect of collaborative functionalities of the Services (e.g. Shared Spaces, Pitch IQ, …) or where invitations are being sent through the platform).

Where applicable to the Services in question, Third-Party Data Subject interactions with content occurring under “Kiosk Mode” will be attributed to, and aggregated under the analytics of, the User account as set to the “Kiosk Mode”.

(Last update 5 February 2018)

3. What categories of Personal Data are being processed through the Showpad Services?

The Services processes certain “information relating to an identified or identifiable natural person, for and on behalf of its Customers.

For each role (Administrator, Privileged User, User, Third-Party Data Subject), certain contact information is being processed (i.e. direct identifiable Personal Data such as an e-mail addresses or name), as well as certain account information, profiling/behavioural information, device information, connection information, content, integrations with marketing automation/CRM services, geolocation (i.e.  indirect identifiable Personal Data requiring a whole dataset in order to identify 1 single person).

In certain instances, the Services may also process certain video or other material (comments, reviews, …) that an Administrator, Privileged User, User or Third-Party Data Subject may upload or provide to the Services. In most circumstances it is the aim of such video or other material to be used as internal training material for the people within the organisation of the Showpad Customer.

For specific information on which types of Personal Data are being processed, see the administration settings in the Services or contact the Showpad data protection officer at privacy@showpad.com.

(Last update 21 December 2018)

4. Are the Showpad Services processing so-called "sensitive Personal Data?

No so-called “sensitive Personal Data” (e.g. as per section 9 GDPR) is being processed by or through the Services (e.g. medical information, biometrical information, racial information, social security information, criminal information …), nor should the Services be used for such data.

(Last update 21 December 2018)

5. Are the Showpad Services processing financial data / PCI data?

The Services are not processing any (personal) financial data or data that is regulated by rules of the Payment Card Industry (PCI).

(Last update 21 December 2018)

6. Under what legal basis is Personal Data being processed through the Services?

Before each Administrator’s, Privileged User’s, User’s and/or Third-Party Data Subject’s Personal Data is processed, consent from the respective individual will be sought at the different levels within the Services:

  • Administrator/Privileged User/User: consent will be sought at the moment of creation of their account;
  • Third-Party Data Subject: consent will be sought at the moment of first interaction with the Services or the content made available.

Consent is an allowed basis for the lawful processing of Personal Data (see section 6,1 (a) GDPR).

Additionally, certain Personal Data is processed based on legitimate interest (see section 6,1 (f) GDPR) because:

  • necessary for technical reasons, e.g.:
    • IP address is used to determine origin of the request resulting in certain privacy settings becoming applicable or not;
    • email address of a (re-shared) Third-Party Data Subject is used for the technical aspects of delivering the message to the recipient under an SMTP protocol;
    • in order to capture consent (e.g. online meetings).
  • used as training material for internal training purposes of the Showpad Customer, e.g.:
    • (deactivated) account analytics (e.g. User analytics of (former) Administrators/Privileged Users/Users)
    • Pitch IQ video’s / training video’s
    • (peer) reviews/comments

Next to that, certain limited Personal Data may be processed as required for Showpad as a controller to administer the (contractual) relationship between Showpad and its Customer (also through the Administrators) as well as to comply with certain legal obligations / legitimate interest of Showpad (e.g. consent log files). More info can be found in the Showpad Privacy Policy.

(Last update 21 December 2018)

7. How long does the Personal Data remain available in the Showpad Services?
  • Data in Showpad hosted environment (production):
    • Administrator/Privileged User/User: From the moment the account is deleted by the Showpad Customer or where the contract with the Showpad Customer is terminated, the account and the Personal Data is deleted, and the insights anonymised (deleted accounts can only be re-instated for up to 30 days after deletion after which deletion is irreversible). For avoidance of doubt, deactivation of an account does not by itself remove the account, the Personal Data or the insights; the account is only suspended.
    • Third-Party Data Subject: As long as the respective Third-Party Data Subject is interacting with or through the Services and for a certain period after the last interaction such Party has had with or through the Services, as determined and set by the Showpad Customer, the Shared Spaces (if applicable), as well as all Personal Data is deleted, resulting in the fact that analytics are anonymised.
    • Any action performed is sync’ed automatically throughout the entire production environment (including any deletions).
  • Pitch IQ video’s / training content & information:
    • as long as relevant for the internal training objectives within the Showpad Customer as determined by the Showpad Customer.
  • Data in Showpad hosted environment (backup):
    • from a standard perspective, backups are done on a daily as well as weekly basis;
    • Backups are kept for up to three months, unless Company so requests sooner;
    • Personal Data will be permanently and irrevocably deleted in backup after such three-month period.

(Last update 21 December 2018)

8. Does Showpad make use of subprocessors for the Showpad Services?

Showpad uses two types of subprocessors; 1) “Core Subprocessors” and 2) “Feature dependent Subprocessors”.

  • Core Subprocessors (e.g. hosting partners) are subprocessors that are key to the functioning of the Services and without whom Showpad cannot guarantee the functioning of the respective Services.
  • Feature dependent Subprocessors are subprocessors that offer a certain functionality that is either not present in all versions of the Services, either are optional (and thus can be switched off).

For more information on which subprocessors are used in the Services, see the administration settings in the Services or contact the Showpad data protection officer at privacy@showpad.com.

(Last update 21 December 2018)

9. Which parties may receive Personal Data as processed through the Showpad Services?

Showpad only shares Your Personal Data with its (as well as its affiliates’):

  • employees and collaborators in respect of their respective duties as required for the exploitation, support and maintenance of the Services;
  • Third-party technology and service providers in respect of their services as part of the Services and as used for the purposes described in these Privacy Principles;
  • Third-party maintenance & support recipients (including related service/technology providers);
  • Other third parties to the extent Showpad has good faith belief that such disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request from a public or law enforcement authority; (b) national security; (c) protect the safety of any person from death or serious bodily injury; (d) prevent fraud or abuse; (e) as necessary to protect or enforce our legal rights & those of our collaborators as well as the integrity of our Services.

Such disclosures shall always be limited to the Personal Data as required for the specific purpose of the recipient while taking into account the necessary provisions on confidentiality, integrity, availability and security of the data involved.

For avoidance of doubt, Showpad does not sell or otherwise commercialises the Personal Data.

Showpad shall remain responsible to ensure that such export occurs in a legally compliant way, as well that the performance of the subprocessors Showpad has engaged remains in line with the applicable data protection legislation.

Mind you that personal data is shared within the the Services to the different stakeholders as set forth in section C2.

(Last update 5 February 2019)

10. Is the data processed through the Showpad Services used for direct marketing purposes or automated decision making?

Showpad does not use the Personal Data processed through the Services for Showpad’s direct marketing purposes, nor does the Service employs automated decision-making processes or techniques which create or deny rights to the individuals in question.

Showpad only processes the Personal Data under instruction and under control of the Showpad Customer for the purpose of exploiting its Services for the benefit of its Customers, as described above.

(Last update 21 December 2018)

11. What Security measures does Showpad employ for its Service?

Showpad has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (a) the pseudonymisation and encryption of personal data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. Showpad shall thereto take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

The Showpad Content solution is covered under a security program that is ISO 27001 as well as ISAE3402 certified, and combines all aspects in order to comply with the principles as stated here above. This security program is audited on a regular basis by an external audit firm having the competent capabilities (see https://www.bsigroup.com/en-GB/our-services/certification/certificate-and-client-directory/), BSI certificate n° IS653767.

The Showpad Training and Coaching solution (previously known as “Learncore”) uses strict technical measures to make sure Your data is safe and secure. These measures on the Showpad Training and Coaching solution aligned with the Showpad Content certifications.

The whole Showpad Information security program is managed by the Showpad Information Security Manager.

While we aim to implement industry-leading safeguards designed to protect Your Personal Data, no security system is impenetrable and due to the inherent nature of the Internet, there always is an inherent risk that non-authorised persons may obtain access e.g. by way of hacking. In addition, we cannot guarantee that any Personal Data which was incidentally collected by You or Your organisation is maintained at levels of protection to meet specific needs or obligations You may have relating to that information.

(Last update 21 December 2018)

12. Do the Showpad Services use Cookies?

For more information on Cookies used by Showpad and the way of managing/removing them, see the respective “Cookie Policy” section of the Showpad Privacy Policy.

(Last update 21 December 2018)

13. Are the Showpad Services targeted at Children?

The Services are typically solutions that aim at selling products, negotiating a sales transaction and/or learning within professional organisation. As such, the Services are not aimed for children under the age of 18 year, nor should it be used for such purpose. We consequently do not knowingly collect Personal Data from children.

If a parent or guardian becomes aware that his or her child has provided Personal Data that is processed through the Services without their consent, he or she should contact Showpad at privacy@showpad.com. If we become aware that a child has provided us with Personal Data, Showpad will take the necessary steps to have that Personal Data irrevocably removed from the Services.

(Last update 21 December 2018)

14. What about Functional/Technical Data in the Services?

The Services also track certain data other than Personal Data, more specifically technical, analytical data, and metadata which is collected automatically when a person is interacting with or through the Services (“Functional Data)”, which Functional Data is the sole property of Showpad.

Showpad collects the following Functional Data:

  • General usage Information. including:
    • the applications and features You use in respect of the Services;
    • the sizes, titles and type of the files or folders You upload, download, share or access while using the Services;
    • The content You access, and any actions taken in connection with the access and use of the content in the Services;
    • Dwell time;
    • Interaction types with third-party applications
    • click activity.
  • Log Information. including:
    • Your Internet Protocol (“IP”) address;
    • Access times;
    • Browser type and language;
    • URL’s of referring/exiting exit pages;
    • Internet Service Provider (“ISP”).
  • Device Information. including:
    • the hardware model;
    • operating system and version;
    • mobile network information (as allowed by the mobile network) or platform information (as allowed by the specific platform type).

Subject to the other provisions of these FAQ’s Showpad may use the Functional Data for a variety of purposes, including to:

  • Provide, operate, maintain and improve the Services;
  • Enable You to technically access and use the Services;
  • Respond to Your comments, questions, and requests and provide service and support;
  • Monitor and analyse trends, usage, and activities in connection with the Services;

Investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities.

(Last update 21 December 2018)

15. What about re-sharing Customer Content by a Prospect & acceptable use

To the extent the Administrator allows for re-sharing to take place via the Products and Services by the Prospect on that certain asset by the User, when re-sharing Customer Content via the Products and Services with a Re-Shared Prospect, the Prospect needs to i) be allowed to use the email address of the Re-Shared Prospect for that purpose and ii) live up to the respective applicable law or regulation in respect of fraudulent and misleading activity or sending unsolicited email, mass emails, or spam.

(Last update 3 June 2018)

D. EU–US Privacy Shield



1. What is the EU-US privacy Shield?

In order to allow for export of Personal Data covered under the GDPR towards a US recipient, the GDPR requires that certain safeguards are put in place first. Under section 45 of the GDPR, such safeguards may be established by a so-called “adequacy decision” to be taken by the European Commission.

On July 12, 2016, the European Commission, through the “Commission implementing decision (EU) 2016/1250”, has accepted that the EU-U.S. Privacy Shield ensures an adequate level of protection for Personal Data transferred from the EEA to organisations in the United States, to the extent covered under the EU-U.S. Privacy Shield. To learn more about the Privacy Shield program, please see https://www.privacyshield.gov/Program-Overview.

 (Last update 21 December 2018)

2. To what Showpad entity does the EU-US privacy Shield apply?

Showpad Inc. with address 1 N State Street 11th Floor Chicago, IL 60603 United States adheres to the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and applies such principles when collecting, using, processing, and retaining Personal Data transferred from the European Union and the United Kingdom to the United States.

Showpad Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles, resulting in the fact that Personal Data originating from within the EEA may legally be exported to Showpad Inc. under this basis.

If there is any conflict between the terms in these Privacy Principles and the EU-U.S. Privacy Shield Framework, the EU-U.S. Privacy Shield Framework shall govern.

For purposes of enforcing compliance with the EU-U.S. Privacy Shield, Showpad Inc. is subject to the investigatory and enforcement authority of the US Federal Trade Commission.

To learn more about the Privacy Shield program, and to view the Showpad Inc. certification, please visit https://www.privacyshield.gov.

(Last update 21 December 2018)

3. Transfer to third parties

Where Showpad Inc., has received Your Personal Data in the United States and subsequently transfers that information to a third-party recipient (e.g. a subprocessor), and such third-party recipient processes Your Personal Data in a manner inconsistent with the Privacy Shield Principles, Showpad Inc. may be responsible under the Privacy Shield Principles to the extent Showpad Inc. is responsible for the event giving rise to the damage.

(Last update 21 December 2018)

4. Binding arbitration

You may also have the option to select binding arbitration for the resolution of Your complaint under certain circumstances. To find out more about the Privacy Shield’s binding arbitration scheme please see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

(Last update 21 December 2018)

E. Relation with other Showpad policies / documents



1. Showpad Privacy Policy

The Showpad Privacy Policy shall apply in addition in case you are:

  • Making use of, or visiting any Showpad website other than the Showpad Products and Services;
  • Using the Showpad Products and Services under an administrator account or privileged User account;
  • Direct interactions with Showpad, including accessing and/or interacting with content belonging to or controlled by Showpad as being made available to You by a collaborator of Showpad through the Showpad Products and Services;
  • Interacting with (software) tools related to the foregoing; and/or
  • As otherwise accepted by You.

(Last update 21 December 2018)

2. Showpad Online and website terms

The Showpad online & website terms shall apply in addition in case you are:

  • Accessing and/or interacting with content belonging to or controlled by a Showpad Customer as being made available to You by or on behalf of that Showpad Customer through the Showpad Products and Services; and/or
  • Making use of, or visiting any Showpad website other than the Showpad Products and Services; and/or
  • As otherwise accepted by You.

(Last update 21 December 2018)

3. Showpad Data Processing Agreement

If You are looking for the Showpad Data Processing Agreement, click here.

(Last update 21 December 2018)