Memory AS, Timely's parent company, is a registered company in Norway, which is a member of the European Economic Area (EEA). Norway has adopted the EU directive 1995/46/EC in its laws.
The standard Terms of Service for Memory, including the integrated Data Processing Agreement, was recently updated to achieve compliance with the upcoming General Data Protection Regulation (GDPR). The GDPR will also apply to Norway.
Data will be processed and stored in the US by our sub suppliers and sub processors, Amazon and Heroku (Salesforce). Both of these companies are Privacy Shield-certified, so transfer of data to them will be in compliance with EU law. We do not use any other sub suppliers outside the EU/EEA-area.
Both Privacy Shield-certification and Standard Contractual Clauses are legal mechanisms for safe transfer of personal data from an EU-controller (you) to (sub)processors outside the EU/EEA. Since our parent company, Memory AS, is a Norwegian company, the obligation to implement such additional safeguards does not apply to Memory AS, it only applies to our sub suppliers.
Send us a message, we'd be happy to talk to you about it.