Cross-Border Data Transfers
Marketo takes privacy very seriously. We treat the data that our customers collect and use on our platform with the utmost sensitivity and employ strict policies and protections to help ensure the privacy of that information. As such, Marketo offers two different options for cross-border data transfers: Privacy Shield certification and Data Processing Addenda.
The EU-US and Swiss-US Privacy Shield Frameworks are mechanisms composed of data protection principles agreed upon by the US Department of Commerce with both the European Commission (EC) and the Swiss Federal Data Protection and Information Commissioner to facilitate data transfers between the European Economic Area (EEA) and the United States and Switzerland and the United States. Marketo has self-certified to both the EU-US and Swiss-US Privacy Shield Frameworks.
What is a Data Processing Addendum?
A Data Processing Addendum (DPA) is an exhibit to Marketo’s customer subscription services agreement containing Standard Contractual Clauses, contractual terms that have been approved by the European Commission to govern international data transfers. Standard Contractual Clauses are also known as Model Clauses.
What is the purpose of a Data Processing Addendum?
A DPA is one of a number of "appropriate safeguards" that enable the transfer of personal data concerning data subjects within the European Union to jurisdictions that have not been designated by the European Commission as possessing an adequate level of data protection.
Who are the DPAs for?
The DPAs are available for customers of Marketo and ToutApp services seeking a legal framework to govern cross-border transfers of personal data, in particular from within the European Economic Area (EEA) or Switzerland, to areas without adequacy designations.
Is this relevant for GDPR compliance?
Yes. The GDPR states that in the absence of an adequacy finding (a determination by the EC of suitable data protection standards), the Privacy Shield and Standard Contractual Clauses may serve as appropriate safeguards governing cross-border data transfers. Marketo has self-certified to the EU-US and Swiss-US Privacy Shield Frameworks, providing one safeguard requiring no customer action, but customers also have the option of executing a DPA.
How does my organization incorporate the DPA to our Marketo or ToutApp subscription services agreement?
The appropriate pre-signed DPA may be downloaded, printed, completed, signed and returned to Marketo via email per the instructions found on the first page of the DPA. Alternatively, you may execute electronic version of the DPAs using the links in the next two paragraphs.
Marketo DPA on Echosign
For Marketo Customers: If e-signatures are accepted in your jurisdiction, Marketo offers a pre-signed DPA for execution through Echosign. An authorized representative from your company should complete all required information and sign the DPA. Upon clicking the “Click to Sign” link, a copy of the fully executed document will be sent to Marketo and to the signer.
ToutApp DPA on Echosign
For ToutApp Customers: ToutApp's pre-signed DPA is available for execution through Echosign as well. An authorized representative from your company should complete all required information and sign the DPA. Upon clicking the “Click to Sign” link, a copy of the fully executed document will be sent to Marketo and to the signer.
What if I have additional questions?
Should you have questions about the Marketo or ToutApp DPAs, please contact your Marketo Account Executive, Customer Success Manager, or open a support case via the Marketo Support Portal at support.marketo.com.
What is the difference between the Marketo DPA and the ToutApp DPA?
Marketo offers separate DPAs for Marketo customers and for ToutApp customers, because ToutApp is hosted on a different cloud platform than other Marketo services. Carefully select the addendum relevant to your subscription; if you are a ToutApp Customer, choose the ToutApp DPA (September 2017). If you are a Marketo Customer, choose the Marketo DPA v.3 (August 2017). If your organization subscribes to both Marketo and ToutApp, you should execute both addenda.