Data localization and segregation
Data localization laws restrict the processing of certain types of data, including personal data, sensitive personal data (e.g. health records), banking data, and government-related information outside the country of origin.
AppXite Platform aggregates multiple types of data, including the user data, billing, and subscription data, and other information required to provide our product. Whereas most of the data processed by AppXite does not fall under the data localization regimes, the user data that we collect is regarded as personal data.
AppXite has implemented the set of legal and technical measures to help our customers to meet the privacy and data residency requirements.
- The framework of data processing agreements and Standard Contractual Clauses to ensure the application of the common privacy safeguards for customer data.
- Ability to segregate data across different regions upon customer’s request.
Below you can find the overview of the local localization laws and its relevance to the AppXite Platform.
| Region | Regulation | AppXite Platform |
| European Union |
Transmitting personal data to third countries are subject to certain restrictions. Unless the country is recognized as a secure third country[1] the transfer requirements apply according to the Chapter V of the GDPR | All data is stored within the EU data centers and are transferred according to the data processing agreement and EU Model clauses. |
| Australia | According to the Art.77 of the Personally Controlled Electronic Health Records (PCEHR) Act, the health-related data (e.g. health records) cannot be stored or processed outside Australia | Not applicable as AppXite does not process health-related data. |
| India | According to the 2018 Personal Data Protection Bill, India applies similar rules as the EU in terms of personal data localization, with the exception that sensitive personal data must be localized in India. Personal data can be transferred outside India according to the standard contractual clauses defined by the Data Protection Authority of India. | Data is transferred and processed according to the data processing agreement and standard contractual clauses. Sensitive data is not processed. |
| Canada (applies only for (British Columbia & Nova Scotia) | British Columbia and Nova Scotia, have enacted laws requiring that personal information held by public institutions are stored and accessed only in Canada. | Not applicable. |
| China |
According to the Chinese Cybersecurity laws, It is prohibited for financial institutions to store or process personal information relating to identity, property, account, credit, and financial transactions outside of China.
It is prohibited for network providers and critical information infrastructure operators to store and process data outside China. |
AppXite will not fall under this category since AppXite would not be deemed, network operator or critical information operator. |
Add comment
Please sign in to leave a comment.