GDPR & Privacy Shield Compliance

Update Effective July 16, 2020: Prior to July 16, 2020, Bitglass was GDPR compliant in accordance with the EU-US Privacy Shield Framework. Subsequent to the European Court of Justice decision of July 16, 2020 invalidating the EU-U.S. Privacy Shield Framework, Bitglass is working on appropriate next steps to ensure continued GDPR compliance including modifying our existing agreements to comply with the Standard Contractual Clauses in accordance with EU law and applicable EU regulations.

Bitglass, Inc. (“Bitglass”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, and Switzerland, as applicable, to the United States in reliance on Privacy Shield. Bitglass. has certified with the Department of Commerce to participate in the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield frameworks (collectively, the “Privacy Shield”) by adopting and implementing the Privacy Shield Principles (the “Principles”). Our certification can be found here, and it covers Bitglass and its affiliates. If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. More information about the Privacy Shield can be found at

Bitglass is committed to complying with the Principles with respect to all of the Personal Data it receives in reliance on the Privacy Shield. This Privacy Shield Notice supplements the Bitglass Privacy Policy where you will find details about the types of Personal Data we collect, the purpose for which we collect and share Personal Data and your rights with respect to our processing of your Personal Data. 

Bitglass is responsible under the Principles for the processing of Personal Data it receives under the Privacy Shield and subsequently transfers to third parties acting as agents on our behalf. Bitglass remains liable if such an agent processes Personal Data from the European Economic Area, the United Kingdom, and Switzerland in a manner inconsistent with the Principles (unless Bitglass can prove that we are not responsible for the event giving rise to the damage).

You may contact us at if you have questions about our Privacy Shield compliance. For any inquiries we cannot resolve directly, you may contact BBB EU PRIVACY SHIELD (“BBB”), which is a U.S.-based independent dispute resolution body that is available to you free of charge. You may reach them at If neither Bitglass nor BBB is able to resolve your inquiry, you have the right to invoke binding arbitration. Bitglass is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).

EU individuals and Swiss individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield self-certification, Bitglass has committed to respect those rights. Because Bitglass personnel have limited ability to access data our customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the Bitglass customer who submitted your data to our services. We will refer your request to that customer, and will support them as needed in responding to your request.