The following letter comes from Sylvia Sundholm, Senior Lead Manager, Privacy Operations, LinkedIn Legal Privacy Team. Access to this letter was sent to Glint customers via Release Notes on November 19, 2022.
Dear Glint Customer,
At LinkedIn, we work hard to maintain the trust of our customers. These efforts include working to ensure we are compliant with global data protection laws and regulations. It is important to us that we keep you informed of any changes we make. As you may be aware, the European Commission issued modernized Standard Contractual Clauses (“SCCs”) for personal data transfers from the EU/EEA.
LinkedIn began using the new SCCs starting September 27, 2021 on all new LinkedIn subscription agreements, order forms and other customer transaction documents. We are reaching out to you because you or your company may have an existing agreement with LinkedIn which was executed prior to September 27, 2021, which will now be updated to include the new SCCs. This is a regulatory requirement for all businesses who transfer personal data outside the European Economic Area, meaning that these changes to our Data Processing Agreement (“DPA”) will only apply if you or your business shares the personal data of EU data subjects with LinkedIn or if LinkedIn processes it on your behalf.
The good news is that you do not need to take any action. The new SCCs have been incorporated into our DPA and will apply to all LinkedIn services agreements from 10 business days of this email, unless we hear from you directly.
If you entered into your customer agreement with LinkedIn after 27 September 2021 or have already updated your existing agreements with the new SCCs, you can disregard this email.
If you require an executed amendment to your existing agreement to adopt the SCCs you can sign this PowerForm, which has been pre-signed by LinkedIn. If you have any questions, please contact your LinkedIn sales representative immediately. If we don't hear from you within 10 working days of this communication, we will deem that you have accepted this amendment to your existing agreement with LinkedIn.
ENDS
- A separate landing page will include the finer legal details as follows:
In order to comply with our legal obligations, we have incorporated the 2021 SCCs into our DPA as follows:
- We execute the 2021 SCCs for data transfers of EU Personal Data described in the existing agreements, using:
a. Clause 7 of the DPA to incorporate Module 2 of the SCCs for Controller to Processor data transfers;
b. Schedule A or the “Description of the Transfer” in our DPA as Annex I of the Standard Contractual Clauses;
c. Schedule A of the DPA includes a link to LinkedIn’s Subprocessor List as required in Annex III of the Standard Contractual Clauses. LinkedIn’s list of Subprocessors is publicly available here and is updated when we begin using new Subprocessors. If you would like to receive prior notice of updates to our list of Subprocessors by email, please subscribe here using the email address associated with your LinkedIn enterprise account;
d. Schedule D of the DPA regarding the “Technical and Organizational Measures Including Technical and Organizational Measures to Ensure the Security of the Data” is incorporated as Annex II of the SCCs.
- If LinkedIn processes the personal data of UK data subjects pursuant to your Existing Agreement with LinkedIn, the 2021 SCCs are deemed to be amended with a UK Addendum in accordance with sections 7.2, 9 and 12 of the DPA. If you would like to execute the UK Addendum with us separately, you may do so using this PowerForm, which has been pre-signed by LinkedIn.
- In our DPA, LinkedIn commits to comply with all applicable “Data Protection Requirements” which includes the General Data Protection Regulation, and any applicable laws, regulations, and other legal requirements relating to data transfers from all jurisdictions where our customers are based.
- As LinkedIn processes Customer personal data in the US, the following resources may also be useful to assist you in complying with obligations:
a. LinkedIn’s Transparency Report provides information about how we respond when governments around the world ask for member data or for content to be removed.
b. Our Law enforcement request guidelines detail the processes that LinkedIn has in place for responding to requests from government and law enforcement agencies.
c. LinkedIn has carried out a Transfer Impact Assessment (TIA) for its transfer of Customer personal data to the US. A summary of this assessment is available from your customer rep on request.