Transfer Impact Assessment

Effective October 15, 2021

This document provides Automox customers who are data exporters with information to assess whether there is a risk to their data subjects of mass surveillance under the United States laws known as FISA Section 702 and EO 12.333.

Automox complies with our legal obligations in all jurisdictions where we do business. We may receive law enforcement requests, which may be subject to non-disclosure orders. Automox has not received any of these requests. We do not collect information typically relevant to a law enforcement investigation.

On September 28, 2020 the United States’ Department of Commerce issued a whitepaper clarifying the limited data types of interest to US intelligence agencies and the privacy safeguards in place, including oversight by the FISA court, to protect the rights of individuals.

Taking into account: (1) the categories of personal data processed by the Automox platform; (2) the business nature (rather than consumer) of personal data processed by the Automox platform; (3) the low likelihood that mass surveillance orders would be issued under such laws as the United States’ Foreign Intelligence Surveillance Act, the United Kingdom’s Investigative Powers Act, and similar laws in jurisdictions such as Canada, France, and Germany; and (4) the relatively low impact to EU citizens’ privacy rights; it is Automox’s position that transfers of personal data by data exporters to Automox (as the data importer) do not undermine the protections afforded data subjects by the Standard Contractual Clauses, the General Data Protection Regulation, and the service agreement between Automox and its customers.