With respect to the European Economic Area and Switzerland, Pantheon complies with privacy regulations pursuant to the General Data Protection Regulation (Regulation 2016/769 or GDPR). For the United Kingdom, Pantheon complies with the GDPR and the Data Protection Act of 2018.
Pantheon is a data processor with respect to its WebOps Services. In accordance with those obligations, Pantheon maintains data protection standards to safeguard personal information that may be disclosed under the Agreement, using appropriate technological and organizational security measures. WIth respect to the EEA, Switzerland and the United Kingdom, international transfers of personal data from those regions to the United States and any onward transfers are performed according to the applicable standard contractual clauses.
You can find our list of subprocessors and our client data processing agreement in our online client legal center.