This one's for you guys @Mo Malayeri @Eli
I was updating privacy policy links in our privacy policy since we are trying to get the Privacy Shield certification. And I had a chance to read through Tribe's privacy policy and DPA. You haven't appointed an EU representative, which is required by Article 27 of the GDPR for non-EU based companies. Most companies don't know about this, and yet it is required in many cases and can result in fines. Since you process user data on a large scale, you probably need one.
You can read more about this here, it's a good overview.
We use GDPR-Rep.eu (this is my personal referral link, but the only way I can give you 10% off their service) which is managed by an Austrian law firm. Their support is very good, and I had questions answered by their attorneys. So I would recommend contacting them to get more information if you're not sure if you need an EU representative.
You can see our landing page here, where users can verify EU representation and submit Data Subject Requests. Plus, supervisory authorities in the EU member states will contact them if there are any issues, so they act as a middleman.
Here's a quick check who needs to appoint an EU representative:
Companies established outside the EU are required to appoint an EU representative according to Art 27 GDPR in the EU if they:
- offer goods and services to individuals in... (More)
