About the Foundation for Public Code

GDPR compliance of our data processing tools

This resource


  1. Docusign
  2. G Suite
  3. Tentoo

The Foundation for Public Code uses these tools to process people’s personal data. Read more about our approach to privacy and the data we collect.

This page was last updated on 24 October 2019.


We manage contracts using Docusign.

Docusign’s GDPR Basics and How DocuSign Can Help says that Docusign relies on binding corporate rules:

How is DocuSign preparing for the GDPR? As an organization focused on earning customers’ trust and handling their documents with care, DocuSign has developed a strong compliance culture and robust security — reflected in its ISO 27001 certification and its approved Binding Corporate Rules (BCR). BCR is one of three approaches to ensure adequate privacy protection for personal data exported from the EU to countries like the United States.

G Suite

We use G Suite for email and internal document management.

Google’s introduction to Google Cloud & the General Data Protection Regulation (GDPR) says that G Suite relies on model contracts:

We contractually commit under our current data processing agreements to maintain a mechanism that facilitates transfers of personal data outside of the EU as required by the GDPR. Google’s certification under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks includes G Suite and Google Cloud Platform. We have also gained confirmation of compliance from European Data Protection Authorities for our model contract clauses, affirming that our contractual commitments for G Suite and Google Cloud Platform fully meet the requirements to legally frame transfers of personal data from the EU to the rest of the world.”


We use Tentoo for human resources management, including processing salaries and expenses.

Tentoo’s General Terms and Conditions say that Tentoo doesn’t process data outside the European Economic Area (EEA):

6.1 Tentoo will only process the Personal Data in the European Economic Area (EEA), and will ensure that no processing actions at all take place outside the EEA, unless Tentoo has obtained the Client’s explicit, written consent to this.