If monday.com is acquired or merges with another company, your personal data may be transferred to the new owner, though the policy states you will be given notice before this happens.
This analysis describes what Monday.com's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
A corporate acquisition could result in your personal data being transferred to a new company with different privacy practices, and the notice commitment, while helpful, may not provide a meaningful opportunity to prevent the transfer.
Your personal data could be transferred to a new company if monday.com is sold or merges, and while you will be notified, the policy does not provide an opt-out right for this transfer in most jurisdictions outside the EU.
How other platforms handle this
If Canva is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website prior to your information becoming subject to a different privacy policy.
In connection with any reorganization, restructuring, merger or sale, or other transfer of assets, we will transfer information, including personal information, provided that the receiving party agrees to respect your personal information in a manner that is consistent with our Privacy Policy.
Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission's adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of ...
Monitoring
Monday.com has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If monday.com is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.— Excerpt from Monday.com's Monday.com Privacy Policy
(1) REGULATORY LANDSCAPE: Business transfers involving personal data engage GDPR Article 6 (lawful basis for the transfer to a new controller), CCPA/CPRA (which requires disclosure of business transfer as a purpose for data collection), and FTC Act Section 5 (material retroactive changes to privacy policies). The FTC's guidance on business transfers and privacy commitments is relevant, particularly the principle that acquired companies must honor pre-existing privacy commitments. (2) GOVERNANCE EXPOSURE: Low to Medium. The commitment to provide notice before the transfer occurs is a meaningful protection. However, the policy does not state that users will have an opt-out right prior to the transfer, and the notice may be provided with limited lead time. For enterprise customers, the business transfer clause in the DPA should address what protections apply to customer data during a change of control event. (3) JURISDICTION FLAGS: GDPR-regulated users have the right to receive notice of a new controller and to understand the legal basis for continued processing. UK GDPR imposes equivalent requirements. California CPRA requires disclosure of business transfers as a category of disclosure in the privacy notice. Organizations in heavily regulated sectors should evaluate whether a change of control triggers notification obligations to their own regulators. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise agreements should include change of control provisions that address data portability, termination rights, and DPA continuity in the event of an acquisition. Procurement teams should confirm that a qualifying exit clause exists if monday.com is acquired by a competitor or an entity with incompatible data practices. (5) COMPLIANCE CONSIDERATIONS: Organizations should review their vendor contracts with monday.com for change of control provisions and assess whether the existing DPA would remain effective under a new corporate parent. If an acquisition occurs, a new DPIA and vendor reassessment should be triggered.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
A corporate acquisition could result in your personal data being transferred to a new company with different privacy practices, and the notice commitment, while helpful, may not provide a meaningful opportunity to prevent the transfer.
Your personal data could be transferred to a new company if monday.com is sold or merges, and while you will be notified, the policy does not provide an opt-out right for this transfer in most jurisdictions outside the EU.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Monday.com.