Skip to content
Platform Strategy

Geoisolation Policy

!!! warning “Trimble Confidential”

This is a **confidential internal Trimble document** and should only be used to make decisions on geoisolation requirements. Do not share this document publicly or with customers or vendors.

!!! info “New Region Approval Process”

Find the approval process to add new regions to platform services [here](https://docs.google.com/document/d/1Db27-FIAoNUIHQEjVFrEOj16CalFajBdxCxt46wwuDk/edit?tab=t.0).

Author(s):

  • Nick Banta, Corporate VP - Chief Information Security Officer
  • Megan Glass, Sr. Director, Legal

Additional Approvers: Juergen Kesper, Chris Peppler, David Kohler, Eric Lambert, Jeff Andersen, Kim Tomasak, Jared Bloch

Last Reviewed: September 2025

Trimble’s policy is to comply with all applicable laws and regulations and contractual obligations regarding isolating customer data in regions. To control operational costs, it is our policy to not geoisolate data or services based solely on an individual customer’s request without appropriate approval. Any exception to this policy for an individual customer must be evaluated in light of the committed revenue opportunity with the increased operational cost and be approved by the applicable Sector Vice President.

A customer request for geoisolation of its data must be reviewed by the Trimble business stakeholder with the divisional Trimble legal counsel. If Trimble legal counsel determines that geoisolation is required in order to provide services to the target customer due to applicable law, rule, or regulation, or Trimble legal counsel determines that geoisolation is not legally required but the business still desires to provide geoisolation to a target customer, the business stakeholder should escalate the request to the appropriate Sector Vice President for the business segment and division to evaluate and make the decision whether the increased operational cost required to meet the geoisolation requirement is justified based on the committed and expected net new customer revenue arising from supporting geolocation in that business offering. This decision must be properly documented.

If any decision is made to establish a new location for a Trimble product or service in order to geoisolate, the Sector Vice President of the affected area and the General Counsel must be notified.

Does GDPR Require Geo-isolation?

Personal data can be transferred from Europe subject to certain requirements described in the data privacy framework and data processing agreements. The Trimble Office of Data Protection (ODP) and Legal teams will undertake to further educate all stakeholders on these requirements.

To ensure properly documented adherence to privacy laws, Trimble enters into agreements with customers through the execution of Data Processing Agreements and SCC (Standard Contractual Clauses) documents. These SCC documents spell out how we store and transfer personal data. Sales teams must use our Trimble SCC document, which informs customers of our intent to perform cross border transfers. Our ability to enforce our stance relies on our ability to maintain and enforce these contract documents.

Geoisolation requests, subject to approval, as set forth on the previous page, usually fall into one of the following categories:

  1. Statutory or regulatory requirement. This is a direct legal obligation on the customer in order to do business in a particular jurisdiction. Whilst some regulatory requirements do enforce that data be maintained in certain geographical areas, other circumstances can mitigate the operational impact and must be carefully considered. Agreement to a geoisolation business obligation in this situation should only be done in accordance with the process set forth on the first page.

  2. Request for a Trimble contractual requirement. This is where a customer requests a direct contractual obligation by Trimble to maintain its data or certain categories of its data in a particular jurisdiction. Trimble should take the necessary steps to comply with its contractual obligations. These are per-customer exceptions and are not currently tracked in any centralized manner. Trimble may need to meet this requirement if we wish to win or keep this customer’s business. Agreement to a geoisolation business obligation in this situation should only be done in accordance with the process set forth on the first page.

  3. Customer pass-through contractual requirement. The customer may be under contractual obligations to a third party to maintain its data or certain categories of its data in a particular jurisdiction. For example, the customer may have a government project and, per the terms of the customer’s government contract, the data must be maintained in a particular location. Trimble may need to meet this requirement if we wish to win or keep this customer’s business. Agreement to a geoisolation business obligation in this situation should only be done in accordance with the process set forth on the first page.

  4. Policy or preference of customer. Some customers may have a corporate policy or preference to keep their data in a particular location. This is a market-driven demand. Trimble may need to meet this requirement if we wish to win or keep this customer’s business. Agreement to a geoisolation business obligation in this situation should only be done in accordance with the process set forth on the first page.

Other Reasons that Geoisolation is often (improperly) requested include:

  1. Conservative understanding of regulatory requirements: Laws are interpreted by lawyers, and a customer’s lawyer may make a geoisolation request based on a conservative understanding of the regulations or simply as a matter of course in case the law changes. A business or procurement person may attempt (incorrectly) to interpret regulatory requirements regarding geoisolation. Also, the scope of the data that needs to be isolated is normally not thoroughly defined, which leads to complexity in how/what to isolate.

  2. A customer notion that separate environments would be more secure: Trimble’s ability to protect our customer data is enhanced by having fewer places to look for malicious activity and ensuring strong and secure operational controls are in place.

For a broader perspective on the balance between customer requirements and Trimble’s posture, see the position Finding The SaaS Sales Opportunity-Cost Balance.