Security at WrenchIT

WrenchIT and GDPR – Our Commitment to Data Privacy

WrenchIT is committed to compliance with the General Data Protection Regulation (GDPR). The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.
Our customers can trust that we have made GDPR a priority and have devoted significant resources toward our efforts to comply with GDPR. This post outlines our approach and progress to date.
Learn more what we are doing
Like many other software companies, we are implementing our company-wide GDPR compliance strategy leading up to May 25, 2018 and beyond. We appreciate that our customers have requirements under GDPR that are directly impacted by their use of our services, and we are committed to helping our customers fulfill their requirements under GDPR. Below are a few examples of initiatives we have committed to in order to satisfy GDPR requirements that apply to both our customers and us:

  • Publishing an updated Privacy Policy that goes into effect on May 25, 2018.
  • Committing to security and privacy measures required under GDPR. You can view details on our current security measures at the end of this document.
  • All data is stored within EU but data based might be based on you location or third party information be transferred outside of the EU, committing to appropriate data transfer mechanisms as required by GDPR.
  • Assisting our customers with satisfying their GDPR data security and privacy requirements as described at the end of this document as notifying regulators of personal data breaches on our systems and promptly communicating any such breaches to our customers and end-users.
  • Ensuring our staff that access and process our customer’s personal data are bound to maintain the confidentiality and security of that data.
  • Holding any subprocessors that handle our customers’ personal data to the applicable data management, security and privacy standards required under GDPR.
  • Committing to carrying out data impact assessments and consulting with EU regulators where appropriate.
  • If required by customers we will sign a separate Data Processing Addendum.

Designed for GDPR compliance

  • Making it possible for our customers to define how long different data will be stored in the system after it will be deleted automatically.
  • All customer data is encrypted where customers can define data as sensitive with increased encryption is applied.
  • All transferred data is encrypted with appropriate standards.
  • All data is stored at recognized leading hosting companies in EU with redundant environments.
  • When deleted we warrant that data is deleted throughout the system including any backups.