WORKetc has always understood the importance of keeping your personal information safe and secure.
You put your trust in us to help you organize and access your data in a safe, secure, and efficient manner.
With the introduction of the European Union’s General Data Protection Regulation (GDPR), WORKetc is doing, even more, to protect your personal information and right to privacy through the provision of additional resources and procedures designed to address regulations set out by the GDPR.
Below you will find the following GDPR Resources:
Please Note: The content on this website is provided for general information purposes only and does not constitute legal or other professional advice or an opinion of any kind. Users of this website are advised to seek their own, independent specific legal advice.
On May 25th, 2018 the European Union (EU) introduced new legislation to protect the personal information of EU citizens – these new regulations are known as The General Data Protection Regulation (GDPR).
From a top-level view, the new GDPR laws have a few simple goals:
You can find some useful GDPR Resources here:
We understand that you may have a few questions regarding WORKetc & GDPR. Below we answered a few of the most common questions we have received about our Data Privacy Policy.
WORKetc host all the data that we collect on Amazon Web Services (AWS).
AWS is a global leader in Infrastructure as a Service (IaaS) and they take physical and network security seriously. Their data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. Access to their data centre floors requires two-factor authentication a minimum of two times.
AWS Maintains several industry compliance certificates that guarantee the safe transfer, storage, and access to your data.
All AWS Infrastructure is GDPR compliant and adheres to the following international certification standards:
All AWS Infrastructure also adheres to the following EU specific certification standards:
You can find a full list of AWS Compliance Programs here. You can also press on any certificate above to receive more details on the specific certificate.
An annual Security Vulnerability Audit is conducted by Synopsys (A company worth $2 Billion USD & listed on Nasdaq 100 Leading Security Company). Any potential threats or vulnerabilities identified by the audit are fully addressed by WORKetc as a matter highest priority priority and resolved in the shortest time possible.
WORKetc is dedicated to ensuring your data stays secure. In the extremely unlikely event of a data breach. We guarantee that we will advise you within 72-hours of the time we became aware of the data breach.
Within the data breach notification, we will provide you with all the required incident details as indicated in Article 33 of the GDPR (found here).
WORKetc will send the incident notification the account owner listed on the WORKetc account.
Members of our Product Support team often require access to the systems that are used to manage personal customer data.
We ensure that all WORKetc staff with any access to any customer personal data have signed a Non-Disclosure and Confidentiality Agreement prior to allowing said employees any access to your data.
WORKetc also maintains a comprehensive off-boarding process to ensure that if an employee’s employment is terminated, they lose all access to all WORKetc systems.
A member of the WORKetc Support team will never access personal customer data unless they are given specific instruction from the customer to-do so (this can either be done by phone, email or online webform).
When any member of the WORKetc support team accesses your Customer Personal Data, we have the following security systems in place:
1.) Establish an encrypted connection via TLS 1.2 (2048 bit) encryption layer to the database server through specified access in the AWS proprietary firewall.
2.) Establish a console session or connect using SQL Management Studio and query data as needed.
In addition to our security system, WORKetc logs all instances when a WORKetc employee accesses any Customer Personal Data and stores those logs securely on our encrypted database.
For additional security, the account owner can choose to remove all WORKetc support access to all Customer Personal Data. The Help Article with instructions on this feature can be found here.
WORKetc understands the importance of ensuring that your data is never lost. For this reason, our systems automatically backup our entire WORKetc database every 5 hours. When a backup is created, it is automatically deleted after 14 days.
To back up our systems in a secure and efficient manner, we use a backup method known as a data snapshot. This method of data backup ensures that the data remains anonymous. After your WORKetc account is closed, all customer personal data we hold is fully removed from our database and the archived backups are fully removed 90 days after account closure. We retain this data for the stated period for your peace of mind – making it available during this period should you require your own discrete copy.
If you wish to request the immediate removal of all your customer personal data, you can do so by submitting this form.
You also have the option of creating a backup of your WORKetc account by going to Settings -> Manage Account -> Backup Account, this will allow you to create a SQL Server 2016 database backup.
Please Note: that WORKetc cannot be held responsible for what you choose to do with your data after you export it out of WORKetc.
WORKetc has several systems to ensure the security of all data that we process:
You can read more about each point above by pressing on any of the system names above.
WORKetc also utilizes Amazon Web Services (AWS) to host all our data, you can read more about the security and encryption capabilities of AWS.
A DPA is an agreement between WORKetc and our customers that regulates the processing of customer personal data that we perform on your behalf.
The DPA outlines the commitments that WORKetc (Data Processor) and you (Data Controller) have agreed to in order to ensure the lawful processing of your customer personal data.
WORKetc has updated our Terms of Service (found here) on May 25th, 2018 to incorporate the DPA, therefore, you will not require to sign a DPA agreement as you have already agreed to our Terms of Service when you signed up for WORKetc.
For your convenience, you can download a copy of the DPA here.
WORKetc does not provide any limitations to the personal data that you choose to store in WORKetc, with the exception of data that may include questionable legal or moral content (for example pornography, illegal drug use, hate crimes), or which has been obtained by fraudulent activities or indirect methods (for example, third-party data that you are not authorised to use, purchased email lists or contact records).
However, you have the sole responsibility for the legality, reliability, integrity, accuracy and quality of your Customer Data.
Please Note: Even though WORKetc allows users to store custom data on our platform, we do not allow you to store Sensitive Personal Data (as defined by the EU Data Commission Office).
WORKetc makes use of several third-party providers to ensure our quality of service.
You can find a full list of our Sub-Processors here. On this page you will also be able to:
WORKetc operates our infrastructure using several servers provided by Amazon Web Services (AWS). Below is a breakdown of where your data is stored based on region:
If you are in the EEA your data will be hosted in Frankfurt, Germany. However, AWS has all the appropriate certifications in place to allow your data to be transferred to any one of our other severs without breaching the applicable data protection regulations.
Should your data move outside of the EEA zone, for the purposes of providing geographic redundancy to ensure the maximum protection possible of your data, the servers your data will be stored on will still be compliant with the applicable data protection regulations.
The GDPR regulations that a business must meet are broken down into two different roles:
When our customers accept the WORKetc Terms of Service, they permit WORKetc to maintain the data from our customers on their respective WORKetc accounts. In this case, our customers are the data controllers (as they determine how and why they collect data) and WORKetc is the data processor as we actually maintain the data the controller collects on our system, so we act as the data processor.
A data flow map shows how data and information move through WORKetc.
To gather this data, our team answered the Who, What, When, Where and Why of the data we collect and process.
If you would like to obtain a copy of this document, simply fill in the form below and we will send it to you via email:
A DPA is an agreement entered into by WORKetc and our customers that regulates the processing of customer personal data that we perform on your behalf.
The DPA outlines the commitments that WORKetc (Data Processor) and you (Data Controller) have agreed to in order to ensure the lawful processing of your customer personal data.
WORKetc has changed our Terms of Service on May 25th, 2018 to incorporate the DPA, therefore, you will not require to sign a DPA agreement as you have already agreed to our Terms of Service when you signed up for WORKetc.
For your convenience, you can download a copy of the DPA here.
The WORKetc Terms of Service have been updated on May 25th, 2018 to account for changes in Data Privacy Regulations. You can review the updated language by pressing here.
Please contact support@worketc.com if you have any questions.
The WORKetc Privacy Policy has been updated on May 25th, 2018 to account for changes in Data Privacy Regulations. You can review the updated language by pressing here.
Please contact support@worketc.com if you have any questions.
A sub-processor is identified as a third-party company (Data Processor) engaged by WORKetc who has or potentially will have access to or process data (which may contain Customer Personal Data) of our customers.
As per our Terms of Service, WORKetc is happy to provide our customers with a list of Sub-Processors that we utilize to provide our services.
Below you will find the most recent list of WORKetc Sub-Processers:
Name of Sub-Processor | Purpose | Location |
WPengine | WPengine provides website hosting services to the processor and facilitates the product support team to communicate with customers directly. | United States |
SocketLabs Acquisition, LLC | SocketLabs Acquisition, LLC provides the secure delivery of emails sent by both the Processor and Controller using the WORKetc platform. | United States |
Google Inc. | Google Inc provides the Processor with email & calendar services used to facilitate communication both with customers and internally. | United States |
Amazon Web Services | Amazon Web Services (AWS) provides the primary infrastructure used by the Processor to host Data submitted to the WORKetc service. | United States |
Grasshopper | Grasshopper (the subsidiary of LogMeIn. Inc) provides the Processor with telecommunication solutions to facilitate communication with customers. | United States |
YouCanBookMe | YouCanBookMe limited provides the Processor with tools to facilitate scheduling of our support team and arranging client meetings. | United States |
This listing was last updated on May 25th, 2018.
Please Note: The Integrations, API, and payment services we provide are NOT classified as Sub-Processors. The customer personal data that is provided to these services is done directly by our customers.
Customers are responsible for arranging all required agreements directly with these services in order to meet the data protection laws that apply to them. WORKetc will not be held liable for the personal customer information that you provide to these services.
By default, no direct notification will be provided for any updates to this listing. Customers are responsible for checking this listing regularly.
If you wish to receive an email notification everytime we make a modification to our Sub-Processors, you can do so by submitting the form below (please note, you will have to login using your WORKetc account credentials to access this form):
WORKetc will update this list every time we introduce a new Sub-Processor. If you have any objections about a new Sub-Processor that we are using to provide our services, we ask that you fill out the following form within 30 days of the new Sub-Processor being added to this list:
To file a request to receive personal data that we hold about you or on your behalf, please fill out the form below.
Please be sure to fill out the form carefully to ensure the efficient processing of your request:
Correcting Information – If after you have received the information you have requested you believe that:
Then you should send an email to support@worketc.com.
As stated within the WORKetc DPA, WORKetc as the Data Processor is encouraged to address any required regulations relating to the processing of Personal Data.
This includes (if deemed necessary) to allow Data Controllers (our customers) to request an audit of how we store their personal data. If you believe a data audit is required, please fill in the form below.
Prior to filing the form below, please be aware of the following: