iPaaS Statement of Compliance for the GDPR
Commitment Statement
The EU’s General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
Patchworks support the GDPR and have put the appropriate policies, procedures and safeguards in place in order that our Integration Platform as a Service (iPaaS) complies with the applicable GDPR regulations as a Data Processor.
How Patchworks iPaaS Processes the Personal Data that you Control
Patchworks Integration Platform as a Service (iPaaS) handles personal data when transmitting and/or transforming customer and order data between eCommerce, Enterprise Resource Planning (ERP), Warehouse Management Systems (WMS), Customer Relationship Management (CRM), Email Service Providers (ESP) and other systems and platforms.
All data is transmitted and received via secure communication methods and, where appropriate, data is encrypted.
Where Patchworks iPaaS transmits and/or transforms customer/contact data independently (i.e., not as part of a shipping notification, order update or other associated service) email addresses are stored for logging and matching purposes.
Personal Data is retained, from the point of initial transmission/transformation, for up to 6 months from the end of the client’s relationship with Patchworks Media Ltd. Personal Data can be deleted more frequently. For any access, update or deletion requests with regard to your customers’ personal data, please email info@patchworks.co.uk
In order to make our customers’ ongoing GDPR compliance easier, users of Patchworks Tapestry are able to request that Patchworks search for, export, update and/or delete personal data from their customers that is stored in their individual iPaaS database.
Upgrade pathways for customers on v4 and v5 have been offered to customers once the functionality has successfully rolled out to Tapestry instances.
Who Else Processes Your Customers’ Personal Data?
If you haven’t already done so, we strongly recommend that you contact your other key suppliers. Whilst we are not in a position to provide an exhaustive list, that will include companies that work with you on the following:
|
AWS |
Analytics |
EU( London) |
|
Cloudflare |
DDOS, Threat Mitigation |
GB |
|
Atlassian |
Process & Project Management |
|
|
AWS EKS |
Cluster |
EU West (London) |
|
Vercel |
Infrastructure |
|
|
Sentry |
Monitoring |
US |
|
Elastic |
Search |
EU West (London) |
|
MailGun |
|
EU |
|
DevTeam |
Support & Dev |
Philippines |
|
HashiCorp Vault |
Security |
London |
|
Hasura |
GraphQL |
London |
Patchworks as a Data Controller
Whilst Patchworks are a Data Processor for the purposes of our iPaaS, we are a Data Controller with respect to our own day to day business operations.
Patchworks store some, or all, of the following personal data for contacts at their clients, partners and prospects, where those contacts have freely provided the information:
- Forename
- Surname
- Job Title
- Company Name
- Phone Number
- Mobile Phone Number
- Address
- Email Address
Patchworks has invested in modern, cloud-based technologies for storing and processing personal data, ensuring that data is encrypted, where necessary, secure and audited.
Personal data is retained and processed in accordance with the appropriate lawful bases defined in the GDPR. For a copy of Patchworks’ Retention Schedule, or for any further questions with regards to the portability, security and auditing of data, please contact us. Either by emailing info@patchworks.co.uk or by calling +44 (0) 115 727 0404.
Do You Want to Know More?
For further information on Patchworks and our approach to the GDPR, please refer to the following: