WebExercises and General Data Protection Regulation (GDPR)

WebExercises has made changes to comply with the EU General Data Protection Regulation (GDPR) by May 25, 2018. The purpose of GDPR is to provide a set of standard data protection laws across the European Union related to the processing of personal data.

Your role as part of the GDPR
You are considered the controller of any personal data entered into the WebExercises software. You determine the purposes of processing the personal data. It is your decision to either enter personal data into WebExercises, for example, what legal obligations you are required to document your treatment, or to use WebExercises as a tool for creating exercise programs without associating them with an identifiable data subject.

What personal data can be input into WebExercises software?
You as the controller may choose to enter the following personal data, First name, Last name and Email address.

WebExercises’ role as part of the GDPR
WebExercises is providing services to you in the form of a software for creating personalized exercise programs. Our service is offered online and personal data may be entered into the software by you. In this sense WebExercises is considered the processor of the data entered into the software and stored on its servers. WebExercises processes the data on your behalf based on the License Grant in our Terms of Use agreement.

In where its own customer registers are concerned, WebExercises acts in the role of data controller.

How WebExercises is prepared for GDPR compliance
On a general level our lawful base for processing personal data on your behalf is by a license or similar agreement based on which we deliver the WebExercises service to you. Access to the personal data we process on your behalf is restricted to situations where WebExercises personnel are required to provide, for example, technical assistance to you. All WebExercises personnel with access to personal data stored in our systems are subject to a non-disclosure agreement that extends also beyond the termination of their work contract.

In addition to using GDPR compliant storage systems, WebExercises:
• uses encryption of the data at rest with an AES symmetric block cipher;
• uses encryption of data in transit with TLS/SSL communications;
• does not allow third parties have access to the data;
• requires all our online customers to have a Data Processing Agreement (DPA) in place with us.
• business processes allow only a limited number of senior-level WebExercises technology staff access to the storage systems, for the purposes of technology maintenance.

 

How WebExercises manages data with 3rd party processors

Provider data:

WebExercises utilizes Authorize.net to process and store credit card information.

Provider First name, Last name - Authorize.net, Mail Chimp, Zoho

Provider email address - Authorize.net, Mail Chimp, ZenDesk, Zoho

Business name - Authorize.net, Zoho

Business Address - Authorize.net, Zoho

State - Authorize.net, Zoho

Postal Code - Authorize.net, Zoho

Country - Authorize.net, Zoho

Provider Client data:

First name, Last name - n/a

Email - Mail Chimp

GDPR includes your right to be informed about the data we hold about you and your right to be forgotten – meaning the deletion of your personal data from our registers – under certain conditions. Please be aware that under GDPR you also have the obligation to inform us about any changes in your personal data and to rectify inaccurate information about you that comes to your attention.

WebExercises will comply with requests from its customers to help fulfil their legal obligations. This might include providing assistance by giving information about data types and categories processed by us, or by providing background information on the way data is secured within our system.

Please direct any questions you have to WebExercises regarding our GDRP policies and compliances to legal@WebExercises.com.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk