By maxyale-2 octobre 17, 2021 In

Xero Data Processing Agreement

If personal data is hosted or processed by Xero outside the European Economic Area, the GDPR requires that it remain protected by appropriate safeguards in accordance with EU law. There are several ways Xero achieves this. We use a third-party organization, BrightPay, to provide our payroll software. This includes BrightPay Connect, a self-service option that allows you and your employees to be remotely controlled online to view and manage your payroll data 24/7. GoCardless` position as a data controller is an advantage for our merchants. GoCardless assumes direct responsibility for legal obligations related to the processing of personal data for our payment services. Your end customers have a direct legal relationship with GoCardless regarding the use of their personal data. This means that they can exercise certain rights directly against us. The protection of our customers` data is fundamental in everything we do. To better understand our security practices, you can refer to our security pages: While many organizations are already doing the right thing when it comes to personal data, the GDPR requires that organizations be able to document and demonstrate how they meet privacy requirements.

This means additional documentation of systems, processes and procedures. If a customer stops using our service, they may ask us to delete any data we hold – and we will do so upon request. Certain elements of customers` financial information must be retained for 7 years, but all personal data and contact details will be deleted 12 months after the date on which we ceased to provide services in accordance with our Terms of Use. For data protection purposes in the European Union, when we act as the controller of your personal data, Xero (UK) Limited (company number 06071722) is our representative in the European Union. This policy (together with our Terms of Use and any other documents referred to therein) sets out the basis on which any personal data we collect from you or that you provide to us will be processed by us. This policy applies to the personal data of our customers and their employees (“you”) entered into our system. Stewardship: We assume the responsibility associated with the processing of personal data. We process personal data in order to provide our merchants with the GoCardless service. We also use the personal information we hold to improve the GoCardless service, provide support, prevent fraud and money laundering, and for other related purposes. We do not share personal information with third parties for their own unrelated purposes, such as advertising or other purposes unrelated to the GoCardless Services.

There are many aspects of the GDPR, but it really comes down to making a clear and ethical change with the personal data you process – it means treating it as if you were treating something valuable about yourself. Here are some first practical steps you can take to comply with the GDPR: We will retain your personal data for as long as we have a relationship with you and for a later period when we are required to retain it in accordance with our data retention policies and practices. At the end of this period, we will ensure that it is deleted or anonymized. The GDPR has arrived and it is here to stay. We`ve worked hard to make sure we`re ready (and yes, we`re ready), but the hard work doesn`t stop there. .