The General Data Protection Regulation (GDPR) is the most significant change to European data protection legislation in over two decades. It governs the European Union's (EU) protection of personal data, including its processing and transfer, and seeks to unify data protection laws across Europe. It came into effect on 25 May 2018.
While the GDPR aims to protect the processing of personal data within the EU/EEA, it has a comprehensive scope that affects organizations both inside and outside the EU/EEA that collect personal data or monitor the behavior of individuals who reside in the EU. If you receive, control or process the data of subjects within the EU/EEA, then the GDPR most likely applies to you.
Does the GDPR require the storage of personal data in the EU/EEA?
The GDPR doesn't require the storage of personal data within EU/EEA boundaries. It does, however, set specific conditions for allowing the transfer of any personal data outside the territory. These conditions are defined in the GDPR, and organizations must comply with them before moving data across borders.
Disclaimer: Nothing on this website constitutes legal advice on compliance under the GDPR, and the text here is not a substitute for legal advice. We strongly recommend seeking legal advice for accurate information about your GDPR compliance.
The information below refers to our cloud and server versions, as applicable.
Our products are backed by state-of-the-art technology. We protect our data by implementing the best industry-standard encryption on our data, both "in transit" and "in rest." We are also committed to treating all personal data received from EU member countries according to the applicable legislation.
We will inform our customers of incidents involving your data in line with our current and future agreements. We have 24/7 incident response procedures aimed at helping you identify and respond to any events that may breach personal data without undue delay.
ALM Works acts as a Processor for its customers, who are the Controllers of their Personal Data. In accordance with the GDPR, we have built privacy mechanisms into our products to ensure appropriate compliance. We are committed to continuously developing and implementing these mechanisms and carrying out periodic checks of our processes.
ALM Works ensures all of the appropriate safeguards whenever personal data is transferred from the EU to the US-based locations, such as with our Cloud Products, where we host information on Amazon Web Services (AWS). We will continue to monitor any changes in rules and legislation for data transfer mechanisms and are committed to complying with any applicable data protection laws regarding cross-border transfers.
We will keep our information up-to-date to reflect any changes in our policies and our products as required by the GDPR, ensuring GDPR compliance and the ability to receive and process data lawfully. We will notify our customers about changes to our legal documents through the usual channels.
Our teams have made changes to ease compliance with GDPR, including in areas of data minimization, purpose limitation, and data subject rights. We have analyzed our features and flows to make them compliant for our users subject to the GDPR. We will notify customers about any new features through our usual channels.