Privacy policy
Introduction
In line with the GDPR and national law for the protection of personal data, Wegrow is committed to protecting your privacy when you use our services. This privacy policy tells what to expect from Wegrow when we are processing your personal data.
How do we collect information ?
Your personal data is collected when your users register on our platform. To do this, the client sends Wegrow a list of future users of the platform.
What types of information Wegrow is collecting ?
Respecting the principle of minimising personal data, Wegrow only collects the information necessary for the operation of its best practice sharing platforms.
The only personal data collected by Wegrow are:
● Business mail
● First name and last name
● Business information (country, job type)
● Functional logs
● Cookie session
Who has access to your information ?
In accordance with our access policy, all data contained on our customers' platforms is confidential by default and requires access authorization.
Only persons with a need-to-know are authorised to access Wegrow customers' personal data. This includes the CSM team in charge of interaction with the client and its users, as well as certain members of our technical teams, only if the situation (incident, bug etc.) requires it.
All access to data on our platforms is logged.
Who are our subprocessors ?
To ensure the proper functioning of its services, Wegrow works in collaboration with various third-party services as:
● Azure to host the data;
● Brevo to send transactional mail;
● Sentry, to collect applicative logs;
Wegrow list and document every of its subprocessor.
Notification of a change of a subprocessor
Wegrow will notify any changes to the sub-processor that have an impact on the processing of personal data.
Any change cannot be made without the approval of the security manager, who will ensure that personal data protection requirements are respected by the new sub-processor.
The CSM, assisted by the Security Officer, is responsible for communicating the status of changes and their implications to the customers concerned.
How is your information stored and protected ?
To store its customers' data, Wegrow uses Azure Database for PostgreSQL. In order to ensure continuity of service in the event of a disaster, data is stored in two different datacenters in two different regions:
● Ireland
● Netherland
In transit, the data is encrypted with transport layer security Encryption (SSL/TLS).
At rest, the data is secured by the PostgreSQL uses of the FIPS 140-2 validated cryptographic module for storage encryption of data at rest. The data is encrypted on disk, using AES 256-bit encryption.
The keys are managed by azure itself.
How long and when do we delete your information ?
Personal data is kept for the duration of the contract, with the exception of logs, which are kept for a further 90 days for security purposes.
What are your rights ?
Access: You can request access of any of your personal information held by Wegrow
Rectification: You can ask us to correct any incorrect information
Deletion: You can ask us to delete your personal information. Wegrow can refuse to delete
information if we have a lawful reason to keep this. Deletion of information could also impact the use of the product.
Portability: You can ask us to transfer your personal data to different services or to you
For any request related to your rights among your personal data, you can contact your CSM that will be in charge of answering to you with the help of the security officer.