Wink Reports and the GDPR
If you live in Europe, you’d be aware that the General Data Protection Regulation (GDPR) is effective as of 25 May 2018. Replacing the Data Protection Directive 95/46/EC, the GDPR is the most significant change to data privacy regulation in recent history, and introduces regulatory responsibilities to both Wink Reports and its users around the handling of personal information.
Wink Reports is committed to the security and privacy of your personal information and account data, and enabling you to meet your own GDPR obligations in respect to handling the personal information of your own clients. You can get more information on the GDPR here.
What has Wink Reports done to prepare for the GDPR?
A significant aspect to the GDPR is ensuring that personal information transferred outside of the EU is afforded the same level of protection as if it were held within the EU.
The Wink Reports platform is located in the United States, on infrastructure provided by:- Amazon: aws.amazon.com;
- Digital Ocean: www.digitalocean.com; and
- Tailor Made Servers: www.tailormadeservers.com
Note that personal information and account data is transferred outside of the European Economic Area to the United States as part of providing the Wink Reports Service to you. In these cases, Wink Reports has taken measures to ensure such transfers are provided an adequate level of protection and remain in accordance with the GDPR.
Wink Reports has updated its Privacy Policy and developed a Data Processing Addendum to accommodate the GDPR’s requirements and other best-practice privacy principles, including clarification of roles and responsibilities around handling of personal data. Wink Reports will continue to review and update these policies and the Wink Reports Terms of Service from time to time.
We’ve also developed some straightforward guidance materials on how to use Wink Reports to action certain data access and portability requests from your own customers (see below).
Who is the data controller and who is the data processor?
You may have seen reference to the responsibilities of “data processors” and “data controllers” under the GDPR.
A data controller is an entity responsible for the means, purposes, collection, entry, use and retention of personal data. A data processor is an entity that processes personal data on behalf of a controller, and in accordance with their instructions.
In your business relationship with Wink Reports, you are the data controller of the personal information of your own business, your end-customers and others that you enter or import into your account, and Wink Reports is the data processor. You determine and control the entry, use and retention of any personal information within your account, and you have direct responsibilities under the GDPR regarding how you use Wink Reports with your customers’ personal data. Wink Reports processes this information as part of providing the Wink Reports service, and in accordance with your instructions and Wink Reports' Privacy Policy and Terms of Service.
Further, in respect to your personal information as a Wink Reports account holder, Wink Reports is also a data controller. You can read our Privacy Policy for more information on how Wink Reports handles your own personal information and our security practices.
Does Wink Reports have sub-processors?
Yes. Wink Reports processes the personal information of your customers and other account data imported or entered by you using Amazon Web Services (AWS), the world’s leading cloud infrastructure service provider, and Tailor Made Servers, a dedicated server hosting service provider.
With respect to control and processing of your own personal information as a Wink Reports account holder, Wink Reports’ processors include Alphabet, Amazon Web Services, Datadog, Digital Ocean, Google, Lucky Orange, Meta, Microsoft, Slack, Sentry, Stripe, Tailor Made Servers, Xero and Zoho.
What resources are available to help me comply with the GDPR?
We’ve developed some straightforward articles to help you action any requests from your customers when exercising their data access and portability rights:
How to delete a connector and all related data
How to delete your account
How to delete or update a record from your reporting data
How to view data relevant to a particular person or client
More information
Wink Reports Privacy Policy
Wink Reports Terms of Service
Wink Reports Data Processing Addendum
GDPR Homepage
UK Information Commissioner’s Office Guide to the GDPR
Contact
If you have any questions about Wink Reports and the GDPR you can get in touch with us at support@winkreports.com.