GDPR stands for the General Data Protection Regulation and is effective as of May 25th, 2018. GDPR replaces national privacy and security laws that previously existed within the EU with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU.
Our policy is to respect all laws that apply to our business and this includes GDPR. We also appreciate that our customers have requirements under GDPR that are directly impacted by their use of Wise-Sync products and services. We are committed to helping our customers stay in compliance with GDPR and their local requirements.
In addition, here are a few things that Wise-Sync is committed to doing to ensure our compliance with GDPR and that of our customers:
- Where we are transferring data outside of the EU, Wise-Sync commits to having the appropriate data transfer mechanisms in place as required by GDPR. This includes our current Privacy Shield certification.
- Wise-Sync commits to follow appropriate security measures and precautions in accordance with GDPR.
- Wise-Sync will assist with notifying regulators of breaches and promptly communicating any breaches to customers and users.
- We will ensure that employees authorized to process personal data have committed to confidentiality.
- We will hold any subprocessors that handle personal data, including our data center partners, to the same data management, security, and privacy practices and standards to which we hold ourselves.
- Wise-Sync commits to carrying out data impact assessments and consulting with EU regulators where a data impact assessment indicates a high risk associated with processing without an appropriate mitigating strategy.
- Where appropriate, we will offer contractual language documenting our commitments to our customers to support their GDPR obligations.
- Wise-Sync will assist our customers, insofar as possible, to respond to data subject requests our customers may receive under the GDPR.
Wise-Sync and GDPR
Wise-Sync acts as a data processor for your company data, and both a data processor and data controller for Wise-Pay payer records. We’ve mapped out everywhere your data exists and how it moves throughout our systems.
Privacy. We’ve taken a very deliberate approach to respecting our clients’ privacy. We only collect the data we need at any point to provide the promised services.
Data Categories. We categorize the data we collect and receive in the following ways for Wise-Sync: Account Data, Subscriber Data and Wise-Pay Merchant Data, Company Data, Payer Data and Compliance data.
Wise-Sync Account Data. We only collect the minimum required Account Holder Data. This includes the information which you used to register to the site, as well as any information we need to allow you to operate your account. This includes email addresses, names and contact information as well as application specific information such as your IP address(es), third-party application access keys and general information about the records you sync.
Subscriber Data, the data about your customers you transmit to third parties, such as Xero and QuickBooks Online. While we transmit the data for you, you and the third parties that you choose to sync the data to are responsible for the maintenance and security of that data at all times.
Wise-Pay Merchant Data is stored to allow connection of Wise-Pay to third-party payment processors such as Stripe, Braintree, Authorize.Net or Integrapay to process payments for your payers. We also store information which allows us to connect to your third party systems such as ConnectWise, Xero and QuickBooks Online to service requests, update payments and process transactions.
Wise-Pay Company Data is stored for the purposes of retrieval, display and payment of company invoices. The data is stored by Wise-Sync to ensure performance of pages which would ordinarily be unable to serve quickly the data stored in the third-party applications.
Wise-Pay Payer Data is stored for payers when invited to use Wise-Pay, this includes email, name and contact information as well as payment history and interactions with the site
Wise-Pay Compliance Data is stored for the purpose of maintaining data records for compliance and reporting purposes which may be subject to release under federal (and international) anti-money laundering and counter-terrorism laws.
- Wise-Sync Account Data
Wise-Sync Account Data is processed to allow you to access Wise-Sync Systems.
Personal Data Processed
- Account Information
- User Information
- Sync Results
- Detailed Logs (When Enabled)
- Wise-Pay Merchant Data
Merchant Data includes the access details on how to connect to your third party systems (API Keys) and configurations that allow payments to be processed, by what means and from what sources.
Merchant Data allows the connection of Wise-Pay to your third party platforms such as ConnectWise Manage, Xero and QuickBooks Online.
- Merchant API Keys
- Third-Party Application Keys
- Configurations about how Wise-Pay will Operate
- Integration Points and Functions
- Wise-Pay Company Data
Company Data includes infomation about the company to allow payment of invoices outstanding. Including the ability to download a copy of the invoice, view outstanding, past and scheduled payments.
Personal Data Processed
- Outstanding Payment Information
- Company Name
- Contact Name
- Payer History (Past Payments Made)
- Wise-Pay Compliance Data
Information that we are required to keep for compliance purposes, including to meet financial reporting requirements such as Know your Customer (KYC) and International Anti-Money-Laundering requirements.
Personal Data Processed
- IP address
- Name of Payer and Company
- Name of Card Holder (if Paying by Card)
- Amount Being Paid
- Reference Information provided by Merchant Processor of Payment Being Made
We use data hosting service providers in Australia and the United States to host the information we collect, and we use technical measures to secure your data.
While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
If you use our Services, to access API systems managed by you or third parties, the responsibility for securing storage and access to the information you put into the Services rests with you and the third party and not Wise-Sync. We strongly recommend all servers are configured to use SSL and minimum cryptographic standards to prevent interception of data transmitted over networks and to restrict access to the databases and other storage points used.
You will always have control over your information. Here are some of your options:
Access and update your information:
Our Services and related documentation give you the ability to access and update certain information about you from within the Service. For example, you can access your profile information from your account. You can update your profile information within your profile settings and modify content that contains information about you, using the editing tools associated with that content.
Deactive your account:
If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you can deactivate your own account, that setting is available to you in your account settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact Wise-Sync support. Please be aware that deactivating your account does not delete your information; your information remains visible to other Service users based on your past participation within the Services.
Delete your information:
Our Services and related documentation give you the ability to delete certain information about you from within the Service. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Request that we stop using your information:
In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt-out of our use of your information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. If there is delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your administrator does not object (where applicable). If you object to information about you being shared with a third-party application, please disconnect the application or contact your administrator to do so.
Opt out of communications:
You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services. You can opt out of some notification messages in your account settings.
Other than the data we process in the table above, Wise-Sync also collects any information you submit to us through:
- Our website
- Information you provide through our support channels
Yes. At Wise-Sync, we believe in total transparency and will not use your data without your consent. You can still control what information is stored and how it is used by us, for any questions please contact firstname.lastname@example.org.