Menu
Zrch might conduct processing of personal data for our clients. Our clients are data controllers and are responsible for how the data is processed in any given activity.
Zrch has implementet technical and organisational measures according to the GDPR requirements to protect personal data from disclosure, removal or modification.
We have proactive measures in place to ensure compliance through passwords, encryption, backups and impact assessments.
Security is a serious and important issue to us and our Information Security Management System (ISMS) is following ISO 27001.
This means that we have internal processes in place to handle security proactively and that we also are performing regular external audits on our ISMS.
GDPR gives everyone the right to demand full disclosure of the their personal data from a business at any time, and that this data can be deleted on request. The process for this is outlined in our privacy policy.
| Service | Type of processing | Optional | Region | Reference |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Primary cloud services provider. Used for storing and processing PII data | No | EU (Ireland, Germany, Sweden) | View reference |
| Google Cloud Platform (GCP) | Secondary cloud services provider. | No | EU (Finland, Germany, Netherlands) | View reference |
| Twilio Sendgrid | Transactional email service. Used to send all emails for our service, and as such it processes names and/or emails addresses. | No | US (EU-US Data Privacy Framework) | View reference |
