Our Commitment to GDPR Readiness

GDPR stands for the General Data Protection Regulation and is effective as of May 25th, 2018. GDPR replaces national privacy and security laws that previously existed within the EU with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU. 

 

Our policy is to respect all laws that apply to our business and this includes GDPR. We also appreciate that our customers have requirements under GDPR that are directly impacted by their use of Wise-Sync products and services. We are committed to helping our customers stay in compliance with GDPR and their local requirements. 

 

As part of our commitment to GDPR compliance, we have updated our Privacy Policy

 

In addition, here are a few things that Wise-Sync is committed to doing to ensure our compliance with GDPR and that of our customers: 

  • Where we are transferring data outside of the EU, Wise-Sync commits to having the appropriate data transfer mechanisms in place as required by GDPR. This includes our current Privacy Shield certification.
  • Wise-Sync commits to follow appropriate security measures and precautions in accordance with GDPR. 
  • Wise-Sync will assist with notifying regulators of breaches and promptly communicating any breaches to customers and users. 
  • We will ensure that employees authorized to process personal data have committed to confidentiality. 
  • We will hold any subprocessors that handle personal data, including our data center partners, to the same data management, security, and privacy practices and standards to which we hold ourselves. 
  • Wise-Sync commits to carrying out data impact assessments and consulting with EU regulators where a data impact assessment indicates a high risk associated with processing without an appropriate mitigating strategy.
  • Where appropriate, we will offer contractual language documenting our commitments to our customers to support their GDPR obligations.
  • Wise-Sync will assist our customers, insofar as possible, to respond to data subject requests our customers may receive under the GDPR. 

Wise-Sync and GDPR


Wise-Sync acts as a data processor for your company data, and both a data processor and data controller for Wise-Pay payer records. We’ve mapped out everywhere your data exists and how it moves throughout our systems.

  • Privacy. We’ve taken a very deliberate approach to respecting our clients’ privacy. We only collect the data we need at any point to provide the promised services.

  • Data Categories. We categorize the data we collect and receive in the following ways for Wise-Sync: Account Data, Subscriber Data and Wise-Pay Merchant Data, Company Data, Payer Data and Compliance data.

  • Wise-Sync Account Data. We only collect the minimum required Account Holder Data. This includes the information which you used to register to the site, as well as any information we need to allow you to operate your account. This includes email addresses, names and contact information as well as application specific information such as your IP address(es), third-party application access keys and general information about the records you sync.

  • Subscriber Data, the data about your customers you transmit to third parties, such as Xero and QuickBooks Online. While we transmit the data for you, you and the third parties that you choose to sync the data to are responsible for the maintenance and security of that data at all times. 

  • Wise-Pay Merchant Data is stored to allow connection of Wise-Pay to third-party payment processors such as Stripe, Braintree, Authorize.Net or Integrapay to process payments for your payers. We also store information which allows us to connect to your third party systems such as ConnectWise, Xero and QuickBooks Online to service requests, update payments and process transactions.

  • Wise-Pay Company Data is stored for the purposes of retrieval, display and payment of company invoices. The data is stored by Wise-Sync to ensure performance of pages which would ordinarily be unable to serve quickly the data stored in the third-party applications.

  • Wise-Pay Payer Data is stored for payers when invited to use Wise-Pay, this includes email, name and contact information as well as payment history and interactions with the site

  • Wise-Pay Compliance Data is stored for the purpose of maintaining data records for compliance and reporting purposes which may be subject to release under federal (and international) anti-money laundering and counter-terrorism laws.

For data retrieval requests, please review our privacy policy and make contact with our Privacy Data Controller.