<img src="https://secure.leadforensics.com/64913.png" style="display:none;">

Use promotional code TENOFF at checkout for a 10% discount on your online purchase today*

Transpoco and the GDPR: Our commitment to data privacy

 

GDPR: what does it mean?

Transpoco is committed to compliance with the General Data Protection Regulation (GDPR), which went into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years, replacing European Privacy Directive 95/46/EC. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.

The GDPR applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens. Per the GDPR, personal data is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunction with other data, to identify an individual. Our customers can trust that Transpoco has made GDPR a priority and has devoted significant and strategic resources toward our efforts to comply with GDPR.

The contents of these documents are not intended to be legal advice, nor should they be considered a substitute for legal assistance. The final responsibility for understanding and complying with GDPR resides with you, though Transpoco will assist you in meeting GDPR requirements where possible.

 

Which actions has Transpoco completed regarding the GDPR?

Transpoco appreciates that customers have requirements under GDPR that are directly impacted by their use of Transpoco products and services, and Transpoco is committed to help them to fulfill their requirements under GDPR and local law.

Below are a few examples of actions Transpoco has committed to in order to satisfy GDPR requirements that apply to both Transpoco and customers:

  • Ensuring our products are designed in accordance with ISO 27001 standard (information security management system). This standard mirror many of the security and privacy requirements of GDPR and is helping give our customers a transparent framework to measure our software development and data management practices. Transpoco makes available to the Controller all information necessary to demonstrate compliance with the legal obligations and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller. You can reach out to Transpoco’s Support team for the certificate; Completed;
  • Committing to follow any additional security and privacy measures required under GDPR; Completed;
  • Assisting with data processing security and privacy requirements, notifying regulators of personal data breaches in the unlikely event that they occur, and promptly communicating any such breaches to our customers and end-users; Completed;
  • Ensuring Transpoco staff that access and process Transpoco customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data; Completed;
  • Holding any vendors that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves. Completed;
  • Committing to carrying out data impact assessments and consulting with EU regulators where appropriate; Completed;
  • We’re strengthening our security controls across the board. All customers personal data has been encrypted. Where data is transferred over the Internet as part of our Products, the data is also encrypted using industry standard SSL (HTTPS). We had improved our systems for authentication and authorisation as well; Completed;
  • Updating our Products Terms and Conditions with Privacy Policy in order to attend GDPR requirements. They will be presented to customers until beginning of May to have Customers consent; Completed;
  • Providing customers with additional assurances regarding their ability to fully control their data in a safe, secure, and compliant environment when they use services from Transpoco.
  • Providing customers with the 8 rights of GDPR: right to be informed, right of access, right to rectification, right to erase/to be forgotten, right to restrict processing, right to data portability, right to object and rights in relation to automated decision making and profiling.; Completed;
  • Improving logs; Completed;
  • Enabling customers to easily export their data into a machine-readable format; Completed.

 

Transpoco Subprocessors

Transpoco engages third-party subprocessors to help us provide services to our customers. A subprocessor is a third-party processor engaged by Transpoco who receives data from Transpoco and processes personal data on behalf of our customers.

As required by the GDPR, Transpoco is liable to the Controller for the performance of a sub-processor’s data protection obligations. Therefore, as a condition of permitting a subprocessor to process personal data, Transpoco will enter into a written agreement with each subprocessor containing data protection obligations at least as protective as the technical and organizational measures Transpoco has put into place to protect customer personal data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.

We strongly advise you to subscribe to the list below. You, as a Data Controller, have the right to object to any subprocessor you don't agree with at any time. For this, please contact us at support@transpoco.com

 

Want to be notified whenever we update the subprocessors list?

Current as of February 21st, 2022

 

Third Party Service/Vendor
Purpose
Entity Country
Website
Auth0
Identity Management
Europe and US - If needed, international transfers to the US are covered by Standard Contractual Clauses (SCCs) 
Auth0
HubSpot
CRM
US - Standard Contractual Clauses (SCCs)
HubSpot
Xero
Financial
New Zealand, US and Australia - European Commission’s Standard Contractual Clauses
Xero
Chargebee
Financial Subscriptions
California, US - 
EU Standard Contractual Clauses
Chargebee
Intercom
Customer Messaging
Amazon (US) - Standard Contractual Clauses (SCCs)
Intercom
Inspectlet
Debugging
AWS US East data centres in Virginia - Standard Contractual Clauses (SCCs)
Inspectlet
Stripe
Financial data (credit cards)
Ireland
Stripe
Jira
Tasks Management
Europe
Jira
Amazon Web Services
Data and Service Hosting
Ireland
AWS
Nuapay
Financial data (debit cards)
Europe
Nuapay
Google G Suite
Electronic documents, presentations, spreadsheets, etc
Europe
Google G suite
Sentry
Debugging
Mainly in the USA but in other countries as well. They have SOC 2 certification, HIPAA and HITECH, PCI DSS and Standard Contractual Clauses (SCCs)
Sentry
Asana
Project Management
Amazon (US) - Standard Contractual Clauses
Asana
Trello
Project Management
Amazon and Google Cloud Storage (US) -
Standard Contractual Clauses 
Trello
Postmark
Email Messaging
US -
Standard Contractual Clauses
Postmark
Clickatell
SMS Messaging
Ireland
Clickatell
VisionTrack
Cameras
Europe
Visiontrack
HelloSign
Contract Signature
US and other locations - SCCs for international transfers
HelloSign
Esendex Ireland (SMS)
SMS Messaging
Ireland
Esendex
Dutec
Shipping of units 
Ireland
Dutec
Wistia
Sales Management
 
EEA and other countries - SCCs
 
Wistia
 

 

 

What do Transpoco customers need to do?

We strongly advise you to make yourself familiar with our latest privacy policy. If you have drivers that are using their vehicle for both business and private use, those drivers should have an option to activate a privacy mode for private driving. If your drivers are doing some private driving and you have no privacy switch currently installed, please contact us at support@transpoco.com and we can set this up for you.

For many years we have promoted best practices in terms of data protection and data privacy, we have many resources such as sample policies and guidelines on this topic. These resources are all freely available on our website and we encourage you to take a look at them here or reach out to us if you have any queries related to our solutions.  

Transpoco Compliance Certifications

In order to provide the best possible service to our customers, Transpoco has been certified in various compliance standards. Learn more about the certifications Transpoco has received.

Cyber Essentials badge

Cyber Essentials

Our Cyber Essentials certification demonstrates that Transpoco meets the standards set by the government for handling personal information.

ISO 27001 badge

ISO 27001

At Transpoco, we meet the highest security and compliance standards certified by ISO 27001 (International Organization for Standardization).

ISO 9001 badge

ISO 9001

We are a company that works hard to exceed expectations. Our ISO 9001 certification is a clear indicator of the quality and standard of our work. (Currently being updated)