It is about privacy
The GDPR is a new EU regulation intended to address the problem of data protection and privacy. It will be effective from May 25th, 2018, and will unify the rules for handling user data within the member states.
This piece of legislation governs the way that businesses collect, use, and share personal data. It requires that personal data is handled fairly, and ensures that appropriate measures are in place to protect these data. Furthermore, it gives legal rights to individuals to access their personal data: for example, to correct or delete them.
The GDPR applies to everyone who is based in the EU and to any entity that processes the personal data of EU individuals. Not only is the GDPR an important tool for privacy protection, it also improves security and compliance in the industry.
Is WeStatiX GDPR-ready?
From the beginning, we designed WeStatiX with simplicity, performance and security in mind. Since the GDPR was announced as early as 2016, long before the launch of WeStatiX, we wrote our privacy policy to be GDPR-compliant. Therefore, there will be no need to change it when the new law becomes enforceable.
Here are a few key points that we implemented to keep WeStatiX secure at all times.
We only collect the necessary data
When you sign up, we only ask for minimum information to enable us to provide our services. For example, we need an e-mail address to be able to communicate with you in case of changes on the website.
All communications with WeStatix happens via TLS (HTTPS). This encryption layer ensures that transmissions are always protected. Also, notice that we never collect data that the GDPR considers sensitive.
Your calculation data stays in the EU
When you perform a simulation with WeStatiX, the structure data is sent to our servers which are located within the European Union. During the computation, these data never leave the solver, and are therefore processed according to the GDPR.
To provide the necessary computational power, we partnered with DigitalOcean. The Data Processing Agreement ensures that all measures are in place to protect your simulations.
We constantly work to keep your data secure
Our security team is always at work to monitor our servers and keep them up-to-date with security patches. Access to the servers is only allowed to key staff, by following a procedure which leverages modern technology to prevent unauthorized access.
In addition, we partnered with SecurityMetrics, a company specialized in data security. They provide occasional audits and security scans to make sure everything works as intended.
Payment data security
Purchases on WeStatiX are processed by the third-party vendor BrainTree, a PayPal company. When you provide payment data on our website, this information is sent directly to BrainTree, i.e. the payment is not processed by our systems.
With the help of BrainTree, we could complete the procedure to be compliant with PCI-DSS standards, as required by the major credit-card providers.