Personal data management
Wolfgest complies with the GDPR requirements by applying organizational and technical measures regarding the security and confidentiality of personal data, both for the data held for its own activity and for its subcontracting activities.
1. Processing of personal data and subcontracting:
A. Data processing for our own activity.
As a data manager, Wolgest is required to process personal data as part of its activity for the purposes of support, business management, quality procedures, maintenance actions and customer service.
These data are names, e-mail address, telephone number, address, username, IP addresses, cookies, bank information, tax identification number and any other information that may have been transmitted directly and explicitly by the person.
If people explicitly consent, we can send informative newsletters and carry out commercial and marketing communications on the products and services we offer.
We respect the right of access, rectification, data portability, limitation of processing and the forgetting of natural persons whose personal data we hold for our own activity, after making sure of their identity, if true. These requests can be made to our data protection department (DPO) at the following address: dpo@onesoft.pt .
B. Processing performed as a subcontractor.
As a subcontractor, Wolfgest may be asked to process the data entrusted to you in accordance with strict contractual instructions and structures defined with its customers. At the end of the processing, the data entrusted to us is returned and / or destroyed according to the clauses defined with the customer.
We support our customers in their obligations in relation to RGDP, providing the necessary tools to fulfill these requirements for their own activity in terms of right of access, rectification, data portability, processing limitation and supervision.
Likewise, we are also committed to informing our customers of any data breaches for which they are responsible within the regulatory timeframes.
Finally, if Wolfgest considers that the requested processing constitutes a violation of the regulation, it will inform its client in writing prior to its implementation.
In addition, Wolfgest guarantees the maintenance of its software and hardware infrastructure and may therefore be obliged to modify it for the provision of its services. As such, we may be required to process the data entrusted to us in order to adapt the structures, in particular to technical developments, while taking appropriate security measures to guarantee their integrity and confidentiality.
2. Security of personal data and confidentiality measures:
Wolfgest has always hosted its software solutions (Wolfgest CRM, modules, customer management, etc.) and sites in Portugal managed by onesoft , where regulation has always been one of the most stringent in Europe for respecting the confidentiality of personal data.
The servers are safe, maintained and monitored by a specialized service provider ( onesoft ) in order to guarantee confidentiality, integrity, availability and constant resilience of processing systems and services.
The security levels that are in effect in our infrastructure, both at the server level for maintenance operations of the technician and at the level of access to the software and by the users of our services (https, ssh access, encrypted storage media).
Wolfgest may need to exchange and transfer certain personal information to subcontractors as part of its activity. We ensure that they respect the confidentiality of the data, establishing contractual clauses that guarantee that the appropriate technical and organizational measures have been taken by these service providers. Our audit right is also included in these contracts.
3. Under no circumstances do we sell personal information to third parties:
All Wolfgest employees are subject to a professional confidentiality clause in their employment contract, regarding the data they may need to carry out their missions (commercial management, technical maintenance, etc.).
Wolfgest regularly conducts internal training on best practices to be observed in order to guarantee the confidentiality and integrity of the processed data.
Likewise, we are implementing a “less access” policy to ensure that our employees have access only to information strictly necessary for the performance of their duties. Internal controls are regularly carried out to ensure that accesses are correctly defined.