How does SaveTrees comply with GDPR and handle Data?
At SaveTrees, we take GDPR and data protection seriously. Here’s everything you need to know.
Jump to section
- Our commitment to GDPR
- Where your data is stored
- How we protect your data
- Who has access to your data
- Data retention policy
- Data breach response
Our Commitment to GDPR
SaveTrees is fully committed to complying with the principles of GDPR to ensure your data is handled lawfully, fairly, and transparently.
To do this, we adhere to the following key principles:
- Transparency: You have the right to know how and why your data is collected, processed, and stored. We provide clear and concise information at every stage.
- Accountability: We take responsibility for protecting your data, regularly reviewing our practices to ensure compliance with the highest standards.
- Security: We implement robust security measures to safeguard your data against unauthorised access, loss, or misuse.
When it comes to data processing, we are guided by a simple rule: only collect, store, and use the data that is necessary. This means:
- We collect data such as names, email addresses, and timesheet details to provide our services effectively.
- We store this data securely in GDPR-compliant data centres, ensuring it is encrypted and protected.
- We only use your data for its intended purpose, such as facilitating timesheet management, and we will never share it with third parties without your explicit consent.
By embedding these principles into our operations, we ensure that your data is handled responsibly and with the utmost care.
Where your data is stored
ISO 27001
| Item | Provider | Storage location |
| VMs | Digital Ocean | London |
| Large data storage (e.g. pdfs) | Digital Ocean | London |
| Messaging | cloudamqp.com | Ireland |
| Email storage | Digital Ocean | London |
| App Platform | Digital Ocean | London |
How we protect your data
Who has access to your data
Data retention policy
Timesheet data
Account details
Data breach response
In the unlikely event of a data breach, we have a clear and structured process in place:
Immediate investigation to assess the scope and impact.
Prompt notification of affected parties.
Reporting to the relevant regulatory authorities within 72 hours, if required.
We also take steps to prevent future incidents by addressing the root cause and enhancing our security measures.