GDPR and Data Compliance

Admins15 January 2025

How does SaveTrees comply with GDPR and handle Data?

At SaveTrees, we take GDPR and data protection seriously. Here’s everything you need to know.

Jump to section

Our Commitment to GDPR

SaveTrees is fully committed to complying with the principles of GDPR to ensure your data is handled lawfully, fairly, and transparently.

To do this, we adhere to the following key principles:

  • Transparency: You have the right to know how and why your data is collected, processed, and stored. We provide clear and concise information at every stage.
  • Accountability: We take responsibility for protecting your data, regularly reviewing our practices to ensure compliance with the highest standards.
  • Security: We implement robust security measures to safeguard your data against unauthorised access, loss, or misuse.

When it comes to data processing, we are guided by a simple rule: only collect, store, and use the data that is necessary. This means:

  • We collect data such as names, email addresses, and timesheet details to provide our services effectively.
  • We store this data securely in GDPR-compliant data centres, ensuring it is encrypted and protected.
  • We only use your data for its intended purpose, such as facilitating timesheet management, and we will never share it with third parties without your explicit consent.

By embedding these principles into our operations, we ensure that your data is handled responsibly and with the utmost care.

Where your data is stored

ISO 27001

ItemProviderStorage location
VMsDigital OceanLondon
Large data storage (e.g. pdfs)Digital OceanLondon
Messagingcloudamqp.comIreland
Email storageDigital OceanLondon
App PlatformDigital OceanLondon

How we protect your data

Who has access to your data

Data retention policy

Timesheet data

Account details

Data breach response

In the unlikely event of a data breach, we have a clear and structured process in place:

Immediate investigation to assess the scope and impact.

Prompt notification of affected parties.

Reporting to the relevant regulatory authorities within 72 hours, if required.

We also take steps to prevent future incidents by addressing the root cause and enhancing our security measures.