Workato takes the privacy of our customers, partners and their end-users seriously. That is why we have taken measures to support our customers and partners’ compliance with data protection requirements, including those set forth in the General Data Protection Regulation (“GDPR”), which became effective May 25, 2018, and other applicable data protection laws, such as the Data Protection Act 2018 of the United Kingdom, the Swiss Federal Act on Data Protection (1992) and related data protection and privacy laws of the member states of the European Economic Area, each as applicable and as amended, repealed, consolidated or replaced from time to time.
What is GDPR?
The GDPR is a European privacy law that replaced the previous EU Data Protection Directive (“Directive 95/46/EC”). The GDPR is intended to strengthen the security and protection of personal data in the EU.
To whom does the GDPR apply?
GDPR claims worldwide jurisdiction: it applies to all persons and organizations which may process “personal data” of EU residents, if they have business in the EU or are outside the EU and offer goods or services to EU residents, or monitor their behavior while within the EU (GDPR Article 2). Personal data is “any information relating to an identified or identifiable natural person (‘data subject’)” (GDPR Article 4). Although no longer in the EU, the United Kingdom has implemented the Data Protection Act of 2018 which has similar provisions and is applicable to U.K. users.
What rights do I have under GDPR, and how can I exercise them?
Is Workato a controller or processor?
In GDPR terms, Workato is a Processor with regard to the personal data that Workato processes on the
Workato platform on behalf of its customers (the Controller). This includes “Transaction Data” as
defined in our Terms of Service. Details of Workato’s privacy practices in relation to customers of the
Workato Services are set out in our
Do you utilize sub-processors to process user data?
Yes, Workato maintains an up-to-date list of the names and locations of all sub-processors used by us in connection with our Services. We ensure that all sub-processors engaged by us have Data Processing Agreements (“DPAs”) in place. See the Sub-Processors or details.