Updating EU data protection standards to make them more responsive to current transparency around the world: we approach the processing of personal data in an open, honest and transparent manner. Protecting our customer data is of the utmost importance in everything we do. When Xero`s personal data is hosted or processed outside the European Economic Area, the RGPD requires that it remain protected by appropriate safeguards in accordance with EU law. There are a few ways to get Xero to do it. That`s the simplest part of it all. Treat the personal data you have collected in the same way you expect to process your personal data. The RGPD sets strict rules on how we can use your data, how we should protect it, and what we should do in the event of a problem. In addition, we are bound by financial services regulations that also deal with data and security. Please ensure that we will treat your data with respect and in accordance with the law. Organizations need to take technical and organizational steps to demonstrate that they have considered and incorporated data compliance measures into their data processing activities. This is based on the idea that data protection should be taken into account from the outset (and throughout the product design process).
Find out how Xero handles personal data on the websites and services we offer. Data security is a big part of the RGPD. When dealing with the personal data of people in the EU, you have an obligation to keep it safe, so it is important to ensure that all personal data you keep is kept safely. Personal data on people in the EU are processed. We process personal data to provide GoCardless service to our resellers. We also use the personal data we have collected to improve the GoCardless service, provide support, prevent fraud and money laundering and other related purposes. We do not transmit personal data to unrelated third parties, such as advertisements or other purposes that are not related to GoCardless services. The RGPD has arrived and it is here to stay.
We worked hard to make sure we were ready (and yes, we`re ready), but the hard work doesn`t stop there. This is just the beginning! At Xero, we are always looking for ways to improve and will continue to include data protection in our systems and processes after May 25. In addition to existing rights in the EU, such as the right to access and correct personal data held by an organisation, the RGPD introduces new data protection rights for individuals, such as the right to receive and reuse personal data via various services and the right to erasure. In accordance with the terms and conditions of the GoCardless Integration Partner agreement and as covered in the Connected Merchant agreement, GoCardless dealers agree before establishing a link with your system, you must have an agreement with any merchant who uses your service and contains appropriate privacy rules. If a merchant allows your integration, they allow us to share with you the personal data of customers in their capacity as the processing manager, and you must protect that data and provide sufficient assurance. Our status as controller has not changed that – such agreements should already exist! GoCardless has officially appointed a data protection representative to ensure that we remain accountable under the law. You can ask all the data controller questions about our approach to privacy and data protection by emailing help@gocardless.com with “Data Protection” in the subject line.