Contact SalesStart free trial
en
Language
  • en
  • de
  • fr
  • es
  • br
  • ru
  • jp
  • kr
AI translation
  • ee
  • ae
  • cn
  • vn
  • id
  • eu
  • il
  • gr
  • no
  • fi
  • dk
  • se
  • tr
  • bg
  • nl
  • it
  • pl
  • hu
  • ro
  • ua
  • cs
Easy Redmine
About us
Terms and Conditions
GDPR compliance

GDPR compliance

Easy Software takes personal data protection seriously. European regulation known as General Data Protection Regulation (GDPR) brings a number of challenges to all organizations and became one of the most resonated business topics.

Our mission is to provide Easy Redmine clients and basically all Project community with a reliable software which allows fulfilling all duties of Data Processors efficiently.

This document shall provide answers to:

  • I am Data Processor, how can I get GDPR compliant with Easy Redmine
  • I am using Easy Redmine cloud, is this service compliant with GDPR?
  • I need to know if Easy Software has all security processes in place.

1. Terminology

Easy Software is a manufacturer of Easy Redmine.

Data Controller – the entity that determines the purposes, conditions, and means of the processing of personal data. For the purpose of this document, it is your organization.

Data Processor - the entity that processes data on behalf of the Data Controller; in this document:

  • Cloud clients of Easy Redmine: Easy Software is the Data Processor and data are processed in our cloud services based on rules setup by you, Data Processor, in your Easy Redmine cloud application.
  • Own server users of Easy Redmine: Easy Software is not a Data Processor. But Easy Redmine will help you to organize your data properly.

Easy Redmine is an application which may or may not be used to process data by Data Controller.

Contact is Easy Redmine feature facilitating the use of Custom Fields (specifically in the “Personal Contact” and “Entity Lead” data entity) to differentiate between personal data and other random data uploaded to Easy Redmine.

2. Introduction

Easy Software as a manufacturer of Easy Redmine introduces updates of Easy Redmine in order to help Data Controllers to fulfill their duties arising out of the GDPR regulation.

At the same time, for our cloud clients, this document brings general information concerning Easy Software acting as a Data Processor.

Also, Easy Software declares that as a company with its headquarters in the European Union it shall facilitate that all processes, contracts, suppliers, data access and others are fully compliant with GDPR requirements.

For the avoidance of doubt, this document is purely informational and does not include any binding provisions. This document has been drafted in English and shall be considered the only relevant version. Any version of the document translated into other languages is provided solely for the convenience of the User through machine translation and does not carry legal weight. In the event of any discrepancies or conflicts between the English version and any translated version, the English version shall prevail in all matters.

3. Easy Redmine for all Data Controllers

Easy Redmine brings the following features to Data Controllers to increase data security and meet specific demands of GDPR.

  • Extended Password policy enforcement
    • Definition to use minimum length, usage of big letters, numbers and special characters in the password
    • Time limit for password validity and password repetition control
    • Auto sign-off user after a period of time
    • Feature to re-enter your password in order to manipulate with user roles and privileges 
  • GDPR specific features:
    • Right to be Forgotten: Deleting the Contact is a traditional feature but it may disturb data consistency, reports etc. as there is a possibility to have Contact linked to projects, Tasks, CRM and other entities. It can, however, corrupt data about your customer profiling.
    • Contact Anonymization: allows deleting data from Contact which makes identifying the person almost impossible via hashing function performed on all personal data; anonymous data about client’s services, tasks and other information will stay for you to work with on an aggregate, technical and analytical level.
    • Right to Access: A specific button which exports Contact details in automated readable format (XML) to fulfill your obligation to provide information to the data subjects.
  • Limited data visibility – it is a critical requirement of GDPR asking Data Controllers to limit access to personal data only to those people who need to have access to such data. Easy Redmine brings couple approaches to this problem: 
    • A limitation to access Contacts in general.
    • A limitation to access Contacts only for specific Contact type. Typically, everyone can access Contacts with type Company (companies are not subject to GDPR) and limit access to Contacts with type Personal only to selected users. So the user without the permission may see that there is a Contact linked (see the name alone) but cannot see any other data which may allow the personal identification.
    • Custom field visibility – certain data can be restricted to be seen only by
      • a) User / list of users
      • b) User group / list of user groups
      • c) User type / list of user types
    • User action audits
      • Easy Redmine provides complete logs about user actions including View action.
      • Now Easy Redmine brings a feature to manage the logs in order to fulfill your internal process.
    • Limited data visibility – it is a critical requirement of GDPR asking Data Controllers to limit access to personal data only to those which are necessary during the data processing.

How to use Easy Redmine in line with GDPR

  • Identify what Personal Data you collect in Easy Redmine.
  • Make internal regulation that all personal data needs to be filled in Custom fields, not native fields of Easy Redmine. But recommended approach is to make a decision that all personal data has to be stored on Contacts only
    • If you would like to use Anonymization, Right to be Forgottten and Right to Access you shall have a regulation that all personal data has to be on Contacts.
    • Identify what data are subject to erasure for Anonymization – you can do it in Contact’s custom field settings.
    • Decide which users of Easy Redmine need access to Contacts and limit access by Contact type.
    • If you need all users to access all Contacts, but some shall see limited data set, just set the custom field visibility.
  • Identify what custom fields outside Contacts needs to be protected and set data visibility accordingly.
  • Increase password policy enforcement of Easy Redmine.
  • Right to be Forgotten and Right to Access:
    • We recommend defining a Project Template which would formalize all steps to delete personal data from all systems in great details. Once a request comes you can simply document that all steps were done according to your internal process.
  • Create regulation for how long you need to keep user action audit data (logs) and configure accordingly in Easy Redmine.

4. Easy Redmine in cloud

Easy Software provides Easy Redmine as a service in the cloud. For cloud clients, Easy Software acts as Data Processor. As a Data Processor we fulfill GDPR requirements thanks to following:

  • Easy Software implemented technical and process measures to limit potential access to data only to exceptional and requested occasions as well as other required technical, administrative and organizational to be fully compliant with GDPR. The specific list of the measures and other terms of data Processing is subject to a duly concluded Data Processing Agreement.
  • If you are an EU organization, it is guaranteed that your Easy Redmine instance (and so data and their backups at disaster recovery sites) are stored within the EU.
  • Easy Software uses only verified Data Centers with high-end security and all relevant ISO certifications. Details can be provided upon request.
  • Regular backups, https for browsers, SSH-2 encryption is used for the backup transfer. Firewall limited to HTTPS and other regular settings are meeting GDPR requirements. You may learn more about clouds here.
  • Security can be further increased with Private Cloud service where individual security can be extended by an individual configuration of the dedicated server (HW). In such cases, you are fully responsible for all security and organizational features.

5. Easy Software and your personal data

Easy Software is a manufacturer of Project Management platform. Easy Software is business to business commercial organization. It means that all data collected serves to support Easy Software’s business and services for organizations.

As per GDPR regulation, there are data of individuals collected as well and those are considered as data under the protection of GDPR.

5.1. Personal data collected

  • Name and surname
  • Telephone
  • E-mail
  • Company
  • Position at the company
  • Achieved trainings and certifications gained for products of Easy Software
  • History related to visiting of Easy Software product pages.
  • IP Address

5.2. Purpose of data collection, processing, and profiling
Easy Software collects data for following purposes:

Easy Software collects data for following purposes:

  • Setup a commercial co-operation with organizations. And for that purpose, Easy Software may collect data about contact persons in such organizations.
  • Provide service for existing customers (organization and for that purpose Easy Software may collect data about contact persons in such organizations.
  • Inform customers and potential customers about new features functions, releases and other messages of both informational and marketing character.

Collection:

  • All information collected about individuals are gathered through contact forms, proper communication channels directly from the organizations and/or persons, and/or publicly available data (e.g. data from commercial registers).

Data combination and profiling:

  • Easy Software processes data through automated means but does not profile any individuals nor are any individuals subject to automated decisions making that would have impact on the respective individuals. All data collected serves only as a contact information within an organization and is used accordingly with such purpose.
  • Easy Software profiles organizations for statistical, marketing and business purposes. Personal Data are not subject to these analyses.
  • Easy Software combines all data in the own information system (Easy Redmine) on Entity Contact or Entity CRM.

Try Easy Redmine in 30 days free trial

Full features, SSL protected, daily backups, in your geolocation