II Top-Level Data Processing

September 16, 2022


Right to Data

Erply enables the customer’s authorized user to manage other users and their customers’ data. Erply believes that all data the customer enters using Erply’s services belongs to the customer and, thus, we haven’t set any limitations on data management, whether it be customer, employee or user data.

The Customer’s Data Is Stored in Their Region

Erply’s software uses the cloud servers of reliable service providers (see also “Selecting Third Parties”). Cloud technology enables introducing software updates operatively and without disturbing our customers; it also guarantees significantly greater security compared to software that is downloaded to the customer’s servers.

Erply strives to use data centers that are located in the same region as our customers. This avoids having to transfer data across continents; unless this is something that a global customer specifically requires. As a result, Erply’s customers in the EU can rest assured that everything is GDPR compliant.

Large corporations can conclude a three-way contract with Erply and the server service provider for more control over data management in different geographical regions.

GDPR

Data protection is an integral part of Erply’s security policy. Erply adheres to the EU’s General Data Protection Regulation (GDPR) that entered into force on 25 May 2018. On one hand, the regulation strives to give people more security in the era of smartphones, social media and online banking, guaranteeing that their data is not collected and used without their knowledge; on the other, companies now have a clearer legal framework for processing data.

The implementation of GDPR was a great opportunity for Erply to re-evaluate its data collection and storage policy and bring it into conformity with GDPR. Our rule is to collect as little data as possible. If we need to process personal data, we will ask for consent from each individual person.

Erply has also hired a data protection officer (DPO), who will happily answer our customers’ data protection related questions at dpo@erply.com.

Data Encryption

Erply’s services support the newest recommended security cyphers and protocols that encrypt all data transfer. All customer data is encrypted using the latest SSL encryption. This means that data theft is impossible during transfer between the customer and Erply. We keep a close eye on the development of encryption tools and once a new solution has proven its worth in practice, it will be adopted at Erply.

Erply monitors all connections and uses supplementary security measures to detect malicious behavior; we have implemented procedures for preventing and blocking such behavior.

Secure Protocols

Account data can only be accessed using secure protocols like HTTPS and SSH. Data is stored securely behind firewalls and is under constant surveillance. All software is regularly updated to guarantee high-level security.

Incident Management and Response

Erply will immediately inform its customers of security incidents, e.g. of unauthorized access to a customer’s data. Erply has implemented and follows incident management policies, guidelines, and procedures.

Restoring Data

The customer’s data is stored in various data centers managed by the web hosting service provider, and the backup and restoration procedures we’ve tested in practice allow us to restore data in the event of large-scale accidents. Erply has thoroughly tested the backup copies and can confirm that the processes and tools work as expected.

We monitor data transfer server loads and optimize traffic to avoid extensive service disruptions and react as quickly as possible. System administrators are informed immediately when a failure is detected.

Last But Not Least: Availability

Erply understands that retailers work around the clock. That’s why Erply strives to make its services reliably available 24/7, 365 days of the year. Erply’s systems have excellent fault tolerance and we’re prepared for faults in individual servers and entire server centers alike. The company’s operations team checks the measures for reacting to catastrophes and works around the clock to quickly respond to unexpected circumstances.