Erply may involve and use authorized third parties to process personal data as part of providing our services; these third parties will be granted access to the customers’ data. All authorized data processors go through a rigorous selection process and are evaluated based on a number of criteria, e.g. security features and measures, SLA (Service Level Agreement) terms and conditions, reliability and availability of services, etc. Once a partner is selected, Erply will conclude a contract with them to guarantee our customers with the required data protection.
Depending on how Erply grows and develops, the third party authorized to process personal data may change. We will inform our customers when a new authorized processor comes on board.
Erply may include the following authorized processors to host customer data or in relation to the infrastructure required for providing our services:
|Amazon Web Services||Cloud service provider||USA/Germany/Australia|
|Hetzner||Cloud service provider||Germany|
Erply may work with the following authorized processors in providing other services:
|Email, hosting and analysis service provider||USA|
|Mailchimp||Email service provider||USA|
|Slack||Customer support and sales communications service provider||USA|
|Chatlio||Sales communications service provider||USA|
|JIRA||Customer support service provider||Australia|
|Teamviewer||Customer support service provider||Germany|
|AnyDesk||Customer support service provider||Germany|
|GoToAssist||Customer support service provider||USA|
What are the data protection and cybersecurity requirements that Erply’s authorized processors must meet? Below is a list of the data and data center security related certificates that one of Erply’s authorized processors, Amazon Web Services, has and adheres to.
SOC 3 Report
In addition to the SOC 2 SSAE 16 report, the company also ordered the SOC 3 report to cover IT risks in critical areas, incl. security and availability.
EU-US and Swiss-US Privacy Shield Framework
Amazon Web Services meets the EU-US and Swiss-US Privacy Shield Framework designed by the US Department of Commerce. The framework covers the collection, use, and storage of personal data in the EU, Switzerland and the US.
PCI (Payment Card Industry) – AOC
AOC or Attestation of Compliance validates that a company has implemented controls for meeting credit card data processing requirements. PCI conformity helps protect credit card and personal data, and the customer’s identity from malicious use.
General Data Protection Regulation (GDPR)
GDPR replaces the EU’s data protection directive (known as 95/46/EC) and covers privacy issues. The regulation aims to improve data privacy and protect individuals in the EU and the transfer of personal data from the EU to the rest of the world. Amazon Web Services is GDPR compliant in relation to international data transfer. More particularly, Amazon Web Service’s activity complies with the EU-US and Swiss-US Privacy Shield Framework.