All data in Legalsys’s whistleblower portal is stored exclusively in European data centres.
System code and entered data are stored with Amazon Web Services (AWS). AWS is a European subsidiary of the U.S.-based Amazon Web Services, and the data is stored pursuant to an agreement between Legalsys and the European subsidiary. AWS has data centres in Ireland, Germany, France and Sweden, and although AWS is a U.S.-owned company, its data centres in the EU/EEA are operated by AWS and are subject to the European General Data Protection Regulation (GDPR), etc. Legalsys’s agreement with AWS provides that the data must be located in an EU/EEA country - that is, a country in Europe - and must not at any time be transferred outside the EU/EEA.
Although AWS is owned by a large U.S. company with many data centres, Legalsys is entitled to require, and AWS is obliged to ensure, that the data is at all times stored in the agreed data centre.
Encryption keys used to decrypt the data are stored with a third-party hosting provider that is not AWS. That provider stores data in data centres located within the EU/EEA. As with AWS, Legalsys has entered into an agreement providing that the data must not at any time be transferred outside the EU/EEA.
Legalsys may verify the above arrangements at any time with both AWS and the third-party provider.
All countries within the EU/EEA are subject to the General Data Protection Regulation (GDPR) and therefore have the same minimum requirements for the protection of personal data.
Legalsys’s data is encrypted from the moment it is received, during transmission, while stored in Legalsys’s whistleblower portal, and until it reaches the user’s web browser. All personally identifiable data, images and documents in Legalsys’s whistleblower portal are encrypted automatically.