All data in Legalsys's whistleblower portal is stored only in European data centres.
System code and entered data are stored with Amazon Web Services (AWS). AWS is a European subsidiary of the American Amazon Web Services, and data are stored according to agreement between Legalsys and the European subsidiary. AWS has data centers in Ireland, Germany, France and Sweden, and even though AWS is a US-owned company, the data centers in the EU/EEA are operated by AWS, which is subject to the EU General Data Protection Regulation (GDPR), etc. According to the agreement between Legalsys and AWS, the recorded data must be stored in an EU/EEA country, meaning a country in Europe, and may not be moved outside the EU/EEA at any time.
Even though AWS is owned by a large American company with numerous data centers around the world, Legalsys is lawfully entitled and AWS is obligated to have the data stored in the agreed data center at all times, and Legalsys is entitled to obtain verification hereof at any time.
Encryption keys for clarifying data are stored by a 3 party hosting provider that is not AWS. The supplier stores data at data centres in the EU/EEA. Legalsys, as with AWS, has agreed that data may never be taken out of the EU/EEA.
Legalsys can at any time verify the above facts both by AWS and 3 party supplier.
All countries in the EU/EEA are subject to the EU General Data Protection Regulation (GDPR).
Legalsys’ data are fully encrypted from the moment data are received, when it is transmitted, when it is stored in the Legalsys whistleblower portal and through to the user’s web browser. All personally identifiable data, images and documents in the Legalsys whistleblower portal are automatically encrypted.