The data recorded in Legalsys’s whistleblower portal is stored in a European data center administered by Amazon Web Services (AWS). Strictly speaking, it is a European subsidiary of the American Amazon Web Services, thus subject to European law under the agreement with said European AWS subsidiary. In other words, this means that even though AWS is a US-owned company, all their data centers in the EU/EEA, located in Ireland, Germany, France, and Sweden, respectively, are subject to and governed by European law. According to the agreement between Legalsys and AWS, the recorded data must be stored in an EU/EEA country, meaning a country in Europe, and is at no time nor under any circumstances to be relocated outside the EU/EEA.
All countries in the EU/EEA are subject to the same legislation on the protection of personal data for which reason there are no cross-country legal differences concerning data security.
Even though AWS is owned by a large American company with numerous data centers around the world, Legalsys is lawfully entitled to have the data stored in the agreed data center under any circumstances and at any given time – as well as to do unannounced audits to verify this fact.
Legalsys’s data is fully encrypted from the moment of reception to transmission, storage, and through to the user’s web browser. All data attributable to the individual, images, and documents in Legalsys’s whistleblower portal are automatically encrypted.