GDPR Compliance Statement
GDPR Principles We Are Committed To
Data Minimization, Storage Limitation and Accuracy: We collect data we actually need for our specified purposes. We periodically review the data we hold and delete data we no longer need. When we remove data from our systems, we do so by using industry-approved standards. Keeping data accurate is also important to us. We comply with the data subjects’ right to rectification and carefully consider any challenges to the accuracy of the personal data.
Data Integrity and Confidentiality: We are committed to ensure that we have appropriate security measures in place to protect the personal data we store and process. Our Technical and Organizational Security Measures can be viewed in Annex 3 of our Data Processing Addendum. Product certifications, including our ISO/IEC 27001:2013 certificate, can be found on our Product Certifications page. WatchGuard has also established an incident response plan and process in case of personal data breach.
Accountability: We have detailed policies and secure systems in place designed to ensure proper data protection and accountability. secjur GmbH, our external DPO, oversees our overall compliance with data protection regulations.
Steps We Have Taken to Comply With GDPR
Privacy Review of Products and Services. We conduct internal review of new products and services to ensure that the underlying data processing meets GDPR requirements and, where applicable, is properly described in our privacy notices. We endeavor to implement new features that give our customers more control over data and ease their own burden of achieving GDPR compliance.
Vendor Due Diligence. WatchGuard vendors and sub-processors are required to enter into written agreements with WatchGuard that satisfy the requirements of applicable data protection law (including the GDPR). We conduct due diligence designed to ensure that such vendors and sub-processors can provide protections that are essentially equivalent to those provided to our customers by us. A list of WatchGuard sub-processors can be viewed here.
Customer Contractual Obligations. Our Customer Data Processing Addendum is incorporated by reference into our standard customer facing agreements. If you would like to have a signed version, please contact us at [email protected].
Data Transfers. Where we process customer data in the United States in order to provide the services, the WatchGuard Data Processing Addendum incorporates the 2021 Standard Contractual Clauses ("SCCs"). This means that the SCCs apply automatically for all customers who use our services to process customer data outside the EEA, as well as the UK and Switzerland.
DPIAs. Where required, we conduct Data Protection Impact Assessments (“DPIAs”). The results are communicated to the relevant teams and help us establish appropriate controls on data processing and management.
Security Measures. WatchGuard has an internal Information Security Policy that establishes a security program to ensure that WatchGuard adopts best practices to safeguard our customer data. Our Technical and Organizational Security Measures can be viewed in Annex 3 of our Data Processing Addendum and product certifications, including our ISO/IEC 27001:2013 certificate, can be found on our Product Certifications page. We improve our data security measures and controls based on the internal security reviews, internal reviews of products and services, as well as the DPIAs.
Incident Response. To ensure appropriate response to data incidents, we follow our incident response plan and process. All incidents are tracked regardless of whether they amount to personal data breach. In the event of personal data breach, WatchGuard will notify data protection authorities, data subjects or our business customers as applicable and depending on our role in relation to the data.
If you have any questions about this Statement, please email [email protected] or as specified below:
WatchGuard Technologies, Inc.
Attn: Legal Department
505 5TH AVE S STE 500
Seattle WA 98104
In Europe by registered post:
Attn: Legal Department
Calle Santiago de Compostela 12, 1ª planta
48003 Bilbao, Bizkaia
Please note that you may also submit your requests or complains directly to our DPO at [email protected].