WISOLUTION - Contract order processing according to Art. 28 GDPR

Between the WISOLUTION client (Client) and WISOLUTION Ltd. (Contractor) is concluded subsequent contract.

If you have any questions about privacy at WISOLUTION, please contact us at privacy@wisolution.com

1. 1. Confidentiality (Article 32 Paragraph 1 Point b GDPR)

    Physical Access Control
    No unauthorised access to Data Processing Facilities, e.g.: magnetic or chip cards, keys, electronic door openers, facility security services and/or entrance security staff, alarm systems, video/CCTV Systems

    Electronic Access Control
    No unauthorised use of the Data Processing and Data Storage Systems, e.g.: (secure) passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data carriers/storage media

    Internal Access Control (permissions for user rights of access to and amendment of data)
    No unauthorised Reading, Copying, Changes or Deletions of Data within the system, e.g. rights authorisation concept, need-based rights of access, logging of system access events

    Isolation Control
    The isolated Processing of Data, which is collected for differing purposes, e.g. multiple Client support, sandboxing.

    Pseudonymisation (Article 32 Paragraph 1 Point a GDPR; Article 25 Paragraph 1 GDPR)
    The processing of personal data in such a method/way, that the data cannot be associated with a specific Data Subject without the assistance of additional Information, provided that this additional information is stored separately, and is subject to appropriate technical and organisational measures.

2. 2. Integrity (Article 32 Paragraph 1 Point b GDPR)

    Data Transfer Control
    No unauthorised Reading, Copying, Changes or Deletions of Data with electronic transfer or transport, e.g.: Encryption, Virtual Private Networks (VPN), electronic signature;

    Data Entry Control
    Verification, whether and by whom personal data is entered into a Data Processing System, is changed or deleted, e.g.: Logging, Document Management

3. 3. Availability and Resilience (Article 32 Paragraph 1 Point b GDPR)

    Availability Control
    Prevention of accidental or wilful destruction or loss, e.g.: Backup Strategy (online/offline; on-site/off-site), Uninterruptible Power Supply (UPS), virus protection, firewall, reporting procedures and contingency planning

    Rapid Recovery (Article 32 Paragraph 1 Point c GDPR) (Article 32 Paragraph 1 Point c GDPR);

4. 4. Procedures for regular testing, assessment and evaluation (Article 32 Paragraph 1 Point d GDPR; Article 25 Paragraph 1 GDPR)

    Data Protection Management;

    Incident Response Management;

    Data Protection by Design and Default (Article 25 Paragraph 2 GDPR);

    Order or Contract Control
    No third party data processing as per Article 28 GDPR without corresponding instructions from the Client, e.g.: clear and unambiguous contractual arrangements, formalised Order Management, strict controls on the selection of the Service Provider, duty of pre-evaluation, supervisory follow-up checks.




Microsoft Ireland Operations Ltd

One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland

Data processing centre service


1801 California Street, Suite 500, Denver, CO 80202, USA

Mail sender