GDPR and Data Compliance

At SaveTrees, we take GDPR and data protection seriously. Here’s everything you need to know.

• Our commitment to GDPR
• Where your data is stored
• How we protect your data
• Who has access to your data
• Data retention policy
• Data breach response

SaveTrees is fully committed to complying with the principles of GDPR to ensure your data is handled lawfully, fairly, and transparently.

To do this, we adhere to the following key principles:

• Transparency: You have the right to know how and why your data is collected, processed, and stored. We provide clear and concise information at every stage.
• Accountability: We take responsibility for protecting your data, regularly reviewing our practices to ensure compliance with the highest standards.
• Security: We implement robust security measures to safeguard your data against unauthorised access, loss, or misuse.

When it comes to data processing, we are guided by a simple rule: only collect, store, and use the data that is necessary. This means:

• We collect data such as names, email addresses, and timesheet details to provide our services effectively.
• We store this data securely in GDPR-compliant data centres, ensuring it is encrypted and protected.
• We only use your data for its intended purpose, such as facilitating timesheet management, and we will never share it with third parties without your explicit consent.

By embedding these principles into our operations, we ensure that your data is handled responsibly and with the utmost care.

All data collected by SaveTrees is securely stored on servers located within the UK and EU. These servers are provided by trusted, industry-leading cloud providers who meet rigorous compliance standards, including ISO 27001 certification for information security.

Our providers employ advanced encryption methods to protect data both at rest and in transit. Regular audits and updates are performed to ensure the highest level of security.

By keeping your data within the UK/EU, we ensure it is always subject to GDPR’s stringent data protection requirements.

We use multiple layers of security to protect your data, including:

• End-to-end encryption to secure data in transit.

• Encryption at rest to protect stored data.

• Access controls to ensure that only authorised personnel can access your data.

• Regular vulnerability assessments and security updates to maintain robust protection.

We continually update our security measures to stay ahead of emerging threats and to ensure your data remains safe.

Access to your data is strictly limited to authorised personnel who need it to provide our services. Access is granted on a need-to-know basis and is carefully controlled.

We do not sell or share your data with third parties for marketing purposes. Any data shared with third parties (e.g., to process payments or improve services) is done so securely and in full compliance with GDPR.

We retain your data only for as long as it is necessary for the purposes for which it was collected. Our retention period is seven years for all types of data, including:

• Timesheet data: Retained for seven years for auditing and reporting purposes.

• Account details: Retained for seven years after account closure.

Once data is no longer needed, it is securely deleted or anonymised in compliance with GDPR regulations.