TestRail ("Gurock") is committed to complying with the General Data Protection Regulation ("GDPR"), which will go into effect on May 25, 2018. The GDPR regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give European Union ("EU") citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law. The GDPR applies to all companies that do business with EU citizens or process data of EU citizens regardless of the location of the company that is processing such data. To that end, the GDPR applies to Gurock.
Our customers can trust that TestRail has made GDPR a priority and has devoted significant and strategic resources toward our efforts to comply with GDPR.
Like many other global software companies, TestRail is in the process of rolling out its company-wide GDPR compliance program starting on May 25, 2018. TestRail appreciates that its customers have requirements under the GDPR, which are directly impacted by their use of TestRail’s products and services, and TestRail is committed to helping its customers fulfill their requirements under the GDPR and local law.
TestRail will keep you inform through its website about its compliance with the GDPR requirements; however, should you have any questions or concerns, please do not hesitate to contact our legal department at compliance@testrail.com.
TestRail (the "Company") prepare this document to help you clarify some common confusions around the General Data Protection Regulation ("GDPR"). The Company recognizes the importance of the evolving legal and regulatory landscape around information security and data privacy and remains firmly committed to GDPR readiness.
No. The GDPR does not contain any obligation to store information in Europe. However, transfers of European personal data outside the European Economic Area (EEA) generally require that a valid transfer mechanism be in place to protect the data once it leaves the EEA. The GDPR does not invalidate or override the EU Model Clauses or the EU-U.S. and Swiss-U.S. Privacy Shield Framework, which are both legally valid mechanisms to ensure the legal transfer of personal data into and out of the EEA. The Company ensures that its customers can comply by offering its customers a data processing agreement ("DPA") that incorporates the Model Clauses as approved by the European Commission.
The DPA is an agreement that will govern the processing of personal data that customer uploads or otherwise provides to TestRail in connection with the services and the processing of any personal data that TestRail uploads or otherwise provides to customers in connection with the services. The DPA is incorporated into the main Agreement that the customer has in place with Gurock. TestRail will process personal data in accordance with its obligations pursuant to the TestRail DPA.
If you have determined that you qualify as a data controller under the GDPR (please see the definition of data controller and data processor below), and need a data processing agreement in place with vendors that process personal data on your behalf, we want to help make thigs easy for you. Our GDPR compliant DPA is available for review