ManageWP and GDPR Compliance

We now meet the high standard for data privacy introduced by the new European data protection law known as the General Data Protection Regulation (GDPR).

As part of our ongoing effort to provide the best service that we can, we’re updating our Privacy Policy and Terms of Service in order to make it easier for you to understand what information we collect about you and how are we using it. We’ve also taken steps to improve our data processes and other controls we provide to safeguard your data and protect your privacy.

Nothing is changing about your current settings or how your information is processed. Rather, we’ve improved the way we describe our practices and there are new options for updating, managing, exporting, and deleting your personal data.


For your convenience, here is a brief summary of the changes to each policy and the new options. We encourage you to review each one in full:

Easier to understand privacy policy

We’ve improved the navigation and organization of the policy to make it easier to understand and quicker to find what you’re looking for. We’ve also explained our practices in more detail and with clearer language. We make it even easier to understand the data we have about you, how are we storing and using it, and what options are available to you regarding your data.

The Cookies section covers our use of both internal and third-party cookies including: what cookies we use, what data third-parties collect, and your choices regarding cookies. You can also access your Cookie Settings and opt-out of specific tracking options.

Cookie Settings Option

Improving Our Privacy Controls

Our new Privacy Settings within your dashboard will give you even more control over cookies, tracking scripts, communication preferences, and the users of your personal data. This centralized location was specifically built in order for you to manage and change, at any time, all of your privacy preferences.

Privacy Settings

Personal Data

You are fully in control of your personal data with new options to update, manage, and export your data.

Personal Data export

If you wish to have your personal data removed, you can approach helpdesk@managewp.com with the request to delete your personal data. Once that is approved, our support team will delete or anonymize all of your personal data. There are specific legal reasons why businesses can continue to store certain types of personal data even if an individual has requested that all data be deleted.

Data Processing Addendum (DPA)

Our Privacy policy does not technically cover your end-users or site visitors. However, the GDPR calls for contractual assurances about privacy and security practices.

That is why we included Data Processing Addendum into our Terms of Service and is meant to provide you with a contractual assurance that we have robust mechanisms to ensure the transfer of Your Data, including transfers of Your Data from the EEA to the Services, meets with compliance under applicable data privacy laws. By accepting our Terms of Service at the time of purchase of Services will also be treated as your acknowledgement and acceptance of the DPA and its appendices (including the Standard Contractual Clauses and its appendices, as applicable).

Just to be perfectly clear, you are NOT required to sign the DPA.

If you however still wish to read, print, sign and return a physical copy of the DPA, please send an email request to helpdesk@managewp.com. We’ll comply with the request by sending you the signed DPA version and keep a signed copy you send back on file associated with your account.

Data Security

We’ve also taken steps to improve our data processes and other controls we provide to safeguard your data and protect your privacy. Security features and encryptions are built into all of our products, services, and infrastructure to keep data protected at every point. We invest in teams and technology to continually improve that security, protecting not only our operations, but your data as well.

Your data is in safe hands and well protected.


In the meantime, we wanted to make sure you wouldn’t be surprised by these changes and reassure you that none of this will impact our principles and the way we’ve been operating so far.

If you wish to learn even more about the GDPR and your rights, click here.

For any additional questions that we did not cover here, please check our F.A.Q. section on the GDPR User Guide page.

As always, we are here for you.
ManageWP team

Marko Tanaskovic

Growth Engineer & Business Intelligence / Digital Marketing Expert @ ManageWP Currently on a mission of either cloning himself or learning to be at two places at the same time. Latter being the preferred option.

9 Comments

  1. Steven

    We have a few customers that are only now starting to ask detailed questions about GDPR. One of them is in which country in Europe backups through MWP are saved. Can you tell me that please?

    1. Marko Tanaskovic

      Author

      HI Steven,
      If you have chosen the EU location for your backups, the data is being stored on one of the Amazon S3 Servers located in one of their data centers within the EU. You can find the location of Amazon data centers on this link: https://aws.amazon.com/about-aws/global-infrastructure/

  2. Greg

    What are the GDPR regulations regarding ManageWP retaining backups of websites that may contain user data? Is there a statement about how that data is kept secure, how long it’s retained, etc., that we can add to our own privacy policies?

    1. Marko Tanaskovic

      Author

      GDPR regulation is directed at the protection of personal data and really doesn’t go into details such as data backups.

      For each of our tools, there is a Feature page explaining into details how our tools work and what is the data retention period.
      All of our backups (managewp.com/features/backup) are strongly encrypted and stored safely on Amazon S3 servers for 90 days. And you can, of course, choose the backup location for each of your websites (US or EU). Both locations fully support the GDPR standards for data privacy. And when you remove the website from your dashboard, data will be removed automatically after 7 days.

    2. Marko Tanaskovic

      Author

      We received a lot of questions regarding the GDPR & backups so let me add an additional comment.

      We are fully GDPR compliant toward OUR users and we comply with all of your requests to update, export and delete YOUR data.

      However, we do not provide specialized plugin solutions aimed at solving GDPR problems for website owners such as: GDPR compliant webforms, GDPR checkboxes for signups, solutions for export/deletion of your clients data or specialized solutions for deleting specific data table entries from backups.

      If you however, know of a good and reliable solution that does this task well and would work nicely with ManageWP – please let us know and we will consider the integration with our services.

  3. Gudrun

    If I were to write a privacy statement to my customers, I would need to explain that I use your service and what data you store about my customers. Is that available anywhere? Did I miss that?

    1. Marko Tanaskovic

      Author

      Most of that information is contained in our Privacy policy and Terms of Service.
      But to answer you question in more detail: ManageWP is a website management service. In that regard, our focus is not your customer data but the website you connected to our service.

      We do not automatically gather data about your users but we can receive it based on what you provide to us.
      For instance, we do not automatically backup your website but only do so when you activate the backup. In that case we gather and store all the data that you requested (you can include/exclude specific files, folders and database tables). This data may or may not include your customers data. We store that data safely encrypted on our Amazon S3 servers.

  4. Alex

    Hi folks,

    what is with the data proccesing contract with us? Where can i download it?

    That´s the most important question for me!

    Cheers Alex

    1. Marko Tanaskovic

      Author

      Hi Alex,
      There is the section in the article explaining that we included Data Processing Addendum into our Terms of Service and is meant to provide you with a contractual assurance that we have mechanisms to ensure the transfer of Your Data and that it meets with compliance under applicable data privacy laws.By accepting our Terms of Service at the time of purchase of Services will also be treated as your acknowledgement and acceptance of the DPA and its appendices.

      To sum it up, you don’t need to sign the DPA as we already are providing you with the contractual assurance through our ToS.

      If you however still wish to read, print, sign and return a physical copy of the DPA, please send an email request to helpdesk@managewp.com. We’ll comply with the request by sending you the signed DPA version and keep a signed copy you send back on file associated with your account.

Leave a Reply

Your email address will not be published. Required fields are marked *

Over 40,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!

Have questions? Get in touch!

Over 40,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!

Over 40,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!

Over 40,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!