The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.
Data Processing Agreement
As Bitrix24 has many clients in the European Union, we follow GDPR compliance rules and maintain GDRP section on our website. Obtain your digitally signed copy of the Data Processing Agreement and print the agreement. This is your copy of the agreement.
We need to have our copy too and it can be digitally signed by you in the account settings. The agreement comes into effect when your Bitrix24 account administrators provide all necessary information in the account settings (GDPR Compliance section) for our records keeping.
Note that in this section you can also revoke your consent to receiving email notifications from us that you’ve agreed to before.
Data hosting inside and outside the EU
Please note that GDPR allows the processing of personal data outside the EEA area when the appropriate safeguards specified in articles 45-49 GDPR are met. However we recommend that our European clients use Bitrix24.eu, Bitrix24.de, Bitrix24.pl, Bitrix.it or Bitrix24.fr accounts just to be on the safe side, because these accounts are hosted in AWS data centers in Frankfurt, Germany, which are fully GDPR compliant. Bitrix24.com, Bitrix24.es and Bitrix24.com.br data is stored in the United States. The personal data processing of customers from Spain and Portugal is protected under EU-US Privacy Shield framework, you can find further information in our Data Processing Agreement. Also, keep in mind that commercial Bitrix24 users can submit helpdesk requests to transfer their data from one data center to another (EU to US or the other way around).
GDPR compliance for your employees and CRM records
If you have employees or clients from the European Union, they have certain rights under GDPR. When using Bitrix24 CRM web forms and our live chat widget, you need to activate the option that asks for the consent of personal data processing or contact your regional Bitrix24 partner to help you with that. Or for example, your employees or customers can ask you to provide a copy of all their personal data you’ve collected on them in your Bitrix24 account. They can also ask you to delete or anonymize their personal data. If you received such inquiries, you can use our marketplace apps GDPR for employees and GDPR for CRM to automatically execute these requests.