Commitment to Data Protection

Effective: May 8, 2018 Last Updated: May 8, 2018



1. Scope of application

This policy applies to all Woodpecker employees and collaborators. Furthermore, it applies to service which can be accessed via


2. Definitions

I. All definitions, as processing, controller, processor, data, sensitive data, used in this Commitment shall have its regular meaning as set forth by the General Data Protection Regulation.

II. Sub-processor means any person or a third party appointed by or on behalf of Processor to conduct actions on personal data.

III. Service means software

IV. User and customer mean respectively any person who uses service with the access to an active account regardless of version (trial or premium).

3. Aim

I. This Data Protection Statement is unilaterally binding upon and shall be understood as a policy applicable to the enterprise as a whole.

II. declares that it is aware of internal risks arising out of data processing and shall devote its time and resources to minimize any risk concerning data entered into the system.

III. This Data Protection Commitment amounts to be a proof of being GDPR compliant.

IV. Agreement between and customer means Terms of Service.


4. Opening statements Ltd, registered in Poland under NIP registrar number 8992769178 as a company with limited liability. Woodpecker is aware of responsibilities arising from General Data Protection Regulation and dedicates itself to accomplish goals set forth in the regulation.

The Woodpecker Team, represented by CEO Matt Tarczyński and CTO Maciej Cieśla, undertook steps to comply with the requirements and hereby by this document expresses its affirmation to the abovementioned principles which becomes binding on us by a unilateral declaration.


I.  Managing users data in a mutually agreed manner;

II. Managing users data shall be transparent;

III. Ensuring information assets and processing facilities are protected against unauthorized access or misuse;

IV. Ensuring that all crucial security-related legal obligations shall be fulfilled;

V. Creation of procedures adjusting data protection reporting;

VI. An obligation to investigate all known breaches of data security unconditionally if it is factual or suspected;

VII. Conducting risk assessment and employing potential techniques to minimize the occurrence of data protection breach;

VIII. Ensuring that all relevant security communications are made both internally and externally to inform, advise, and encourage best practices in data protection;

IX. Develop, adjust, and constantly improve data protection to address newly arising concerns of our users;

X. Provide transparent Terms of Service complaint with General Data Protection Policy;

XI. Provide transparent Safety and Security which explains data storage and security policy compliant with General Data Protection Regulation

XII. Provide guidelines for our customers in conducting a risk assessment.


5. Data Protection Policy

I. acts as both, data controller and processor. In case of data of customers or users, acts as a data controller with the ability to define aim and purpose of processing. In case of any other data entered to the system by an end user or our customer, with a special focus on prospects database, IMAP server data, campaign, acts as a processor which takes actions on data on behalf of a controller, by providing automation service.

II. acting as a controller declares that data of EU citizens shall be stored on EU located servers.

III. acting as a processor declares that it will not transfer data of the customer to any third country which does not fulfill security standards. In case of most of’s sub-processors, data are transferred under Privacy Shield Agreement to the USA-based servers.

IV. The main aim of data collection is to establish subscription agreement, enable account functioning, provide technical support and maintenance, monitor activities what raises protection security, ensure proper account functioning, maintain access via API standard method or provide invoices.

V. indicated that in case of any complaint or doubt concerning data security, it is willing to reply to every concern. Any complaint, data deletion request, data modification request, data return request shall be sent to via [email protected],

VI. Due to technical inability, as a processor, shall not be responsible for data in the content of conversations apart from its full dedication to ensure adequate technical security measures.

VII. To ensure data confidentiality, declares that is will not lease, sell, or exchange any data concerning customers or end-users with any third party, with the exclusion of processors and sub-processors employed by, or if otherwise required by law.

VIII. To limit data access or request additional information, user or client shall submit a written request via [email protected].

IX. Data processing of customers or users’ data is based upon consent.

X. Data processing of content, prospects’ database, and campaigns is based upon the agreement between (processor) and a customer or user (controller).

XI. As a company dedicated to data security, relevant data protection security training sessions were conducted internally.

XII. All staff of has Non-disclosure agreements signed and is allowed to process data only to the extent which is necessary to ensure maintenance and support for customers.


6. Dispute solving

I. is willing to participate in amicable dispute settlement or mediation in case of a dispute.

II. If such a solution is not possible, as a company registered in Poland is obliged to solve disputes on the grounds of Polish jurisdiction.



<< back to Home