Last Modified: May 2021

Workato takes the privacy of our customers, partners and their end-users seriously. That is why we have taken measures to support our customers and partners’ compliance with data protection requirements, including those set forth in the General Data Protection Regulation (“GDPR”), which became effective May 25, 2018, and other applicable data protection laws, such as the Data Protection Act 2018 of the United Kingdom, the Swiss Federal Act on Data Protection (1992) and related data protection and privacy laws of the member states of the European Economic Area, each as applicable and as amended, repealed, consolidated or replaced from time to time.

What is GDPR?

The GDPR is a European privacy law that replaced the previous EU Data Protection Directive (“Directive 95/46/EC”). The GDPR is intended to strengthen the security and protection of personal data in the EU.

To whom does the GDPR apply?

GDPR claims worldwide jurisdiction: it applies to all persons and organizations which may process “personal data” of EU residents, if they have business in the EU or are outside the EU and offer goods or services to EU residents, or monitor their behavior while within the EU (GDPR Article 2). Personal data is “any information relating to an identified or identifiable natural person (‘data subject’)” (GDPR Article 4). Although no longer in the EU, the United Kingdom has implemented the Data Protection Act of 2018 which has similar provisions and is applicable to U.K. users.

What rights do I have under GDPR, and how can I exercise them?

See the “Notice to European Users” section of the relevant Privacy Policy: (i) the Services Privacy Policy (for Workato customers), and (ii) the Website Privacy Policy (for visitors to Workato’s website).

Is Workato a controller or processor?

In GDPR terms, Workato is a Processor with regard to the personal data that Workato processes on the Workato platform on behalf of its customers (the Controller). This includes “Transaction Data” as defined in our Terms of Service. Details of Workato’s privacy practices in relation to customers of the Workato Services are set out in our Services Privacy Policy
Workato is a Controller with regard to the personal data that it collects and for which it determines the purposes and the manner in which the personal data is to be processed. Details of the data collected by Workato in its capacity as Controller are described in our Website Privacy Policy

Do you utilize sub-processors to process user data?

Yes, Workato maintains an up-to-date list of the names and locations of all sub-processors used by us in connection with our Services. We ensure that all sub-processors engaged by us have Data Processing Agreements (“DPAs”) in place. See the Sub-Processors or details.