Bitrix, Inc. provides all of its customers from the European Union with the digitally signed Data Processing Agreement and information about Bitrix24 infrastructure, sub-processors and joint controllers. Simply print the signed DPA and add your company information. To finalize the process, Bitrix24 account administrators also need to provide all necessary information in the account settings (GDPR Compliance section) for our records keeping. Once done, the Agreement comes into effect.
Data in Bitrix24.eu, Bitrix24.de, Bitrix24.pl, Bitrix24.ua and Bitrix24.fr domain zones is hosted inside the European Union in Frankfurt, Germany with Amazon Web Services data centers, which are fully GDPR compliant - https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/.
Bitrix24.com, Bitrix24.in, Bitrix24.es, Bitrix24.com.br, Bitrix24.tr, Bitrix24.cn, Bitrix24.kz, Bitrix24.ru and Bitrix24.by accounts are hosted OUTSIDE the European Union, thus international data transfers take place. We recommend Bitrix24 users from the European Union use Bitrix24 accounts that are hosted in the European Union. Please note that commercial Bitrix24 account users can request their data to be transferred to the EU data centers via helpdesk - https://helpdesk.bitrix24.com/ticket.php. On-premise Bitrix24 editions are also available for purchase.
We take a number of steps to protect the security and integrity of data stored with Bitrix24. All web connections for data transfer encrypted, data is isolated, and two factor authorization is available (Bitrix24 OTP or Google Authenticator). Full information on Bitrix24 security mechanisms and protocols is available at https://www.bitrix24.com/security/.
We provide special marketplace applications that allow Bitrix24 administrators to comply with GDPR data pseudonymization and portability requirements. The first application anonymizes personal data for any Bitrix24 user upon request. The second application allows any Bitrix24 user to download personal data collected inside their account.