twitterfacebookfacebook instagram


Vretta considers data security to be our top priority and we are committed to maintaining the highest standards in accordance with established best practices and legal requirements. We strive to hold user data in a secure manner while helping them attain their educational goals.

For your reference, we have compiled the following information providing you with an overview of our current data policy and answers to frequently asked questions regarding theGeneral Data Protection Regulation (GDPR).

What is the General Data Protection Regulation?

The GDPR is a strong move forward in the protection of data across the European Union. Effective May 25 2018, it has replaced the EC Data Protection Directive (EC/95/46), bringing new legal rights for individuals, extending the scope of responsibilities for data controllers and data processors while enhancing the regime for enforcement.

The new regulations in the GDPR enhance the protection of personal data (any information that can identify a person, from names and emails to identification numbers). Personal data of a more sensitive nature (such as ethnicity or sexual orientation) is given even higher protection in the GDPR and requires stronger grounds to collect.

The GDPR applies to any organization that collects personal data from an individual residing in the European Union. This means individual rights are protected no matter where the organization is located. The right of consent has also been strengthened. In order to acquire personal information, consent must be an active process, separate from other processing, involving clear and plain language.

What are your rights under the GDPR?

In addition to regulating the behavior of organizations, the GDPR also grants new rights for individuals. These rights aim to give individuals more control over their data and how it is processed. The information below should help individuals familiarize themselves with what rights they have under the GDPR:

What is Vretta’s role as outlined by the GDPR?

The GDPR distinguishes two important roles that classify what an organization must to do comply with the regulation. Our clients and partners decide the purpose and method of data processing and are therefore considered data controllers. Vretta is considered a data processor since we process the data on behalf of the data controller, as per its instructions.

How is data currently being managed at Vretta?

We have implemented rigorous safeguards to protect your data. We maintain an encryption configuration necessary to achieve an ‘A’ grade on Qualys SSL Labs Report. All personal data is kept strictly confidential, meaning only those authorized for access may process it and we only process personal data as per instructions from our data controller.

We have established protocols to handle data processing. Just as we guarantee the confidentiality and security of data, you can be assured that at the end of our service any personal data processed will be erased. Additionally, should a data breach occur, we will immediately report the event and its details to our data controller upon its identification

We have a team of highly specialized data personnel responsible to process data and to ensure that we are fully compliant with data protection regulations. Our data team monitors data integrity, accuracy and confidentiality and performs regular security reviews. The team keeps a record of all processing activities. When an inaccuracy is discovered the data is updated without undue delay.

Our Data Protection Officer (DPO) keeps management updated on data protection responsibilities, risks and issues. Our DPO also deals with access requests and approvals of any contracts with third parties that may handle sensitive data. Since we handle large amounts of data on a regular basis, our DPO oversees our compliance with the GDPR.

Vretta's Data Management Framework details our policies concerning the usage, storage, dissemination, and deletion of all data we collect. If you would like to know more, download our Data Management Framework by clicking the link or icon below.

Download the Data Management Framework


If you would like to request any of your data that we store, download the Data Request Form by clicking the link or the icon below, fill in the details, and send the document as an email attachment to

Download the Data Request Form


Data Controllers may download a Data Processing Agreement that serves as documented instructions between the Data Controller and Data Processor. This documentation is necessary in some jurisdictions, including the European Union.

Download the Data Processing Agreement

Who do I contact at Vretta if I have any questions?

We are committed to ensuring the rights of individuals and organizations who work with us. If you have any questions or concerns, feel free to contact our Data Protection Officer