Like many other companies, Docmosis has reviewed its company-wide compliance strategy with respect to the EU General Data Protection Regulation (GDPR), which came in to effect from 25th May 2018. In doing so Docmosis completed an audit of all data flowing in and out of our organization, either in our capacity as a Data Controller or as a Data Processor.
As a result we have: reviewed and updated our Privacy Policy and Cookie Policy; ensured we obtain consent before collecting personal data of our customers; provide access to that data; and provide the right to be forgotten in accordance with our Privacy Policy. We have either signed Data Processing Addendums with relevant third-party service providers or moved away from non-compliant providers.
Docmosis offers a GDPR compliant Data Processing Addendum to our standard Cloud Services Agreement so that customers can use the Cloud Services in a GDPR compliant manner and we have executed Data Processing Addendums with our sub-processors.
We are committed to: a process of continual improvement of our privacy and security measures; notifying regulators of personal data breaches; and promptly communicating any such breaches to our customers.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European privacy law. The GDPR increases protection around the processing of personal data of EU data subjects by applying a single data protection law that is binding throughout each member state of the EU.
Who Does the GDPR apply to?
The GDPR applies to any organization, whether or not they are established in the EU, that is processing personal data of EU data subjects.
Is Docmosis a Data Controller or Data Processor?
Under the GDPR Docmosis is both a Data Controller and a Data Processor. Data Controller – Docmosis acts as a data controller when we collect and store account and contact information of our customers. Data Processor – Docmosis acts as a data processor when our customers use the Cloud Services to process personal data. Under these circumstances, our customer may act as a data controller or data processor, and Docmosis acts as a data processor or sub-processor.
Can I use the Docmosis Cloud to Process Personal Data?
Yes. If you intend to generate documents that contain Personal Data you should: Sign the Data Processing Addendum to our standard Cloud Services Agreement.
Customers must use Cloud Services in accordance with: Guidelines for Using Docmosis Cloud Services in a GDPR-Compliant Manner.
How do I enter in to the Data Processing Addendum with Docmosis?
Please send an email to privacy@docmosis.com that specifies:
- Customer’s business name and address.
- First and last name of the person signing.
- Position of the person signing.
- Email address of the person signing.
We will then send you a copy of the Data Processing Addendum that you can review and sign electronically.
What technical and organisational measures does Docmosis have in place?
In response to Article 28 and 32 of the GDPR we outline the technical and organisational measures we use to ensure the ongoing confidentiality, integrity, availability and resilience of the Docmosis Cloud service, here: Security Measures.