DocsCorp’s top priority is providing quality products, the best delivery of service, and ensuring that any information we hold on your behalf is safe and secure. In May 2018, the EU General Data Protection Regulation (GDPR) came into force. It was developed on top of existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe. DocsCorp recognizes the importance of these new regulations, not just to satisfy regulation on paper, but to assure you that we take the handling of your personal data seriously. This is important for our entire global operations, and not just limited to our EU customers.
The nature of DocsCorp’s products and services and the fact we operate in a business-to-business (B2B) environment means that DocsCorp retains very little or none of your personal data, and we continue to strive to ensure that we retain as little personal data as possible of our customers.
DocsCorp also has a wholly owned USA subsidiary, DocsCorp LLC, from which it operates its business for services to customers in North and South America. DocsCorp Support teams are located in the UK, US, and Australia, and to provide the maximum level of service, DocsCorp staff in these countries may access the information you have provided to us, solely to assist you in the use of your software. This allows DocsCorp to provide 24/5 support and service to its customers, so it’s important under the information held by DocsCorp and your rights to that data.
DocsCorp operates its European businesses through DocsCorp Limited (UK) which is a wholly owned subsidiary of DocsCorp Group Pty Ltd (Australia). DocsCorp also has a wholly owned USA subsidiary, DocsCorp LLC, from which it operates its business for services to customers in North and South America. DocsCorp Support teams are located in the UK, US, and Australia, and to provide the maximum level of service, DocsCorp staff in these countries may access the information you have provided to us, solely to assist you in the use of your software. This allows DocsCorp to provide 24/5 support and service to its customers, so it’s important under the information held by DocsCorp and your rights to that data.
These countries may not have the same data protection laws as the UK and the European Economic Area (EEA). However, any transfer will be subject to safeguards as permitted under the General Data Protection Regulation. These safeguards are designed to protect your privacy rights and provide you with remedies in the unlikely event that your personal information is misused. Your data will remain under the control of DocsCorp at all times, and will be secured to the same security standard as data stored by DocsCorp in the EEA.
Australia and the United States has not sought or received a finding of adequacy from the EU under Article 45 of the GDPR. DocsCorp relies on derogations for specific situations as set forth in Article 49 of the GDPR which allows for this sharing of data with your consent. Any personal data we collect and transfer to any DocsCorp company we do so with your consent, to perform a contract with you as is detailed in the Support Agreement.
DocsCorp can provide you the following assurances:
- We have a continuing education program for all our staff as to the importance of data security, GDPR compliance, data integrity and the role they play in this process.
- We have established that all data we hold is held under a lawful basis of legitimate interest, and we have conducted a review to ensure that the data held is the minimum required to provide you the very best service.
- We will provide you privacy notices where relevant to inform you of data we are holding. These are presented in a layered approach via just-in-time notices and warnings where appropriate.
- We hold your data no longer than is required to provide you the services and products you require and to conform with regulatory authorities and laws.
- For the data we store, the contracts we hold with processors have been reviewed to ensure compliance with GDPR.
- We have conducted an audit to confirm that we are only holding data specified in the privacy statement and that we have legitimate reasons for retaining this.
- Data we hold is only available to other DocsCorp staff when they have a reason to provide you the services and products you have licensed. Where we transfer personal data internationally, we have ensured that it meets all the security requirements of GDPR.
Our GDPR Principles are:
- Data is processed fairly and lawfully
- Data is processed only for specified and lawful purposes
- Processed data is adequate, relevant and not excessive
- Processed data is accurate and, where necessary, kept up to date
- Data is not kept longer than necessary
- Data is processed according to an individual’s consent and rights
- Data is kept secure
- Data is not transferred to countries outside of the EEA without adequate protection
- You have the right to be informed about your personal information we may collect and hold
Storage of your Personal Data
Due to the nature of the software products and services that DocsCorp provides to its business customers, very limited personal information is held for its customers. This information is limited to:
- Your organization’s name
- Your contact name
- Your business email address
- Your business phone number if you provided it to us
- Any email correspondence you sent to us
DocsCorp stores no other information such as credit card details you may have provided to us at time of purchase of our software.
It is your responsibility to ensure you are satisfied that the information you email to us does not contain any other personal information or if it does, you agree that we will be storing this information on your behalf – since we cannot control what information you email us. If you send us information in an email that contains personal data that you do not wish us to retain, you should notify us immediately.
Personal information is held with the understanding that it is supporting a legitimate interest to inform you of product and service offerings of DocsCorp that are highly relevant to your business needs.
How to make a complaint
The General Data Protection Regulation (GDPR) also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office (ICO) which can be contacted at https://ico.org.uk/concerns/.
Right to access your Data
The GDPR gives you the right to request a copy of the personal data that we hold on your behalf. This information must be provided to you in a timely manner. To request details about the personal information we hold on your behalf, please contact DocsCorp’s Data Protection Office by emailing firstname.lastname@example.org.
This statement will be revised on a continual basis as data security regulations change, and where DocsCorp expands its product and service offerings, so it is required it to hold more of your personal data. We will also revise this based on clients' feedback and experiences in working with DocsCorp to ensure we always exceed your expectations in regards to data privacy and security.