The GDPR is a European Union (EU) privacy law that will affect businesses around the world when it becomes enforceable on May 25, 2018. It regulates how any organization that is subject to the Regulation treats or uses the personal data of people located in the EU. Personal data is any piece of data that, used alone or with other data, could identify a person. If you collect, change, transmit, erase, or otherwise use or store the personal data of EU citizens, you’ll need to comply with the GDPR.

Our GDPR Commitment

We at Kovai Limited, the provider of Document360 have been preparing for the GDPR and modifying many of our internal practices and policies, because we are committed to achieving compliance with the GDPR in May 2018. We only collect and store information that is necessary to offer our service, and we do this with the consent of our customers. Adding to this, our approach towards privacy, security, and data protection align with the goals of GDPR. Along with a highly secure and robust system architecture, we have a variety of security measures in place to prevent unauthorized access and processing of personal data.

Document360 is fully committed to being compliant prior to the date GDPR goes into effect. We promise to safeguard customer data.

Document360 GDPR Readiness

  1. Create and sustain awareness within the company regarding the Privacy by Default and Privacy by Design principles that need to be kept in mind for ongoing development – Done
  2. Bring together the product, marketing, compliance, and security team to oversee Document360’s GDPR compliance initiatives – Done
  3. Analyze all the areas of the product that GDPR would have an effect on – Done 
  4. Create a data retention policy and have an automated process in place to adhere to the same – Done
  5. Update the privacy policy in accordance with GDPR and communicate the changes made to our customers – Done
  6. Reach out to all our third-party vendors to make sure they are GDPR-ready – Done

Document360 as a Data Controller

Document360 recognizes its responsibilities as a data controller towards its customers. Detailed out below are all the steps we are taking towards fulfilling all legal obligations under GDPR, as a data controller.

Data Categorization and Analysis
  1. We have carried out a detailed data mapping exercise to track the flow of personal data through our systems.
  2. We have established and are maintaining a clean data repository that is constantly updated. This gives us control over the data flowing through our systems, with clear processes for handling, securing, and storing this data.
Data Retention

We store personal data with industry standard encryption techniques for as long as we find it necessary to fulfill the purpose for which the personal data was collected, while also considering our need to answer your queries or resolve possible problems, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes. This means that we may retain your personal data for a reasonable period of time after your last interaction with us. When the personal data that we have collected is no longer required, we will delete it in a secure manner.

Consent Mechanism
  1. We will actively start collecting consent from our customers from May 25th, wherever it’s applicable—especially in the case of any marketing communication sent to them.
  2. To give our customers the option to withdraw their consent at any given time, an easy process is being placed for our customers to provide consent during sign up. We want our customers to have complete control over whether they want to receive any communication from us. Please write to support@document360.io to revoke your consent.
Feature Development and GDPR Principles

We have an active process in place that will guarantee all our features meet the standards of GDPR. Our product and engineering teams will consider Privacy by Design and Privacy by Default while designing features and pushing them to production.

Personal Data Collected

The table below provides a summary of how Kovai uses, retains and shares the categories of personal data which the Company processes, and related information.

Personal data How and why we use personal data Who we share the personal data with Lawful basis for processing the personal data
Contact information, such as title, name, title, email address and phone number To send you materials you request like whitepapers, details of our events and webinars and to send you other marketing materials by email. If you choose to set up an account, we use your contact information to provide you support for our products. With our marketing campaign providers’ webinar software providers, email platforms, and selective re-sellers or business partners. Our legitimate interests in promoting our business and assessing the success of our promotional activities
Information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, internet service provider (ISP), operating system, date/time stamp, and clickstream data and the actions you take on the Company’s Web sites (such as the web pages viewed and the links clicked) We use this information for what is usually called “analytics” — essentially to understand how visitors move around our Web sites, what content is popular and what is not – and to provide more personalized information about us. Usage data is collected on our behalf and analyzed by third party analytics providers and marketing campaigners. Our legitimate interests in monitoring and improving our Websites
Contact information, such as name, company name, title, email address, mailing address and phone number. Billing information, such as billing name and address, credit card number, and the number of users or systems within the organization that will be using Software and Services. To onboard a new client for invoicing and payment, to renew licenses and to provide product support to our customers who request via email or ticketing software. With our payment processing provider. Customer support team based out of India process personal information Use is necessary for our legitimate interests in providing our Software and Services on a commercial basis and to provide product support to our customers

Processing Data Outside of European Economic Area (EEA)

Kovai may store, process and/or transfer personal data to countries outside of the EEA (including countries where the European Commission has not made a decision of an adequate level of protection of personal data), especially to India. Personal data can also be processed by staff operating outside the EEA who work for the Company. Such staff maybe engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this data processing arrangement. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. If you do not agree to this procedure you should not use our Software and Services. By using Software and Services, you consent to Kovai’s transferring your information to countries outside your own and the EEA, if necessary, for the business purposes as outlined above.

If you have any questions, please don’t hesitate to contact us at support@Document360.io.