GDPR Policy

Docster takes its users’ privacy seriously and takes various steps to ensure compliance with the wording and spirit of data protection legislation, including the General Data Protection Regulation (“GDPR”).

1. What is the lawful basis for the processing of personal data?

The lawful basis for the processing of personal data processed by Docster is consent. This consent fulfils the requirements of the GDPR, ie it is freely given, informed (with users being provided with the privacy policy before consenting) and affirmative.

2. Docster privacy policy

Docster’s privacy policy, which can be accessed at https://docster.lu/privacy-policy conforms with the requirements of the GDPR. That is that it is designed to be

  1. Concise,
  2. Transparent,
  3. Intelligible
  4. In plain English.

3. Data subject rights

Docster recognises the rights of data subjects under the GDPR and has ensured that these can be easily exercised.

The right to receive a privacy notice is respected by making the privacy notice accessible on the Docster website.

The right to correct incorrect personal data is respected through the ability of data subjects to send a correction request to our data protection email address (info@docster.lu).

The right to have personal data erased under certain circumstances is respected through the ability of users to make a request for information erasure to our data protection email address.

Users can also make a subject access request to our data protection email address to receive a copy of the personal data Docster has collected about them.

4. Data location

Data is stored by Docster only in jurisdictions which provide the level of protection required under the GDPR. The main application server is based within the United Kingdom, with the backup location in France, both EU countries bound by the GDPR.

5. Data retention and destruction

Docster ensures that data is retained only when necessary, with data being deleted following a request by a data subject.

6. Ensuring data security

Docster takes the security of the data it controls and processes seriously. Secure password strength policies are enforced and two factor authentication is recommended to ensure that users’ accounts are secure.

To ensure security against external attacks we are ISO 27001, an internationally recognised information security standard, certified and carry out an annual external penetration test on the application (the most recent test was carried out in Q3 2020).

Our application is hosted by PlanetHoster who have robust security protocols in place to ensure that the integrity of data is maintained. The PlanetHoster data centre is strictly controlled and monitored using a variety of physical controls, intrusion detection systems, environmental security measures, 24 x 7 on-site security staff, biometric scanning, multi-factor authentications, video surveillance and other electronic means. All physical and electronic access to data centres by PlanetHoster employees is authorised strictly on a least privileged basis and is logged and audited routinely.

7. Security breach management

In the unlikely event of a security breach Docster has robust procedures in place to ensure the identification of any compromised information and notify any affected individuals, as well as bodies required by law to be notified.

DOCSTER-document-automation-logo-white