On May 25th, 2018 the EU General Data Protection Regulation (GDPR) entered into force in the European Union. To answer any GDPR-related inquiries, we have created CodeTwo GDPR Information Center – a place where you can find all information about CodeTwo and the GDPR.
Privacy and security of your personal data
In CodeTwo, we care deeply about the privacy and security of your personal data. While processing personal data, we are always bound by these principles:
- we do not collect more information than it is necessary;
- we do not keep your data if it is no longer needed;
We are also committed to providing our clients with solutions that make it easier for them to comply with GDPR.
How has CodeTwo ensured GDPR compliance?
CodeTwo has engaged external advisors to make sure that its operations and processes meet the requirements of the GDPR. CodeTwo has undertaken the following actions to comply with the GDPR:
1. Defining the context of organization
CodeTwo has carefully analyzed the context in which it operates and identified relevant entities and their roles within personal data lifecycle.
2. Internal controls
CodeTwo has implemented processes and controls to make sure that no vital decisions regarding personal data processing and information security system can be made without a prior analysis and necessary internal approvals.
3. Internal procedures
CodeTwo has defined an extensive set of procedures describing the personal data processing and information security system, including procedures governing exercising data subjects rights.
4. Data Protection Officer and Compliance
CodeTwo has designated a Data Protection Officer – a person who is responsible for maintaining personal data security system and compliance program.
5. Data retention periods and scope of processed data
We have introduced and documented data retention periods and reviewed our processes against the scope of collected personal data to make sure that the data minimization principle is fulfilled.
6. Third parties
We have updated contracts with third parties to make sure that all contracts contain relevant data protection provisions required by GDPR and introduce a verification process to make sure that entities which do not guarantee security of personal data cannot become our business partners.
7. International Data Transfers
CodeTwo has reviewed contracts with third parties located outside of the EEA and updated relevant transfer mechanisms to make sure that international data transfers comply with the GDPR and that these third parties guarantee an adequate level of protection of personal data.
9. Training and awareness
We have prepared training materials on the GDPR and data security which are constantly available for all members of CodeTwo personnel. No one can start working in CodeTwo without being trained on the relevant GDPR provisions. All members of CodeTwo personnel undergo the training periodically.
Constant enhancements and control
We are fully aware that compliance with the GDPR is an ongoing process. Therefore, we have committed ourselves to undergo an external GDPR-compliance audit once a year. If you use CodeTwo Email Signatures for Office 365, you are entitled to receive a summary of our audit report under the conditions described in our Terms and Conditions of Sales and Services.
We have also employed our new and proprietary software development methodology to make sure that personal data protection principles are encoded in our products by design. We are working on several other initiatives as well.
How CodeTwo’s products can help your company stay GDPR compliant?
Our products are equipped with features that can help your company stay GDPR compliant. For more details, please visit these articles:
Most common questions regarding CodeTwo and GDPR compliance
Below you will find answers to most frequently asked questions regarding CodeTwo compliance and other GDPR-related concerns:
- Which document describes the principles of the personal data processing by CodeTwo?
- Do I have to sign a Data Processing Agreement with CodeTwo?
Unless you decide to use CodeTwo Email Signatures for Office 365, you do not have to sign a Data Processing Agreement with us. All our programs (apart from CodeTwo Email Signatures for Office 365) require installation in your own environment and are not hosted in the cloud.
- How do I sign the Data Processing Agreement with CodeTwo?
If you decide to use CodeTwo Email Signatures for Office 365, you will sign a Data Processing Agreement with us by confirming that you have read and understood our Terms and Conditions of Sales and Services. You will be required to do this during the license purchase process. After you do this, you will receive a pre-signed copy of our Terms along with your order confirmation to the email address that you have provided in the order form.
- Can I sign an additional non-disclosure agreement with CodeTwo?
For any non-standard contracting requests, please contact us.
- What kind of measures did CodeTwo implement to guarantee the security of personal data entrusted to CodeTwo in relation with the use of CodeTwo Email Signatures for Office 365?
You can find information about security measures that we have implemented in the Summary of security measures implemented by CodeTwo – Appendix 1 to our Terms and Conditions of Sales and Services.
- I want to exercise my rights foreseen in the GDPR. How do I do this?
- Have you appointed a person responsible for data protection in CodeTwo?
Yes. We have appointed a Data Protection Officer who is responsible for coordinating, monitoring and improving our security and data privacy compliance program and can be contacted via this form.
If you have any questions related to CodeTwo’s compliance with the GDPR or you want to know more about how we ensure the protection of your personal data, contact us.