CodeTwo GDPR
Information Center

CodeTwo GDPR Information Center

On May 25th, 2018 the EU General Data Protection Regulation (GDPR) entered into force in the European Union. To answer any GDPR-related inquiries, we have created CodeTwo GDPR Information Center – a place where you can find all information about CodeTwo and the GDPR.

Privacy and security of your personal data

In CodeTwo, we care deeply about the privacy and security of your personal data. While processing personal data, we are always bound by these principles:

  • we do not collect more information than it is necessary;
  • we do not use your data for purposes other than those specified in Privacy Policy;
  • we do not keep your data if it is no longer needed;
  • we do not disclose your data in cases other than those specified in Privacy Policy.

We are also committed to providing our clients with solutions that make it easier for them to comply with GDPR.

How has CodeTwo ensured GDPR compliance?

CodeTwo has engaged external advisors to make sure that its operations and processes meet the requirements of the GDPR. CodeTwo has undertaken the following actions to comply with the GDPR:

 

1.	Defining the context of organization

1. Defining the context of organization

CodeTwo has carefully analyzed the context in which it operates and identified relevant entities and their roles within personal data lifecycle;

2.	Internal controls

2. Internal controls

CodeTwo has implemented processes and controls to make sure that no vital decisions regarding personal data processing and information security system can be made without a prior analysis and necessary internal approvals;

3.	Internal procedures

3. Internal procedures

CodeTwo has defined an extensive set of procedures describing the personal data processing and information security system, including procedures governing exercising data subjects rights;

4.	Data Security Officer and Compliance

4. Data Security Officer and Compliance

CodeTwo has designated a Data Security Officer – a person who is responsible for maintaining personal data security system and compliance program;

5.	Data retention periods and scope of processed data

5. Data retention periods and scope of processed data

We have introduced and documented data retention periods and reviewed our processes against the scope of collected personal data to make sure that the data minimization principle is fulfilled;

6.	Third parties

6. Third parties

We have updated contracts with third parties to make sure that all contracts contain relevant data protection provisions required by GDPR and introduce a verification process to make sure that entities which do not guarantee security of personal data cannot become our business partners;

7.	International Data Transfers

7. International Data Transfers

CodeTwo has reviewed contracts with third parties located outside of the EEA and updated relevant transfer mechanisms to make sure that international data transfers comply with the GDPR and that these third parties guarantee an adequate level of protection of personal data;

8.	Services’ documentation

8. Services’ documentation

We have introduced a new, updated Privacy Policy and Terms and Conditions of Sales and Services to make sure that they properly reflect the requirements of the GDPR;

9.	Training and awareness

9. Training and awareness

We have prepared training materials on the GDPR and data security which are constantly available for all members of CodeTwo personnel. No one can start working in CodeTwo without being trained on the relevant GDPR provisions. All members of CodeTwo personnel undergo the training periodically. 

Constant enhancements and control

We are fully aware that compliance with the GDPR is an ongoing process. Therefore, we have committed ourselves to undergo an external GDPR-compliance audit once a year. If you use CodeTwo Email Signatures for Office 365, you are entitled to receive a summary of our audit report under the conditions described in our Terms and Conditions of Sales and Services.

We have also employed our new and proprietary software development methodology to make sure that personal data protection principles are encoded in our products by design. We are working on several other initiatives as well.

How CodeTwo’s products can help your company stay GDPR compliant?

Our products are equipped with features that can help your company stay GDPR compliant. For more details, please visit these articles:

 

  1. GDPR-compliant Exchange Server – remove sensitive content
  2. GDPR-compliant disclaimers on your Exchange Server
  3. GDPR compliance and Office 365 backup
  4. How advanced email forwarding can help you stay GDPR-compliant
  5. How the smart unsubscribe mechanism can help you stay GDPR-compliant

Most common questions regarding CodeTwo and GDPR compliance

Below you will find answers to most frequently asked questions regarding CodeTwo compliance and other GDPR-related concerns:

  1. Which document describes the principles of the personal data processing by CodeTwo?

    To learn more on what data we collect, what is the purpose of data collection and how you can exercise your rights, please visit our Privacy Policy.

  2. Do I have to sign a Data Processing Agreement with CodeTwo?

    Unless you decide to use CodeTwo Email Signatures for Office 365, you do not have to sign a Data Processing Agreement with us. All our programs (apart from CodeTwo Email Signatures for Office 365) require installation in your own environment and are not hosted in the cloud.

  3. How do I sign the Data Processing Agreement with CodeTwo?

    If you decide to use CodeTwo Email Signatures for Office 365, you will sign a Data Processing Agreement with us by confirming that you have read and understood our Terms and Conditions of Sales and Services. You will be required to do this during the license purchase process. After you do this, you will receive a pre-signed copy of our Terms along with your order confirmation to the email address that you have provided in the order form.

  4. Can I sign a separate Data Processing Agreement with CodeTwo?

    If you want to sign a separate Data Processing Agreement with us regarding your use of CodeTwo Email Signatures for Office 365, contact us

  5. Can I sign an additional non-disclosure agreement with CodeTwo?

    For any non-standard contracting requests, please contact us.

  6. What kind of measures did CodeTwo implement to guarantee the security of personal data entrusted to CodeTwo in relation with the use of CodeTwo Email Signatures for Office 365?

    You can find information about security measures that we have implemented in the Summary of security measures implemented by CodeTwo – Appendix 1 to our Terms and Conditions of Sales and Services. 

  7. I want to exercise my rights foreseen in the GDPR. How do I do this?

    If you want to exercise any of your rights foreseen in the GDPR, contact us. We will respond to your query in accordance with our Privacy Policy.

  8. Have you appointed a person responsible for data protection in CodeTwo?

    Yes. We have appointed a Data Security Officer who is responsible for coordinating, monitoring and improving our security and data privacy compliance program and can be contacted via this form

Contact us

If you have any questions related to CodeTwo’s compliance with the GDPR or you want to know more about how we ensure the protection of your personal data, contact us.