You act as a controller of the data processing conducted by PrivacyDocs, and PrivacyDocs acts as a processor for you. That is a part of our Terms of Service. In this document we briefly explain what that means.
Processing agreement
PrivacyDocs is only processing your data (personal or not) because you entered into an agreement with PrivacyDocs and accepted the Terms of Service. No data processing is conducted by PrivacyDocs outside this agreement. PrivacyDocs starts accepting and processing your data when the agreement comes into force.
PrivacyDocs stops accepting your data and ceases most of processing in 12 months. During the next 3 months your data would be available in regular backups and we could restore it if you choose to reenable your subscription. Beyond that your data will still be held in encrypted archived backups that we keep for security purposes, and deleted a few months later.
Your rights
As PrivacyDocs client, you have the right to get your data processed as described in PrivacyDocs documentation. That includes storing the data, making it available to you and your colleagues, limiting access to your data, e-mailing reports, and all other wonderful things offered by the PrivacyDocs service. You also have the right to have your data and processing secured and available to you.
You also have the right to invoke other services through PrivacyDocs: send emails or ask AI.
Your responsibilities under the GDPR
To operate, PrivacyDocs conducts some limited personal data processing, as described in our Data Processing Addendum. Think of IP addresses necessary to operate the website, your name and email address, names and emails of your colleagues.
As the controller of the processing, you need to:
- Inform the data subjects (typically, these are your employees) about the processing.
- Obtain an agreement from your employees who will be using PrivacyDocs about placing PrivacyDocs session cookie and other aspects of using PrivacyDocs.
- Reflect the PrivacyDocs retention policy and other aspects of the Data Processing Addendum in your own GDPR compliance documentation.
These responsibilities are standard and apply to all other services that you engage as processors.