PRIVACY POLICY

Regulatory Scope

Applicability:

This Privacy Policy applies to all personal data collected, processed, and stored by Docxster through our website and services. It covers the data we gather from users of the respective Organization and also the data processed from the documents uploaded by the client.

Compliance:

Docxster is dedicated to upholding GDPR standards. We have established and publicly available privacy policies and procedures to ensure lawful data collection and processing practices.

Lawful Bases for Processing

We process personal data based on the following legal grounds.

• Contractual Necessity: We need to process personal data to fulfill our contract with you. For example, if you upload documents for processing, we need to use your data to complete this service.
• Legal Obligation: We may need to process your data to comply with legal requirements. For example, we might need to retain certain records for tax or legal purposes.
• Consent: We obtain your explicit consent when required. For instance, if we need to use your data for marketing purposes, we will ask for your permission.
• Legitimate Interests: We process data based on legitimate interests such as fraud prevention and ensuring the security of our services.

Our legitimate interests include:

• Fraud Detection and Prevention: We use personal data to identify and prevent fraudulent activities.
• Customer Support: We use data to provide support and improve our services based on user feedback and interactions.
• Service Security: We monitor and analyze data to ensure our services are secure and function properly.

Data Collection and Use

We collect the following types of personal data:

• Contact Information: This includes your email address and phone number.
• Document Information: Data extracted from documents you upload, such as scanned copies of identity cards or invoices (basically any document you upload).
• Identifiable Information: This includes your name and organization name.

We collect the following types of personal data:

• Providing and Improving Our Services: To deliver our document processing services and enhance their functionality.
• Document Analysis: To process and analyze the documents you upload, extracting relevant information as required.
• Ensuring Security: To protect our services from misuse, unauthorized access, and other security threats.
• Communicating with You: To update you on your account, respond to inquiries, and provide important notices.

Consent Management

We obtain explicit consent from users for processing their personal data, including during sign-up. You can withdraw your consent at any time by contacting us at dpo@docxster.com.

We have a consent management system to ensure that consent preferences are respected and implemented effectively.

We enter into SCCs with client organizations to ensure data protection when processing personal data on their behalf. This agreement outlines the responsibilities and safeguards for both parties. Additionally, we have a Data Processing Agreement (DPA) also in place with the client organization.

Data Security and Breach Management

We implement robust security measures to protect your personal data:

• Encryption: We use encryption to secure data during transmission and storage, making it inaccessible to unauthorized parties
• Data Masking: We apply Data Masking techniques to reduce the risk of identifying individuals from data.

We have procedures in place to detect and respond to data breaches. This includes monitoring our systems for unusual activities and potential security threats.

Our incident management policy includes steps for managing information security incidents, including detecting breaches, notifying affected individuals, and taking remedial actions.

Our incident management policy includes steps for managing information security incidents, including detecting breaches, notifying affected individuals, and taking remedial actions.

Data Subject Rights

To exercise your rights, please email us. We will handle your requests in accordance with GDPR requirements and respond promptly. The contact details of Data Protection Committee is given: dpo@docxster.com.

•  a copy of the Personal Data we hold about you;
•  to exercise your choices with regard to sharing your Personal Data as noted under Your "Choices" above
•  to object to the processing of your Personal Data for certain purposes;
•  to correct the Personal Data we hold about you;to delete your Personal Data;
•  to restrict how we use your personal information, but this right is determined by applicable law and may impact your access to some of our services;
•  to lodge a complaint with the relevant authority if you consider that processing your personal data infringes applicable law. However, we encourage you to contact us first, and we will do our very best to resolve your concern;
•  or to object to processing your personal information where it is so conducted by automated means and involves any kind of decision-making subject to discovery that your data was used for automated means.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Docxster processes or stores all personal data in fully vetted, DPA compliant vendors. We do store all conversation and personal data for up to 6 years unless your account is deleted. In which case, we dispose of all data in accordance with our Terms of Service and Privacy Policy, but we will not hold it longer than 60 days.

We maintain a retention matrix that specifies:

• Categories of Data: Types of data we collect.
• Retention Periods: How long each type of data is kept.
• Regulations: Relevant laws or policies that apply.
• Storage Locations: Where data is stored
• Disposal Mechanisms: Methods for securely deleting or anonymizing data.

Cross-Border Data Transfers

Sometimes, we might partner with other companies (sub-processors) to deliver our services effectively. We carefully choose these partners and ensure they comply with GDPR just like we do. You can find more details about our sub-processors on our dedicated Sub-processors page. These sub-processors may be based outside Europe.

If your data needs to travel outside Europe (EEA), we take extra precautions. We use Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses guarantee the same level of protection for your data as it receives within Europe. These include legal agreements and security measures to ensure data is handled securely.

We also obtain explicit consent from individuals for transferring their data outside the EEA if necessary.

Data Protection Committee

We have appointed a three-member committee to oversee our data protection practices and ensure compliance with data protection laws. The Data Protection Committee operates independently and possesses expertise in data protection and privacy regulations.

The Data Protection Committee's responsibilities include:

• Communication: Acting as a liaison between Docxster, data subjects, and regulatory authorities.
• Compliance: Ensuring our data protection practices meet legal requirements.
• Privacy Reviews: Conducting regular reviews and improvements of our privacy practices.

Children's Data

Docxster's platform does not specifically target children under the age of 18 or vulnerable groups. However, it is crucial to ensure that the platform's data protection measures are robust enough to safeguard all users, including potentially vulnerable individuals.

Policy Updates

We may change our Service and policies, and we may need to make changes to this Privacy Policy so thatthey accurately reflect our Service and policies. Unless otherwise required by law, we will notify you (for example, through our Service) before we make changes to this Privacy Policy and give you an opportunity to review them before they go into effect. We review and update this Privacy Policy annually or as needed to reflect changes in our practices or regulatory requirements.

Then, if you continue to use the Service, you will be bound by the updated Privacy Policy. If you do not want to agree to this or any updated Privacy Policy, you can delete your account.

Contact Information

For any questions or concerns regarding this Privacy Policy or our data protection practices, please contact:

Additional Information

We conduct thorough due diligence on our vendors to ensure they comply with data protection regulations. Our contracts with third parties define the scope of data sharing, usage, and security measures.

Our Business Continuity Policy includes measures for the backup and restoration of personal data to ensure ongoing protection.

We adhere to the principle of data minimization, collecting only the data necessary for our services. We have mechanisms in place to ensure we collect and process minimal data. We Use techniques like data masking for any sensitive data that is collected. We also engage with stakeholders, including data subjects, to ensure transparency about what data is collected and why.

We conduct Privacy Risk Assessments to identify and mitigate privacy risks as part of our ongoing risk management processes.

We provide regular training to our employees on data protection practices and the procedures for reporting breaches

We have established procedures to ensure that employees know how to report breaches and that our response mechanisms are effective in detecting and managing privacy breaches.

Conclusion

Docxster is dedicated to maintaining the highest standards of data protection and privacy. We regularly review and update our policies to ensure compliance with GDPR and other applicable regulations. For any questions or concerns with regards to our privacy policies, please contact our team at support@docxster.com.