Data protection policy Safedocs
Your privacy is our right to exist, therefore we are very careful and honest in handling your request and in processing the data that you have entrusted to us. Our company is originated from the medical sector and is still active in it, and we are therefore accustomed to approach matters with the highest level of confidentiality. Privacy by design and Privacy by default is in our DNA.
The purpose of this document is to describe the security policy of IRIS Safedocs / Safedocs and consequently to demonstrate the compliance with the regulations and requirements imposed by the various legislation on bodies and organizations that manage, store and / or adjust privacy sensitive data.
Safedocs and IRIS Safedocs are trade names of IRIS Arbo Ltd. and are offered as a separate and independent product or service. For these reasons, Safedocs has its own Data protection policy.
Description of the categories of personal data
The capturing and modifying of (mobile) telephone number, e-mail addresses, of both customer and recipient in which the customer is the person who buys the paid service, hereinafter referred to as user. In addition, the aforementioned recipient's name, e-mail address and mobile phone number.
The description of the purposes to record personal data
Our goal is to safely exchange the privacy or otherwise sensitive information that is GDPR determined, without the use of public means between two or more parties.
All users of our service have declared that they agree with the conditions of Safedocs. All conditions are always up to date advisable online.
The principles of processing personal data.
We offer our users the possibility to process only the data that is necessary for the successful completion of our service.
To exert individual right
A user has the right to inspect and to change the registered data. The physical deletion of data can only be carried out by Safedocs on behalf of a user. To receive all registered data, a user or a recipient can approach Safedocs. In these cases, Safedocs will check the request and the arguments of the user or recipient whether it complies with the legal obligations and, if necessary, grant the request.
For complaints, we refer both users and recipients to our complaints procedure.
organizational and technical measures for the purpose of the security of personal data
All employees of IRIS Arbo Ltd. / Safedocs who in any way could have access to the recorded data or third parties who could have access to the recorded data on behalf of IRIS Arbo Ltd. must sign a confidentiality agreement.
In addition, IRIS always has the right to periodic request a VOG from these persons, if this request is not complied, or if access to a VOG is found to be unsuitable, all access will immediately be denied.
The internet connection used for the service is provided with a https connection by means of an SSL certificate. Because of this, all communication between the user's / receiver's workplace and the Safedocs server is encrypted and useless for possible interceptors of this communication. Safedocs is always protected with the latest known version and therefore with the latest knowledge and state of the art.
The storage of the data takes place in accordance with the NEN7510 requirements, in a data center located in the EU. Without making use of facilities / establishments outside the EU.
All data is encrypted in the Safedocs database.
The access of personal accounts, where applicable, is monitored by means of a strict password, at least 8 characters from which at least 1 capital letter, 1 digit and 1 punctuation mark, therefore the most extensive character set. After a successful login, the user has to prove that he or she has the mobile phone number as recorded in the database, by entering an unique SMS code. After successfully entering the SMS code, the user can visually check whether he / she has performed the last known registration.
Legal retention periods
After a successful service, so after successfully completing the cycle of registration, uploading, sending and downloading and / or after the expiry of the agreed period of validity of the download, Safedocs will remove the files offered from its servers. A log file is kept with the metadata about the transaction.
We abide to the legal retention periods that are legally imposed on our users based on the recordings of personal data.