GDPR and Data Protection

DociShield is committed to compliance with the EU General Data Protection Regulation (GDPR) and equivalent data protection laws in other jurisdictions. This page summarises how we apply GDPR principles across our document workflow platform and services.

This statement applies to personal data processed through Secure Sharing, Contracts and Payments, Document Protection and Audit Trails, as well as our marketing website and support channels.

DociShield acts as a data controller for personal data we collect about our customers, their account users, website visitors and prospects.

When you use DociShield to send, sign or take payment for documents, you act as the data controller for the personal data you collect from your recipients, and DociShield acts as a data processor on your behalf.

• Performance of a contract, where processing is necessary to deliver the Services.
• Legitimate interests, including securing the Services and improving our product, balanced against the rights and freedoms of data subjects.
• Legal obligation, where processing is required by law.
• Consent, where you have explicitly opted in to a specific processing activity.

If you are located in the EEA, UK or Switzerland you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete personal data.
• Request erasure of your personal data in defined circumstances.
• Restrict or object to certain processing activities.
• Data portability for personal data you provided to us.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your supervisory authority.

To exercise any of these rights, please contact us. We will respond within the time frames required by GDPR.

Where personal data is transferred outside the EEA, UK or Switzerland, DociShield uses appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms to ensure that the data continues to be protected to GDPR standards.

We maintain technical and organizational measures appropriate to the risks of processing, including AES-256 encryption at rest, TLS 1.2 or higher in transit, role-based access controls, logging, monitoring and regular review of our security posture.

We engage carefully selected sub-processors to help us deliver the Services, including infrastructure, email delivery, analytics and payment processing. All sub-processors are bound by written data processing terms aligned with GDPR. A current list is available on request via the contact page.

Personal data is retained only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes and enforce our agreements. Audit trail records are retained according to your plan and applicable regulatory requirements.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, DociShield will notify the relevant supervisory authority and affected customers in accordance with GDPR Articles 33 and 34.

Customers who require a Data Processing Agreement covering personal data processed on their behalf can request one via the contact page. The DPA incorporates the Standard Contractual Clauses where required.

For any GDPR or data protection enquiry, including DPA requests and rights requests, please contact us.