Our data processing agreements for Binder Cloud platform clearly articulate our privacy commitments to customers. We have evolved these terms over the years based on feedback from our customers and regulators.
More recently, we have specifically updated these terms to reflect the GDPR, and have made these updated available well in advance of the entry into force of the GDPR to facilitate our customers’ compliance assessment and GDPR readiness when using Binder Cloud services.Processing According to Instructions
Any data that a customer and its users put into our systems will only be processed in accordance with the customer’s instructions, as described in our current as well as our GDPR-updated data processing agreements.Personnel Confidentiality Commitments
All employees involved in Binder Cloud platform are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy trainings, as well as our Code of Conduct training. Our Code of Conduct specifically addresses responsibilities and expected behavior with respect to the protection of information.Data Subject's Rights
Data controllers can turn to Binder Cloud Support to help access, rectify, restrict the processing of, or delete any data that they and their users put into our systems. Binder Cloud Support team will help them fulfill their obligations to respond to requests from data subjects to exercise their rights under the GDPR.Incident Notifications
Binder Cloud platform have provided contractual commitments around incident notification for many years. We will continue to promptly inform you of incidents involving your customer data in line with the data incident terms in our current agreements and the updated terms that will apply starting on 25 May 2018, when the GDPR comes into force.Data Return and Deletion
All customers can export their data by requesting Binder Cloud Support at any time during the term of the agreement. We have included data export commitments in our data processing terms for several years, and we will continue offering those after the GDPR comes into force, and working to enhance the robustness of the data export capabilities.
You can also delete customer data at any time. When Binder Cloud Support receives a complete deletion instruction from you, we will delete the relevant customer data from all of our systems within a maximum period of 180 days unless retention obligations apply.International Data Transfers
The GDPR provides for several mechanisms to facilitate transfers of personal data outside of the EU. These mechanisms are aimed at confirming an adequate level of protection or ensuring the implementation of appropriate safeguards when personal data is transferred to a third country.
Appropriate safeguards can be provided for by model contract clauses. An adequate level of protection can be confirmed by adequacy decisions such as the ones that supports the EU-U.S. Privacy Shields.
We contractually commit under our current data processing agreements to maintain a mechanism that facilitates transfers of personal data outside of the EU as required by the Data Protection Directive, and will offer a corresponding commitment starting on 25 May 2018, when the GDPR comes into force.