GDPR

The GDPR (General Data Protection Regulation) is a new EU Regulation that replaces the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It came into force on May 25th, 2018. The regulation builds on many of the 1995 Directive's requirements for data privacy and security but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.

Our commitment

Here at Pactumize, we are focused on regulatory compliance efforts. During the implementation period for the regulation, we are evaluating new requirements and restrictions imposed by the GDPR and will take any action necessary to ensure that we handle customer data in compliance with the applicable law. You´ll receive notifications of new functionality and changes to our terms and conditions in the usual way.

Pactumize has always made information security and customer privacy a top priority and that made us well prepared for the GDPR regulation. Read more about our capabilities here.

 

Our Legal Documentation

Our Legal team has been busy ensuring our legal documentation (namely our Customer Terms of Service, our Data Processing Agreement, and our Privacy Policy) has been updated to reflect the mandatory Processor provisions required by Article 28 of the GDPR.

Frequently asked questions

Where does Pactumize store its data?
Pactumize store all of its data in professional hosting sites within Sweden.

What personal data is stored by Pactumize?
By default, we only store name and email for our registered users and customers. However, our Contract Automation solution can be used to process personal data in the contracts you create with our solution.

What legal right does Pactumize have to collect and process personal data?
Pactumize needs to collect and process name and email in order to deliver the service. Processing is necessary for the performance of the contract to which the data subject is a party. This is the reason why Pactumize does not base our processing on consent. But our clients can (if they want) base their collection and processing of personal data in the platform on consent. Our platform is well fit for this.

How long do Pactumize keep personal data about our clients?
We keep personal data about our clients as long we have an active business relation regulated in an agreement, or as long as we intend to create a business relationship that is regulated in an agreement.

How long do Pactumize process personal data our clients decide to store on our platform?
Customers can build contracts within the Pactumize platform. They can fill these contracts with any type of data. Our clients are in total control of their own data, including how long to store and process the data in our platform. By now, data need to be deleted manually, or by using our automatic functions. This will need to be set up together with a Pactumize expert designed to your specific needs.

Also, note that all data will be stored 30 days extra after deletion in our backups before the data is deleted beyond restoration. This can be good to take into consideration when communicating with registered individuals before they consent to any processing.

Does the Pactumize Licence Agreement comply with GDPR regulations?
It is very well aligned, however, we are investigating if we need to add an extra appendix to the master agreement.