When you visit our website, we collect general data using Google Analytics. This general data is used solely to compile statistics on visits to and use of our website. This general data is in no way linked to a user’s personal data.
This website takes comprehensive precautions to protect user information. Registration details submitted by visitors are protected both online and offline.
Quality and reliability
We continuously monitor the quality and reliability of our services. If, however, you encounter a (security) issue, kindly let us know so that we can take action right away.
Is the systematic collection and storage of information that provides feedback on performance.
We monitor the following:
- Web application
- Integrations and interfaces
Is technology used to secure the connection to our website using strong encryption. Can be recognised by the letters HTTPS before the URL. This security protocol is also used for things such as online banking.
The web application and all standard available interfaces (API/web services) are connected through the SSL.
The coding of data based on a certain algorithm.
All process data, application data and logging-sensitive data is encrypted before it is stored. Documents that are being processed (interim storage) are also stored in encrypted form and deleted automatically after 48 hours.
Is a facility used to house business-critical IT equipment.
Our hosting partner is certified to the ISO 27001 information security management standard. DocuFlow runs at two secure data centres, one in Haarlem and one in Amsterdam. We use redundancy to ensure continuity of the software and make back-ups.
Indicator of the extent to which a service or system is available to authorised users.
Our hosting partner ensures 99.9% network availability.
Continuity in case of bankruptcy
We have entered into further agreements with our hosting partner to ensure customers retain access to their data in the event that the hosting partner goes bankrupt and ceases operations.
In the event of bankruptcy, our hosting partner will continue to provide the service for at least one calendar month or until a continuity plan has been agreed with the trustee.
Is a digital database that is designed to allow flexible access and use.
The software does not store personal and other sensitive data.
Integrations with other applications
Is technology that allows multiple systems to work as one.
All standard available interfaces and integrations (API/web services) were developed in compliance with the standards for the information system in question
The speed at which network functions are completed, which is a key indicator of the efficiency of a system or service.
DocuFlow needs good performance, similar to a local or network system, but depends on the internet connection and set-up of the customer’s local area network. Response times are monitored continuously. To optimise performance, large processing operations are placed in a queue and run in the background.
Back-up & restore
Spare copy of data to be able recover data in the event it is corrupted.
A full back-up is made every hour.
Fair use principle
In case of actions that go against the fair use principle, a solution will be sought in consultation with the customer. If none can be found, we reserve the right to terminate the right of use.
The EU General Data Protection Regulation (GDPR) is EU legislation on the ‘protection of natural persons with regard to the processing of personal data and on the free movement of such data.’ From 25 May 2018, companies and organisations have been required to align their operations with the data protection requirements specified by the GDPR.
The GDPR differentiates between organisations that are responsible for personal data, which are known as the controllers, and organisations that hold and process personal data, known as the processors.
Documizers is classed as a data processor and our operations are fully GDPR compliant. We process personal data for the following purposes:
- Purpose limitation
Personal data is processed solely for an explicit and legitimate purpose, and not for any other purposes.
- Data minimisation
We collect only data that is necessary in relation to the purposes for which it is processed.
- Storage limitation
Personal data is not stored for longer than is necessary for the purposes for which the personal data is processed.
- Integrity and confidentiality
We protect personal data against unauthorised access, accidental loss, destruction or damage.
The controller must be able to demonstrate compliance with these rules.. Data Processing Agreement.
Is the inspection of the technology used and measures taken to gain insight into potential risks, so as to be able to anticipate them and take action right away. Audits are conducted on a regular basis, both internally and by third parties. If you would like to have your operations audited, please let us know.
Data Processing Agreement
Is an agreement between a controller (the client) and the processor (the provider) that provides a safeguard with respect to the technological and organisational security measures taken with respect to the processing operations to be performed. Documizers offers its customers the option of entering into a Data Processing Agreement.