Protecting our clients’ privacy and the privacy of the information contained in the documents, emails, and other materials (source material) our clients send us is very important to Digiscribe and its employees. You have chosen to do business with us, and we recognize our obligation to keep the information you provide to us secure and confidential. We value your trust and handle your information with care.
This GDPR compliant Data Processing Policy describes Digiscribe’s policies and procedures as a Data Processor of the information contained in the source materials our clients send to us.
Digiscribe reserves the right to change this Data Processing Policy at any time without notice to you, and Digiscribe will post any changes to this Policy on this website as soon as they go into effect. We encourage you to review the Policy regularly for any changes.
We collect non-public personal information from source materials that are provided by our clients to Digiscribe for fulfilling services including but not restricted to the digitization, data capture, processing and management of our clients’ source materials. These services may include but are not limited to imaging, data entry, optical character recognition (OCR), and indexing. The types of source materials provided may include, but may not be limited to:
We restrict access to non-public personal information obtained from our clients’ source materials to those employees who need to know that information to provide products or services to our clients. Our employees are trained to understand and comply with these information principles.
To further protect the privacy of personal information contained in our clients’ source materials while in our facilities, Digiscribe employs industry-standard controls including physical access controls, internet firewalls, intrusion detection, and network monitoring. Additionally, only authorized administrators and staff have access to systems containing such information.
To assist us in offering you services, we may occasionally share information with companies that work for us, such as affiliated third-party vendors. For example, these companies may assist us in offering you certain products and services or help us provide effective and efficient electronic data storage delivery and/or destruction alternatives. These companies act on our behalf and are contractually obligated to keep non-public personal information that we provide them confidential.
Digiscribe may disclose non-public personal information from our clients or past clients as permitted or required by law, regulation, or the rules of practice of a governmental or quasi-governmental body. Digiscribe may also disclose Personal Data to law enforcement officials in response to a lawful request made pursuant to national security interests or law enforcement requirements.
We do not sell any non-public personal information to third parties.
Our employees access information provided by and about our clients when needed to maintain their accounts or otherwise meet their needs. We may also access provided information when considering a request from them for additional services or when exercising our rights under the law or any agreement with our clients.
If a client decides to terminate our services, or becomes an inactive client, we will adhere to the policies and practices as described in this notice.
Documents and other source materials sent to us are stored in our facilities for the duration of processing. Once processing has been completed and electronic images and/or data are delivered to our customers, source materials are either returned to the client, stored for 30 to 90 days prior to destruction in accordance with each client’s specifications, or sent to long-term storage. The destruction process of paper documents is carried out by a NAID certified company.
Upon delivery of the clients’ data and images, copies of such are stored on our servers for six months after which they are permanently deleted from our secure servers.
The GDPR is a comprehensive EU data privacy law that went into effect on May 25, 2018. This regulation states that everyone in the EU has a right to protection of their personal data, and applies to all companies who collect and process data for EU residents. Rights under the GDPR include:
All of our clients’ data belongs to our clients (Data Controller). Any GDPR requests to manage non-personal information must be requested directly by Digiscribe’s client. Digiscribe will take action provided we can authenticate the requesting client’s identity and subject to certain exceptions prescribed by law.
It is the responsibility of the Digiscribe client to remove said data from the storage device if the data resides in ImageSilo, FileBound, Vision360 Enterprise, or any other storage device controlled by the customer.
If you have any questions or concerns, including requests regarding GDPR Rights for persons living in the EU, please feel free to contact us, preferably via email. Proper identification will be required before any action is taken on any request.
Data Processor Contact Information
150 Clearbrook Road
Elmsford, NY 10523
Last updated: 9/27/18