IDOX.AI GDPR Compliance Statement
REV. Date: Aug.31 ,2023
At iDox.ai, our commitment to GDPR compliance serves as the foundation of our data protection practices. We uphold the privacy, security, and rights of individuals' personal data in accordance with the General Data Protection Regulation.
We have created this GDPR Compliance Statement to explain our approach to implementing our GDPR compliance program. It describes the implementation of our data protection roles, policies, procedures, controls and measures to ensure ongoing compliance with GDPR.
If you have any questions about this GDPR Compliance Statement, our privacy or security practices, you can always contact our data protection officer.
39355 California Street
Suite 302 Fremont, CA 94538
Email: [email protected]
The General Data Protection Regulation (GDPR) was agreed and adopted in 2016 and came into effect on 25 May 2018. Because the GDPR is a regulation, rather than a European Union directive, it is directly binding and applicable, and it provides flexibility for individual member states to modify some provisions of the GDPR.
GDPR aims to make data protection regulations:
- More relevant: Updating the European Union (EU) data protection standards to make them more suitable for today’s world
- More comprehensive : Remedying some of the perceived deficiencies of the current Data Protection Directive
- More unified : Achieving a better, more harmonised standard of data protection throughout the EU.
GDPR and iDox.ai
A GDPR Compliance statement is a public-facing document that sets out the steps we’re taking, or that it has already taken, to become GDPR compliant. iDox.ai uses it to make people aware of everything we’re doing to meet our obligations, for example:
- The technical measures iDox.ai is implementing to meet the GDPR's stringent data security standards.
- The services iDox.ai enable people to exercise their data subject rights.
- iDox.ai will process all privacy information fairly and lawfully.
- iDox.ai will only process personal information for specified and lawful purposes Where practical, we will keep personal information up to date.
- iDox.ai will not keep personal information for longer than is necessary.
Our GDPR Principles
We take the privacy and security of individuals and their personal information very seriously. Our principles for processing personal information are:
- Lawful BasisWe ensure that our data processing activities have a lawful basis as required by GDPR. We will clearly communicate the legal basis for data processing to data subjects.
- Data Collection and UsageWe collect and process personal data only for specific and legitimate purposes. We will inform data subjects about the purposes of data processing and obtain their explicit consent where necessary.
- Data Minimization We commit to collecting and retaining only the minimum amount of personal data necessary for the intended purpose.
- Transparency and NoticeWe will provide clear and easily understandable privacy notices to data subjects, outlining the types of data processed, the purposes of processing, data retention periods, and data subject rights.
- Data Subject RightsWe respect data subjects' rights as defined in GDPR, including the right to access, rectify, erase, restrict processing, object, data portability, and the right not to subject to a decision based solely on automated processing. We will promptly respond to data subject requests in accordance with GDPR timelines.
- Data Security and ProtectionWe implement appropriate technical and organizational measures to ensure the security and protection of personal data against unauthorized access, loss, destruction, or alteration.
- Data Breach NotificationIn the event of a data breach that poses a risk to individuals' rights and freedoms, we will follow the GDPR's mandatory breach notification requirements and inform relevant authorities and affected data subjects.
- Data TransfersWhen transferring personal data outside the European Economic Area (EEA), we will ensure compliance with GDPR requirements, including using appropriate safeguards or obtaining data subject consent where necessary.
- Data Protection Impact Assessment (DPIA)Where applicable, we will conduct DPIAs to assess and mitigate privacy risks associated with our AI product and data processing activities.
- Record KeepingWe will maintain comprehensive records of our data processing activities, as required by GDPR.
- Data Protection Officer (DPO)We have appointed a Data Protection Officer (DPO) to oversee GDPR compliance and act as a point of contact for data protection-related matters.
- Training and AwarenessWe will provide regular training to our employees to ensure their awareness of GDPR requirements and their roles in maintaining compliance.
GDPR compliance statement reflects our commitment to safeguarding the privacy and rights of data subjects. We continuously monitor and improve our data processing practices to meet the evolving GDPR standards.