GDPR

• DocMonster will comply with the GDPR when it becomes enforceable on May 25, 2018.
• Data Protection Officer: support@docmonster.co.uk

Data Security

• All your personal data is protected using an industry standard Advanced Encryption Standard (AES-256) encryption algorithm to encrypt data in transfer and at rest.
• Our servers are protected by fully managed Amazon Web Services firewalls.
• Only key technical staff have direct access to our servers.
• Backoffice systems have user based access control and a full audit history.
• All employees and contractors are required to sign a confidentiality or non-disclosure agreements.
• Server software is updated daily to ensure we have all the security latest patches.
• Cyber insurance policy is provided by Hiscox.
• Servers are regularly tested using a industry standard PCI security scan.

Data Location

• Our servers are hosted by Amazon Web Services in their EU Ireland datacenter.
• Security documentation: https://aws.amazon.com/security/
• Compliance documentation: https://aws.amazon.com/compliance/

Your Data

• The personally identifiable data we hold on our system; Name, Address, Telephone Number, Email Address & Last IP Address.
• All data relating to card payments is processed by our payment provider Sagepay UK (www.sagepay.co.uk) using a industry standard secure token system.
• Data contained within the DocMonster repository itself is encrypted.
• We do not share or transfer your data to any 3rd party.

Data Retention

• Your personal data is retained for 5 years from termination of contract, unless the data controller requests removal.
• Your personal data is retained for our company accounting records, and also to allow customers to reactivate thier account.
• To request removal of personal data please email our Data Protection Officer (DPO). Email: support@docmonster.co.uk