You’ll have no doubt heard of the General Data Protection Regulation, effective May 25, 2018. GDPR is the European Union’s privacy law which essentially harmonises and updates the current regime applicable to those processing personal data identifying individuals in the EU.
If you use our Muhimbi PDF Converter Online Product, we are your trusted data processor of the data contained in your documents and your user logs. We provide the product in a way that meets the requirements on us as your data processor under the GDPR. That helps and complements you on your own journey to achieving and sustaining compliance with GDPR.
How are we doing this? In a number of different ways…
Security.
GDPR requires that personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data. We use Microsoft Azure to host our application – Azure is renowned for the high level of security it employs and is certified to ISO27001 standard.
Please note that Muhimbi Enterprise Subscribers can control the location of their servers.
Rapid Deletion. Minimal retention.
We further minimise risks associated with unauthorised access as well as excessive retention periods, by deleting the copies of your documents from our servers immediately after processing. Several safeguards are in place to ensure that delete operations succeed.
The only exception is if you specifically give instructions for prolonged storage using the Long Running Operation pattern, in which case we can retain copies for up to 1 day before they are automatically deleted.
Privacy by Design.
Data security is baked into our engineering principles. We address it from the outset of any development project and build it into our architecture from the ground up – not as an afterthought.
We process for you, not for us.
We process your documents solely to allow you to use our product, based on your instructions, and only for the specific purpose you provide. Nothing else. Unlike some other services we do not keep a copy of your documents for our own analytics purposes, or to query them using machine learning or AI tools. This gives you confidence that, in our role as data processor, we act on your instructions and not for our own business purposes.
Record Keeping.
One big part of GDPR is governance. Not only must you do the right thing by the individuals whose data you are processing – you must be able to demonstrate records of all the processing that you undertake. We make this easier by making available log information in respect of each Muhimbi user in your organisation. Of course, having a stable set of PDF files is in and of itself a boon to effective record keeping.
Breach Processes.
The GDPR sets out stringent requirements which would apply in the unlikely event that the security of your personal data was compromised. We have in place processes and policies to ensure that we meet our reporting requirements under GDPR and mitigate the effects of any such event as far as we can.
Product Security.
Safeguarding your sensitive data is our top priority, ensuring peace of mind with every document processed. Curious about the details and commonly asked questions about our implementation? Explore our FAQ on product security to learn more.
Further Resources.
Please find below a number of relevant resources for Muhimbi as well as some of our key sub-processors.
- Muhimbi Data Processing Terms
- Muhimbi Privacy Policy
- How we deal with your documents
- Microsoft and GDPR
- MailChimp and GDPR
- SagePay and GDPR
- Stripe and GDPR
- Zendesk and EU Data Protection
- Postmark
- FoxNetSoft
Please contact us at gdpr@muhimbi.com if you’d like to talk about our work on GDPR and other privacy related matters.