Last Updated: 16 May 2018
On the 25th May 2018 the European Union began enforcing its General Data Protection Regulation (GDPR). It impacts how businesses collect and process data from European individuals. While Aspose is an Australian Business with no European entity, it values the rights of its users’ and customers and their personal data regardless of their location. As such we’re working hard to comply with these rules across all our systems and processes.
This page gives an overview of the roles described by the GDPR, the responsibilities of each party and the efforts we’re putting in place to support these recommendations.
When data is transferred outside of the European Economic Area (EEA) by data processors, the GDPR sets strict requirements for moving data outside of the scope if its protection.
As Aspose is an Australian business with no European entity, the data controller makes the sole decision to transfer data to Aspose which is based in Australia outside of the EEA, with its technical infrastructure based in the US. Where we do engage with sub-processors we do so in a considered fashion considering the legalities of the transfer at each step.
Aspose acts as the data controller for the personal data we collect about you, the user of our web apps and website, the purchaser of our products or services.
Secondly, we process data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations.
Thirdly, we process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).
Aspose respects the privacy of its customers and their clients. To that end, we have implemented and continue to improve both technical and organizational measures in line with the GDPR to ensure the appropriate processing of personal data.
We have reviewed our internal processes and operations to make sure we map and audit the data travelling through our systems. We are implementing functionality within all our main customer facing systems to cope with the principles of Privacy by Design. Any access to Client Data is only done through the permission of our customers and is always limited and specifically in scope to the contract between Aspose and its customers have engaged in.
Our internal procedures and logs make sure that we meet the GDPR accountability requirements.
We onboard new third-party services rarely, but when we do we have an internal process for evaluating these suppliers on their security and privacy considerations. We keep the number of sub-processors to a minimum, where possible using our own technology and infrastructure for processing.
Data subjects’ ownership of their personal data is at the heart of the GDPR. We are working on a plan to respond to data subject requests to delete, modify, or transfer their data. This means that our Customer Support Specialists along with the Engineers that assist them in their work are well-prepared to help you in any matters involving your personal data.
Training and awareness about GDPR, the handling of and processing of Personal Data have been communicated throughout the whole Aspose Business. Each Aspose Team Member has awareness of the issues and our policies surrounding the compliance with GDPR and other Privacy related issues. We have built this training into our new team member training requirements and have scheduled refresher checks regularly.
We believe the above approach in adhering to the GDPR is firmly in line with the ethos of its purpose and what it aims to achieve.