Privacy Statement for the Use of RegDOX Secure Data Room Services
RegDOX Solutions Inc. (Hereafter, “RegDOX”) offers customers Web-based RegDOX Secure Data Room Services for document administration purposes, etc. (hereafter, the “Services”). Subject to the agreement with RegDOX and such additional terms and conditions that RegDOX may now or later identify, Customers may grant users access rights to the Services them (hereafter, “Users”). RegDOX thereby generally acts as an assignment data processor for the customer.
The following Data Security Statement explains RegDOX’s handling of Users’ personal data (Hereafter, “Data”) in the framework of the Services.
RegDOX reserves the right to adjust the content of this Data Security Statement from time to time. It is thus recommended to review it on a regular basis.
- Identify of Customer; Definition of Personal Data
1.1. Customer represents that it is a business association formed and existing under the laws of any state in United States and that at all times while when receiving the Services it shall remain so incorporated and existing.
1.2. Personal Data means any information concerning the personal or material circumstances of an identified or identifiable individual. This includes information such as name, address, telephone number, connection information, access information, revision information, the content of communications, and individualized search options and parameters for content in the data room.
- Processing and Using the Data
2.1. In processing and using the Data, RegDOX observes the requirements of the EU data security directives. Processing and usage takes place either with the User’s consent or on the basis of a legal provision that allows such processing or usage. Only such Data is processed or used as is required for rendering the Services, or such Data as is voluntarily provided.
2.2. Data processing and usage takes place to the respective extent required to fulfill the legal business obligations existing between the customer and RegDOX and to provide the resulting benefits within the framework of use of the Services. Data processing and usage takes place to the respective extent required for the purposes set forth in items 3 through 5 of this document.
- Document Management:
3.1. Storage, display, processing, deletion, release, and administration of documents in the RegDOX Secure Data Room along with the transmission of documents or folders;
3.2. Monitoring the Data transfer (document uploads and downloads) in the RegDOX Secure Data Room;
3.3. Recording in an audit trail User activity such as editing, accessing, or sending a document or folder; (and)
3.4. Compiling statistics, evaluations, and reports on the RegDOX Secure Data Room, its use, and ongoing projects.
- Organization & Communication:
4.1. Gathering, saving, and processing User Data during the use of the Services and creating and transmitting User profiles created by the User;
4.2. Personalizing the home page;
4.3. Individually configurable function which reports the activities of other Users in the RegDOX Secure Data Room (Watchlist) via email and SMS;
4.4. Communication between Users via the RegDOX Secure Data Room (mailboxes, assignments, milestones, Q&A, discussions, notes, multi-channel broadcasts, decision sessions, etc.) and via email, SMS, telephone, Skype, and Messenger for purposes of project processing, etc.;
4.5. Distributing and tracking the status of assignments and processing milestones;
4.6. Creating data room indexes; (and)
4.7. Tracking communication via mailboxes.
- Security measures:
5.1. Protecting confidential documents by carrying out authentication measures based on a one-time PIN sent to Users via SMS, email, QR code or otherwise;
5.2. Administering the access rights system; (and)
5.3. Ascertaining the IP address to guarantee effective access protection. IP addresses are numbers used to address the Data packets in the Internet. If misuse is indicated, the IP address of the questionable pseudonym will be stored once at the time of the first login after the indication of misuse, and given an appropriate court order, the IP address will be forwarded along with the other personal Data to the proper law enforcement agency. If the indication of misuse is unfounded, the stored IP address will be deleted immediately.
- Transmission of Data
RegDOX gives the Data to third parties only with the User’s permission or at the User’s own request. In addition, transmission of Data may take place upon the User’s instruction or when required or permitted by law. This may be the case when subcontractors are employed by RegDOX, for example. The transmission of Data to state institutions or authorities may only take place in the context of mandatory national legislation.
7.2. The User can block the usage of cookies in the User’s browser. This may impair the functionality of the Services.
- Data Storage
The Data will be stored only as long as required for the provision of Services or as long as RegDOX or the customer is legally obligated to save it.
- Information, Correction, Deletion
Requests for information regarding the saved Data and the need to change or delete it should be addressed to the customer. In addition, the User can contact RegDOX at support.regdox.com.