Knock compliance efforts with the General Data Protection Regulation (GDPR) for EU customers
Knock is committed to complying with the General Data Protection Regulation (GDPR), a new EU data privacy regulation effective May 25, 2018. The regulation gives EU citizens more control over their personal data and unifies a number of existing privacy and security laws under one comprehensive law.
At Knock, we understand that compliance with a new set of privacy laws can be challenging, and we are here to help with your GDPR compliance initiative by providing you with state-of-the-art GDPR compliant services.
Our legal and security experts have closely analyzed the GDPR's requirements and continue to monitor new guidance on best practices for implementing them. We have updated our products, contracts, and policies to ensure compliance with the GDPR. We are also dedicated to helping our customers succeed in complying with it.
Steps Knock is Taking for GDPR Compliance
ProcessMaker has implemented a company-wide GDPR compliance strategy. Below are a few examples of initiatives ProcessMaker has committed to in order to satisfy GDPR requirements that apply to both ProcessMaker and our customers:
- When processing personal data regulated under the GDPR, we commit to follow any additional security and privacy measures required under the GDPR.
- Where we have transferred personal data outside of the EU, we are committed to appropriate data transfer mechanisms as required by the GDPR.
- We have ensured that applicable users can access and update their personal data (access to most data resides in our service).
- Should a breach occur, we will notify regulators, customers, and users promptly as required by the GDPR.
- We require vendors that handle personal data to meet data management, security, and privacy best practices and standards.
- We have carried out data impact assessments and consulted with EU regulators where appropriate.
- Knock employees and contractors have been trained how to handle customer personal data. They are bound to maintain strict confidentiality and security of that data.
GENERAL DATA PROTECTION REGULATION FAQS
DOES ProcessMaker PROCESS THE PERSONAL DATA OF ITS CUSTOMERS?
Yes, Knock processes customer personal data to provide the products and services set forth in our customer agreements as explained in our Privacy Policy.
WHERE DOES ProcessMaker STORE AND PROCESS MY DATA?
Our goal is to provide our customers with secure, fast, and reliable services. Today, Knock stores data in its GCP data center located in the United States. In order to bring you world-class products and provide 24×7 support coverage and maintenance, Knock may also allow employees and contractors outside the U.S. (including the European Union, Argentina, Australia, and Canada) to access certain data for product development and customer and technical support purposes. Such disclosures are compliant with the law and for the limited purpose described.
HOW CAN I MANAGE MY PERSONAL DATA THAT IS STORED BY ProcessMaker?
If you are using Knock at your organization, you must contact your administrator for information on how to access, rectify, export or erase your personal data. You can also contact us directly at privacy@knock-ai.com if you have any additional requests or questions.
DOES ProcessMaker ENTER INTO GDPR-COMPLIANT DATA PROCESSING AGREEMENTS (DPA)?
ProcessMaker will enter into DPAs with our customers who are data controllers and have purchased a subscription to our business process management software via a written agreement. We provide a GDPR-compliant DPA that is customized to our service and invite such customers to complete and execute our GDPR-compliant DPA by requesting our Knock Customer Data Processing Addendum. It is a very easy document to sign electronically.