MachForm is dedicated to becoming fully compliant with the EU General Data Protection Regulation. Our platform will be capable of conducting business with all EU-based customers by the GDPR deadline, May 25th, 2018.
The GDPR is intended to strengthen individuals’ rights and unify data protection rules across the EU through stricter personal data handling requirements and higher fines for non-compliance. The GDPR applies the processing of data subjects’ personal data by any size of EU or non-EU organization that provides goods or services to the EU or monitors EU users’ behavior.
What is GDPR?
In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and it will come into effect on May 25, 2018.
Who does the GDPR apply to?
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals.
I’m using MachForm Cloud, what do I need to do?
In relation to your use of MachForm Cloud, you need to be clear and transparent with your clients about your use of a third party processor (MachForm Cloud) to collect their personal data. Transparency is key under GDPR.
What’s the best way to inform my clients that I use MachForm Cloud?
You can update your website privacy notice. Under the GDPR, you’re only required to say that you’re using an externally hosted third party to enable you to provide your service, rather than name MachForm specifically.
As an example, you could add some wording like this to your website privacy notice: “We uses an externally hosted third party to manage and administer your data.”
I’m using MachForm Self-Hosted, what do I need to do?
When you use MachForm Self-Hosted, you’ll be the data processor and the data controller.
You’ll need to make sure to secure your MachForm database server and manage the data according to the GDPR.
Please note that MachForm doesn’t have the functionality to automatically delete your data after certain period. You’ll need to delete the data manually from your MachForm entries manager.
Read our guide on how to delete data permanently.
Is MachForm GDPR-ready?
Yes. We’ve taken various steps to ensure that we’re ready and compliant. We have reviewed our products and services, customer terms, privacy notices and arrangements with third parties for compliance with the GDPR.
Is there any difference between MachForm Self-Hosted and MachForm Cloud regarding GDPR?
Yes, there is a major difference.
MachForm Self-Hosted stores all the data completely on your own server and it doesn’t go through our server. Thus GDPR compliance will be fully your own responsibility.
MachForm Cloud stores all the data on our datacenter. Thus GDPR compliance will be a shared responsibility between you and us.
Where is the location of MachForm Cloud servers?
MachForm Cloud datacenter is located in United States. More details.
Does GDPR require that my information be stored in the EU?
No. Under GDPR a company is allowed to transfer personal data outside of the EU provided that it puts in place a mechanism, approved under GDPR, to make sure that personal data is adequately protected even when it is transferred outside of the EU.
What is MachForm Cloud data retention policy?
We retain all your form data for as long as your account is active. When you terminate or cancelled your cloud subscription, all your form data will be automatically deleted within 30 days.
Do you offer Data Processing Addendum?
Yes, we offer Data Processing Addendum (DPA) for our customers that qualify as data controller under the GDPR. Our DPA contains contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our clients.