Nexus sees the EU's general data protection regulation (GDPR) as an important step forward in streamlining and unifying data protection requirements across the EU. We also see it as a great opportunity for us to strengthen our clear commitment to data protection principles and practices. It is as well fully in line with our recent ISO 27001 certification in Sweden.
Therefore, we have gathered some frequently asked questions regarding Nexus GO PDF Signing and GDPR. See also GDPR statements.
What kind of personal data does Nexus GO PDF Signing manage and store?
The service stores data about registered users in the portal. This is necessary to allow only the right users access, and to process service requests. Example of data is name, organisation, national identification number (”personnummer”) and email address of users who are registered in the portal. The data is used for handling signature requests, and may also appear in the service's internal logging data. If users upload PDF documents with personal data, Nexus temporarily handles these PDF documents for the purpose and time period that is necessary to perform the signing operation.
Why is personal data stored in Nexus GO PDF Signing?
It is necessary to have a handling of users, user data and credentials in the portal, to maintain control of who can access the service. Documents, that can potentially contain user data, need to be uploaded so that they can be signed.
Who determines how long Nexus stores personal data in Nexus GO PDF Signing?
The customer decides how long their user data is stored in the portal. The customer may contact Nexus support for removal of the user account and its associated data. If personal data is stored in documents to be signed, it is never stored in the portal for longer than 30 days.
Can anyone else access documents and user data in the Nexus GO PDF Signing portal?
Administrators of the account can see users that are registered on the same account. Otherwise, user data and documents are stored encrypted and are not possible to access for unauthorized parties.
What about user data that is contained in PDF documents that are signed?
Nexus handles the documents on behalf of the users of the service, for the purpose of performing digital signatures. The processing is automatic and no Nexus employee is able to access its contents.
Does Nexus GO PDF Signing have an agreement for managing GDPR (data processing agreement)?