Nexus sees the EU's general data protection regulation (GDPR) as an important step forward in streamlining and unifying data protection requirements across the EU. We also see it as a great opportunity for us to strengthen our clear commitment to data protection principles and practices. It is as well fully in line with our recent ISO 27001 certification in Sweden.
Therefore, we have gathered some frequently asked questions regarding Nexus GO PDF Signing and GDPR. See also GDPR statements.
The service stores data about registered users in the portal. This is necessary to allow only the right users access, and to process service requests. Example of data is name, organisation, national identification number (”personnummer”) and email address of users who are registered in the portal. The data is used for handling signature requests, and may also appear in the service's internal logging data. If users upload PDF documents with personal data, Nexus temporarily handles these PDF documents for the purpose and time period that is necessary to perform the signing operation.
It is necessary to have a handling of users, user data and credentials in the portal, to maintain control of who can access the service. Documents, that can potentially contain user data, need to be uploaded so that they can be signed.
The customer decides how long their user data is stored in the portal. The customer may contact Nexus support for removal of the user account and its associated data. If personal data is stored in documents to be signed, it is never stored in the portal for longer than 30 days.
Administrators of the account can see users that are registered on the same account. Otherwise, user data and documents are stored encrypted and are not possible to access for unauthorized parties.
Nexus handles the documents on behalf of the users of the service, for the purpose of performing digital signatures. The processing is automatic and no Nexus employee is able to access its contents.
Yes we have, you can find it here: