DocHub and GDPR

DocHub's features and tools are GDPR-ready, so you can edit, sign, and share documents with the knowledge that your files comply with the strictest GDPR requirements.

Get started with DocHub

How DocHub satisfies the GDPR's security compliance standards

Legal Measures

EU-U.S Data Privacy Framework Program

DocHub participates in EU-U.S Data Privacy Framework program to ensure a secure and compliant international transfers of personal data.

Privacy Notice updates

We regularly review and update our privacy notice so you get up-to-date information about our current data processing activities. In addition, privacy notice updates are made to comply with evolving privacy laws.

Data transfers and Data Processing Agreement

DocHub regularly updates its data processing agreement (DPA) to ensure secure data processing. This critical GDPR agreement outlines technical requirements for how data is stored, protected, processed, accessed, and used.

Data Subject Rights

Every DocHub customer can exercise its rights under GDPR by using the Privacy Request Portal provided in the Privacy Notice. Our Data Privacy team processes and fulfills all requests according to GDPR requirements.

Accountability

The company has a designated Data Privacy team that handles all privacy-related matters. DocHub systems and processes are subject to regular monitoring and audits. DocHub also maintains internal policies and procedures that document the company's efforts in achieving GDPR compliance.

Technical Measures

Data access control

DocHub has established technical and organizational measures, including secure connectivity, multi-factor authentication, and more, to prevent unauthorized access, disclosure, alteration, or misuse of user information.

Incident management

At DocHub, we thoroughly review every system and application for vulnerabilities before production deployment. In addition, we use third-party dependency scanning tools to monitor all application dependencies for vulnerabilities.

Software Security

We have a dedicated team of specialists tasked with eliminating potential security vulnerabilities and keeping our software up to date. We also employ a range of monitoring solutions for preventing and eliminating external site attacks.

Data encryption

Customer documents and information therein are encrypted in transit and at rest and accessible only by the customer. We also encrypt critical system databases. All of DocHub systems limit any personal information therein and ensure sensitive data is encrypted.

Deletion of personal data

DocHub allows users to request deletion of personal data and means to notify customers of requests from their users.

Organizational Measures

Employee training

DocHub staff are obligated to maintain the confidentiality and security of customer data. We've updated our training policies to reinforce our security and privacy policies.

Device safety

DocHub applies best practices, including NIST SP 800-88 and OCR Guidance recommendations, to ensure the safety and security of its devices and hardware. We maintain Safe Password procedures to ensure password safety across the organization.

Monitoring

DocHub monitors the operation of applied safeguards on an ongoing basis. We are committed to completing an annual risk assessment to ensure we diligently address any potential risks and update ourselves to the applicable best practices.

Data Processing Addendum

A data processing addendum (DPA) is a GDPR agreement between a data controller (a data owner) and a data processor (a third-party service provider). It defines the roles and obligations of both parties when processing data. Businesses that handle and transfer personal data to a third-party processor are required to sign a DPA with that third party.

According to the data processing addendum, DocHub acts as a data processor while its customers act as data controllers. DocHub provides an up-to-date DPA that outlines the scope of the data that is processed, including the types of data processed, the purpose of the data processing, the data protection measures, and the roles and responsibilities of the controller and processor.

Sign your DPA

Over 83 million users around the globe trust DocHub

Connect DocHub with the apps you use and love

Get your documents done with ease, no matter your location. DocHub connects to popular web applications so you can edit, sign, and share documents right from your favorite apps.

See all integrations

Industry-leading security and compliance

DocHub complies with industry-leading standards, regulations, and certifications so you can securely edit, fill out, sign, and send documents and forms.

GDPR compliance

Regulates the collection, use, and holding of personal data for EU residents.

PCI DSS certification

Ensures the security of credit and debit card transactions made by a customer.

CCPA compliance

Enhances the privacy rights and protects the personal data of California residents.

SOC 2 certification

Ensures the security of your data and the privacy of your clients.

HIPAA compliance

Protects privacy, security, and integrity of sensitive healthcare information.

What is GDPR?

GDPR stands for General Data Protection Regulation. It is a privacy and security law passed by the European Union on May 25th, 2018. GDPR replaced an outdated data protection directive from 1995 and is considered the most wide-reaching change to personal data protection for the last 20 years. It aims to protect EU citizens from data privacy breaches and misuse. The GDPR lays out rules governing how companies should collect, store, transmit, and secure personal information.

GDPR applies to all organizations within the EU and outside of the EU that offer goods or services to customers or businesses within the EU.

The GDPR outlines seven key principles of personal data processing:

Lawfulness, fairness, and transparency
Purpose limitations
Data minimization
Accuracy
Storage limitations
Integrity and confidentiality (security)
Accountability

Customer rights

The GDPR grants data subjects greater control over their data by giving them certain rights. DocHub is ready to accommodate customer requests based on their rights under GDPR law.

Right to be informed: Our Terms of Service and Privacy Notice detail what data we collect, process, and store. Be sure to read the Terms of Service and Privacy Notice before signing up with DocHub.
Right to access: Our Privacy Notice outlines what data we collect and how we use it. If you have any questions regarding data, you can contact us via Privacy Request Portal for further information.
Right to rectification: You may request that your personal information be updated if you find it inaccurate or incomplete. You may also access and update your DocHub account settings at any time or contact DocHub to access, correct, amend, or delete the information we store about you.
Right to be forgotten: You may request to delete your DocHub account at any time and we will permanently delete it alongside all data associated with it.
Right to restriction of processing: You may submit a request to restrict or pause your personal data processing.
Right to data portability: You may obtain and reuse your personal data across third-party services.
Right to object: You may object to the processing of your personal data for marketing, communication, and research purposes.
Right to avoid automated decision-making: DocHub respects your right to challenge automated decision-making.

be ready to get more

Securely edit, sign, and share documents with DocHub

Create free account