Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            How are data being handled?

            Modified on Tue, 20 May at 4:21 PM

            At Boardfolio, we prioritize the secure and compliant handling of your data in accordance with our certifications and encryption standards. Below is a detailed explanation of how we manage data, drawing from our practices and the information provided in the Boardfolio Data Processing Addendum (DPA). For further details, you can refer to the link: Boardfolio DPA  


            Data Handling Practices

            1. Data Collection and Use:
              • We collect only the personal data necessary to provide our services, as outlined in our Privacy Notice. This includes data provided by clients during interactions with Boardfolio, such as through our platform or related services.
              • Personal data is used solely for the purposes specified in our agreements, including facilitating secure board and governance activities, and is processed in compliance with applicable data protection laws, including GDPR.
            2. Data Security:
              • Encryption in Transit: Data transiting to and from Boardfolio servers is protected using secure SSL/TLS-protected channels, ensuring that information remains confidential and secure during transfer.
              • Encryption at Rest: All client data stored on our servers is secured using Transparent Data Encryption (TDE), which protects data against unauthorized access by encrypting it at the storage level.
            3. Data Processing and Compliance:
              • As detailed in the Boardfolio DPA, we act as a data processor for personal data provided by our clients (data controllers). We process this data only in accordance with the client’s instructions and the terms of the DPA, ensuring compliance with GDPR and other relevant regulations.
              • Our ISO/IEC 27001:2013 certification underscores our commitment to maintaining a robust Information Security Management System (ISMS), which governs how we handle, store, and protect data to meet international security standards.
              • We ensure GDPR compliance by implementing appropriate technical and organizational measures to safeguard personal data, including regular audits and adherence to data protection principles.
            4. Data Storage and Retention:
              • Data is stored securely on our servers, with access restricted to authorized personnel only. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law, as outlined in our Privacy Notice.
              • Upon termination of services or at a client’s request, we securely delete or anonymize personal data in accordance with our data retention policies, unless legally required to retain it.
            5. Third-Party Data Sharing:
              • We do not share personal data with third parties unless explicitly authorized by the client or required by law. Any third-party service providers we engage (e.g., for hosting or support services) are bound by strict data processing agreements to ensure they meet the same security and compliance standards.
              • The DPA specifies that we notify clients of any sub-processors involved in data handling and ensure they comply with GDPR and other applicable regulations.
            6. Data Subject Rights:
              • We support clients in fulfilling data subject requests, such as access, rectification, or deletion of personal data, as required under GDPR. Clients can raise such requests through our support channels, and we will assist in processing them promptly.
            7. Incident Management:
              • In the unlikely event of a data breach, we have established procedures to promptly notify affected clients and relevant authorities, as required by GDPR. Our ISMS includes incident response plans to mitigate risks and ensure swift resolution.


            Commitment to Trust


            Our data handling practices are designed to align with our Trust Center’s commitment to transparency, security, and reliability. By adhering to ISO/IEC 27001:2013 and GDPR standards, and employing advanced encryption methods like SSL/TLS and TDE, we ensure that your data is handled with the highest level of care and protection.


            If you have any further questions or need assistance regarding our data handling practices, please raise a ticket, and our support team will respond as soon as possible.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0