GDPR EU Directive Compliance


GDPR Compliance at Fax.to
Fax.to is fully compliant and also offers a full GDPR EU Directive compliance as an extention to our customers.

Our GDPR statement is available below.

Fax.to GDPR Compliance Statement
The following is an addendum to Fax.to's Privacy Policy and Terms and Conditions to cover the EU General Data Protection Regulation which comes into effect on May 25th 2018.

As a Fax.to customer, the GDPR gives you new protection rights and assures better access to your personal data.

-Right to rectification: Rectify your personal information at any time from your account settings. You can also contact us directly to edit or rectify your information.

-Right to be forgotten: Cancel your Fax.to account or subscription and close your account at any time. You can send us a request to erase all your data, which we will complete within 30 days.

-Right to portability: Upon request, we will export your data so that it can be transferred to a third party or competitor.

-Right to object: Unsubscribe at any time to any specific use of your information (newsletter, automatic emails, etc.).

-Right of access: We are transparent about the data that we collect and what we do with it. To familiarize yourself with this, please refer to our privacy policy. Lastly, you can contact us at any time to access and modify any of your personal data.

Accountability
We have conducted an audit of all information we hold on our customers and for our customers.

Fax.to holds names, email address, IP addresses/session data, and fax documents received on behalf of our customers or fax documents uploaded and sent by our customers. Customers using our Fax API have the option to use our no-store and forward feature where documents are only stored as long as the transmition requires and then deleted.

The data is held only as long as our customers account remains open. If a customer’s wishes to close their account, all data is then deleted.

Communicating with Staff and Service Users
Fax.to servers are based in the EU and in the US. We operate multiple fax servers in both the US and in Europe. Our users have an option to select wether their data will be processed globally or within Europe only routed and processed through our EU partner telecom companies.

Fax.to has direct connections to operators in the EU and when processing our customers’ data it is sent directly to our operators and is not transferred outside the EU if our customers choose so.

Personal Privacy Rights
All customers have access to view their data using their secure login and password. They can add, delete or modify any inaccuracies in this data. Customers have full control over their data

Fax.to provides facilities for companies to package and export their data in the interests of data portability.

Data Access Requests
Fax.to provides for data access requests from our customers. This information will be returned to the customer within one month of request.

Fax.to will also provides full control over email notifications over all our customers. Consent for email notifications, email events and email marketing consents can be retracted at any time

Legal Basis for Processing
Fax.to is processing fax either inbound or outbound on behalf of our customers.

Consent
Fax.to takes consent from all our customers on signup before sending marketing emails. This consent is separate than the terms and conditions and has to be actively given. Customers can at any time retract their consent for the different types of emails from their account.

Data Protection by Design
Fax.to operates servers both Production and Disaster Recovery that are located within the EU. If choosen no data on either environment will leave the EU at any point. The data centre services provider who hosts and manages the secure environment for our servers is ISO 27001 certified.

The Fax.to System employs security protocols to block illegal application requests such as SQL injection. All access to system backend is locked down by specific IP whitelist.

The Fax.to System is monitored 24/7 by our own engineers. The engineers receive pager alerts to any suspicious activity or unusual network traffic. On a positive identification of a data breach our policy is to alert all Data Controllers immediately.

Reporting Data Breaches

Any data breaches will be reported to both our customers and the DPC within 72 hours.

Data Protection Officer
Fax.to have designated Italos Marios as Data Protection Officer. Any questions relating to Fax.to GDPR compliance should be sent to italosm@fax.to