1. Introduction
This Privacy Policy explains how Document Management System ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our Document Management System (DMS) platform and services.
We are committed to protecting your privacy and ensuring transparency about our data practices. By using our DMS, you consent to the data practices described in this policy.
Last Updated: September 15, 2023
Effective Date: September 15, 2023
2. Data We Collect
We collect several types of information to provide and improve our services:
2.1 Personal Information
When you register for an account or use our services, we may collect:
- Full name and contact information
- Email address
- Company/organization details
- Billing and payment information
- Profile information and preferences
2.2 Document Data
As part of our document management services, we process:
- Documents and files you upload to the system
- Metadata associated with your documents (titles, descriptions, tags)
- Document sharing preferences and permissions
- Version history and editing information
2.3 Usage Data
We automatically collect information about how you interact with our services:
- IP address and device information
- Browser type and version
- Pages visited and features used
- Time and date of access
- System activity and audit logs
3. How We Use Your Data
We use your information for the following purposes:
| Purpose | Legal Basis |
|---|---|
| To provide and maintain our DMS services | Performance of contract |
| To authenticate users and ensure security | Legitimate interests |
| To process transactions and send receipts | Performance of contract |
| To communicate with you about service updates | Legitimate interests |
| To provide customer support | Performance of contract |
| To improve our services and develop new features | Legitimate interests |
| To prevent fraud and abuse | Legitimate interests |
4. Data Sharing and Disclosure
We may share your information in the following circumstances:
4.1 Service Providers
We engage trusted third-party companies to perform functions on our behalf, such as:
- Cloud storage providers
- Payment processors
- Customer support services
- Analytics and monitoring services
These providers only receive necessary information to perform their functions and are contractually obligated to protect your data.
4.2 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
We do not sell your personal information to third parties for marketing purposes.
5. Data Security
We implement appropriate technical and organizational measures to protect your data:
5.1 Encryption
All data is encrypted in transit using HTTPS/TLS and at rest using AES-256 encryption.
5.2 Access Controls
We implement role-based access controls and authentication mechanisms to ensure only authorized personnel can access your data.
5.3 Security Practices
We maintain:
- Regular security assessments and penetration testing
- Virus scanning for all uploaded documents
- Secure development practices
- Employee security training
While we implement robust security measures, no system is completely secure. We encourage you to use strong passwords and enable additional security features we offer.
6. Data Retention
We retain your information for as long as necessary to fulfill the purposes outlined in this policy:
- Account information: Retained while your account is active and for a reasonable period thereafter
- Documents and files: Retained according to your specified retention preferences
- Audit logs: Retained for security and compliance purposes for up to 2 years
- Marketing data: Retained until you withdraw consent or opt-out
You can request deletion of your data at any time, subject to legal obligations we may have to retain certain information.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
7.1 Access and Portability
You can request access to your personal data and receive it in a structured, machine-readable format.
7.2 Correction
You can update or correct inaccurate or incomplete personal data.
7.3 Deletion
You can request deletion of your personal data, subject to certain exceptions.
7.4 Objection and Restriction
You can object to processing of your personal data or request restriction of processing.
7.5 Withdraw Consent
Where we rely on consent, you can withdraw it at any time.
To exercise these rights, please contact us using the information in the "Contact Us" section.
9. International Data Transfers
As a global service, your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for these transfers, such as:
- Standard contractual clauses
- Adequacy decisions
- Other legally approved mechanisms
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes by:
- Posting a notice within our services
- Sending an email to the address associated with your account
- Updating the "Last Updated" date at the beginning of this policy
We encourage you to review this policy regularly to stay informed about our data practices.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@dmscompany.com
Address: 123 Business Avenue, Suite 456, Tech City, TC 78901
Data Protection Officer: dpo@dmscompany.com
We will respond to all legitimate inquiries within 30 days.