Information about data protection
Everything you need to know about data protection within the framework of the General Data Protection Regulation (GDPR).
When “processing” personal data, three parties act:
The data controllers are the companies for which you have a “connection” via Doccle. You do this, for example, to receive invoices or other documents from the company, or to make payments to them. When adding such a connection, you as a Doccler give explicit permission to process your data. After all, without this data these companies and organisations are unable to provide you their services via Doccle.
The data controllers are responsible for taking the technical and organisational measures that are necessary for demonstrably carrying out the data processing in accordance with GDPR. The obligations of controllers concern principles such as lawfulness, reasonableness, transparency, purpose limitation, data minimisation and accuracy, as well as fulfilment of your rights.
The data controller determines the purposes and means for processing personal data, while the data processor processes the data by order of this controller.
Doccle only has the function of data controller if you upload documents yourself, create and manage your profile, use your eID or itsme, make payments through Doccle, conclude a SEPA direct debit, electronically sign or make a Scan & Pay payment via our mobile app. In that case Doccle processes your data based on your implicit consent. Find out more about these processing operations here.
The specific nature of the Doccle service provision means that we are data processor as well as data controllers in certain cases.
We require ourselves, and all organisations that make use of the platform, to provide sufficient guarantees. We are determined that adequate technical and organisational measures are taken to ensure processing complies with the requirements of the GDPR legislation.
The working areas that are subject to GDPR
We ourselves make a “Data protection officer” available for all Docclers. You can always contact this officer on: dpo@doccle.be.
We encourage all Docclers to ask questions or submit notifications on the security of their data, as each notification is a test for our security policy and the measures that we take and apply on a daily basis.
Transparency is of important value for us, and therefore you as a Doccler can retrieve, correct or remove quite a lot of information. If, in addition, you have other questions, you can always leave behind a questionnaire. You can fill this in by logging in and clicking through to “settings – data processing operations and privacy”, in that way we are sure that you are truly the person you claim to be. We make every effort to process the questions as soon as possible, and never exceed the legal term of thirty days.
We subject every question to careful verification. If the question concerns a processing operation of one or multiple organisations that make use of the platform, we will contact these organisations in order to provide you with a suitable answer.