Filemail limits the number of third parties that process your files and data as much as we reasonably can. In those instances where we need to rely on third parties, we ensure that they comply with our stringent privacy policies and are subject to data processing agreements. Key practices include:
Vendor Selection and Assessment: We conduct thorough risk assessments to ensure that any third-party vendors comply with our stringent security requirements and privacy practices.
Data Processing Agreements (DPA): We have entered into Data Processing Agreements with all third-party vendors who process personal data on our behalf. The DPA outlines the responsibilities and obligations of both Filemail and the third-party processors to protect personal data, and is a key measure to ensure GDPR compliance.
Ongoing Evaluations: We conduct ongoing evaluations to ensure continuous compliance with data protection standards. This includes regular reviews and updates to the agreements with third-party vendors to address any changes in data processing activities or regulations.
Notification of Changes: We notify customers about any intended changes to the list of sub-processors in advance, allowing sufficient time to object to such changes. This ensures transparency and control over the involvement of third parties.
Processor security: When engaging sub-processors, Filemail ensures that they are bound by similar data protection obligations as those imposed on Filemail. This includes implementing appropriate technical and organizational measures to protect personal data and ensuring sub-processors comply with the GDPR and other relevant regulations.