Ready to start a conversation? Get in touch with our solution experts
Want to know more? Get in touch with one of our partner managers
Say hello to fully automated processes with Basware Touchless Invoicing. Learn more
We are committed to GDPR compliance across our Basware operations.
We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and agreements.
As of the 25th of May 2018, the EU General Data Protection Regulation (GDPR) strengthens the rights of individuals regarding their personal data and seeks to unify local data protection laws across Europe. GDPR requires new or additional obligations on organizations in the EU processing personal data and organizations outside the EU processing personal data of EU residents.
Whenever GDPR applies to our customers, they must implement appropriate measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR requirements. These requirements relate to principles such as lawfulness, fairness and transparency, accuracy, purpose limitation, data minimisation, storage limitation, integrity and confidentiality. They also relate to fulfilling individuals’ rights with respect to their personal data.
Our customers must furthermore ensure that the service providers they select to process personal data on their behalf guarantee their ability to implement appropriate measures so that the processing meets the GDPR requirements.
The measures we foresee assist our customers to meet the GDPR requirements when personal data, as part of business data, are processed through our services. Our GDPR assurances are summarized on this webpage.
We are including this commitment into our agreement with our customers. If you are an existing customer, but didn't get our email on this matter, please see our communication to get our standard GDPR appendix executed and delivered to us.
This assists our customers in demonstrating their compliance with GDPR.
We are conducting an extensive GDPR compliance program. It is run by the Basware Data Protection Team that consists of privacy and security experts. The Team identifies our data processing activities, maintains our process register, performs data protection impact assessments, builds compliance documentation and is following up on compliance improvement actions. We are appointing a data protection officer where legally required. External experts audit and verify our GDPR compliance program. The Team also ensures that staff members processing personal data are trained to comply with our data processing policies and bound to confidentiality.
We process personal data contained in business data transmitted to us, only on behalf of our customers, to the extent necessary for our services and in accordance with our customers’ instructions. In legal terms, we are data processor and our customers are data controllers. After expiry of our services, we delete the personal data of the related customers from our systems, unless if otherwise required by law.
We select qualified subprocessors to support the delivery of our cloud services. We are responsible for them and have appropriate data processing arrangements in place with them. We make information available about our current subprocessors and notify relevant customers in case we change any such subprocessor. Before we transfer personal data for processing to any subprocessor outside the EU, we provide for GDPR-proof appropriate safeguards (please see our related White Paper).
Through our information security program, we maintain appropriate technical and organizational security measures designed to protect the security and integrity of data. Our security measures are based on globally accepted standards and described in a separate notice, available on https://www.basware.com/en-gb/support/trust/. We audit our security measures. We notify our related customers in the unlikely event of a security breach on our systems of which we become aware.
Our services allow our customers to respond to legitimate requests from individuals, mainly to rectify, block or erase their personal data. If this is not possible, we will assist. When our customers perform security and data protection assessments, security incident notifications or reply to consultations of supervisory authorities that relate to our services, and think we can be of any help, we will assist where we can. We also assist customers wanting to audit our compliance.
Brexit and personal data transfer
GDPR Program White Paper
Personal Data Transfer White Paper
Personal Data Processing Notice
GDPR communication and appendix for Basware existing customers
GDPR official text https://eur-lex.europa.eu/eli/reg/2016/679