π Table of Contents
1. Introduction
Welcome to iDeskHubs SecureDoc ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document management system.
2. Data Controller
For the purposes of applicable data protection laws, the data controller is:
iDeskHubs Technologies
π§ Email: privacy@ideskhubs.com
π Address: [Company Address]
Data Protection Officer: dpo@ideskhubs.com
3. Information We Collect
3.1 Information You Provide
- Account Information: Name, email address, phone number, organization name, job title
- Authentication Data: Password (securely hashed), multi-factor authentication details
- Document Content: Files, documents, and metadata you upload to the system
- Communications: Messages, feedback, and support requests
3.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent, search queries
- Device Information: Browser type, operating system, device identifiers
- Network Data: IP address, access times, referring URLs
- Security Logs: Login attempts, session information, audit trails
3.3 Sensitive Data
We may process documents you upload that contain sensitive information. You are responsible for ensuring you have appropriate authorization to upload such content and that it complies with applicable laws.
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance: To provide the services you have requested
- Legitimate Interests: For security, fraud prevention, and service improvement
- Legal Obligations: To comply with legal requirements and regulations
- Consent: Where you have given explicit consent for specific processing activities
5. How We Use Your Information
- Providing and maintaining the document management service
- Authenticating users and securing account access
- Processing document uploads, storage, and retrieval
- Sending service-related notifications and updates
- Providing customer support and responding to inquiries
- Detecting and preventing fraud, abuse, and security incidents
- Analyzing usage patterns to improve our services
- Complying with legal obligations and regulatory requirements
6. Information Sharing
We do not sell your personal data. We may share information with:
- Service Providers: Trusted third parties who assist in operating our services (hosting, analytics)
- Your Organization: Other users within your tenant/organization as configured by your administrator
- Legal Authorities: When required by law, subpoena, or legal process
- Business Transfers: In connection with a merger, acquisition, or sale of assets
7. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy:
- Active Accounts: Data is retained while your account is active
- Inactive Accounts: Deleted after 2 years of inactivity
- Deleted Account Data: Permanently removed within 90 days of deletion request
- Audit Logs: Security logs retained for 7 years (compliance requirement)
- Archived Documents: Retained for 7 years (legal/compliance)
- Deleted Documents: Permanently removed from trash after 30 days
8. Your Rights
Under GDPR and NDPR, you have the following rights:
π₯ Right to Access
Request a copy of your personal data we hold
βοΈ Right to Rectification
Request correction of inaccurate data
ποΈ Right to Erasure
Request deletion of your personal data
βΈοΈ Right to Restriction
Request limiting of data processing
π¦ Right to Portability
Receive your data in a portable format
β Right to Object
Object to certain processing activities
To exercise these rights, use the "My Data Rights" section in your account settings or contact our Data Protection Officer at dpo@ideskhubs.com. We will respond within 30 days as required by law.
9. Security Measures
We implement comprehensive security measures to protect your data:
- Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access with principle of least privilege
- Authentication: Multi-factor authentication (MFA) support
- Audit Logging: Comprehensive logging of all security events
- Security Headers: CSP, HSTS, X-Frame-Options, and more
- Regular Audits: Periodic security assessments and penetration testing
- Incident Response: Documented procedures for security incidents
11. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence. When transferring data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules where applicable
- Adequacy decisions by relevant authorities
12. Children's Privacy
Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
13. Policy Changes
We may update this Privacy Policy periodically. We will notify you of significant changes by:
- Posting the updated policy on our website
- Sending an email notification to registered users
- Displaying a notice within the application
Continued use of our services after changes constitutes acceptance of the updated policy.
14. Contact Us
For questions, concerns, or to exercise your data rights:
Data Protection Officer
π§ Email: dpo@ideskhubs.com
π§ General Inquiries: privacy@ideskhubs.com
π§ Support: support@ideskhubs.com
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority:
- EU: Your national Data Protection Authority
- Nigeria: National Information Technology Development Agency (NITDA)
- UK: Information Commissioner's Office (ICO)