GDPR Notice - About - aspose.net – About Aspose | Leader in File Format category

GDPR Notice

Last Updated: 16 May 2018

Aspose and the GDPR

On 25th May 2018, the European Union began enforcing its General Data Protection Regulation (GDPR), impacting how businesses collect and process data from European individuals. While Aspose is an Australian business with no European entity, we value the rights of our users and customers and their personal data, regardless of location. As such, we are working hard to comply with these rules across all our systems and processes.

This page provides an overview of the roles described by the GDPR, the responsibilities of each party, and the efforts we are making to support these recommendations.

Aspose as the Data Processor

While using our services, you may upload files for processing via our Cloud API platforms or send our Support Team files for debugging or support purposes. Due to the nature of our products and services, your files may contain information from or about your clients. While covered by the confidentiality clauses in our EULA, upcoming updates to our Terms of Use and Privacy Policy further solidify these rights.

These are your data subjects, and you are considered the data controller for this personal data. Our Terms of Use and Privacy Policy refer to this data as Client Data.

Using Aspose services to process your Client Data means that you have engaged Aspose as a data processor to carry out certain data processing activities on your behalf. Article 28 of the GDPR states that the relationship between the controller and the processor must be made in writing (electronic form is acceptable under subsection (9) of Article 28). Our Terms of Use and Privacy Policy serve as your data processing contract with Aspose, setting out the instructions for processing personal data you control and establishing the rights and responsibilities of both parties. Aspose will only process your Client Data based on your instructions as the data controller.

Data Transfers

When data is transferred outside of the European Economic Area (EEA) by data processors, the GDPR sets strict requirements for moving data beyond its protection scope.

As Aspose is an Australian business with no European entity, the data controller makes the sole decision to transfer data to Aspose, which is based in Australia with technical infrastructure in the US. Where we engage with sub-processors, we do so with careful consideration of the legalities of the transfer at each step.

We maintain an up-to-date list of sub-processors in our Terms of Use to ensure full transparency about our transfers and the processors we use. We only engage with sub-processors who have either certified under the EU-US Privacy Shield framework or signed the EU Commission’s standard contractual clauses for data transfers with us.

If you have any questions, contact us at privacy@aspose.com.

Aspose as the Data Controller

Aspose acts as the data controller for the personal data we collect about users of our web apps and website and purchasers of our products or services.

Additionally, we process data to meet legal obligations (GDPR Article 6(1)(c)), primarily involving financial data and information required for accountability. We also process personal data for our legitimate interests, as outlined in GDPR Article 6(1)(f).

What Do We Mean by “Legitimate Interests”?

Improving our products and services in ways useful to you.
Ensuring data and Aspose’s systems remain reliable, safe, and secure.
Responsible marketing of our products, services, and their features.
The ability to fulfill contracts with our customers.

As the controller of your personal data, Aspose is committed to respecting your rights under the GDPR. If you have any questions, contact our Data Protection Officer at dpo@aspose.com.

What Aspose is Doing for GDPR Compliance

Aspose respects the privacy of its customers and their clients. To that end, we have implemented and continue to improve both technical and organizational measures in line with the GDPR to ensure appropriate processing of personal data.

Internal Processes, Security, and Data Transfers

We have reviewed our internal processes and operations to ensure data flowing through our systems is properly mapped and audited. We are implementing functionality within all our main customer-facing systems to align with Privacy by Design. Any access to Client Data is only permitted with customer authorization and is always limited to the contract between Aspose and the customer.

Our internal procedures and logs ensure we meet GDPR accountability requirements.

When onboarding new third-party services, we follow an internal process to evaluate suppliers based on security and privacy considerations. We keep the number of sub-processors to a minimum, preferring to use our own technology and infrastructure whenever possible.

Ability to Handle Subject Access Requests

The GDPR prioritizes data subjects’ ownership of their personal data. We are working on processes to respond to data subject requests to delete, modify, or transfer their data. Our Customer Support Specialists and Engineers are well-prepared to assist with any matters related to personal data.

Documentation

Our Terms of Use and Privacy Policy are regularly updated to strengthen privacy protections. As these documents define our relationship with users, we strive to ensure they clearly outline user rights and responsibilities.

Training and Awareness

Training and awareness about GDPR and the handling of personal data have been communicated throughout Aspose. Every team member understands GDPR compliance and privacy-related policies. This training is part of new team member onboarding and includes regular refresher courses.

We believe our approach to GDPR compliance aligns with the regulation’s purpose and goals.