Is directprint.io GDPR compliant?
[Updated November 2020]
Youmebee Ltd (the company operating directprint.io) is a UK legal entity (company number 10185321) and subject to General Data Protection Regulation ‘GDPR’ under the Data Protection Act 2018 (UK).
Youmebee Ltd is registered with the UK Information Commissioner Office. The ICO is the regulatory body that oversees compliance to UK data law (ICO registration number ZA207140)
Following the recent European Court ruling Case C-311/18 (‘Schrems II’) which invalidated the ‘Privacy Shield’ arrangements between EU and other Participating jurisdictions, Youmebee Ltd undertook reassessment of the legal status relating to data transfers from the EU to our Cloud Services that are currently hosted in the US.
In addition to invalidating the existing Privacy Shield agreements the ‘Schrems II’ EU case examined the validity of the European Commission’s Decision 2010/87/EC on Standard Contractual Clauses (“SCCs”) and considered it is valid.
As part of Youmebee’s agreement with it's Cloud Service Provider(s) there are a set of SCCs contained within the contracts that relate specifically to continued compliance to GDPR when transferring data from the EU to the US. These specific clause references are available to customers on request.
Is directprint.io HIPAA compliant?
U.S. Department of Health & Human Services (HHS) defines a Business Associate as a “person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.”
To our knowledge, directprint.io does not collect, store or process protected health information in the Cloud, as client drivers do not send, process, collect metadata about the document contents. And therefore is not considered protected health information.
General statement on data use and storage
The directprint.io technical implementation is subject to change, this information above should be considered advisory and is not binding against future product development. We will however notify customers if we introduce any additional functionality that significantly impacts the breadth, storage, transfer, retention, or use of your data. Wherever possible we will provide opt-in (enable/disable) for new features that significantly impact data use. Please talk to us about the specific requirements of your deployment.