Transparent
Book a demo
Go to LinkedIn page
Open the navigation menu

Privacy terms

Introduction

To access and use the Document Drafter through, the Power Automate connector, the add-in for Microsoft Word or the app for Microsoft Teams, you or your organization must have an active subscription. No data can or will be processed without an active subscription. The person or entity that holds an active subscription for the Document Drafter is referred to as “Customer” and your access to and right to use the Document Drafter via the Power Automate connector, the add-in for Microsoft Word or the app for Microsoft Teams is derived from such Customer. When you use the Document Drafter Power Automate connector, add-in for Microsoft Word or app for Microsoft Teams we process Personal Data as set out in these privacy terms.

Scope

These privacy terms apply to the processing of Personal Data by Green Meadow on behalf of Customer. Personal Data will be processed by Green Meadow as follows:

  1. Email-addresses of end-users of the Document Drafter will be stored and system logs will associate end-users’ activity with such email-address; and

  2. If Customer has configured the questionnaire for a document to collect Personal Data, such data inserted into the questionnaire will be processed for purposes of generating the document in question.

These GDPR Terms fulfil the obligations under the GDPR Article 28(3).

Processing of personal data

Personal Data provided to Green Meadow by Customer through use of the Document Drafter is also Customer Data. Green Meadow shall only process the Personal Data in accordance with these privacy terms, the Data Protection Laws, and on documented instructions from Customer, including with regard to transfers of Personal Data to a third country or an international organisation, unless otherwise required to do so by the Data Protection Laws to which Green Meadow is subject; in which case, Green Meadow shall inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. Green Meadow shall immediately inform Customer if, in its opinion, an instruction infringes the Data Protection Laws.

Roles and responsibilities

Customer is the controller of Personal Data and Green Meadow is the processor of such data, except when Customer acts as a processor of Personal Data, in which case Green Meadow is a subprocessor. Customer agrees that use and configuration of features in the Document Drafter are Customer’s documented instructions to Green Meadow for the processing of Personal Data. In any instance where the GDPR applies and Customer is a processor, Customer shall ensure that Customer’s instructions, including appointment of Green Meadow as a processor or subprocessor, have been authorized by the relevant controller.

Processing details

The duration of the processing shall be for the duration of the Customer’s right to use the Document Drafter and until all Personal Data is deleted or returned in accordance with Customer’s instructions or Customer’s configuration of the Document Drafter. The nature and purpose of the processing shall be to provide the Customer with the Document Drafter application as licensed under the relevant subscription. Green Meadow may not carry out any processing for its own purposes or any other purposes. The types of Personal Data processed by the Document Drafter depends on Customer’s configuration of its questionnaires in the Document Drafter and the content of documents automated by Customer via the Document Drafter, and they can include those expressly identified in Article 4 of the GDPR. The categories of data subjects are the end users that Customer grant access to the Document Drafter, such as employees and customers, and those individuals whose Personal Data is included in a document generated via the Document Drafter (to the extent the Customer has configured the questionnaire to collect such Personal Data).

Data subject rights; assistance with requests

Green Meadow shall assist Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Green Meadow, including by making available to Customer (a) all Personal Data of data subjects processed by the Document Drafter and (b) the ability to fulfil data subject requests to exercise their rights under the GDPR. Green Meadow shall comply with requests by Customer to assist with Customer’s response to such a data subject request. If Green Meadow receives a request from Customer’s data subject or any supervisory authority to exercise one or more of its rights under the GDPR in connection with the Document Drafter, Green Meadow will redirect the data subject or supervisory authority to make its request directly to Customer. Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Document Drafter. Green Meadow shall comply with requests by Customer to assist with Customer’s response to such data subject’s or supervisory authority’s request.

Records of processing activities

Green Meadow shall maintain all records required by Article 30(2) of the GDPR and, to the extent applicable to the processing of Personal Data on behalf of Customer, make them available to Customer upon request.

Data security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Green Meadow shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) encryption of Personal Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed.

Auditing compliance

Green Meadow will conduct audits of the security related to the Document Drafter as agreed with Customer. Green Meadow will promptly remediate issues raised in any audit report to the satisfaction of the auditor.

Demonstrating compliance

Green Meadow shall make available to Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer.

Security incident notification

If Green Meadow becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data or Personal Data, Green Meadow will promptly and without undue delay (1) notify Customer of the security incident; (2) investigate the security incident and provide Customer with detailed information about the security incident; (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the security incident. Green Meadow shall assist Customer in fulfilling Customer’s obligation under GDPR Article 33 or other applicable law or regulation to notify the relevant supervisory authority and data subjects about such security incident.

Data retention and deletion

At all times during the term of Customer’s subscription, and after the end of the provision of services relating to processing, Customer will have the ability to access and extract Customer Data stored in the Document Drafter and request return or permanent deletion of such Customer Data, including Personal Data.

Processor confidentiality commitment

Green Meadow will ensure that its personnel engaged in the processing of Customer Data and Personal Data (i) will only process such data in accordance with the agreement with Customer, the Data Protection Laws, and on documented instructions from Customer, and (ii) will be obligated to maintain the confidentiality and security of such data even after their engagement ends.

Notice and controls on use of subprocessors

Green Meadow will use Microsoft as a subprocessor and will not engage any other subprocessor without Customer’s prior written consent. The same data protection obligations as set out in these privacy terms shall be imposed on Microsoft by way of a contract or other legal act under the Data Protection Laws, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR. Where Microsoft fails to fulfil its data protection obligations, Green Meadow shall remain fully liable to the Customer for the performance of Microsoft’s obligations.

How to contact Green Meadow

Green Meadow’s mailing address is Orient Plads 1, DK-2150 Copenhagen, Denmark. Email: info@documentdrafter.com.

Definitions

“Customer Data” means all data Customer uploads to the Document Drafter.

“Data Protection Laws” means all laws and regulations that apply to or govern the processing of Personal Data, including, but not limited to, the GDPR and any national data protection laws and regulations implementing the EU Electronic Communications Privacy Directive (2002/58/EC), as well as any amendments to or replacements of such laws and regulations.

“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

“Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The terms “data subject”, “processing”, “processor”, and “supervisory authority” as used herein have the meanings given in the GDPR.