Loading...
Reload document 
Open in new tab Requirement
Reference
PeopleDoc as a Controller (MyPeopleDoc)
PeopleDoc as a Processor
PeopleDoc GDPR Compliance Roadmap
Lawful, fair, and transparent Data Processing
Article 5; 1 (a)
T&C MyPeopleDoc and Services Data Privacy Policy
Personal Data is processed for the provision of the service only
The legal basis for processing data between employer and
employee is the Controllers’ responsibility
PeopleDoc makes available a Services Data Privacy Policy
for general information
Purpose Limitation
Article 5; 1 (b)
T&C MyPeopleDoc and Services Data Privacy Policy
Personal Data is processed for the provision of the service only
Personal Data are processed only and specifically for the
provision of the services and under Controllers’
documented instructions
Data Minimization
Article 5; 1 (c)
The minimization employer to employee is the Controllers’
responsibility
T&C MyPeopleDoc and Services Data Privacy Policy
Data required for a MyPeopleDoc Account: email address, name,
surname.
Data collected by the system: IP address, browser and operating
system
Accuracy
Article 5; 1 (d)
T&C MyPeopleDoc and Services Data Privacy Policy
Data can be updated by the user when needed
Controllers can change data following the services features
or via the support service
Storage limitation
Article 5; 1 (e)
Upgrades in the existing data retention features
T&C MyPeopleDoc and Services Data Privacy Policy
Data can be updated and deleted by the user when needed
Integrity and confidentiality
Article 5; 1 (f)
ISO 27001 and SOC2
PeopleDoc employees NDA
ISO 27001 and SOC2
PeopleDoc employees NDA
Child’s Consent
Article 8
Service not applicable for children
Service not applicable for children
Special categories of data
Article 9
T&C MyPeopleDoc and Services Data Privacy Policy
PeopleDoc offers a high level of Security, Sensitive Data will only be
processed if uploaded by the user
PeopleDoc offers a high level of Security, Sensitive Data will
only be processed under Controllers’ documented
instructions.
Data Subjects Rights – transparency
Article 12
T&C MyPeopleDoc and Services Data Privacy Policy
PeopleDoc makes available a Services Data Privacy Policy
for general information
Data Subjects Rights – access
Article 13; 15
Data Subject Access Request Policy
T&C MyPeopleDoc and Services Data Privacy Policy
Cooperation with the Controller to respond to access
requests.
Requests may be submitted at privacy@people-doc.com
Data Subject Access Request Policy
Data Subjects Rights – right to be forgotten
Article 17
Upgrades in the existing data retention features
T&C MyPeopleDoc and Services Data Privacy Policy
Data can be deleted by the user when needed
Data Portability
Article 20
T&C MyPeopleDoc and Services Data Privacy Policy
Users may download or request their data at anytime
Data is made available on readable format, case by
case, according to the reversibility policy and provisions on
the Master Services Agreement
Data Protection by Design and Default
Article 25
Security and Data Protection Training
Security and Data Protection Training
Product Review Process
Product Review Process
Sub-processing
Article 28; 2
T&C MyPeopleDoc and Services Data Privacy Policy
The complete list of sub-processors is available at all times at the
following page: https://www.people-doc.com/legal/sub-
processors
The complete list of sub-processors is available at all times
at the following page: https://www.people-
doc.com/legal/sub-processors
Compliant contract wording for third party
vendors
Article 28; 4
Data Processing Agreements
Data Processing Agreements
Records of processing activities
Article 30
Personal Data Mapping
Individual Controller Register
Security of processing
Article 32
ISO 27001 and SOC2
ISO 27001 and SOC2
Data Breach Response Plan
Article 33
PeopleDoc’s Personal Data Breach Policy
PeopleDoc’s Personal Data Breach Policy
Notification without undue delay
Data Protection Impact Assessment
Article 35
Available upon request
PeopleDoc cooperates with Controllers in their DPIAs
Data Protection Officer Role
Article 37
Legal & Compliance (privacy@people-doc.com)
Legal & Compliance (privacy@people-doc.com)
Cross-border Data Transfer
Article 44 to 50
Cross-border data transfers are limited according to the
information on : https://www.people-doc.com/legal/sub-
processors
Cross-border data transfers are limited according to the
information on : https://www.people-doc.com/legal/sub-
processors
Lead Supervising Authority
France – CNIL
France – CNIL