Addo has an ISAE-3402 security certification and strives to be GDPR-compliant. Our new data anonymization feature makes it easier for you to be GDPR compliant too.
About data anonymization
Addo has always used several methods to remove unnecessary personal data, enforcing privacy regulations set by GDPR. When the data anonymization feature is engaged, it removes all personally identifiable data too.
New accounts created after January 16th 2020 are delivered with our data-anonymization feature enabled by default. Existing accounts are encouraged to activate this feature. Once the feature is enabled, all transactions that have passed their deadlines will be anonymised. There is no reversing this action, but it can be disabled again and will not affect new transactions.
You can turn the data anonymization feature on or off under your Account settings/Account Overview.
What is personally identifiable data in Addo?
When you send via Addo, each transaction will contain personally identifiable information. This can be found in the documents that are sent, signed and returned, as well as the transaction details within Addo.
Addo is designed to send and receive digital signings, data and documents securely. Storage of this information is only relevant as long as it relates to communication between sender and recipient. If you need a digital archive of the documents you have sent and received, you will need to find an additional solution for this. Addo provides several integration options for signed documents to be delivered automatically to e-mail, SFTP, Google Drive, and more. All the data you need is stored in the signed PDFs that Addo produces, not in Addo itself.
How Addo handles personally identifiable data about your recipients
Social Security Numbers ( CPR nummer, Fødselsdato, Personnummer etc.)
These numbers are used when you employ Addo's authorisation/identification feature, and when creating digital signings using special certificates like NemID or BankID. While the transaction is active, the sender can only see these numbers in the transaction details within Addo. This information is stored securely until the transaction is completed. This is standard Addo behaviour and cannot be disabled.
All transferred documents in the transaction are deleted 10 days after the transaction deadline. This is standard Addo behaviour and cannot be disabled.
With the additional anonymization enabled, all personally identifiable information including names, phone numbers, e-mail addresses, are scrambled 10 days after the deadline of the transaction. Since some Addo customers use the reference-number field to identify signers by name or social security number, there is an additional option to anonymize this data too. For those who do not insert personally identifiable data in the reference number field , the field does not need to be anonymized.
What is left?
In order to correctly bill our customers and keep track of usage statistics, Addo leaves the scrambled transactions behind in the transaction overview, including date, time, and cost-related details about the transaction.