How does MetaShare comply to GDPR?
MetaShare does not collect, transmit or store user information. Neither does MetaShare not store any of its users' documents. All this information is stored and securely assured in Microsoft Office 365 and in Microsoft Azure, regulated by agreements with Microsoft. Microsoft is committed to GDPR compliance across its cloud services and provides GDPR related assurances in their contractual commitments. Microsoft complies with both EU-U.S. Privacy Shield and EU Model Clauses.
The only customer information that is stored in MetaShare's own database in Azure is:
- Customer information used in the MetaShare activation process (e.g. the date of the MetaShare activation, the URL to customer’s SharePoint tenant and the administrator’s e-mail address).
- MetaShare's configuration (e.g. which filters and columns to display in the user interface).
- For all the workspaces/sites that are accessible through MetaShare's user interface, we store their names, their URLs and their any applied workspace metadata.
This information is stored in MetaShare's database as long as a customer is subscribing to MetaShare's services. When a subscription is terminated the account is disabled to later have the option to continue the subscription. At any point of time a customer can however request to have this information permanently deleted, by contacting our customer support.
When MetaShare is activated in your Office 365 tenant, it is e.g. granted permissions to create site collections, read and write to user profiles, read and write managed metadata, etc. These permissions are required to perform tasks on behalf of the logged in user. No data is ever manipulated and stored outside of Microsoft Office 365 or Microsoft Azure.
As MetaShare does not manage any personal information on behalf of its clients, no Personal Data Assistance Agreement is needed to be signed between our clients and MetaShare.