01 – GDPR Policy

AppCan GDPR Policy

Overview

At AppCan, we provide tools for collecting data, distributing documents, and generating reports. Under GDPR, you (our client) are the Data Controller, and AppCan is the Data Processor.
This means you decide what data is collected and why, and we process it on your behalf, following your instructions.

1. How We Process Your Data

As your Data Processor, AppCan will:

  • Process personal data only for delivering our services to you.
  • Follow only your instructions about how this data should be handled.
    Your instructions may include:

    • Anything written in your agreement with us
    • Information you provide about how your business or systems work
    • Requests to supply data in a specific format

2. Our Responsibilities

We are committed to protecting the personal data we process for you.

AppCan will:

  • Let you know immediately if we believe an instruction you give might breach data protection laws
  • Maintain strong technical and organisational security measures
  • Ensure only authorised AppCan personnel with a duty of confidentiality can access your data

3. How We Support Your GDPR Obligations

If you need help meeting your own GDPR responsibilities—such as responding to a Data Subject request or conducting a Data Protection Impact Assessment—AppCan will provide reasonable assistance (charged at your standard service rate).

This includes support related to GDPR Articles 32–36, where relevant.

4. Supporting Data Subject Rights

We will help you fulfil any Data Subject rights requests, such as access, correction, deletion, or restrictions on processing, using appropriate technical and organisational measures.

5. Notifications

If AppCan becomes aware of:

  • A Data Subject making a request related to their personal data
  • A query from an individual about how their data is processed
  • A data security incident involving data we process for you

We will notify you without undue delay.

6. Data Security

We ensure that all personal data we process for you is protected against unauthorised access, loss, disclosure, or destruction. Our measures may include:

  • Data encryption
  • Systems designed for confidentiality, integrity, availability, and resilience
  • Access strictly limited to staff who need the data to perform their job

7. Record Keeping & Audits

You may request the following at any time:

  • That we return, delete, or securely destroy any or all personal data we hold for you
  • Access to audit how your data is being processed (with reasonable notice)
    • This includes audits by you, your representative, or your external auditor
    • Audits are at your own cost, and we will provide reasonable cooperation

8. Data Transfers & Sub‑Processors

AppCan will:

  • Not transfer personal data outside of GDPR‑approved (adequate) countries without your prior written consent
  • Ensure any approved transfer fully complies with data protection laws
  • Ensure any sub‑processor we use meets GDPR standards
Scroll to Top