Legal terms

Please find a list of our privacy policy and terms of service below.

  • Privacy policy
  • Customer Terms of Service
  • User Terms of Service
  • API Terms of Service
  • On Premise Terms of Service
  • GDPR Data Processing Addendum
  • GDPR Data Processing Addendum Exhibit A
  • GDPR Data Processing Addendum Exhibit B
  • GDPR Data Processing Addendum Exhibit C

  • The implementation of the EU General Data Protection Regulation ('GDPR') is taking place on 25 May 2018. Currently, the UK relies on the Data Protection Act 1998, but this will be replaced in its entirety by the GDPR. The GDPR sets down the privacy law rules when processing data of EU citizens.

    The GDPR protects EU citizens’ fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance. The GDPR heralds a step-change in the value placed upon personal information.

    The GDPR will apply not just to organisations within the EU, it will apply to organisations based outside of the EU that process data of EU citizens. For example, if you upload documents to the Annotate platform (uploading constitutes "processing") which contain data relating to residents of the EU, the GDPR will apply in respect of that processing. There is no minimum threshold - processing of any EU personal data falls under the scope of the GDPR. If you do not and will not process EU personal data, you do not need to complete the GDPR Addendum however you still need to be aware that we have updated our Privacy Policy.

    One of the requirements under the GDPR is updating of controller and processor contracts to include certain written obligations. In line with the GDPR requirements, we have also updated our Privacy Policy to provide more information on what personal data we collect, how we use it and to give individuals further information on their rights in respect of their personal data.

    This way, we make it easy for our customers to formalize and share with their stakeholders, including employees, customers and potential auditors, that they use Annotate in a way that meets GDPR data processing obligations. The GDPR Addendum, pre-signed by Annotate is a self-serve and easy-to-execute document that only requires a signature from the customer.

    Nothing is changing about your current settings or how we process personal data as part of the services we supply to you. Rather, we have improved the way we describe our practices and the other information listed above. By continuing to use the Annotate services after 25 May 2018, you confirm that you understand and agree to the terms of the updated Policy.