Data protection is extremely important to Diobox, because every person and company using our service expects their data to be secure and confidential. Safeguarding this data is a critical responsibility we have to our customers and we work hard to maintain that trust.

The GDPR is the European Union’s data protection law that unifies privacy legislation across EU member states. The purpose of the regulation is to strengthen the privacy rights of individuals in regards to how their personal data is being collected, processed, and used. Diobox fully complies with this regulation that entered into effect in 2018.

From a privacy perspective, the Data Controller determines the purposes for which and the means by which personal data is processed. So if someone is collecting personal data and is determining how it will be processed, they are the controller of that data and must comply with applicable data privacy legislation accordingly.

The Data Processor processes personal data only on behalf of the controller.

Under GDPR, Diobox is the Data Processor and Diobox users (event organizers) are the Data Controllers. As a Data Processor, Diobox complies with the GDPR’s requirements with respect to the scope of services described in our Terms of Use.

Diobox holds on to your data, stores it and presents it so that our software can perform the tasks it was designed to do.

GDPR wants you to give your users the "right to be forgotten" and give them ability to have their their personal data erased if they request, but only if it doesn’t compromise freedom of expression or the ability to research. To that end, Diobox provides you the tools to control your event guest data so you can comply with GDPR. Specifically, it provides you the ability to delete individual guests and their data. It also provides a mechanism to delete contacts from your database under the Account: Contact Settings page. Finally, if you decide to delete your Diobox account, we remove all your data from our systems within 30 days of deletion.

Diobox transmits data over public networks using strong encryption. This includes data transmitted between the Diobox web app, iOS app, Android app, and the Diobox backend service. We support the latest recommended secure cipher suites to encrypt all traffic in transit, including use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures, as supported by the clients.

Diobox currently does not independently maintain, host or transmit customer data. Such data is hosted and maintained with Amazon Web Services (“AWS”) cloud services platform. AWS data centers offer state-of-the-art security and physical protection for their servers and infrastructure.

All AWS Services are GDPR ready. AWS continually maintains a high bar for security and compliance across all of their global operations. Their industry-leading security provides the foundation to comply with rigorous international standards, such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, among others.

We only collect and retain data for as long as you need that data. We do not sell and we do not share your data or your guest data with any third party.

Diobox’s personnel practices apply to all members of its workforce. To minimize the risk of data exposure, Diobox adheres to the principle of least privilege—workers are only authorized to access data that they reasonably must handle in order to fulfill their job responsibilities. Additionally, we ensure that all persons authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

We strive to hold ourselves accountable to the highest standards by providing visibility into our security program.

Should you have any questions regarding our data protection or GDPR practices, you can contact your Customer Success Manager or send us an email to [email protected]. We respond in a timely manner to requests relating to GDPR or controlling your data stored in Diobox.

We do our very best to protect your data, though the unexpected could happen. In such cases, we are committed to being fully transparent and notifying the authorities about any potential data breaches in accordance with GDPR requirements.