How Does the GDPR Affect Billtrust and Its Customers?
We are a software company, specializing in order-to-cash solutions. In the normal course of our business activities, we act as processor or service provider on behalf of our customers. Processors and controllers each have their respective obligations under the law. Therefore, even though Billtrust may be in compliance with the GDPR, it does not mean that our customers are automatically in compliance with the GDPR.
Responsibilities of Data Controllers
Data controllers are individuals or organizations that determine the purposes and means of processing personal data. Data controllers bear the primary responsibility for complying with the rights of data subjects and responding to data subjects’ requests under the GDPR.
Data controllers are also required to implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data, to provide information about the personal data being processed, the purposes of that processing, and the third parties to which that information will be transferred, among other things.
Responsibilities of Data Processors
A data processor processes data according to the documented instructions of a data controller. While a processor does have certain obligations to support and assist the data controller in upholding its own obligations, such as informing the controller of requests it receives from data subjects, its relationship to the personal data and the data subjects themselves is comparatively restricted.
Data Processing Addendum
Our DPA includes Standard Contractual Clauses along with other appropriate safeguards to address lawful data transfers under i.a. the GDPR. In the DPA exhibits we specify several jurisdiction specific terms. Billtrust also relies upon adherence to the Data Privacy Framework Certification as a transfer mechanism for Personal Data, from the European Union, Switzerland, and the United Kingdom. Please see the Data Privacy Framework List at the following link: https://www.dataprivacyframework.gov/s/participant-search.
To view the Billtrust data processing addendum please download the PDF version.
For all customers, our DPA automatically becomes part of your Agreement with Billtrust. Please contact Customer Support at [email protected] if you have any questions.
Use of Sub-processors
Billtrust relies on third-party service providers to help provide the Billtrust services to you, such as payment processing services and cloud storage providers. We provide a list of our sub-processors here.
Privacy by Design
Billtrust has always been a security-conscious company, and product development at various stages from design to implementation occurs with the privacy and security of personal data in mind.
See our comments in our cover email.