Yes, we are. 123 Form Builder is compliant with the eight principles that guide the Data Protection Act of 1998, amended in 2003, and part of the Directive 95/46/EC. Principles which are:
1. Personal data shall be processed fairly and lawfully.
As the ‘data processor‘, we ensure a secured 256-bit SSL connection while you are logged in to your 123 Form Builder account and provide secured SSL online forms to share with other people. All personal data of the account owner can be accessed in the My Account section of their 123 Form Builder account.
We will not use any kind of private data in ways that violate the Data Protection Act, but instead strengthen the privacy and safety of your account through a 2-step verification login, as well as form protection measures from external threats (such as spam, viruses, malware). All paid subscriptions are closed on a secured SSL page and will be handled by 2Checkout, the payment gateway we use. For more information, follow our documentation on how does 2Checkout handle 123 Form Builder subscriptions.
2. Data is obtained only for one or more specified and lawful purposes.
We will only request data and information to build your 123 Form Builder account. These include your email address that we will associate to your account, username and password. All data will be secured in your My Account section, where only you will have access. As for paid plans, we will only ask for the data that completes the transaction for your subscriptions.
3. Personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed.
We will never ask or request data or information which is not associated with your 123 Form Builder account. The same applies to our users, as ‘data collectors‘ on the web. Users that attempt to collect illegal and sensitive information (phishing) will be automatically blocked, as stated in our terms of service.
4. Personal data shall be accurate and, where necessary, kept up to date.
123 Form Builder users are entitled to ask a customer support representative to update their account information whenever needed. Form owners can also enable an edit record option that will allow form submitters to edit their submissions at a later time to keep their data updated. This option is mostly useful for clinics or other institutions where profiles are created and saved in a database through form submissions.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary.
As subject of the Data Protection Act 1998 and other international regulations, we keep data no longer than necessary. Forms that are created on paid plan accounts can be recovered within a 30 day period after they have been deleted. Forms that haven’t been requested to be recovered during this period will be permanently deleted from our hosting database.
6. Personal data shall be processed in accordance with the rights of data subjects.
All provided account data is returned with a copy by email to the data provider, as the owner of the 123 Form Builder account. It’s up to the owner to decide if she/he will allow a copy of the submission to be sent to the form submitter. This implies the use of autoresponders or copies of the submission, in the Notifications section of the 123 Form Builder account.
7. Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data.
Hosted on Amazon Web Services, 123 Form Builder is highly protected by any threats that could endanger our users. Our platform is carefully monitored on a 24/7 basis and benefits from all the latest updates that come along. Besides our 256-bit SSL connection, we are protected from spam, viruses, and malware threats by McAfee Secure.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
All our data is kept and encrypted in secured data centers at Amazon Web Services, across the United States and the European Union. Even though there isn’t an equivalent in the US for the Data Protection Act 1998 of the UK and the EU’s directive, there is a bilateral agreement between the parts that permit the transfer and keeping the data safe.
Data Protection Act compliance is not applicable without the direct responsibility of our users. Do not give away sensitive information regarding your account or data that might violate privacy laws. Also, collecting data in an act of phishing is highly forbidden and will not be tolerated.