Yes, we are. The 123FormBuilder form builder is compliant to the eight principles that guide the Data Protection Act of 1998, amended in 2003 and part of the Directive 95/46/EC. Principles which are:
1. Personal data shall be processed fairly and lawfully.
As the ‘data processor‘, we ensure a secured 256-bit SSL connection while you are logged in your 123FormBuilder account and provide the option to share secured SSL online forms to other people (option available for paid plans only). All personal data of the account owner can be accessed in the My Account section of his/her 123FormBuilder account.
We will not use any kind of private data in ways that violate the Data Protection Act, but instead strengthen the privacy and safety of your account through a 2-step verification login, as well as form protection measures from external threats (such as spams, viruses, malware). All paid subscriptions are closed on a secured SSL page and will be handled by Avangate, the payment gateway we use. For more information, follow our documentation on how does Avangate handle 123FormBuilder subscriptions.
2. Data is obtained only for one or more specified and lawful purposes.
We will only request data and information to build your 123FormBuilder account. These include your email address that we will associate to your account, username and password. All data will be secured in your My Account where only you will have access. As for paid plans, we will only ask for the data that completes the transaction for your subscriptions.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
We will never ask or request data or information which is not associated to your 123FormBuilder account. The same applies to our users, as ‘data collectors‘ on the web. Users that attempt to collect illegal and sensitive information (phishing) will be automatically blocked, as stated in our terms of service.
4. Personal data shall be accurate and, where necessary, kept up to date.
123FormBuilder users are entitled to ask a customer support representative to update their account information whenever needed. Form owners can also enable an edit record option that will allow form submitters to edit their submissions at a later time to keep their data updated. This option is mostly useful for clinics or other institutions where profiles are created and saved in a database through form submissions.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary.
As subject of the Data Protection Act 1998 and other international regulations, we keep data not longer than necessary. Forms that are created on paid plan accounts can be recovered within a 30 day period after they have been deleted. Forms that haven’t been requested to be recovered during this period will be permanently deleted from our hosting database.
6. Personal data shall be processed in accordance with the rights of data subjects.
All provided account data is returned with a copy by email to the data provider, as owner of the 123FormBuilder account. It’s up to the owner to decide if she/he will allow a copy of the submission to be sent to the form submitter. This implies the use of autoresponders or copies of the submission, in the Notifications section of the 123FormBuilder account.
7. Appropriate technical and organisational measures shall be taken against unauthorized or unlawful processing of personal data.
Hosted on Amazon Web Services, 123FormBuilder is highly protected by any threats that could endanger our users. Our platform is carefully monitored on a 24/7 basis and benefits from all the latest updates that come along. Besides our 256-bit SSL connection, we are protected from spam, viruses and malware threats by McAfee Secure.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
All our data is kept and encrypted in secured data centers at Amazon Web Services, across the United States. Even though there isn’t an equivalent in the US for the Data Protection Act 1998 of the UK and the EU’s directive, there is a bilateral agreement between the parts that permits the transfer and keeping the data safe.
Data Protection Act compliance is not applicable without the direct responsibility of our users. Do not give away sensitive information regarding your account or data that might violate privacy laws. Also, collecting data in an act of phishing is highly forbidden and will not be tolerated.