The GDPR requires you as a Clust user (and a user of any software to collect your clients data) to sign a DPA (Data Processing Agreement).
Why does it apply to Clust users?
- Because you're very likely to run a business if you're using the Clust service
- In this case, you're using Clust to request and collect documents and information which may contain personal data about people or entities you're in business with
Under the GDPR, there must be a written contract when one business processes personal data on behalf of another business.
In other words, the law requires that we (Clust) define in written agreement this business relationship in order for your business to be compliant with the GDPR.
This is what the GDPR says:
Where a data processor (eg.Clust) carries out any processing on behalf of a data controller (eg.Your company, You or your team members), the data controller does not comply with the GDPR unless there is a written contract between the two parties.
This requirement is up to the one responsible for the data.
In our relationship, that's you. Your goal while using Clust is collect someone's documents, files or information. We are the processor, meaning that we take care of your request based on your instructions.
To view and execute a copy of Clust's DPA, reach out to us.