Dioratiki's policy is to comply with applicable local laws on our business related use of personal data.
In addition, we apply our own Data Stewardship Principles. These are guided by the essential value that the data entrusted to us belongs to our customers and their end users.
Frequently asked questions
What is Dioratiki doing about GDPR?
Dioratiki complies with applicable local laws on our business related use of personal data. This ensures that we meet the applicable standards set out in such laws. In addition, we apply our own Data Stewardship Principles. These are guided by the essential value that the data entrusted to us belongs to our customers and their end users. Our values and approach to privacy and data protection have enabled us to successfully serve small businesses, accountants and bookkeepers for many years. And we believe our implementation of GDPR allows us to continue to earn our customers’ trust.
What do I need to do to be GDPR compliant?
Every business is unique, and your GDPR compliance obligations will depend on many factors, including how you choose to collect, use, and share data about your employees and customers. You need to do an evaluation based upon your unique circumstances. To help you assess whether our Services are right for you, we recommend you review the following: Our Terms of Service and Data Processing Agreement sets out how we’ll handle any personal information you trust us with Our technical and organizational security measures; and How you may take actions in our products to fulfill individual rights requests you may receive.
Is Dioratiki a controller or a processor?
Dioratiki acts as an independent controller of the personal information placed in our offered products and services. The GDPR distinguishes between the roles of a 'controller' and a 'processor' – each having different compliance roles and responsibilities. The GDPR defines a controller as an entity that determines the "purposes and means" of the data processing – or, in layman's terms, "how and why" data is processed. A processor, on the other hand, is defined as the entity that "processes personal data on behalf of the controller". At Dioratiki, our mission is to "Power Prosperity Around the World" by focusing the power of many, to drive the prosperity of one. This means that we use the data from each customer to derive insights, benefits and improve the services for all of our customers. To do this, we rely on technologies to develop new products and services to meet our customers' needs. One example is our business expense classification tools – by analyzing how customers often classify certain expenses (as business or personal) we can make suggestions that to make your classification more efficient. These technologies necessarily collect, process and store customer data in ways and for purposes that we determine, and to provide these features and improvements to you, we must necessarily process this data as a controller. Acknowledging our status as a controller simply reflects the factual reality of our data processing practices. As a controller, we have more, not fewer, obligations under the GDPR – so you can rest assured we'll process it in accordance with our Data Stewardship Principles and take the protection of your data very seriously.
Will you sign my company’s Data Processing Agreement?
While we do not execute outside agreements, we do have specific terms that are reflective of the role that Dioratiki plays as either a controller or processor: If you are our customer, our Terms of Service set out our commitments to protect personal data when we provide these services to you. For these services, by virtue of being a controller, we are also directly subject to compliance with data protection laws such as the GDPR.
Where is my data located when I use your services?
Our main data storage locations are in Cyprus. However, as a reseller of global companes software, data are accessed from various locations by our suppliers' global teams and our trusted partners. The GDPR does not preclude EU personal data being stored (or otherwise processed) in the USA, as long as there is a data transfer mechanism in place approved by the European Commission. One such approved data transfer mechanism is the EU-US Privacy Shield regime. When it comes to our trusted service providers, our practice is to put contractual terms in place to ensure they follow our instructions and have appropriate security in place to protect the personal data we trust them with.
I am an accountant. What is the protection for my clients?
The security of our products remains a top priority. We safeguard your information using measures such as:
- Implementing access controls;
- installing anti-virus software on our servers;
- performing internal risk assessments and compliance audits;
- regularly testing our security controls, including external audits;
- performing background checks on employees upon hiring;
- providing security and privacy training to our employees.
Ultimately, no technology platform is without its risks and it is up to you to assess the adequacy of our security in relation to your particular use of services.
Do you have an appointed Data Protection Officer?
Yes we have appointend 'data protection officer'.
Don’t I have to keep my customers’ invoices for 7 years?
As a general rule of thumb, 7 years is the standard retention period for invoices and other documents retained for financial record keeping purposes. However, the legal requirements differ from country-to-country and may vary across different types of records. To determine your business’s retention obligations, you should consult a local expert or legal counsel.