For customers who are subject to the requirements of the Health Insurance Portability and Accountability Act (known as HIPAA, as amended, including by the Health Information Technology for Economic and Clinical Health — HITECH — Act), PDF Mail Merger will phase out it’s HIPAA compliance, due to the relatively low demand for HIPAA compliant products and the high efforts and costs to keep the HIPAA rules and procedures in place. Current BAAs that we have signed with Covered Entities will remain in place. However, we are not signing any new BAAs, and you shall undertake not to include health data, but also no data relating to criminal convictions and offences, any social security number, or any bank card number in the files uploaded onto the PDF Mail Merger platform.
Your data is safe with us. We ensure this with the highest standards.
Our customers entrust us with sensitive data. We are aware of this responsibility. The topic of IT security and data protection has therefore been our top priority right from the start.
We are constantly developing our data protection processes so that your data is safe with us. For example, we have deliberately chosen Germany as our server location – so our service providers are also bound by the strict data protection laws. PDF Mail Merger does not and will never sell your any of your data to third parties
In addition our hosting provider undergoes several independent third party audits on a regular basis to provide customers with external verification. This means that an independent auditor has examined the controls present in its data centers, infrastructure and operations. It has annual audits for the following standards:
- SSAE16 / ISAE 3402 Type II
- ISO 27001
- ISO 27017
- ISO 27018
- FedRAMP ATO
- PCI DSS v3.2.1