How does MetaShare comply to GDPR?

MetaShare does not collect, transmit or store user information. Neither does MetaShare store any of its users’ documents. All this information is stored and securely assured in Microsoft SharePoint and in Microsoft Azure (if using MetaShare Online or Self-hosted MetaShare Online), regulated by agreements with Microsoft. MetaShare’s web application is geographically located in The Netherlands (if using MetaShare Online) or in your choice of geographical location (if using Self-hosted MetaShare Online). Microsoft is committed to GDPR compliance across its cloud services and provides GDPR related assurances in their contractual commitments. On these pages you can read about some of Microsoft’s compliance offerings:

The only customer information that is stored in MetaShare’s database is:

  1. Customer information used in the MetaShare activation process (e.g. the date of the MetaShare activation, the URL to customer’s SharePoint tenant and the administrator’s e-mail address).
  2. MetaShare’s configuration (e.g. which filters and columns to display in the user interface).
  3. For all workspaces that are created from MetaShare or SharePoint sites that are linked to MetaShare, MetaShare stores their display names and their URLs.
  4. For all document tasks of type “Pending approval” and “Passed due date”, MetaShare stores links to the documents with pending tasks and the individuals who are responsible for these tasks.

This information is stored in MetaShare’s database (when using Self-hosted MetaShare or MetaShare Server this database is managed by our clients, when using MetaShare Online, this database is managed by Ways).

When a MetaShare Online subscription is terminated the account is disabled, in order to later have the option to continue the subscription, but at any point of time a customer can request to have this information permanently deleted, by contacting our customer support.

When MetaShare Online is activated in your Microsoft 365 tenant, it is e.g. granted permissions to create site collections, read and write to user profiles, read and write managed metadata, etc. These permissions are required to perform tasks on behalf of the logged in user. No data is ever manipulated or stored outside of Microsoft SharePoint or Microsoft Azure.

As MetaShare does not manage any personal information on behalf of its clients, no Personal Data Assistance Agreement is needed to be signed between our clients and MetaShare.