Explore how your team can use Hiver.
Book your demo now.

  • Assign, track, & collaborate on emails across teams
  • Run a multi-channel help desk within your inbox
  • Track support analytics and build custom reports
Trusted by 10,000+ teams globally

Schedule your
personalized demo

Hi there! 👋

Thanks for your interest in Hiver! Please help us with the following details for a personalised demo.

Hiver is GDPR ready

Last Updated: 22 July, 2024

Hiver is GDPR ready

1. License to use the Services

We’re committed to protecting our customers’ data. We’ve especially developed processes, technologies, and policies that ensure we deliver on our data security promise.

The really good thing is that our already-in-place privacy and security practices align with the requirements of the GDPR regulation. And that is why more than 1,500 businesses count on us to keep their data safe and secure.

What really is GDPR?

First off, in case you were wondering, GDPR stands for General Data Protection Regulation. Broadly speaking, it aims to simplify and streamline the data regulatory environment for businesses.

At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It adds a list of new requirements about how companies should protect individuals’ personal data they collect and use.

In the simplest of words, GDPR aims to control how individuals and organizations may obtain, use, store, and remove personal data. EU citizens will now have complete control over their personal data.

You can read all about GDPR here.

Is Hiver GDPR compliant?

By all means. Hiver is fully compliant with the GDPR guidelines.

We have always been extremely careful about handling our customers’ data and our existing security practices already met most aspects of the new data privacy rules.

We still went ahead and undertook an extensive internal audit to ensure we comply with all the GDPR regulations.

Does Hiver have a Data Protection Officer?

Yes, we’ve appointed a Data Protection Representative who will ensure that our employees across teams are trained on the requirements of the regulation and comply with it.

The DPO is responsible for:

  • Educating the company and employees on important compliance requirements
  • Training staff involved in data processing
  • Conducting audits to ensure compliance and address potential issues proactively
  • Serving as the point of contact between the company and GDPR Supervisory Authorities
  • Monitoring performance and providing advice on the impact of data protection efforts
  • Maintaining comprehensive records of all data processing activities conducted by the company, including the purpose of all processing activities, which must be made public on request
  • Interfacing with data subjects to inform them about how their data is being used, their rights to have their personal data erased, and what measures the company has put in place to protect their personal information

What steps has Hiver taken to ensure the safety of its customers’ data?

Here’s a quick lowdown of what Hiver is doing to protect your data:

Data Processing Addendum

We’ve created a Data Processing Addendum - a legal agreement that Hiver’s customers and third parties can request from us. The document promises the correct use of personally identifiable information stored with Hiver.

Infrastructure and physical security

All of our services and data are hosted on the Amazon Web Services (AWS) in the US. AWS complies with leading security policies and frameworks including SAS70 level II, SSAE 16, SOC framework and ISO 27001.

Safeguard Data Inventory

We’ve carefully identified the areas of Hiver where we collect user information and applied security and privacy safeguards across the entire ecosystem. At every step in our infrastructure, we ensure that we validate our legal basis for collecting and processing customer data. Our Privacy Policy elaborates on the data we collect and how we manage consent.

Documented Subprocessors

We’ve created an exhaustive list of third party Subprocessors - third party services that assist Hiver in providing service. There are instances when we have to share customers’ personally identifiable data with them. We have an active mechanism in place to keep it up to date.

Rights to be Forgotten (RTBF)

Hiver is committed to processing data deletion requests in accordance with the GDPR. An individual or an organization who seeks to delete personal information stored or processed by Hiver on behalf of a User/Customer can direct his/her query to the User/Customer(the data controller). Upon receipt of an erasure request from one of our User/Customer for us, in line with GDPR laws, we shall ensure we will honor the request within 30 days from the date of the request received.

We strongly advise our subscribers not to include any Personally Identifiable Information (PII) in the “User Defined Data” (in the Hiver application),especially in the templates or notes sections. It’s advised to refrain from including PII in your communications through Hiver's services such as chat, templates, and shared drafts.

All data deletion requests are processed for any structured data that are stored/transmitted/processed in Hiver systems. We have processes in place to delete structured personal data upon request, provided that it does not conflict with any legal obligations or legitimate business interests.

To make an erasure request to have personal information maintained by us returned to you or removed, please email [email protected] with the erasure request as per the GDPR guidelines outlined in.

https://gdpr.eu/wp-content/uploads/2019/01/RIGHT-TO-ERASURE-REQUEST-FORM.pdf

Consent

We went ahead an updated our Cookie Policy to tell you clearly what information we collect when you visit the Hiver website, and how we use it. The page also explains how you can control your browser to accept or refuse cookies.

Internal training

We’ve ensured that our employees are trained on data privacy and GDPR guidelines. Everyone at Hiver is well versed with their responsibilities regarding security, process integrity, and confidentiality of customer data.

Updates to Terms of Service

In the wake of the new rules, we went ahead and updated our Terms of Service to include the DPA and other clauses required by GDPR.

What kind of data does Hiver collect?

Hiver does not store your emails on its servers. Everything stays in your Gmail accounts. We store some of the email metadata information to enable our core functionality. These include: (i) email identifiers (Message-ID) (ii) email subject and (iii) the sender’s email ID. This information helps Hiver identify emails uniquely across your team. Apart from the above mentioned, no other email data gets stored with Hiver.

Have questions?

Should you have any questions about GDPR or Data Privacy, you can always write to us at [email protected].

Hiver leads the way in security

soc-image

SOC 2 Type II Compliant

iso-image

ISO 27001 Certified