Hiver is GDPR ready

Last Updated: 3rd January, 2019

We’re committed to protecting our customers’ data. We’ve especially developed processes, technologies, and policies that ensure we deliver on our data security promise.

The really good thing is that our already-in-place privacy and security practices align with the requirements of the GDPR regulation. And that is why more than 1,500 businesses count on us to keep their data safe and secure.

What really is GDPR?

First off, in case you were wondering, GDPR stands for General Data Protection Regulation. Broadly speaking, it aims to simplify and streamline the data regulatory environment for businesses.

At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It adds a list of new requirements about how companies should protect individuals’ personal data they collect and use.

In the simplest of words, GDPR aims to control how individuals and organizations may obtain, use, store, and remove personal data. EU citizens will now have complete control over their personal data.

You can read all about GDPR here.

Is Hiver GDPR compliant?

By all means. Hiver is fully compliant with the GDPR guidelines.

We have always been extremely careful about handling our customers’ data and our existing security practices already met most aspects of the new data privacy rules.

We still went ahead and undertook an extensive internal audit to ensure we comply with all the GDPR regulations.

Does Hiver have a Data Protection Officer?

Yes, we’ve appointed a Data Protection Representative who will ensure that our employees across teams are trained on the requirements of the regulation and comply with it.

The DPO is responsible for:

  • Educating the company and employees on important compliance requirements
  • Training staff involved in data processing
  • Conducting audits to ensure compliance and address potential issues proactively
  • Serving as the point of contact between the company and GDPR Supervisory Authorities
  • Monitoring performance and providing advice on the impact of data protection efforts
  • Maintaining comprehensive records of all data processing activities conducted by the company, including the purpose of all processing activities, which must be made public on request
  • Interfacing with data subjects to inform them about how their data is being used, their rights to have their personal data erased, and what measures the company has put in place to protect their personal information

What steps has Hiver taken to ensure the safety of its customers’ data?

Here’s a quick lowdown of what Hiver is doing to protect your data:

Data Processing Addendum

We’ve created a Data Processing Addendum - a legal agreement that Hiver’s customers and third parties can request from us. The document promises the correct use of personally identifiable information stored with Hiver.

Privacy Shield Certifications

To comply with the international EU data protection laws around international data transfers, we’ve completed the E.U.-U.S. and Swiss-U.S. Privacy Shield certifications. They ensure your data is a 100 percent safe during transfers from EU (and Switzerland) to the US.

Infrastructure and physical security

All of our services and data are hosted on the Amazon Web Services (AWS) in the US. AWS complies with leading security policies and frameworks including SAS70 level II, SSAE 16, SOC framework and ISO 27001.

Safeguard Data Inventory

We’ve carefully identified the areas of Hiver where we collect user information and applied security and privacy safeguards across the entire ecosystem. At every step in our infrastructure, we ensure that we validate our legal basis for collecting and processing customer data. Our Privacy Policy elaborates on the data we collect and how we manage consent.

Documented Subprocessors

We’ve created an exhaustive list of third party Subprocessors - third party services that assist Hiver in providing service. There are instances when we have to share customers’ personally identifiable data with them. We have an active mechanism in place to keep it up to date.

Consent

We went ahead an updated our Cookie Policy to tell you clearly what information we collect when you visit the Hiver website, and how we use it. The page also explains how you can control your browser to accept or refuse cookies.

Internal training

We’ve ensured that our employees are trained on data privacy and GDPR guidelines. Everyone at Hiver is well versed with their responsibilities regarding security, process integrity, and confidentiality of customer data.

Updates to Terms of Service

In the wake of the new rules, we went ahead and updated our Terms of Service to include the DPA and other clauses required by GDPR.

What kind of data does Hiver collect?

When you use our product, our server saves the following details Database.

  • Email Id
  • Full Name
  • Contact number
  • Raw Email Data
  • Credit Card Information.

That’s all.

Have questions?

Should you have any questions about GDPR or Data Privacy, you can always write to us at dpo@hiverhq.com.