European Privacy RightsLast Updated: Dec 1st, 2021
We are fully dedicated to our customers' success and data security. One way we keep this promise is by assisting Social HP customers and users in understanding and complying with the General Data Protection Regulation (GDPR). The GDPR aims to offer EU citizens more control over their data by combining several existing privacy and security rules into a single comprehensive law. The GDPR applies not just to organizations based in the European Union, but also to any organizations processing and holding personal data of data subjects residing in the EU, regardless of the company's location.
If you are a resident or are otherwise located in the territory of Europe, this section provides additional details about the personal data we collect about you, and your rights granted by the EU General Data Protection Regulation ("GDPR").
Our company, SocialHP is compliant with the European Union's General Data Protection Regulation. This regulation provides protection for all of SocialHP's customers regardless of the jurisdiction you are in. Specifically, users of the SocialHP are entitled to:
- The right to access and view the personal data that SocialHP has collected on them.
- The right to download the personal data that SocialHP has collected on them.
- The right to request SocialHP to erase the personal data that has been collected on them, under certain conditions.
- Subject to certain limitations, the GDPR provides you the following privacy rights: Transparency and the right to information. Through this policy, we explain how we use and share your personal information. However, if you have questions or concerns you can contact us at any time at firstname.lastname@example.org.
Right of access, objection, restriction of processing, erasure, and portability. You can make a request to access, object, restrict, erase, or transfer any of your personal data here. You also have the right to withdraw your consent at any time when we process your personal data based on your consent.
Right to opt-out to direct marketing. You have the right to opt-out at any time to receiving marketing materials from us by following the opt-out instructions in our commercial emails, by contacting us, or by adjusting your preferences. Please note that we reserve the right to send you other communications, including service announcements and administrative messages relating to your SocialHP account, without offering you the opportunity to opt-out of receiving them.
Right to lodge a complaint with a supervisory authority. If you consider that the processing of your personal data infringes on your privacy rights according to the GDPR, you have the right to lodge a complaint with a supervisory authority, in the member state of your habitual residence, place of work, or place of the alleged infringement. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
The GDPR’s updated requirements are significant, and we have adapted Social HP’s product offerings, operations and contractual commitments to help our customer comply with the regulation. Measures that Social HP (who processes data on our customer’s behalf) has implemented include:
- Updates to relevant contractual terms
- Investments in our security infrastructure and certifications
We also monitor the guidance around GDPR compliance from privacy-related regulatory bodies and update our product features and contractual commitments accordingly. We’ll provide you with regular updates so that you’re always up to date.
The following sections outline our approach and investment in GDPR compliance in service of our customers and individual data subjects.
Security and Certifications
We place a high value on protecting our customers' data and the privacy of their users. We have incorporated security into every tier of the Social HP architecture. We have the right controls in place such as replication, backup, and disaster recovery plans, as well as encryption in transit and at rest, etc
Currently, we are in the process of attaining our SOC 2 attestation, and should achieve our SOC 2 Type certification by October 30th, 2022. Our cloud providers, subprocessors and managed service providers also undergo a thorough security assessment as a part of the evaluation process and then undergo regular SOC 1, SOC 2, and/or ISO/IEC 27001 audits thereafter.
When we share your information with Social HP service providers, we are accountable to you for how that information is used. All service providers must go through a thorough due diligence procedure and sign contracts ensuring that our customers' personal data is adequately protected and safeguarded. We are aware that the European Data Protection Board recently provided additional guidelines on extra measures to comply with the GDPR's adequacy requirement. We'll keep an eye on these rules, as well as any other issued by European data protection authorities, as they emerge.
Choice and Consent
Below are several other GDPR initiatives that have been implemented within our application:
- We have ensured Social HP employees that access and process Social HP customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data
- We provide a list of our subprocessors on our Subprocessors page.
- We will assist with notifying regulators of breaches and promptly communicating any breaches to customers and users.