On May 26th of 2018 the European Data Protection Regulation (GDPR) became effective. This regulation means people who process or control data about European Union (EU) citizens must adhere to it.
The purpose of GDPR is to help protect the privacy of EU citizens. We believe it's a step in the right direction to a more transparent and fair online world for consumers and businesses.
As a result, if anyone in your Community (i.e. team, company, workspace, group) has a HuddleUp account and is an EU citizen, then you are subject to GDPR. We've put together a guide here to help you navigate the complexities of GDPR and to assure you we're here to help.
Please know, we take your privacy and security seriously at HuddleUp. We're always available to speak with you if you ever have questions, concerns, or feedback for us. Please don't hesitate to contact us at [email protected]. We're just one email away 😊.
HuddleUp is committed to maintaining appropriate technical and organisational security measures to protect your employees’ personal information in line with the GDPR requirements.Our commitments to maintaining our security measures are as follows:
If you are an EU citizen and use our Services, then you have specific rights to your data. This relates to GDPR Chapter 3—Right of the data subject. You can request to receive your data, modify it, and/or delete it.
If you want to delete or modify your data please contact your HuddleUpAdministrator first. Your Administrator will then contact us to fulfill your data request. If you cannot contact your Administrator or they will not fulfill your needs, please contact us at [email protected]
If you are not an EU citizen and would like to modify or delete your data, we can only do that if your Administrator gives us their permission to do so.
If your Community has Administrators or Members that are EU citizens you must ensure data about EU citizens is transferred and protected in accordance with GDPR (Chapter V, Articles 44-50). This means personal data about EU citizens can only be transferred and stored in countries the European Commission has recognized as providing adequate protection. You can view the up to date list by clicking here (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en).
Your HuddleUp data is stored in India, but we do not have a Privacy Shield framework certification. We are not pursuing a Privacy Shield certification at this time due to uncertainty around its continued effectiveness and ability to satisfy GDPR requirements.
As a result, we recommend anyone using our Services, with EU citizens in their Community, complete and sign a Data Processing Addendum (DPA). The DPA contains European Union Model Clauses, known as Standard Contractual Clauses, to meet the requirements for GDPR. At this time, we believe a DPA is a longer lasting solution than a Privacy Shield certification.
You can request one by emailing us at [email protected]. If you have your own DPA document, we are happy to review and sign it instead.
As an EU citizen you can report GDPR violations to your Data Protection Authority. You can find a list of Data Protection Authorities by clicking here (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) or searching on the internet.
Our goal is to never let things escalate to the point where you need to file a complaint. Please contact us if you ever feel like we are not complying with your rights under GDPR.
GDPR is new and the world and European Commission is still reacting to it. Rules may change, and we will do our best to post updates affecting HuddleUp on this page. We have put a few resources below you can use to better familiarize yourself with GDPR, our policies, and policies of the chat platforms we integrate with.