Data Protection

  • Are you developing your systems according to the principles for privacy by design and privacy by default?

    Yes. We employ state-of-the-art measures to ensure a solid level of protection. All personal data that we maintain on behalf of our customers is centralized and encrypted with encryption keys stored separately, which facilitates crypto shredding. Read more under “Encryption”.

  • Do you have an incident management process for personal data incidents?

    We employ several strategies for securing our platform. In the unlikely event of a data breach, we will determine the scope and notify the affected customer immediately. Our development team will consider the incident top priority.

  • Do you store any personal data out of EEA?

    No.

  • How do you comply with transfers between EU and non-EU countries?

    We do not transfer data to non-EU countries ourselves. The service is however available for our customers to use globally.

  • Is the system compliant with GDPR?

    We are putting a lot of effort into developing a secure platform that is compliant with current laws and regulation. GDPR is no exception. We are constantly making sure that the underlying infrastructure is suitably equipped to meet the GDPR requirements including, but not limited to, the following:

    • Right to be informed
    • Right of access
    • Right to be forgotten
    • Only disclose personal information to the right person

  • Encryption

  • Is data encrypted in transfer and at rest, what encryption are used?

    Personal data is encrypted at rest using AES256. Communication with services is secured by HTTPS using TLS 1.2. This is the industry standard technology and widely used by everybody from Google to big banks.

  • What is crypto shredding?

    Hailey HR is using crypto shredding to ensure maximum data security. It is the practice of rendering sensitive data unreadable by deliberately overwriting or deleting encryption keys used to secure that data. If a user wants to exercise their “right to be forgotten,” we can easily delete the appropriate key, effectively “shredding” the encrypted data without interfering with related personal data.

  • Integrity

  • Does the processing involve external organizations or third parties?

    Our services are hosted in Microsoft’s cloud solution, Azure, which is the main third party involved in our operations. Apart from Microsoft, we use a third party for document signing and platform communication.

  • How do you deal with the confidentiality and protection of personal data?

    We apply a multitude of strategies for securing data.

    • OIDC is used for accessing services with token signing handled by Azure key vault certificates.
    • Personal data is centralized, encrypted, and stored separately from encryption keys.
    • All data is partitioned based on customer and can only be access through a security token containing the customer id.

  • Where is the data stored?

    Customer data is stored in Azure Data Centers, primarily in Western Europe (Amsterdam) with failover to Northern Europe (Dublin).

  • Who at Hailey HR and its service providers has access to customer data?

    We have no functionality for Hailey HR employees to access customers’ data. Each customer is responsible for maintaining its own data and each environment has a separate data store.

  • Who has access to which data on the customer side?

    Hailey HR is built according to the principles for privacy by default. This means that all newly created user accounts, by default, have no rights beyond editing their own profile. Company administrator can, however, upgrade user permissions.

  • Purpose Limitation

  • How do you handle data after contract termination?

    We persist data related to the contract and dispose of all other data.

  • Who owns the data?

    The customer is and remains the owner and controller of the data. This means that the customer is responsible for respecting the rights of data subjects. Hailey HR is the order processor and, in this capacity, processes your data exclusively at your instruction and for the purposes laid down in the data processing agreement.

  • Recoverability

  • Are backups done on a regular basis?

    Data is backed up every day.

  • How long are backups stored?

    Backups are kept for 30 days. All other data is disposed of from the data stores provided by Azure.

  • Data Protection

    We are putting a lot of effort into developing a secure platform that is compliant with current laws and regulation. GDPR is no exception. We are constantly making sure that the underlying infrastructure is suitably equipped to meet the GDPR requirements including, but not limited to, the following:
    • Right to be informed
    • Right of access
    • Right to be forgotten
    • Only disclose personal information to the right person

    Yes. We employ state-of-the-art measures to ensure a solid level of protection. All personal data that we maintain on behalf of our customers is centralized and encrypted with encryption keys stored separately, which facilitates crypto shredding. Read more under “Encryption”.

    We employ several strategies for securing our platform. In the unlikely event of a data breach, we will determine the scope and notify the affected customer immediately. Our development team will consider the incident top priority.

    We do not transfer data to non-EU countries ourselves. The service is however available for our customers to use globally.

    No.

    Encryption

    Hailey HR is using crypto shredding to ensure maximum data security. It is the practice of rendering sensitive data unreadable by deliberately overwriting or deleting encryption keys used to secure that data. If a user wants to exercise their “right to be forgotten,” we can easily delete the appropriate key, effectively “shredding” the encrypted data without interfering with related personal data.

    Personal data is encrypted at rest using AES256. Communication with services is secured by HTTPS using TLS 1.2. This is the industry standard technology and widely used by everybody from Google to big banks.

    Integrity

    We have no functionality for Hailey HR employees to access customers’ data. Each customer is responsible for maintaining its own data and each environment has a separate data store.

    Hailey HR is built according to the principles for privacy by default. This means that all newly created user accounts, by default, have no rights beyond editing their own profile. Company administrator can, however, upgrade user permissions.

    Customer data is stored in Azure Data Centers, primarily in Western Europe (Amsterdam) with failover to Northern Europe (Dublin).

    Our services are hosted in Microsoft’s cloud solution, Azure, which is the main third party involved in our operations. Apart from Microsoft, we use a third party for document signing and platform communication.

    We apply a multitude of strategies for securing data.

    • OIDC is used for accessing services with token signing handled by Azure key vault certificates.
    • Personal data is centralized, encrypted, and stored separately from encryption keys.
    • All data is partitioned based on customer and can only be access through a security token containing the customer id.

    Purpose Limitation

    We persist data related to the contract and dispose of all other data.

    The customer is and remains the owner and controller of the data. This means that the customer is responsible for respecting the rights of data subjects. Hailey HR is the order processor and, in this capacity, processes your data exclusively at your instruction and for the purposes laid down in the data processing agreement.

    Recoverability

    Backups are kept for 30 days. All other data is disposed of from the data stores provided by Azure.

    Data is backed up every day.

    logo-transparent
    Made with in Sweden

    Resources

    Follow Us