Safe, Secure and Transparant
We understand that an Employee Experience Platform is vital to your organization and it’s operations. That’s why we comply to ISO 27001 and the GDPR (and the Dutch AVG).
The privacy of your organization and its employees is our highest priority. Data and Information is therefore processed and stored in the most secure way possible, fully GDPR-proof.
We work with the best possible partners in Hosting and Infrastructure; based solely in the Netherlands. Therefore, we can quickly interact with our partners and see them as an addition to our teams rather than a client.
Harry HR has never been off the air since its existence in 2016; and we are quite a bit proud of that. Our infrastructure is built in such a way that it recovers itself in case of a disaster.
GDPR and Data Safety
Last update: 6th October 2022.
Harry HR's GDPR Commitment
The EU General Data Protection Regulation (GDPR) has been a significant piece of the privacy landscape since 2018, and Harry HR is here to support you in meeting its requirements.
What Is GDPR?
GDPR is setting the standard for how organizations collect, use, and protect EU citizens’ personal information. With the growing concern for data safety, this law is designed to foster public confidence in data privacy.
GDPR Implications For Your Organization
Whether or not your organization is based in the EU, all businesses that control or process personal information of EU citizens must do so in accordance with GDPR requirements.
As an employer, this means that you are responsible for ensuring that the personal information of your EU citizen employees is processed in accordance with GDPR requirements.
Because of this, you are also responsible for ensuring that any workplace service providers that you use will process the personal information of your EU citizen employees in accordance with GDPR requirements.
Harry HR’s Commitment of Support Towards Your Organization’s GDPR Compliance
Harry HR is committed to supporting you in ensuring that your use of our workplace tool meets GDPR requirements.
Here are some of the measures that Harry HR has put in place to reflect that commitment:
- Harry HR’s Contractual Terms Reflect GDPR Requirements
Harry HR has prepared a Data Processing Addendum that contains the GDPR contractual requirements. Where applicable, this Data Processing Addendum is incorporated into our Terms of Service, available at https://HarryHR.com/terms. Our contractual commitments relevant to GDPR are that:
- Harry HR will be transparent and never use your employees’ personal information other than as instructed by you,
- Harry HR will maintain appropriate technical and organisational security measures to protect your employees’ personal information,
- Harry HR will assist you with requests from your employees regarding their personal information that is processed using our services.
- Harry HR Will Continue to Improve Its Security Infrastructures
Harry HR is committed to maintaining appropriate technical and organisational security measures to protect your employees’ personal information in line with GDPR requirements.Our commitments to maintaining our security measures are as follows:
- Harry HR ensures that, to the extent possible, your employees’ personal information is pseudonymized,
- Harry HR ensures that your employees’ personal information is encrypted, both in transit and at rest,
- Harry HR has measures in place to ensure the ongoing confidentiality, integrity, availability, and resilience of Harry HR processing systems and services,
- Harry HR can restore the availability and access to your employees’ personal information in a timely manner in the event of a physical or technical incident, and
- Harry HR is putting in place a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures to ensure the security of your employees’ personal information.
For more details regarding Harry HR’s commitment to invest in its security infrastructures, we invite you to read our Data Processing Addendum.
- Harry HR Complies With GDPR International Data Transfer Mechanisms
GDPR does not require personal information of EU citizens to be stored in the EU. GDPR does, however, require transfers of EU citizens’ personal information outside of the EU to comply with certain international data transfer standards. One of these standards is that prior to transferring an EU citizen’s personal information to a third country, the European Commission must have decided that the third country ensures an adequate level of protection. Harry HR is committed to ensuring that all transfers of your employees’ personal information are and will be in compliance with the required international data transfer standards.
Harry HR is located in the Netherlands and is subject to Dutch and European Union privacy laws. Therefore, we fully comply to the GDPR.
As your data processor, Harry HR transfers your employees’ personal information to only three third-party subprocessors : our data center provider, our database service management provider and our notification delivery provider. Harry HR has Standard Contractual Clauses in place with each of its subprocessors with whom we work continuously to meet privacy and security standards and improve technical and organizational safeguards.
- Harry HR’s Products Are Designed to Help You Meet Your GDPR Requirements
Harry HR is committed to making every effort to build product features that help you meet your GDPR requirements. Harry HR ensures that you can meet the GDPR data portability requirements by providing, among others, features that permit you to export employees’ personal information.
Harry HR is here for you. Please contact our customer support team or your personal Employee Success Manager if you have any GDPR-specific questions.
Data Safety & Security
Last update: 7th October 2022.
Data is always encrypted at rest using AES 256 and in transit using TLS 1.2. Database backups are performed at a high frequency and encrypted at rest.
We use multiple backups processes going on simultaneously. Your data is backed-up multiple times every day to ensure maximum safety. Backups are physically seperated for optimal safety and availability in case of disaster.
Hosted in the Netherlands
Our Data Center is located in the Netherlands. Harry HR is solely hosted on several physically seperated cloud servers accross the Netherlands. None of your Harry HR data is stored outside the Netherlands.
Your data doesn’t leave our network. Only a select few employees from our support and development staff have access to customer data. MFA and VPN are required for access.
Vulnerability Management & Checks
Regular manual and automated scans for vulnerabilities are done and reviewed. In addition, we have a private bug bounty program for continuous intrusion testing and independent audition by a third party.
Our Support Staff is well prepared to handle any incident. Our customers are notified within 48 hours in the event of a breach or compromise of Harry HR’s security program resulting in a real risk of significant harm to individuals.