GDPR notice

Data Controller and Data Processor

HBK acts as Data Processor (as per GDPR Article 28) in respect to the personal data processed by ReliaSoft Cloud.

Personal Data

ReliaSoft Cloud collects limited personal data in support of its processing activities, including email address and user identification login/logout information. Upon termination of contract with a customer but no longer than 90 days after such termination, all personal data is removed from ReliaSoft Cloud. In relation to the personal data on the contract to perform the services it will be retained according to the legal retention periods.

Legal Basis for Personal Data Processing

Article 6 of GDPR requires that the lawfulness of data processing be identified. HBK as ReliaSoft software provider uses "contractual obligations" as the basis for the secure processing and storage of its customer data in order to deliver ReliaSoft Cloud capabilities.

Documented Processing Instructions

Article 28 of GDPR requires that ReliaSoft Cloud customers should formally communicate their data processing requirements to HBK as ReliaSoft software provider (as their data processor). HBK provides a standard Data Processing Addendum to govern the processing of customer personal data.

Data Protection by Design and Default

Article 25 of GDPR requires that data processing activities provide data protection by design and default. HBK has achieved this requirement by ensuring that ReliaSoft Cloud has been designed in accordance with industry best practice and are subject to regular internal and external audits to ensure that security and privacy risks are being properly managed.

ReliaSoft Cloud is within the scope of the ISO 27001 certified Information Security Management System, which is subject to regular external validation by assessors.

ReliaSoft Cloud utilizes Microsoft Azure secured by ISO 27001, 27017, and 27018 certifications.

ReliaSoft Cloud maintains a Processing Activities Register. The Processing Activities Register can be made available to customers on request.

International Data Transfer

Regarding the collection, use, and retention of personal data transferred from the European Economic Area to the United States the transfer will be according Standard Contractual Clauses (SCC's).

Sub-Processors

ReliaSoft Cloud uses several sub-processors. HBK has executed a Data Processing Agreement with each sub-process that attests the sub-processor provides the same data privacy protections as ReliaSoft Cloud. The Sub-Processors list can be made available to customers on request.

Children's Personal Data

ReliaSoft Cloud is not directed to individuals under 16. ReliaSoft Cloud services do not knowingly collect personal information from children under 16. If ReliaSoft Cloud becomes aware that a child under 16 has provided us with personal information, steps will be taken to delete such information.

Sensitive Personal Data

Article 9 of GDPR specifies a set of personal data categories which are considered to be "sensitive", and which require special consideration by Data Controllers. ReliaSoft Cloud does not collect or process any sensitive personal data.

Data Subject Rights

Articles 16-21 of GDPR provide data subjects with several rights in relation to their personal data, including:

Right of access by the data subject (Article 15)

Right to rectification (Articles 16,19)

Right to erasure (Articles 17,19)

Right to restriction of processing (Article 18)

Right to data portability (Article 20)

Right to object to processing (Article 21)

HBK (acting as Processor), will support its Customers (acting as Controller) in satisfying these rights.

Data Breaches

ReliaSoft Cloud activity is monitored for unusual activities and issues, which includes indications of data breaches. As per Article 33, ReliaSoft (acting as Processor) will without undue delay notify affected Customers (acting as Controller) of any data breach, after becoming aware of such breach, but not later than 48 hours.